Documentation
¶
Overview ¶
Package middleware contains the HTTP middleware.
Index ¶
- Variables
- func AuthWithAuth0(h httprouter.Handle, repo models.Repository, logger *zap.Logger) httprouter.Handle
- func AuthWithToken(h httprouter.Handle, repo models.Repository, logger *zap.Logger) httprouter.Handle
- func GetCurrentUser(ctx context.Context) *models.User
- func SendError(w http.ResponseWriter, statusCode int, detail string)
Constants ¶
This section is empty.
Variables ¶
var ( // DetailInvalidAuthorizationHeader is the error message used when the // Authorization header content is not valid. DetailInvalidAuthorizationHeader = "Invalid or missing Authorization header" // DetailUserNotFound is the error message used when the user is unknown. // Such an error can only happen with the AuthWithToken() middleware. DetailUserNotFound = "User not found" // DetailMalformedToken is the error message when retrieving claims from // the JWT token has failed. DetailMalformedToken = "Malformed JWT token (claims)" // DetailUserCreationFailed is the error message when creating a user in // database has failed. DetailUserCreationFailed = "User creation failed" // DetailUserSelectionFailed is the error message when fetching a user in // database has failed. DetailUserSelectionFailed = "User selection failed" // DetailUserProfileRetrievalFailed is the error message when getting the // user's profile from Auth0 API has failed. DetailUserProfileRetrievalFailed = "User profile retrieval failed" )
var ( // ContextCurrentUser is the context key for the models.User instance. It // should not be exposed, but it is used in the test suite... ContextCurrentUser = contextKey("current_user") )
Functions ¶
func AuthWithAuth0 ¶
func AuthWithAuth0(h httprouter.Handle, repo models.Repository, logger *zap.Logger) httprouter.Handle
AuthWithAuth0 returns the Auth0 authentication middleware.
This middleware expects a RS256-compliant JSON Web Token to authenticate users. It MUST be used to secure all handlers related to the Web application. The user's auth0_id should be in the "sub" claim of this token, according to Auth0. The JWT must be passed in the Authorization header:
Authorization: Bearer <JWT goes here>
When a new user authenticates (i.e. with a auth_id not in database), this middleware first creates the user. In order to create the user in database, a call to the Auth0 API is needed to fetch basic user information.
Once the user has been found (either just created or retrieved in the database), the middleware adds it to the request's context. Handlers must use the GetCurrentUser() function, and not access the context directly.
func AuthWithToken ¶
func AuthWithToken(h httprouter.Handle, repo models.Repository, logger *zap.Logger) httprouter.Handle
AuthWithToken returns the token-based middleware.
This middleware expects an API token in the Authorization header as follows:
Authorization: Token <API token goes here>
Once the user has been found, the middleware adds it to the request's context. Handlers must use the GetCurrentUser() function, and not access the context directly.
func GetCurrentUser ¶
GetCurrentUser returns the current logged user from the Context.
This function is usually called by the different handlers enhanced with one of the authentication middleware. NOTE: handlers expect a valid User to be returned.
Types ¶
This section is empty.
Source Files