secure_backend

package module

v0.3.2 Latest Latest Go to latest Published: Nov 17, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/eaglesakura/go-secure-backend

Links

Open Source Insights

README ¶

go-secure-backend

Enable API

IAM API
- https://console.developers.google.com/apis/api/iam.googleapis.com

IAM settings.

You need attach roles to your service account.

for Firebase Auth token verify.
- Firebase Admin SDK Administrator Service Agent
- Service Account Token Creator
for API Key verify.
- Service Controller

Firebase Auth token verifier

var securityContext SecurityContext

func HandleHttp(w http.ResponseWriter, r *http.Request) {
    authToken := // get Firebase Token from request.

    parsedToken, err := securityContext.NewFirebaseAuthVerifier().Verify(apiKey)
    if err != nil {
        panic("Invalid Firebase Token!!")
    }
    
    // do something...
}

func main() {
    configs := &secure_backend.SecurityContextConfigs{}
    if ctx, err := secure_backend.NewSecurityContext(configs); err != nil {
        panic(err)
    } else {
        securityContext = ctx
    }
}

Google Cloud Platform API Key validator

Validation your API Key, created by Google Cloud Platform.


var securityContext SecurityContext

func HandleHttp(w http.ResponseWriter, r *http.Request) {
    apiKey := // get Google API Key from reqeust.
    if !securityContext.NewGoogleApiKeyVerifier().Verify(apiKey) {
        panic("Invalid Google API Key!!")
    }
    
    // do something.
}

func main() {
    configs := &secure_backend.SecurityContextConfigs{}
    if ctx, err := secure_backend.NewSecurityContext(configs); err != nil {
        panic(err)
    } else {
        securityContext = ctx
    }
}

Step1. Enable ServiceControl API.

You need ServiceControl API to enable.

Step2. Deploy Swagger file to Cloud Endpoint.

Deploy your API spec to Cloud Endpoint.

If you not use OpenAPI Based API, then you can deploy mock file to Endpoint.

# Init your GCP project.
gcloud init

# deploy
cd path/to/go-secure-backend
./scripts/enable-cloud-endpoint.sh "your-gcp-project-name.appspot.com"

(Option) Step3. API Key security.

You can enable 'restrict key' mode to your API Key on GCP Console.

Go to "GCP Console > APIs & Services > Credentials > (API Key) > API restrictions > Your serviceName" e.g.) "your-gcp-project.appspot.com" API.

Documentation ¶

Index ¶

type FirebaseAuthVerifier
type FirebaseUser
- func (it *FirebaseUser) String() string
type GoogleApiKeyVerifier
type Logger
type SecurityContext
- func NewSecurityContext(ctx context.Context, configs *SecurityContextConfigs) (SecurityContext, error)
type SecurityContextConfigs
type VerifiedFirebaseAuthToken

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type FirebaseAuthVerifier ¶

type FirebaseAuthVerifier interface {
	// Set custom logger.
	SetLogger(logger *Logger)

	// Support Original JWT Token.
	// sub = your GCP Project
	// default = deny.
	AcceptOriginalToken()

	// Verify Firebase Auth token.
	// supported)
	// 	- JWT: Firebase Custom Token source
	// 	- JWT: Firebase Auth Token
	// 		see) https://firebase.google.com/docs/auth/android/custom-auth?hl=en
	Verify(ctx context.Context, token string) (*VerifiedFirebaseAuthToken, error)
}

Verifier for Firebase Auth token.

type FirebaseUser ¶

type FirebaseUser struct {
	/*
		Firebase user id.
	*/
	Id string
}

func (*FirebaseUser) String ¶

func (it *FirebaseUser) String() string

type GoogleApiKeyVerifier ¶

type GoogleApiKeyVerifier interface {
	// Set custom logger.
	SetLogger(logger *Logger)

	// Set custom service name for 'Service Control' check API.
	// Default is 'your-gcp-name.appspot.com'
	// https://cloud.google.com/service-infrastructure/docs/service-control/getting-started?hl=en
	SetServiceName(serviceName string)

	// Verify your API Key.
	Verify(ctx context.Context, apiKey string) error
}

Google Cloud Platform API Key verify.

type Logger ¶

type Logger struct {
	Info  func(message string)
	Error func(message string)
}

type SecurityContext ¶

type SecurityContext interface {
	// Returns Firebase auth based JWT verifier.
	//
	// see)
	// 	- https://firebase.google.com/docs/auth?hl=en
	// 	- https://github.com/firebase/firebase-admin-go/tree/master/auth
	NewFirebaseAuthVerifier() FirebaseAuthVerifier

	// Returns Google API Key verifier.
	// see)
	// 	- https://cloud.google.com/docs/authentication/api-keys?hl=en
	NewGoogleApiKeyVerifier() GoogleApiKeyVerifier
}

func NewSecurityContext ¶

func NewSecurityContext(ctx context.Context, configs *SecurityContextConfigs) (SecurityContext, error)

New instance.

type SecurityContextConfigs ¶

type SecurityContextConfigs struct {
	/*
		Custom logger.
	*/
	Logger *Logger

	/*
		Custom GCP service account's json file.
		If this value is nil, then load from 'GOOGLE_APPLICATION_CREDENTIALS'.

		see) https://cloud.google.com/docs/authentication/getting-started?hl=en
	*/
	GoogleServiceAccountJson []byte
}

logger function

type VerifiedFirebaseAuthToken ¶

type VerifiedFirebaseAuthToken struct {
	/*
		Authorize user.
	*/
	User *FirebaseUser

	/*
		Token expire time.
	*/
	ExpireAt time.Time

	/*
		JWT Claims.
	*/
	Claims map[string]interface{}
}

Verified JWT Data.

func (*VerifiedFirebaseAuthToken) GetFloatClaim ¶

func (it *VerifiedFirebaseAuthToken) GetFloatClaim(key string) (float64, error)

func (*VerifiedFirebaseAuthToken) GetIntClaim ¶

func (it *VerifiedFirebaseAuthToken) GetIntClaim(key string) (int64, error)

func (*VerifiedFirebaseAuthToken) GetStringClaim ¶

func (it *VerifiedFirebaseAuthToken) GetStringClaim(key string) (string, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
testutils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL