Documentation ¶
Index ¶
- Constants
- Variables
- func AccessTokenPreload(db *gorm.DB) *gorm.DB
- func AccessTokenPreloadWithPrefix(db *gorm.DB, prefix string) *gorm.DB
- func AuthorizationCodePreload(db *gorm.DB) *gorm.DB
- func AuthorizationCodePreloadWithPrefix(db *gorm.DB, prefix string) *gorm.DB
- func MigrateAll(db *gorm.DB) error
- func RefreshTokenPreload(db *gorm.DB) *gorm.DB
- func RefreshTokenPreloadWithPrefix(db *gorm.DB, prefix string) *gorm.DB
- type AccessToken
- type AccessTokenResponse
- type AuthorizationCode
- type Client
- type IntrospectResponse
- type RefreshToken
- type Role
- type Scope
- type Service
- func (s *Service) AuthClient(clientID, secret string) (*Client, error)
- func (s *Service) AuthUser(username, password string) (*User, error)
- func (s *Service) Authenticate(token string) (*AccessToken, error)
- func (s *Service) ClientExists(clientID string) bool
- func (s *Service) CreateClient(clientID, secret, redirectURI string) (*Client, error)
- func (s *Service) CreateClientTx(tx *gorm.DB, clientID, secret, redirectURI string) (*Client, error)
- func (s *Service) CreateUser(roleID, username, password string) (*User, error)
- func (s *Service) CreateUserTx(tx *gorm.DB, roleID, username, password string) (*User, error)
- func (s *Service) FindClientByClientID(clientID string) (*Client, error)
- func (s *Service) FindRoleByID(id string) (*Role, error)
- func (s *Service) FindUserByUsername(username string) (*User, error)
- func (s *Service) GetConfig() *config.Config
- func (s *Service) GetDefaultScope() string
- func (s *Service) GetOrCreateRefreshToken(client *Client, user *User, expiresIn int, scope string) (*RefreshToken, error)
- func (s *Service) GetRoutes() []routes.Route
- func (s *Service) GetScope(requestedScope string) (string, error)
- func (s *Service) GetValidRefreshToken(token string, client *Client) (*RefreshToken, error)
- func (s *Service) GrantAccessToken(client *Client, user *User, expiresIn int, scope string) (*AccessToken, error)
- func (s *Service) GrantAuthorizationCode(client *Client, user *User, expiresIn int, redirectURI, scope string) (*AuthorizationCode, error)
- func (s *Service) IsRoleAllowed(role string) bool
- func (s *Service) Login(client *Client, user *User, scope string) (*AccessToken, *RefreshToken, error)
- func (s *Service) NewIntrospectResponseFromAccessToken(accessToken *AccessToken) (*IntrospectResponse, error)
- func (s *Service) NewIntrospectResponseFromRefreshToken(refreshToken *RefreshToken) (*IntrospectResponse, error)
- func (s *Service) RegisterRoutes(router *mux.Router, prefix string)
- func (s *Service) RestrictToRoles(allowedRoles ...string)
- func (s *Service) ScopeExists(requestedScope string) bool
- func (s *Service) SetPassword(user *User, password string) error
- func (s *Service) SetPasswordTx(tx *gorm.DB, user *User, password string) error
- func (s *Service) UpdateUsername(user *User, username string) error
- func (s *Service) UpdateUsernameTx(tx *gorm.DB, user *User, username string) error
- func (s *Service) UserExists(username string) bool
- type ServiceInterface
- type User
Constants ¶
const ( // AccessTokenHint ... AccessTokenHint = "access_token" // RefreshTokenHint ... RefreshTokenHint = "refresh_token" )
Variables ¶
var ( // ErrAccessTokenNotFound ... ErrAccessTokenNotFound = errors.New("Access token not found") // ErrAccessTokenExpired ... ErrAccessTokenExpired = errors.New("Access token expired") )
var ( // ErrAuthorizationCodeNotFound ... ErrAuthorizationCodeNotFound = errors.New("Authorization code not found") // ErrAuthorizationCodeExpired ... ErrAuthorizationCodeExpired = errors.New("Authorization code expired") )
var ( // ErrClientNotFound ... ErrClientNotFound = errors.New("Client not found") // ErrInvalidClientSecret ... ErrInvalidClientSecret = errors.New("Invalid client secret") // ErrClientIDTaken ... ErrClientIDTaken = errors.New("Client ID taken") )
var ( // ErrInvalidGrantType ... ErrInvalidGrantType = errors.New("Invalid grant type") // ErrInvalidClientIDOrSecret ... ErrInvalidClientIDOrSecret = errors.New("Invalid client ID or secret") )
var ( // ErrTokenMissing ... ErrTokenMissing = errors.New("Token missing") // ErrTokenHintInvalid ... ErrTokenHintInvalid = errors.New("Invalid token hint") )
var ( // ErrRefreshTokenNotFound ... ErrRefreshTokenNotFound = errors.New("Refresh token not found") // ErrRefreshTokenExpired ... ErrRefreshTokenExpired = errors.New("Refresh token expired") // ErrRequestedScopeCannotBeGreater ... ErrRequestedScopeCannotBeGreater = errors.New("Requested scope cannot be greater") )
var ( // MinPasswordLength defines minimum password length MinPasswordLength = 6 // ErrPasswordTooShort ... ErrPasswordTooShort = fmt.Errorf( "Password must be at least %d characters long", MinPasswordLength, ) // ErrUserNotFound ... ErrUserNotFound = errors.New("User not found") // ErrInvalidUserPassword ... ErrInvalidUserPassword = errors.New("Invalid user password") // ErrCannotSetEmptyUsername ... ErrCannotSetEmptyUsername = errors.New("Cannot set empty username") // ErrUserPasswordNotSet ... ErrUserPasswordNotSet = errors.New("User password not set") // ErrUsernameTaken ... ErrUsernameTaken = errors.New("Username taken") )
var ( // ErrInvalidRedirectURI ... ErrInvalidRedirectURI = errors.New("Invalid redirect URI") )
var ( // ErrInvalidScope ... ErrInvalidScope = errors.New("Invalid scope") )
var ( // ErrInvalidUsernameOrPassword ... ErrInvalidUsernameOrPassword = errors.New("Invalid username or password") )
var ( // ErrRoleNotFound ... ErrRoleNotFound = errors.New("Role not found") )
Functions ¶
func AccessTokenPreload ¶
AccessTokenPreload sets up Gorm preloads for an access token object
func AccessTokenPreloadWithPrefix ¶
AccessTokenPreloadWithPrefix sets up Gorm preloads for an access token object, and prefixes with prefix for nested objects
func AuthorizationCodePreload ¶
AuthorizationCodePreload sets up Gorm preloads for an auth code object
func AuthorizationCodePreloadWithPrefix ¶
AuthorizationCodePreloadWithPrefix sets up Gorm preloads for an auth code object, and prefixes with prefix for nested objects
func RefreshTokenPreload ¶
RefreshTokenPreload sets up Gorm preloads for a refresh token object
Types ¶
type AccessToken ¶
type AccessToken struct { gorm.Model ClientID sql.NullInt64 `sql:"index;not null"` UserID sql.NullInt64 `sql:"index"` Client *Client User *User Token string `sql:"type:varchar(40);unique;not null"` ExpiresAt time.Time `sql:"not null"` Scope string `sql:"type:varchar(200);not null"` }
AccessToken ...
func NewAccessToken ¶
func NewAccessToken(client *Client, user *User, expiresIn int, scope string) *AccessToken
NewAccessToken creates new AccessToken instance
func (*AccessToken) TableName ¶
func (at *AccessToken) TableName() string
TableName specifies table name
type AccessTokenResponse ¶
type AccessTokenResponse struct { UserID uint `json:"user_id,omitempty"` AccessToken string `json:"access_token"` ExpiresIn int `json:"expires_in"` TokenType string `json:"token_type"` Scope string `json:"scope"` RefreshToken string `json:"refresh_token,omitempty"` }
AccessTokenResponse ...
func NewAccessTokenResponse ¶
func NewAccessTokenResponse(accessToken *AccessToken, refreshToken *RefreshToken, lifetime int, theTokenType string) (*AccessTokenResponse, error)
NewAccessTokenResponse ...
