Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrTokenExpired = errors.New("token expired") ErrInvalidToken = errors.New("invalid token") )
Functions ¶
This section is empty.
Types ¶
type BoolValue ¶
type BoolValue struct {
Value bool `json:"value,omitempty"`
}
BoolValue allows override boolean option.
type ConnectToken ¶
type ConnectToken struct {
// UserID tells an ID of connecting user.
UserID string
// ExpireAt allows setting time in future when connection must be validated.
// Validation can be server-side using On().Refresh callback or client-side
// if On().Refresh not set.
ExpireAt int64
// Info contains additional information about connection. It will be
// included into Join/Leave messages, into Alive information, also
// info becomes a part of published message if it was published from
// client directly. In some cases having additional info can be an
// overhead – but you are simply free to not use it.
Info []byte
// Meta is custom data to append to a connection. Can be retrieved later
// for connection inspection. Never sent in a client protocol and accessible
// from a backend-side only.
Meta json.RawMessage
// Subs is a map of channels to subscribe server-side with options.
Subs map[string]centrifuge.SubscribeOptions
}
type ConnectTokenClaims ¶
type ConnectTokenClaims struct {
ExpireAt *int64 `json:"expire_at,omitempty"`
Info json.RawMessage `json:"info,omitempty"`
Base64Info string `json:"b64info,omitempty"`
Channels []string `json:"channels,omitempty"`
Subs map[string]SubscribeOptions `json:"subs,omitempty"`
Meta json.RawMessage `json:"meta,omitempty"`
// Channel must never be set in connection tokens. We check this on verifying.
Channel string `json:"channel,omitempty"`
jwt.RegisteredClaims
}
type Decoder ¶
type Decoder struct{}
func (*Decoder) DecodeConnectClaims ¶
func (d *Decoder) DecodeConnectClaims(data []byte) (*ConnectTokenClaims, error)
func (*Decoder) DecodeSubscribeClaims ¶
func (d *Decoder) DecodeSubscribeClaims(data []byte) (*SubscribeTokenClaims, error)
type SubscribeOptionOverride ¶
type SubscribeOptionOverride struct {
// Presence turns on participating in channel presence.
Presence *BoolValue `json:"presence,omitempty"`
// JoinLeave enables sending Join and Leave messages for this client in channel.
JoinLeave *BoolValue `json:"join_leave,omitempty"`
// ForcePushJoinLeave forces sending join/leave for this client.
ForcePushJoinLeave *BoolValue `json:"force_push_join_leave,omitempty"`
// ForcePositioning on says that client will additionally sync its position inside
// a stream to prevent message loss. Make sure you are enabling ForcePositioning in channels
// that maintain Publication history stream. When ForcePositioning is on Centrifuge will
// include StreamPosition information to subscribe response - for a client to be able
// to manually track its position inside a stream.
ForcePositioning *BoolValue `json:"force_positioning,omitempty"`
// ForceRecovery turns on recovery option for a channel. In this case client will try to
// recover missed messages automatically upon resubscribe to a channel after reconnect
// to a server. This option also enables client position tracking inside a stream
// (like ForcePositioning option) to prevent occasional message loss. Make sure you are using
// ForceRecovery in channels that maintain Publication history stream.
ForceRecovery *BoolValue `json:"force_recovery,omitempty"`
}
SubscribeOptionOverride to override configured behaviour of subscriptions.
type SubscribeOptions ¶
type SubscribeOptions struct {
// Info defines custom channel information, zero value means no channel information.
Info json.RawMessage `json:"info,omitempty"`
// Base64Info is like Info but for binary.
Base64Info string `json:"b64info,omitempty"`
// Data to send to a client with Subscribe Push.
Data json.RawMessage `json:"data,omitempty"`
// Base64Data is like Data but for binary data.
Base64Data string `json:"b64data,omitempty"`
// Override channel options can contain channel options overrides.
Override *SubscribeOptionOverride `json:"override,omitempty"`
}
SubscribeOptions define per-subscription options.
type SubscribeToken ¶
type SubscribeToken struct {
// UserID tells an ID of subscribing user.
UserID string
// Channel client wants to subscribe. Will be compared with channel in
// subscribe command.
Channel string
// Client is a deprecated claim for compatibility with Centrifugo v3.
Client string
// Options for subscription.
Options centrifuge.SubscribeOptions
}
type SubscribeTokenClaims ¶
type SubscribeTokenClaims struct {
jwt.RegisteredClaims
SubscribeOptions
Channel string `json:"channel,omitempty"`
Client string `json:"client,omitempty"`
ExpireAt *int64 `json:"expire_at,omitempty"`
}
type Verifier ¶
type Verifier interface {
VerifyConnectToken(token string, skipVerify bool) (ConnectToken, error)
VerifySubscribeToken(token string, skipVerify bool) (SubscribeToken, error)
}
type VerifierConfig ¶
type VerifierConfig struct {
// HMACSecretKey is a secret key used to validate connection and subscription
// tokens generated using HMAC. Zero value means that HMAC tokens won't be allowed.
HMACSecretKey string
// RSAPublicKey is a public key used to validate connection and subscription
// tokens generated using RSA. Zero value means that RSA tokens won't be allowed.
RSAPublicKey *rsa.PublicKey
// ECDSAPublicKey is a public key used to validate connection and subscription
// tokens generated using ECDSA. Zero value means that ECDSA tokens won't be allowed.
ECDSAPublicKey *ecdsa.PublicKey
// JWKSPublicEndpoint is a public url used to validate connection and subscription
// tokens generated using rotating RSA public keys. Zero value means that JSON Web Key Sets
// extension won't be used.
JWKSPublicEndpoint string
// Audience when set will enable audience token check. See
// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3.
Audience string
// AudienceRegex allows setting Audience in form of Go language regex pattern. Regex groups
// may be then used in constructing JWKSPublicEndpoint.
AudienceRegex string
// Issuer when set will enable a check that token issuer matches configured string.
// See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1.
Issuer string
// IssuerRegex allows setting Issuer in form of Go language regex pattern. Regex groups
// may be then used in constructing JWKSPublicEndpoint.
IssuerRegex string
// UserIDClaim allows overriding default claim used to extract user ID from token.
// By default, Centrifugo uses "sub" and we recommend keeping the default if possible.
UserIDClaim string
}
func (VerifierConfig) Validate ¶
func (c VerifierConfig) Validate() error
type VerifierJWT ¶
type VerifierJWT struct {
// contains filtered or unexported fields
}
func NewTokenVerifierJWT ¶
func NewTokenVerifierJWT(config VerifierConfig, ruleContainer *rule.Container) (*VerifierJWT, error)
func (*VerifierJWT) Reload ¶
func (verifier *VerifierJWT) Reload(config VerifierConfig) error
func (*VerifierJWT) VerifyConnectToken ¶
func (verifier *VerifierJWT) VerifyConnectToken(t string, skipVerify bool) (ConnectToken, error)
func (*VerifierJWT) VerifySubscribeToken ¶
func (verifier *VerifierJWT) VerifySubscribeToken(t string, skipVerify bool) (SubscribeToken, error)
Source Files
Click to show internal directories.
Click to hide internal directories.