auth

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 26, 2024 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source
const (
	RuleAuthenticate   = "auth"
	RuleAny            = "ruleAny"
	RuleAdminOnly      = "ruleAdminOnly"
	RuleUserOnly       = "ruleUserOnly"
	RuleAdminOrSubject = "ruleAdminOrSubject"
)

These the current set of rules we have for auth.

Variables

View Source
var ErrForbidden = errors.New("attempted action is not allowed")

ErrForbidden is returned when a auth issue is identified.

Functions

func IsAuthError

func IsAuthError(err error) bool

IsAuthError checks if an error of type AuthError exists.

func NewAuthError

func NewAuthError(format string, args ...any) error

NewAuthError creates an AuthError for the provided message.

func SetClaims

func SetClaims(ctx context.Context, claims Claims) context.Context

SetClaims stores the claims in the context.

Types

type Auth

type Auth struct {
	// contains filtered or unexported fields
}

Auth is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.

func New

func New(cfg Config) (*Auth, error)

New creates an Auth to support authentication/authorization.

func (*Auth) Authenticate

func (a *Auth) Authenticate(ctx context.Context, bearerToken string) (Claims, error)

Authenticate processes the token to validate the sender's token is valid.

func (*Auth) Authorize

func (a *Auth) Authorize(ctx context.Context, claims Claims, rule string) error

Authorize attempts to authorize the user with the provided input roles, if none of the input roles are within the user's claims, we return an error otherwise the user is authorized.

func (*Auth) GenerateToken

func (a *Auth) GenerateToken(kid string, claims Claims) (string, error)

GenerateToken generates a signed JWT token string representing the user Claims.

type AuthError

type AuthError struct {
	// contains filtered or unexported fields
}

AuthError is used to pass an error during the request through the application with auth specific context.

func (*AuthError) Error

func (ae *AuthError) Error() string

Error implements the error interface. It uses the default message of the wrapped error. This is what will be shown in the services' logs.

type Claims

type Claims struct {
	jwt.RegisteredClaims
	Roles []user.Role `json:"roles"`
}

Claims represents the authorization claims transmitted via a JWT.

func GetClaims

func GetClaims(ctx context.Context) Claims

GetClaims returns the claims from the context.

type Config

type Config struct {
	Log       *zerolog.Logger
	KeyLookup KeyLookup
	Issuer    string
}

Config represents information required to initialize auth.

type KeyLookup

type KeyLookup interface {
	PrivateKey(kid string) (key string, err error)
	PublicKey(kid string) (key string, err error)
}

KeyLookup declares a method set of behavior for looking up private and public keys for JWT use. The return could be a PEM encoded string or a JWS based key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL