asgard

package

v1.20.0 Latest Latest Go to latest Published: Jun 10, 2024 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/RealImage/bifrost

Links

Open Source Insights

Documentation ¶

Overview ¶

Package asgard provides middleware for use in HTTP API servers that require client certificate (mTLS) authentication.

In Norse mythology Heimdallr is the gatekeeper of the celestial bridge, the Bifröst. Hofund is Heimdallr's sword. No mythical significance, just a cool name.

Here Heimdallr returns a middleware that parses client certs from a request header. Hofund returns a middleware that parses client certs from the TLS connection. Use Heimdallr if you have a reverse proxy that terminates TLS connections. Use Hofund if you are directly serving TLS connections.

Index ¶

func ClientCert(ctx context.Context) (*bifrost.Certificate, bool)
func Heimdallr(h HeaderName, ns uuid.UUID) func(http.Handler) http.Handler
func Hofund(h HeaderName, ns uuid.UUID) func(http.Handler) http.Handler
type HeaderName
- func (i HeaderName) String() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ClientCert ¶ added in v1.16.0

func ClientCert(ctx context.Context) (*bifrost.Certificate, bool)

ClientCert returns the client certificate from the request context. If the client certificate is not present, the second return value is false. Use this function to access the client certificate in a HTTP handler that has been wrapped with Heimdallr.

func Heimdallr ¶

func Heimdallr(h HeaderName, ns uuid.UUID) func(http.Handler) http.Handler

Heimdallr returns a middleware that parses a client certificate from the h request header.

If a certificate is not found or is invalid, the middleware responds with a 503 Service Unavailable. If the certificate namespace does not match ns, the middleware responds with a 403 Forbidden.

Use this if you have a reverse proxy that terminates TLS connections and passes the client certificate in a request header.

func Hofund ¶ added in v1.16.0

func Hofund(h HeaderName, ns uuid.UUID) func(http.Handler) http.Handler

Hofund returns a middleware that validates a client certificate and sets the certificate in the h request header.

If a certificate is not found or is invalid, the middleware responds with a 401 Unauthorized. If the certificate namespace does not match ns, the middleware responds with a 403 Forbidden.

Use this if you are directly serving TLS connections.

Types ¶

type HeaderName ¶ added in v1.16.0

type HeaderName int

const (
	HeaderNameClientCertLeaf HeaderName = iota // X-Amzn-Mtls-Clientcert-Leaf
	HeaderNameClientCert                       // X-Amzn-Mtls-Clientcert
)

func (HeaderName) String ¶ added in v1.16.0

func (i HeaderName) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL