Documentation
¶
Index ¶
- Constants
- Variables
- func WithUserClaims(ctx context.Context, claims *Claims) context.Context
- type Claims
- type Config
- type InMemKey
- type InMemStore
- type NoopTokenVerifier
- type OIDCABACConfig
- type OIDCConfig
- type OIDCTokenVerifier
- type RedisConfig
- type RedisStore
- type TicketConfig
- type TicketProvider
- type TicketStore
- type TokenVerifier
Constants ¶
const TicketTTL = time.Second * 5
Variables ¶
var ErrKeyNotFound = errors.New("key not found")
Functions ¶
Types ¶
type Claims ¶
type Claims struct {
Email string `json:"email,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
Attributes []string `json:"-"`
}
func UserClaimsFromContext ¶
UserClaimsFromContext returns the user claims from the context. A nil value is returned if they are not found.
func (*Claims) CheckAttributes ¶
CheckAttributes verifies all required attributes are present in the claim attributes. It always verifies if the claim is nil (authentication disabled) or the attributes are nil (access control disabled). Attributes are verified by exact match or by having an ancestor with wildcard. For example, a claim with "*" or "package:*" as one of it's attributes will verify all package actions, like "package:list", "package:read", etc.
type Config ¶
type Config struct {
Enabled bool
OIDC *OIDCConfig
Ticket *TicketConfig
}
type InMemStore ¶
type InMemStore struct {
// contains filtered or unexported fields
}
func NewInMemStore ¶
func NewInMemStore() *InMemStore
func (*InMemStore) Close ¶
func (s *InMemStore) Close() error
type NoopTokenVerifier ¶
type NoopTokenVerifier struct{}
type OIDCABACConfig ¶
type OIDCConfig ¶
type OIDCConfig struct {
ProviderURL string
ClientID string
SkipEmailVerifiedCheck bool
// Attribute Based Access Control configuration.
ABAC OIDCABACConfig
}
type OIDCTokenVerifier ¶
type OIDCTokenVerifier struct {
// contains filtered or unexported fields
}
func NewOIDCTokenVerifier ¶
func NewOIDCTokenVerifier(ctx context.Context, cfg *OIDCConfig) (*OIDCTokenVerifier, error)
type RedisConfig ¶
type RedisStore ¶
type RedisStore struct {
// contains filtered or unexported fields
}
RedisStore is an implementation of TicketStore based on Redis.
func NewRedisStore ¶
func NewRedisStore(ctx context.Context, tp trace.TracerProvider, cfg *RedisConfig) (*RedisStore, error)
func (*RedisStore) Close ¶
func (s *RedisStore) Close() error
type TicketConfig ¶
type TicketConfig struct {
Redis *RedisConfig
}
type TicketProvider ¶
type TicketProvider struct {
// contains filtered or unexported fields
}
TicketProvider issues WebSocket authentication tickets.
func NewTicketProvider ¶
func NewTicketProvider(ctx context.Context, store TicketStore, rander io.Reader) *TicketProvider
NewTicketProvider creates a new TicketProvider. The provider is no-op when the store is nil.
func (*TicketProvider) Check ¶
func (t *TicketProvider) Check(ctx context.Context, ticket *string) error
Check that a ticket is known to the provider, not including tickets that exceeded the time-to-live attribute.
func (*TicketProvider) Close ¶
func (t *TicketProvider) Close() error
Close closes the provider, releasing resources associated to the store.
type TicketStore ¶
type TicketStore interface {
// SetEx persists a key with a timeout.
SetEx(ctx context.Context, key string, ttl time.Duration) error
// GetDel checks whether a key exists in the store. It returns
// ErrKeyNotFound if the key was not found or expired.
GetDel(ctx context.Context, key string) error
// Close the client.
Close() error
}
TicketStore persists expirable tickets.
Source Files
Directories