Documentation ¶
Index ¶
- Constants
- Variables
- func ChannelAccessTokenFromRequest(r *http.Request) string
- func StoreChannelAccessToken(w http.ResponseWriter, tokenString string, expTime time.Time)
- func TokenAuthenticationMiddleware(h http.Handler, authenticator TokenAuthenticator, jwtSecret []byte) http.Handler
- type ChannelAuthenticator
- type ChannelAuthorizer
- type Error
- type JWTChannelClaims
- type OneTimeTokenAuthenticator
- type RandomTokenSource
- type TokenAuthenticator
- type TokenGenerator
- type TokenIssuer
Constants ¶
const ChannelAccessTokenExpirationPeriod = 30 * 24 * time.Hour
ChannelAccessTokenExpirationPeriod is the default channel access expiration period. Once granted channel access needs to be renewed after 30 days.
const DefaultTokenLength = 16
DefaultTokenLength is the default length for IssueToken
Variables ¶
var ( ErrInvalidSigningMethod = Error{Message: "Unsupported token signing method", Code: http.StatusBadRequest} ErrExpiredToken = Error{Message: "Token is expired", Code: http.StatusUnauthorized} ErrInvalidToken = Error{Message: "Invalid token", Code: http.StatusUnauthorized} ErrInvalidTokenFormat = Error{Message: "Invalid token format", Code: http.StatusBadRequest} ErrNoChannelAccess = Error{Message: "No channel access", Code: http.StatusUnauthorized} ErrExpiredChannelAccess = Error{Message: "Channel access expired", Code: http.StatusUnauthorized} )
var None = noopAuth{}
None is TokenAuthenticator and TokenIssuer that always issues an empty token and authenticates everything.
Functions ¶
func ChannelAccessTokenFromRequest ¶ added in v1.1.3
ChannelAccessTokenFromRequest reads and returns signed JWT from request. If the request doesn't contain access token this method returns an empty string.
func StoreChannelAccessToken ¶ added in v1.1.3
func StoreChannelAccessToken(w http.ResponseWriter, tokenString string, expTime time.Time)
StoreChannelAccessToken writes tokenString into Auth= cookie expiring in expTime.
func TokenAuthenticationMiddleware ¶ added in v1.1.3
func TokenAuthenticationMiddleware(h http.Handler, authenticator TokenAuthenticator, jwtSecret []byte) http.Handler
TokenAuthenticationMiddleware wraps an http.Handler and checks if the request contains token parameter which value can be authenticated by given authenticator. If the token is authenticated CahnnelAuthenticator grants access to requested channel. If there was no token provided, the request gets passed further leaving the underlying handler to deal with authorization.
Types ¶
type ChannelAuthenticator ¶ added in v1.1.3
type ChannelAuthenticator struct {
// contains filtered or unexported fields
}
func (*ChannelAuthenticator) ServeHTTP ¶ added in v1.1.3
func (h *ChannelAuthenticator) ServeHTTP(w http.ResponseWriter, r *http.Request)
type ChannelAuthorizer ¶ added in v1.1.3
type ChannelAuthorizer struct {
// contains filtered or unexported fields
}
func ChannelAuthorizerMiddleware ¶ added in v1.1.3
func ChannelAuthorizerMiddleware(h http.Handler, jwtSecret []byte) *ChannelAuthorizer
ChannelAuthorizerMiddleware calls an undelying http.Handler once and only there is a valid JWT provided in Authorization header.
func (*ChannelAuthorizer) ServeHTTP ¶ added in v1.1.3
func (h *ChannelAuthorizer) ServeHTTP(w http.ResponseWriter, r *http.Request)
type JWTChannelClaims ¶ added in v1.1.3
type JWTChannelClaims struct { jwt.StandardClaims Channels map[string]time.Time `json:"channels"` }
func ParseChannelAccessTokenClaims ¶ added in v1.1.3
func ParseChannelAccessTokenClaims(tokenString string, key interface{}) (claims *JWTChannelClaims, err error)
ParseChannelAccessTokenClaims verifies and parses signed JWT string and returns encoded JWTChannelClaims. Most of the time the returned error is of type auth.Error.
type OneTimeTokenAuthenticator ¶ added in v1.1.3
type OneTimeTokenAuthenticator struct {
// contains filtered or unexported fields
}
OneTimeTokenAuthenticator issues tokens that can be used for authorization only once.
func NewOneTimeTokenAuthenticator ¶ added in v1.1.3
func NewOneTimeTokenAuthenticator(src TokenGenerator) *OneTimeTokenAuthenticator
NewOneTimeTokenAuthenticator returns an instance of *OneTimeTokenAuthenticator that uses src as a token source.
func (*OneTimeTokenAuthenticator) Authenticate ¶ added in v1.1.3
func (s *OneTimeTokenAuthenticator) Authenticate(token string) bool
Authenticate checks if provided token has been issued by this instance of OneTimeTokenAuthenticator and annuls it.
func (*OneTimeTokenAuthenticator) IssueToken ¶ added in v1.1.3
func (s *OneTimeTokenAuthenticator) IssueToken(tokenLen int) (token string, err error)
IssueToken generates and stores a new unused token. This method returns an error if it failed to generate an unused token after 16777216 (2^24) attempts.
type RandomTokenSource ¶
func (*RandomTokenSource) Generate ¶
func (gen *RandomTokenSource) Generate(tokenLen int) string
Credits for this great solution go to Stack Overflow user icza. See his answer http://stackoverflow.com/a/31832326 for explanation.
type TokenAuthenticator ¶ added in v1.1.3
TokenAuthenticator is an interface that wraps Authenticate method.
Authenticate is used to check token authenticity.
type TokenGenerator ¶
TokenGenerator is an interface that wraps Generate method.
Generate is used to generate strings of given length and is used to issue tokens.
type TokenIssuer ¶
TokenIssuer is an interface that wraps IssueToken method.
IssueToken is used to generate a new token of given length.