Documentation ¶
Index ¶
- Constants
- func GetCollectionIDAttribute(req *http.Request) (map[string]string, error)
- func NewCognitoRSAParser(identityClientKeys map[string]string) (*jwt.CognitoRSAParser, error)
- type Config
- type GetAttributesFromRequest
- type JWTParser
- type Middleware
- type NoopMiddleware
- func (m NoopMiddleware) Close(ctx context.Context) error
- func (m NoopMiddleware) HealthCheck(ctx context.Context, state *health.CheckState) error
- func (m NoopMiddleware) IdentityHealthCheck(ctx context.Context, state *health.CheckState) error
- func (m NoopMiddleware) Parse(token string) (*permsdk.EntityData, error)
- func (m NoopMiddleware) Require(permission string, handlerFunc http.HandlerFunc) http.HandlerFunc
- func (m NoopMiddleware) RequireWithAttributes(permission string, handlerFunc http.HandlerFunc, ...) http.HandlerFunc
- type PermissionCheckMiddleware
- func (m PermissionCheckMiddleware) Close(ctx context.Context) error
- func (m PermissionCheckMiddleware) HealthCheck(ctx context.Context, state *health.CheckState) error
- func (m PermissionCheckMiddleware) IdentityHealthCheck(ctx context.Context, state *health.CheckState) error
- func (m PermissionCheckMiddleware) Parse(token string) (*permsdk.EntityData, error)
- func (m PermissionCheckMiddleware) Require(permission string, handlerFunc http.HandlerFunc) http.HandlerFunc
- func (m PermissionCheckMiddleware) RequireWithAttributes(permission string, handlerFunc http.HandlerFunc, ...) http.HandlerFunc
- type PermissionsChecker
- type ZebedeeClient
Constants ¶
const (
IdentityClientError = "identity client cannot be nil"
)
Variables ¶
This section is empty.
Functions ¶
func GetCollectionIDAttribute ¶ added in v2.28.0
GetCollectionIdAttribute provides an implementation of GetAttributesFromRequest. Retrieves and returns header 'Collection-Id' from the request if it exists, otherwise returns an empty map. It may return an error only if the header cannot be retrieved by some other reason (e.g. nil request).
func NewCognitoRSAParser ¶
func NewCognitoRSAParser(identityClientKeys map[string]string) (*jwt.CognitoRSAParser, error)
NewCognitoRSAParser returns a CognitoRSAParser with correct RSA Public Signing Keys set
Types ¶
type Config ¶
type Config struct { Enabled bool `envconfig:"AUTHORISATION_ENABLED"` JWTVerificationPublicKeys map[string]string `envconfig:"JWT_VERIFICATION_PUBLIC_KEYS" json:"-"` PermissionsAPIURL string `envconfig:"PERMISSIONS_API_URL"` PermissionsCacheUpdateInterval time.Duration `envconfig:"PERMISSIONS_CACHE_UPDATE_INTERVAL"` PermissionsMaxCacheTime time.Duration `envconfig:"PERMISSIONS_MAX_CACHE_TIME"` ZebedeeURL string `envconfig:"ZEBEDEE_URL"` IdentityWebKeySetURL string `envconfig:"IDENTITY_WEB_KEY_SET_URL"` IdentityClientMaxRetries int `envconfig:"AUTHORISATION_IDENTITY_CLIENT_MAX_RETRIES"` }
Config contains the required configuration / environment variables for the typical authorisation setup
func NewDefaultConfig ¶
func NewDefaultConfig() *Config
NewDefaultConfig populates the config struct with default values suitable for local development.
type GetAttributesFromRequest ¶
GetAttributesFromRequest defines the func that retrieves and returns attributes from the request. Used by RequireWithAttributes. Use an implementation provided within this package or alternatively use a custom implementation that meets your requirements.
type JWTParser ¶
type JWTParser interface {
Parse(tokenString string) (*permsdk.EntityData, error)
}
JWTParser takes a raw JWT token string, verifying it and extracting the required entity data.
type Middleware ¶
type Middleware interface { Require(permission string, handlerFunc http.HandlerFunc) http.HandlerFunc RequireWithAttributes(permission string, handlerFunc http.HandlerFunc, getAttributes GetAttributesFromRequest) http.HandlerFunc Close(ctx context.Context) error Parse(token string) (*permsdk.EntityData, error) HealthCheck(ctx context.Context, state *health.CheckState) error IdentityHealthCheck(ctx context.Context, state *health.CheckState) error }
Middleware represents the high level interface for authorisation middleware
func NewFeatureFlaggedMiddleware ¶
func NewFeatureFlaggedMiddleware(ctx context.Context, config *Config, jwtRSAPublicKeys map[string]string) (Middleware, error)
NewFeatureFlaggedMiddleware returns a different Middleware implementation depending on the configured feature flag value Use this constructor when first adding authorisation as middleware so that it can be toggled off if required.
