Documentation ¶
Index ¶
- Constants
- Variables
- func CSRFValidationHandler(handler http.Handler, rejector Rejector, userContextReader UserContextReader) http.Handler
- func CheckAdminHandler(handler http.Handler, rejector Rejector) http.Handler
- func CheckAuthenticationHandler(handler http.Handler, rejector Rejector) http.Handler
- func CheckAuthorizationHandler(handler http.Handler, rejector Rejector) http.Handler
- func IsAdmin(r *http.Request) bool
- func IsAuthenticated(r *http.Request) bool
- func IsAuthorized(r *http.Request) bool
- func IsSystem(r *http.Request) bool
- func NewCheckBuildReadAccessHandlerFactory(buildsDB BuildsDB) *checkBuildReadAccessHandlerFactory
- func NewCheckBuildWriteAccessHandlerFactory(buildsDB BuildsDB) *checkBuildWriteAccessHandlerFactory
- func NewCheckPipelineAccessHandlerFactory(pipelineDBFactory db.PipelineDBFactory, teamDBFactory db.TeamDBFactory) *checkPipelineAccessHandlerFactory
- func NewLogOutHandler(logger lager.Logger) http.Handler
- func NewOAuthBeginHandler(logger lager.Logger, providerFactory ProviderFactory, ...) http.Handler
- func NewOAuthCallbackHandler(logger lager.Logger, providerFactory ProviderFactory, ...) http.Handler
- func NewOAuthHandler(logger lager.Logger, providerFactory ProviderFactory, ...) (http.Handler, error)
- func WrapHandler(handler http.Handler, validator Validator, userContextReader UserContextReader) http.Handler
- type AuthDB
- type AuthTokenGenerator
- type BuildsDB
- type CSRFTokenGenerator
- type CheckBuildReadAccessHandlerFactory
- type CheckBuildWriteAccessHandlerFactory
- type CheckPipelineAccessHandlerFactory
- type CheckWorkerTeamAccessHandlerFactory
- type CookieSetHandler
- type JWTReader
- type JWTValidator
- type LogOutHandler
- type OAuthBeginHandler
- type OAuthCallbackHandler
- type OAuthFactory
- type OAuthState
- type ProviderFactory
- type Rejector
- type Team
- type TokenType
- type TokenValue
- type UnauthorizedRejector
- type UserContextReader
- type Validator
Constants ¶
View Source
const ( OAuthBegin = "OAuthBegin" OAuthCallback = "OAuthCallback" LogOut = "LogOut" )
View Source
const AuthCookieName = "ATC-Authorization"
View Source
const BuildKey = "build"
View Source
const CSRFHeaderName = "X-Csrf-Token"
View Source
const CSRFRequiredKey = "CSRFRequired"
View Source
const OAuthStateCookie = "_concourse_oauth_state"
View Source
const PipelineDBKey = "pipelineDB"
View Source
const TokenTypeBearer = "Bearer"
Variables ¶
View Source
var ErrUnparsableHeader = errors.New("cannot parse 'Authorization' header")
View Source
var OAuthRoutes = rata.Routes{ {Path: "/auth/logout", Method: "GET", Name: LogOut}, {Path: "/auth/:provider/callback", Method: "GET", Name: OAuthCallback}, {Path: "/auth/:provider", Method: "GET", Name: OAuthBegin}, }
View Source
var SigningMethod = jwt.SigningMethodRS256
Functions ¶
func CSRFValidationHandler ¶
func CheckAdminHandler ¶
func IsAuthenticated ¶
func IsAuthorized ¶
func NewCheckBuildReadAccessHandlerFactory ¶
func NewCheckBuildReadAccessHandlerFactory( buildsDB BuildsDB, ) *checkBuildReadAccessHandlerFactory
func NewCheckBuildWriteAccessHandlerFactory ¶
func NewCheckBuildWriteAccessHandlerFactory( buildsDB BuildsDB, ) *checkBuildWriteAccessHandlerFactory
func NewCheckPipelineAccessHandlerFactory ¶
func NewCheckPipelineAccessHandlerFactory( pipelineDBFactory db.PipelineDBFactory, teamDBFactory db.TeamDBFactory, ) *checkPipelineAccessHandlerFactory
func NewOAuthBeginHandler ¶
func NewOAuthBeginHandler( logger lager.Logger, providerFactory ProviderFactory, privateKey *rsa.PrivateKey, teamDBFactory db.TeamDBFactory, expire time.Duration, isTLSEnabled bool, ) http.Handler
func NewOAuthCallbackHandler ¶
func NewOAuthCallbackHandler( logger lager.Logger, providerFactory ProviderFactory, privateKey *rsa.PrivateKey, teamDBFactory db.TeamDBFactory, expire time.Duration, isTLSEnabled bool, ) http.Handler
