middleware

package
v0.0.0-...-00c8e8d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 26, 2018 License: MIT Imports: 12 Imported by: 4

Documentation

Overview

Package middleware contains the HTTP middleware.

Index

Constants

This section is empty.

Variables

View Source
var (

	// DetailInvalidAuthorizationHeader is the error message used when the
	// Authorization header content is not valid.
	DetailInvalidAuthorizationHeader = "Invalid or missing Authorization header"
	// DetailUserNotFound is the error message used when the user is unknown.
	// Such an error can only happen with the AuthWithToken() middleware.
	DetailUserNotFound = "User not found"

	// DetailMalformedToken is the error message when retrieving claims from
	// the JWT token has failed.
	DetailMalformedToken = "Malformed JWT token (claims)"
	// DetailUserCreationFailed is the error message when creating a user in
	// database has failed.
	DetailUserCreationFailed = "User creation failed"
	// DetailUserSelectionFailed is the error message when fetching a user in
	// database has failed.
	DetailUserSelectionFailed = "User selection failed"
	// DetailUserProfileRetrievalFailed is the error message when getting the
	// user's profile from Auth0 API has failed.
	DetailUserProfileRetrievalFailed = "User profile retrieval failed"
)
View Source
var (
	// ContextCurrentUser is the context key for the models.User instance. It
	// should not be exposed, but it is used in the test suite...
	ContextCurrentUser = contextKey("current_user")
)

Functions

func AuthWithAuth0

func AuthWithAuth0(h httprouter.Handle, repo models.Repository, logger *zap.Logger) httprouter.Handle

AuthWithAuth0 returns the Auth0 authentication middleware.

This middleware expects a RS256-compliant JSON Web Token to authenticate users. It MUST be used to secure all handlers related to the Web application. The user's auth0_id should be in the "sub" claim of this token, according to Auth0. The JWT must be passed in the Authorization header:

Authorization: Bearer <JWT goes here>

When a new user authenticates (i.e. with a auth_id not in database), this middleware first creates the user. In order to create the user in database, a call to the Auth0 API is needed to fetch basic user information.

Once the user has been found (either just created or retrieved in the database), the middleware adds it to the request's context. Handlers must use the GetCurrentUser() function, and not access the context directly.

func AuthWithToken

func AuthWithToken(h httprouter.Handle, repo models.Repository, logger *zap.Logger) httprouter.Handle

AuthWithToken returns the token-based middleware.

This middleware expects an API token in the Authorization header as follows:

Authorization: Token <API token goes here>

Once the user has been found, the middleware adds it to the request's context. Handlers must use the GetCurrentUser() function, and not access the context directly.

func GetCurrentUser

func GetCurrentUser(ctx context.Context) *models.User

GetCurrentUser returns the current logged user from the Context.

This function is usually called by the different handlers enhanced with one of the authentication middleware. NOTE: handlers expect a valid User to be returned.

func SendError

func SendError(w http.ResponseWriter, statusCode int, detail string)

SendError returns a HTTP error in JSON.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL