authorisation

package
v2.31.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 26, 2024 License: MIT Imports: 15 Imported by: 19

Documentation

Index

Constants

View Source
const (
	IdentityClientError = "identity client cannot be nil"
)

Variables

This section is empty.

Functions

func GetCollectionIDAttribute added in v2.28.0

func GetCollectionIDAttribute(req *http.Request) (map[string]string, error)

GetCollectionIdAttribute provides an implementation of GetAttributesFromRequest. Retrieves and returns header 'Collection-Id' from the request if it exists, otherwise returns an empty map. It may return an error only if the header cannot be retrieved by some other reason (e.g. nil request).

func NewCognitoRSAParser

func NewCognitoRSAParser(identityClientKeys map[string]string) (*jwt.CognitoRSAParser, error)

NewCognitoRSAParser returns a CognitoRSAParser with correct RSA Public Signing Keys set

Types

type Config

type Config struct {
	Enabled                        bool              `envconfig:"AUTHORISATION_ENABLED"`
	JWTVerificationPublicKeys      map[string]string `envconfig:"JWT_VERIFICATION_PUBLIC_KEYS" json:"-"`
	PermissionsAPIURL              string            `envconfig:"PERMISSIONS_API_URL"`
	PermissionsCacheUpdateInterval time.Duration     `envconfig:"PERMISSIONS_CACHE_UPDATE_INTERVAL"`
	PermissionsMaxCacheTime        time.Duration     `envconfig:"PERMISSIONS_MAX_CACHE_TIME"`
	ZebedeeURL                     string            `envconfig:"ZEBEDEE_URL"`
	IdentityWebKeySetURL           string            `envconfig:"IDENTITY_WEB_KEY_SET_URL"`
	IdentityClientMaxRetries       int               `envconfig:"AUTHORISATION_IDENTITY_CLIENT_MAX_RETRIES"`
}

Config contains the required configuration / environment variables for the typical authorisation setup

func NewDefaultConfig

func NewDefaultConfig() *Config

NewDefaultConfig populates the config struct with default values suitable for local development.

type GetAttributesFromRequest

type GetAttributesFromRequest func(req *http.Request) (attributes map[string]string, err error)

GetAttributesFromRequest defines the func that retrieves and returns attributes from the request. Used by RequireWithAttributes. Use an implementation provided within this package or alternatively use a custom implementation that meets your requirements.

type JWTParser

type JWTParser interface {
	Parse(tokenString string) (*permsdk.EntityData, error)
}

JWTParser takes a raw JWT token string, verifying it and extracting the required entity data.

type Middleware

type Middleware interface {
	Require(permission string, handlerFunc http.HandlerFunc) http.HandlerFunc
	RequireWithAttributes(permission string, handlerFunc http.HandlerFunc, getAttributes GetAttributesFromRequest) http.HandlerFunc
	Close(ctx context.Context) error
	Parse(token string) (*permsdk.EntityData, error)
	HealthCheck(ctx context.Context, state *health.CheckState) error
	IdentityHealthCheck(ctx context.Context, state *health.CheckState) error
}

Middleware represents the high level interface for authorisation middleware

func NewFeatureFlaggedMiddleware

func NewFeatureFlaggedMiddleware(_ context.Context, _ *Config, _ map[string]string) (Middleware, error)

NewFeatureFlaggedMiddleware returns a different Middleware implementation depending on the configured feature flag value Use this constructor when first adding authorisation as middleware so that it can be toggled off if required.

type NoopMiddleware

type NoopMiddleware struct{}

NoopMiddleware provides a middleware implementation that does not do any permissions checking.

func NewNoopMiddleware

func NewNoopMiddleware() *NoopMiddleware

NewNoopMiddleware creates a new instance of NoopMiddleware.

func (NoopMiddleware) Close

func (m NoopMiddleware) Close(_ context.Context) error

Close resources used by the middleware.

func (NoopMiddleware) HealthCheck

func (m NoopMiddleware) HealthCheck(_ context.Context, state *health.CheckState) error