func NewOAuthHandler ¶
func NewOAuthHandler( logger lager.Logger, providerFactory ProviderFactory, teamDBFactory db.TeamDBFactory, signingKey *rsa.PrivateKey, expire time.Duration, isTLSEnabled bool, ) (http.Handler, error)
func WrapHandler ¶
Types ¶
type AuthTokenGenerator ¶
type AuthTokenGenerator interface {
GenerateToken(expiration time.Time, teamName string, isAdmin bool, csrfToken string) (TokenType, TokenValue, error)
}
func NewAuthTokenGenerator ¶
func NewAuthTokenGenerator(privateKey *rsa.PrivateKey) AuthTokenGenerator
type CSRFTokenGenerator ¶
func NewCSRFTokenGenerator ¶
func NewCSRFTokenGenerator() CSRFTokenGenerator
type CheckWorkerTeamAccessHandlerFactory ¶
type CheckWorkerTeamAccessHandlerFactory interface {
HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
}
func NewCheckWorkerTeamAccessHandlerFactory ¶
func NewCheckWorkerTeamAccessHandlerFactory( workerFactory dbng.WorkerFactory, ) CheckWorkerTeamAccessHandlerFactory
type CookieSetHandler ¶
func (CookieSetHandler) ServeHTTP ¶
func (handler CookieSetHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type JWTValidator ¶
func (JWTValidator) IsAuthenticated ¶
func (validator JWTValidator) IsAuthenticated(r *http.Request) bool
type LogOutHandler ¶
type LogOutHandler struct {
// contains filtered or unexported fields
}
func (*LogOutHandler) ServeHTTP ¶
func (handler *LogOutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type OAuthBeginHandler ¶
type OAuthBeginHandler struct {
// contains filtered or unexported fields
}
func (*OAuthBeginHandler) ServeHTTP ¶
func (handler *OAuthBeginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type OAuthCallbackHandler ¶
type OAuthCallbackHandler struct {
// contains filtered or unexported fields
}
func (*OAuthCallbackHandler) ServeHTTP ¶
func (handler *OAuthCallbackHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type OAuthFactory ¶
type OAuthFactory struct {
// contains filtered or unexported fields
}
func NewOAuthFactory ¶
func (OAuthFactory) GetProvider ¶
type OAuthState ¶
type ProviderFactory ¶
type TokenValue ¶
type TokenValue string
type UnauthorizedRejector ¶
type UnauthorizedRejector struct{}
func (UnauthorizedRejector) Forbidden ¶
func (UnauthorizedRejector) Forbidden(w http.ResponseWriter, r *http.Request)
func (UnauthorizedRejector) Unauthorized ¶
func (UnauthorizedRejector) Unauthorized(w http.ResponseWriter, r *http.Request)
type UserContextReader ¶
Source Files ¶
- auth_db.go
- auth_token_generator.go
- basic_auth_validator.go
- builds_db.go
- check_admin_handler.go
- check_auth_handler.go
- check_authorization_handler.go
- check_build_read_access_handler.go
- check_build_write_access_handler.go
- check_pipeline_access_handler.go
- check_worker_team_access_handler.go
- cookie_set_handler.go
- csrf_token_generator.go
- csrf_validation_handler.go
- extract_username_and_password.go
- get_jwt.go
- get_team.go
- is_admin.go
- is_authenticated.go
- is_authorized.go
- is_system.go
- jwt_reader.go
- jwt_validator.go
- logout_handler.go
- oauth_begin_handler.go
- oauth_callback_handler.go
- oauth_factory.go
- oauth_handler.go
- oauth_routes.go
- rejector.go
- team_auth_validator.go
- unauthorized_rejector.go
- user_context_reader.go
- validator.go
- wrap_handler.go
Directories ¶
Path | Synopsis |
---|---|
This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter
|
This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter |
githubfakes
This file was generated by counterfeiter
|
This file was generated by counterfeiter |
providerfakes
This file was generated by counterfeiter This file was generated by counterfeiter
|
This file was generated by counterfeiter This file was generated by counterfeiter |
Click to show internal directories.
Click to hide internal directories.