type NoopMiddleware ¶
type NoopMiddleware struct{}
NoopMiddleware provides a middleware implementation that does not do any permissions checking.
func NewNoopMiddleware ¶
func NewNoopMiddleware() *NoopMiddleware
NewNoopMiddleware creates a new instance of NoopMiddleware.
func (NoopMiddleware) Close ¶
func (m NoopMiddleware) Close(ctx context.Context) error
Close resources used by the middleware.
func (NoopMiddleware) HealthCheck ¶
func (m NoopMiddleware) HealthCheck(ctx context.Context, state *health.CheckState) error
HealthCheck updates the health status of the permissions checker
func (NoopMiddleware) IdentityHealthCheck ¶
func (m NoopMiddleware) IdentityHealthCheck(ctx context.Context, state *health.CheckState) error
IdentityHealthCheck updates the health status of the jwt keys request against identity api
func (NoopMiddleware) Parse ¶
func (m NoopMiddleware) Parse(token string) (*permsdk.EntityData, error)
Parse token used by the middleware.
func (NoopMiddleware) Require ¶
func (m NoopMiddleware) Require(permission string, handlerFunc http.HandlerFunc) http.HandlerFunc
Require wraps an existing handler. The Noop implementation just calls the underlying handler.
func (NoopMiddleware) RequireWithAttributes ¶
func (m NoopMiddleware) RequireWithAttributes(permission string, handlerFunc http.HandlerFunc, getAttributesFunc GetAttributesFromRequest) http.HandlerFunc
RequireWithAttributes wraps an existing handler. The Noop implementation just calls the underlying handler.
type PermissionCheckMiddleware ¶
type PermissionCheckMiddleware struct { IdentityClient *identityclient.IdentityClient // contains filtered or unexported fields }
PermissionCheckMiddleware is used to wrap HTTP handlers with JWT token based authorisation
func NewMiddlewareFromConfig ¶
func NewMiddlewareFromConfig(ctx context.Context, config *Config, jwtRSAPublicKeys map[string]string) (*PermissionCheckMiddleware, error)
NewMiddlewareFromConfig creates a new instance of PermissionCheckMiddleware, instantiating the required dependencies from the given configuration values.
This constructor uses default dependencies - the Cognito specific JWT parser, caching permissions checker and JWT RSA public signing keys (optional) If different dependencies are required, use the NewMiddlewareFromDependencies constructor.
func NewMiddlewareFromDependencies ¶
func NewMiddlewareFromDependencies(jwtParser JWTParser, permissionsChecker PermissionsChecker, zebedeeClient ZebedeeClient, identityClient *identityclient.IdentityClient) *PermissionCheckMiddleware
NewMiddlewareFromDependencies creates a new instance of PermissionCheckMiddleware, using injected dependencies
func (PermissionCheckMiddleware) Close ¶
func (m PermissionCheckMiddleware) Close(ctx context.Context) error
Close resources used by the middleware.
func (PermissionCheckMiddleware) HealthCheck ¶
func (m PermissionCheckMiddleware) HealthCheck(ctx context.Context, state *health.CheckState) error
HealthCheck updates the health status of the permissions checker
func (PermissionCheckMiddleware) IdentityHealthCheck ¶
func (m PermissionCheckMiddleware) IdentityHealthCheck(ctx context.Context, state *health.CheckState) error
IdentityHealthCheck updates the health status of the jwt keys request against identity api
func (PermissionCheckMiddleware) Parse ¶
func (m PermissionCheckMiddleware) Parse(token string) (*permsdk.EntityData, error)
Parse token using returned Parser object
func (PermissionCheckMiddleware) Require ¶
func (m PermissionCheckMiddleware) Require(permission string, handlerFunc http.HandlerFunc) http.HandlerFunc
Require wraps an existing handler, only allowing it to be called if the request is authorised against the given permission. Calls method RequireWithAttributes() with nil getAttributes
func (PermissionCheckMiddleware) RequireWithAttributes ¶
func (m PermissionCheckMiddleware) RequireWithAttributes(permission string, handlerFunc http.HandlerFunc, getAttributes GetAttributesFromRequest) http.HandlerFunc
RequireWithAttributes wraps an existing handler, only allowing it to be called if the request is authorised against the given permission. Includes any attributes returned by getAttributes in the permission check.
type PermissionsChecker ¶
type PermissionsChecker interface { HasPermission(ctx context.Context, entityData permsdk.EntityData, permission string, attributes map[string]string, ) (bool, error) Close(ctx context.Context) error HealthCheck(ctx context.Context, state *health.CheckState) error }
PermissionsChecker checks if the given entity data matches the given permission
type ZebedeeClient ¶
type ZebedeeClient interface {
CheckTokenIdentity(ctx context.Context, token string) (*dprequest.IdentityResponse, error)
}
ZebedeeClient validates old world token