HealthCheck updates the health status of the permissions checker

func (NoopMiddleware) IdentityHealthCheck

func (m NoopMiddleware) IdentityHealthCheck(_ context.Context, state *health.CheckState) error

IdentityHealthCheck updates the health status of the jwt keys request against identity api

func (NoopMiddleware) Parse

func (m NoopMiddleware) Parse(_ string) (*permsdk.EntityData, error)

Parse token used by the middleware.

func (NoopMiddleware) Require

func (m NoopMiddleware) Require(_ string, handlerFunc http.HandlerFunc) http.HandlerFunc

Require wraps an existing handler. The Noop implementation just calls the underlying handler.

func (NoopMiddleware) RequireWithAttributes

func (m NoopMiddleware) RequireWithAttributes(_ string, handlerFunc http.HandlerFunc, _ GetAttributesFromRequest) http.HandlerFunc

RequireWithAttributes wraps an existing handler. The Noop implementation just calls the underlying handler.

type PermissionCheckMiddleware

type PermissionCheckMiddleware struct {
	IdentityClient *identityclient.IdentityClient
	// contains filtered or unexported fields
}

PermissionCheckMiddleware is used to wrap HTTP handlers with JWT token based authorisation

func NewMiddlewareFromConfig

func NewMiddlewareFromConfig(ctx context.Context, config *Config, jwtRSAPublicKeys map[string]string) (*PermissionCheckMiddleware, error)

NewMiddlewareFromConfig creates a new instance of PermissionCheckMiddleware, instantiating the required dependencies from the given configuration values.

This constructor uses default dependencies - the Cognito specific JWT parser, caching permissions checker and JWT RSA public signing keys (optional) If different dependencies are required, use the NewMiddlewareFromDependencies constructor.

func NewMiddlewareFromDependencies

func NewMiddlewareFromDependencies(jwtParser JWTParser, permissionsChecker PermissionsChecker, zebedeeClient ZebedeeClient, identityClient *identityclient.IdentityClient) *PermissionCheckMiddleware

NewMiddlewareFromDependencies creates a new instance of PermissionCheckMiddleware, using injected dependencies

func (PermissionCheckMiddleware) Close

Close resources used by the middleware.

func (PermissionCheckMiddleware) HealthCheck

func (m PermissionCheckMiddleware) HealthCheck(ctx context.Context, state *health.CheckState) error

HealthCheck updates the health status of the permissions checker

func (PermissionCheckMiddleware) IdentityHealthCheck

func (m PermissionCheckMiddleware) IdentityHealthCheck(ctx context.Context, state *health.CheckState) error

IdentityHealthCheck updates the health status of the jwt keys request against identity api

func (PermissionCheckMiddleware) Parse

Parse token using returned Parser object

func (PermissionCheckMiddleware) Require

func (m PermissionCheckMiddleware) Require(permission string, handlerFunc http.HandlerFunc) http.HandlerFunc

Require wraps an existing handler, only allowing it to be called if the request is authorised against the given permission. Calls method RequireWithAttributes() with nil getAttributes

func (PermissionCheckMiddleware) RequireWithAttributes

func (m PermissionCheckMiddleware) RequireWithAttributes(permission string, handlerFunc http.HandlerFunc, getAttributes GetAttributesFromRequest) http.HandlerFunc

RequireWithAttributes wraps an existing handler, only allowing it to be called if the request is authorised against the given permission. Includes any attributes returned by getAttributes in the permission check.

type PermissionsChecker

type PermissionsChecker interface {
	HasPermission(ctx context.Context,
		entityData permsdk.EntityData,
		permission string,
		attributes map[string]string,
	) (bool, error)
	Close(ctx context.Context) error
	HealthCheck(ctx context.Context, state *health.CheckState) error
}

PermissionsChecker checks if the given entity data matches the given permission

type ZebedeeClient

type ZebedeeClient interface {
	CheckTokenIdentity(ctx context.Context, token string) (*dprequest.IdentityResponse, error)
}

ZebedeeClient validates old world token

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL