Documentation ¶
Index ¶
- Constants
- func APIKey(r *http.Request) database.APIKey
- func Authorize(logger slog.Logger, auth *rbac.RegoAuthorizer, action rbac.Action) func(http.Handler) http.Handler
- func ExtractAPIKey(db database.Store, oauth *OAuth2Configs) func(http.Handler) http.Handler
- func ExtractOAuth2(config OAuth2Config) func(http.Handler) http.Handler
- func ExtractOrganizationParam(db database.Store) func(http.Handler) http.Handler
- func ExtractTemplateParam(db database.Store) func(http.Handler) http.Handler
- func ExtractTemplateVersionParam(db database.Store) func(http.Handler) http.Handler
- func ExtractUserParam(db database.Store) func(http.Handler) http.Handler
- func ExtractUserRoles(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceAgent(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceAgentParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceBuildParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceResourceParam(db database.Store) func(http.Handler) http.Handler
- func OrganizationMemberParam(r *http.Request) database.OrganizationMember
- func OrganizationParam(r *http.Request) database.Organization
- func Prometheus(next http.Handler) http.Handler
- func RateLimitPerMinute(count int) func(http.Handler) http.Handler
- func TemplateParam(r *http.Request) database.Template
- func TemplateVersionParam(r *http.Request) database.TemplateVersion
- func UserParam(r *http.Request) database.User
- func UserRoles(r *http.Request) database.GetAllUserRolesRow
- func WithRBACObject(object rbac.Object) func(http.Handler) http.Handler
- func WorkspaceAgent(r *http.Request) database.WorkspaceAgent
- func WorkspaceAgentParam(r *http.Request) database.WorkspaceAgent
- func WorkspaceBuildParam(r *http.Request) database.WorkspaceBuild
- func WorkspaceParam(r *http.Request) database.Workspace
- func WorkspaceResourceParam(r *http.Request) database.WorkspaceResource
- type OAuth2Config
- type OAuth2Configs
- type OAuth2State
Constants ¶
const AuthCookie = "session_token"
AuthCookie represents the name of the cookie the API key is stored in.
Variables ¶
This section is empty.
Functions ¶
func Authorize ¶ added in v0.5.4
func Authorize(logger slog.Logger, auth *rbac.RegoAuthorizer, action rbac.Action) func(http.Handler) http.Handler
Authorize will enforce if the user roles can complete the action on the AuthObject. The organization and owner are found using the ExtractOrganization and ExtractUser middleware if present.
func ExtractAPIKey ¶
ExtractAPIKey requires authentication using a valid API key. It handles extending an API key if it comes close to expiry, updating the last used time in the database.
func ExtractOAuth2 ¶ added in v0.4.4
func ExtractOAuth2(config OAuth2Config) func(http.Handler) http.Handler
ExtractOAuth2 is a middleware for automatically redirecting to OAuth URLs, and handling the exchange inbound. Any route that does not have a "code" URL parameter will be redirected.
func ExtractOrganizationParam ¶
ExtractOrganizationParam grabs an organization and user membership from the "organization" URL parameter. This middleware requires the API key middleware higher in the call stack for authentication.
func ExtractTemplateParam ¶ added in v0.4.0
ExtractTemplateParam grabs a template from the "template" URL parameter.
func ExtractTemplateVersionParam ¶ added in v0.4.0
ExtractTemplateVersionParam grabs template version from the "templateversion" URL parameter.
func ExtractUserParam ¶
ExtractUserParam extracts a user from an ID/username in the {user} URL parameter.
func ExtractUserRoles ¶ added in v0.5.4
ExtractUserRoles requires authentication using a valid API key.
func ExtractWorkspaceAgent ¶
ExtractWorkspaceAgent requires authentication using a valid agent token.
func ExtractWorkspaceAgentParam ¶ added in v0.4.1
ExtractWorkspaceAgentParam grabs a workspace agent from the "workspaceagent" URL parameter.
func ExtractWorkspaceBuildParam ¶
ExtractWorkspaceBuildParam grabs workspace build from the "workspacebuild" URL parameter.
func ExtractWorkspaceParam ¶
ExtractWorkspaceParam grabs a workspace from the "workspace" URL parameter.
func ExtractWorkspaceResourceParam ¶
ExtractWorkspaceResourceParam grabs a workspace resource from the "provisionerjob" URL parameter.
func OrganizationMemberParam ¶
func OrganizationMemberParam(r *http.Request) database.OrganizationMember
OrganizationMemberParam returns the organization membership that allowed the query from the ExtractOrganizationParam handler.
func OrganizationParam ¶
func OrganizationParam(r *http.Request) database.Organization
OrganizationParam returns the organization from the ExtractOrganizationParam handler.
func RateLimitPerMinute ¶
RateLimitPerMinute returns a handler that limits requests per-minute based on IP, endpoint, and user ID (if available).
func TemplateParam ¶ added in v0.4.0
TemplateParam returns the template from the ExtractTemplateParam handler.
func TemplateVersionParam ¶ added in v0.4.0
func TemplateVersionParam(r *http.Request) database.TemplateVersion
TemplateVersionParam returns the template version from the ExtractTemplateVersionParam handler.
func UserRoles ¶ added in v0.5.4
func UserRoles(r *http.Request) database.GetAllUserRolesRow
UserRoles returns the API key from the ExtractUserRoles handler.
func WithRBACObject ¶ added in v0.5.4
WithRBACObject sets the object for 'Authorize()' for all routes handled by this middleware. The important field to set is 'Type'
func WorkspaceAgent ¶
func WorkspaceAgent(r *http.Request) database.WorkspaceAgent
WorkspaceAgent returns the workspace agent from the ExtractAgent handler.
func WorkspaceAgentParam ¶ added in v0.4.1
func WorkspaceAgentParam(r *http.Request) database.WorkspaceAgent
WorkspaceAgentParam returns the workspace agent from the ExtractWorkspaceAgentParam handler.
func WorkspaceBuildParam ¶
func WorkspaceBuildParam(r *http.Request) database.WorkspaceBuild
WorkspaceBuildParam returns the workspace build from the ExtractWorkspaceBuildParam handler.
func WorkspaceParam ¶
WorkspaceParam returns the workspace from the ExtractWorkspaceParam handler.
func WorkspaceResourceParam ¶
func WorkspaceResourceParam(r *http.Request) database.WorkspaceResource
ProvisionerJobParam returns the template from the ExtractTemplateParam handler.
Types ¶
type OAuth2Config ¶
type OAuth2Config interface { AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) TokenSource(context.Context, *oauth2.Token) oauth2.TokenSource }
OAuth2Config exposes a subset of *oauth2.Config functions for easier testing. *oauth2.Config should be used instead of implementing this in production.
type OAuth2Configs ¶ added in v0.4.4
type OAuth2Configs struct {
Github OAuth2Config
}
OAuth2Configs is a collection of configurations for OAuth-based authentication. This should be extended to support other authentication types in the future.
type OAuth2State ¶ added in v0.4.4
func OAuth2 ¶ added in v0.4.4
func OAuth2(r *http.Request) OAuth2State
OAuth2 returns the state from an oauth request.