type AuthorizationCode ¶
type AuthorizationCode struct { gorm.Model ClientID sql.NullInt64 `sql:"index;not null"` UserID sql.NullInt64 `sql:"index;not null"` Client *Client User *User Code string `sql:"type:varchar(40);unique;not null"` RedirectURI sql.NullString `sql:"type:varchar(200)"` ExpiresAt time.Time `sql:"not null"` Scope string `sql:"type:varchar(200);not null"` }
AuthorizationCode ...
func NewAuthorizationCode ¶
func NewAuthorizationCode(client *Client, user *User, expiresIn int, redirectURI, scope string) *AuthorizationCode
NewAuthorizationCode creates new AuthorizationCode instance
func (*AuthorizationCode) TableName ¶
func (ac *AuthorizationCode) TableName() string
TableName specifies table name
type Client ¶
type Client struct { gorm.Model Key string `sql:"type:varchar(254);unique;not null"` Secret string `sql:"type:varchar(60);not null"` RedirectURI sql.NullString `sql:"type:varchar(200)"` }
Client ...
type IntrospectResponse ¶
type IntrospectResponse struct { Active bool `json:"active"` Scope string `json:"scope,omitempty"` ClientID string `json:"client_id,omitempty"` Username string `json:"username,omitempty"` TokenType string `json:"token_type,omitempty"` ExpiresAt int `json:"exp,omitempty"` }
IntrospectResponse ...
type RefreshToken ¶
type RefreshToken struct { gorm.Model ClientID sql.NullInt64 `sql:"index;not null"` UserID sql.NullInt64 `sql:"index"` Client *Client User *User Token string `sql:"type:varchar(40);unique;not null"` ExpiresAt time.Time `sql:"not null"` Scope string `sql:"type:varchar(200);not null"` }
RefreshToken ...
func NewRefreshToken ¶
func NewRefreshToken(client *Client, user *User, expiresIn int, scope string) *RefreshToken
NewRefreshToken creates new RefreshToken instance
func (*RefreshToken) TableName ¶
func (rt *RefreshToken) TableName() string
TableName specifies table name
type Role ¶
type Role struct { database.TimestampModel ID string `gorm:"primary_key" sql:"type:varchar(20)"` Name string `sql:"type:varchar(50);unique;not null"` }
Role is a one of roles user can have (currently superuser or user)
type Scope ¶
type Scope struct { gorm.Model Scope string `sql:"type:varchar(200);unique;not null"` Description sql.NullString IsDefault bool `sql:"default:false"` }
Scope ...
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service struct keeps objects to avoid passing them around
func NewService ¶
NewService starts a new Service instance
func (*Service) AuthClient ¶
AuthClient authenticates client
func (*Service) Authenticate ¶
func (s *Service) Authenticate(token string) (*AccessToken, error)
Authenticate checks the access token is valid
func (*Service) ClientExists ¶
ClientExists returns true if client exists
func (*Service) CreateClient ¶
CreateClient saves a new client to database
func (*Service) CreateClientTx ¶
func (s *Service) CreateClientTx(tx *gorm.DB, clientID, secret, redirectURI string) (*Client, error)
CreateClientTx saves a new client to database using injected db object
func (*Service) CreateUser ¶
CreateUser saves a new user to database
func (*Service) CreateUserTx ¶
CreateUserTx saves a new user to database using injected db object
func (*Service) FindClientByClientID ¶
FindClientByClientID looks up a client by client ID
func (*Service) FindRoleByID ¶
FindRoleByID looks up a role by ID and returns it
func (*Service) FindUserByUsername ¶
FindUserByUsername looks up a user by username
func (*Service) GetDefaultScope ¶
GetDefaultScope returns the default scope
func (*Service) GetOrCreateRefreshToken ¶
func (s *Service) GetOrCreateRefreshToken(client *Client, user *User, expiresIn int, scope string) (*RefreshToken, error)
GetOrCreateRefreshToken retrieves an existing refresh token, if expired, the token gets deleted and new refresh token is created
func (*Service) GetScope ¶
GetScope takes a requested scope and, if it's empty, returns the default scope, if not empty, it validates the requested scope
func (*Service) GetValidRefreshToken ¶
func (s *Service) GetValidRefreshToken(token string, client *Client) (*RefreshToken, error)
GetValidRefreshToken returns a valid non expired refresh token
func (*Service) GrantAccessToken ¶
func (s *Service) GrantAccessToken(client *Client, user *User, expiresIn int, scope string) (*AccessToken, error)
GrantAccessToken deletes old tokens and grants a new access token
func (*Service) GrantAuthorizationCode ¶
func (s *Service) GrantAuthorizationCode(client *Client, user *User, expiresIn int, redirectURI, scope string) (*AuthorizationCode, error)
GrantAuthorizationCode grants a new authorization code
func (*Service) IsRoleAllowed ¶
IsRoleAllowed returns true if the role is allowed to use this service
func (*Service) Login ¶
func (s *Service) Login(client *Client, user *User, scope string) (*AccessToken, *RefreshToken, error)
Login creates an access token and refresh token for a user (logs him/her in)
func (*Service) NewIntrospectResponseFromAccessToken ¶
func (s *Service) NewIntrospectResponseFromAccessToken(accessToken *AccessToken) (*IntrospectResponse, error)
NewIntrospectResponseFromAccessToken ...
