Versions in this module Expand all Collapse all v0 v0.1.0 Nov 30, 2023 Changes in this version + const AccessTokenCookie + const ContextAccessToken + const ContextRequestID + const ContextUserClaims + const RefreshTokenCookie + var ErrAuthRequired = errors.New("this endpoint requires authentication") + var ErrInvalidAudience = errors.New("invalid audience") + var ErrInvalidAuthToken = errors.New("invalid authorization token") + var ErrInvalidIssuer = errors.New("invalid issuer") + var ErrInvalidKeyID = errors.New("invalid key id") + var ErrNoAuthUser = errors.New("could not identify authenticated user in request") + var ErrNoAuthorization = errors.New("no authorization header in request") + var ErrNoClaims = errors.New("no claims found on the request context") + var ErrNoKeyID = errors.New("token does not have kid in header") + var ErrNoRefreshToken = errors.New("cannot reauthenticate no refresh token in request") + var ErrNoUserInfo = errors.New("no user info found on the request context") + var ErrNotAuthorized = errors.New("user does not have permission to perform this operation") + var ErrParseBearer = errors.New("could not parse Bearer token from Authorization header") + var ErrUnauthenticated = errors.New("request is unauthenticated") + var ErrUnknownSigningKey = errors.New("unknown signing key") + var ErrUnparsableClaims = errors.New("could not parse or verify claims") + func Authenticate(issuer *ClaimsIssuer) gin.HandlerFunc + func Authorize(permissions ...string) gin.HandlerFunc + func ClearAuthCookies(c *gin.Context, domain string) + func CreateDerivedKey(password string) (_ string, err error) + func ExpiresAt(tks string) (_ time.Time, err error) + func GetAccessToken(c *gin.Context) (tks string, err error) + func GetRefreshToken(c *gin.Context) (tks string, err error) + func IsDerivedKey(s string) bool + func NotBefore(tks string) (_ time.Time, err error) + func ParseDerivedKey(encoded string) (dk, salt []byte, time, memory uint32, threads uint8, err error) + func ParseUnverified(tks string) (claims *jwt.RegisteredClaims, err error) + func Reauthenticate(issuer *ClaimsIssuer) gin.HandlerFunc + func SetAuthCookies(c *gin.Context, accessToken, refreshToken, domain string) (err error) + func VerifyDerivedKey(dk, password string) (_ bool, err error) + type Claims struct + Email string + Name string + Permissions []string + Role string + func GetClaims(c *gin.Context) (*Claims, error) + func (c *Claims) SetSubjectID(uid int64) + func (c Claims) HasAllPermissions(required ...string) bool + func (c Claims) HasPermission(required string) bool + func (c Claims) SubjectId() (int64, error) + type ClaimsIssuer struct + func NewIssuer(conf config.AuthConfig) (_ *ClaimsIssuer, err error) + func (tm *ClaimsIssuer) CreateAccessToken(claims *Claims) (_ *jwt.Token, err error) + func (tm *ClaimsIssuer) CreateRefreshToken(accessToken *jwt.Token) (_ *jwt.Token, err error) + func (tm *ClaimsIssuer) CreateTokens(claims *Claims) (signedAccessToken, signedRefreshToken string, err error) + func (tm *ClaimsIssuer) CurrentKey() ulid.ULID + func (tm *ClaimsIssuer) Keys() map[ulid.ULID]*rsa.PublicKey + func (tm *ClaimsIssuer) Parse(tks string) (claims *Claims, err error) + func (tm *ClaimsIssuer) Sign(token *jwt.Token) (tks string, err error) + func (tm *ClaimsIssuer) Verify(tks string) (claims *Claims, err error)