func (*Service) NewIntrospectResponseFromRefreshToken ¶
func (s *Service) NewIntrospectResponseFromRefreshToken(refreshToken *RefreshToken) (*IntrospectResponse, error)
NewIntrospectResponseFromRefreshToken ...
func (*Service) RegisterRoutes ¶
RegisterRoutes registers route handlers for the oauth service
func (*Service) RestrictToRoles ¶
RestrictToRoles restricts this service to only specified roles
func (*Service) ScopeExists ¶
ScopeExists checks if a scope exists
func (*Service) SetPassword ¶
SetPassword sets a user password
func (*Service) SetPasswordTx ¶
SetPasswordTx sets a user password in a transaction
func (*Service) UpdateUsername ¶
UpdateUsername ...
func (*Service) UpdateUsernameTx ¶
UpdateUsernameTx ...
func (*Service) UserExists ¶
UserExists returns true if user exists
type ServiceInterface ¶
type ServiceInterface interface { // Exported methods GetConfig() *config.Config RestrictToRoles(allowedRoles ...string) IsRoleAllowed(role string) bool GetRoutes() []routes.Route RegisterRoutes(router *mux.Router, prefix string) ClientExists(clientID string) bool FindClientByClientID(clientID string) (*Client, error) CreateClient(clientID, secret, redirectURI string) (*Client, error) CreateClientTx(tx *gorm.DB, clientID, secret, redirectURI string) (*Client, error) AuthClient(clientID, secret string) (*Client, error) UserExists(username string) bool FindUserByUsername(username string) (*User, error) CreateUser(roleID, username, password string) (*User, error) CreateUserTx(tx *gorm.DB, roleID, username, password string) (*User, error) SetPassword(user *User, password string) error SetPasswordTx(tx *gorm.DB, user *User, password string) error UpdateUsername(user *User, username string) error UpdateUsernameTx(db *gorm.DB, user *User, username string) error AuthUser(username, thePassword string) (*User, error) GetScope(requestedScope string) (string, error) Login(client *Client, user *User, scope string) (*AccessToken, *RefreshToken, error) GrantAuthorizationCode(client *Client, user *User, expiresIn int, redirectURI, scope string) (*AuthorizationCode, error) GrantAccessToken(client *Client, user *User, expiresIn int, scope string) (*AccessToken, error) GetOrCreateRefreshToken(client *Client, user *User, expiresIn int, scope string) (*RefreshToken, error) GetValidRefreshToken(token string, client *Client) (*RefreshToken, error) Authenticate(token string) (*AccessToken, error) NewIntrospectResponseFromAccessToken(accessToken *AccessToken) (*IntrospectResponse, error) NewIntrospectResponseFromRefreshToken(refreshToken *RefreshToken) (*IntrospectResponse, error) }
ServiceInterface defines exported methods
Source Files ¶
- access_token.go
- authenticate.go
- authorization_code.go
- client.go
- errors.go
- grant_type_authorization_code.go
- grant_type_client_credentials.go
- grant_type_password.go
- grant_type_refresh_token.go
- handlers.go
- introspect.go
- logger.go
- login.go
- migrations.go
- models.go
- refresh_token.go
- response.go
- role.go
- routes.go
- scope.go
- service.go
- service_interface.go
- user.go