internal

package
v0.0.0-...-37177da Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 27, 2022 License: GPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClearCSRFCookie

func ClearCSRFCookie(r *http.Request, c *http.Cookie) *http.Cookie

ClearCSRFCookie clear csrf cookie from request

func ClearCookie

func ClearCookie(r *http.Request) *http.Cookie

ClearCookie check cookie

func FindCSRFCookie

func FindCSRFCookie(r *http.Request, state string) (c *http.Cookie, err error)

FindCSRFCookie find csrf cookie

func GetLogger

func GetLogger() *logrus.Logger

GetLogger get logger

func MakeCSRFCookie

func MakeCSRFCookie(r *http.Request, nonce string) *http.Cookie

MakeCSRFCookie build csrf cookie

func MakeCookie

func MakeCookie(r *http.Request, email string) *http.Cookie

MakeCookie build cookie

func MakeState

func MakeState(r *http.Request, p provider.Provider, nonce string) string

MakeState build request state

func NewDefaultLogger

func NewDefaultLogger() *logrus.Logger

NewDefaultLogger build default logger

func Nonce

func Nonce() (string, error)

Nonce generate random nonce

func ValidateCSRFCookie

func ValidateCSRFCookie(c *http.Cookie, state string) (valid bool, provider string, redirect string, err error)

ValidateCSRFCookie check csrf cookie

func ValidateCookie

func ValidateCookie(r *http.Request, c *http.Cookie) (string, error)

ValidateCookie validate the cookie for request

func ValidateDomains

func ValidateDomains(email string, domains CommaSeparatedList) bool

ValidateDomains check domains

func ValidateEmail

func ValidateEmail(email, ruleName string) bool

ValidateEmail check email

func ValidateState

func ValidateState(state string) error

ValidateState chech state len

func ValidateWhitelist

func ValidateWhitelist(email string, whitelist CommaSeparatedList) bool

ValidateWhitelist check whitelist

Types

type CommaSeparatedList

type CommaSeparatedList []string

CommaSeparatedList slice

func (*CommaSeparatedList) MarshalFlag

func (r *CommaSeparatedList) MarshalFlag() (string, error)

MarshalFlag marshal flag

func (*CommaSeparatedList) UnmarshalFlag

func (r *CommaSeparatedList) UnmarshalFlag(s string) error

UnmarshalFlag unmarshal flag

type Config

type Config struct {
	Path                   string               `long:"url-path" env:"URL_PATH" default:"/_oauth" description:"Callback URL Path"`
	Port                   int                  `long:"port" env:"PORT" default:"5137" description:"Port to listen on"`
	AuthHost               string               `long:"auth-host" env:"AUTH_HOST" description:"Single host to use when returning from 3rd party auth"`
	CookieName             string               `long:"cookie-name" env:"COOKIE_NAME" default:"_forward_auth" description:"Cookie Name"`
	CookieDomains          []CookieDomain       `long:"cookie-domain" env:"COOKIE_DOMAIN" env-delim:"," description:"Domain to set auth cookie on, can be set multiple times"`
	InsecureCookie         bool                 `long:"insecure-cookie" env:"INSECURE_COOKIE" description:"Use insecure cookies"`
	CSRFCookieName         string               `long:"csrf-cookie-name" env:"CSRF_COOKIE_NAME" default:"_forward_auth_csrf" description:"CSRF Cookie Name"`
	SecretString           string               `long:"secret" env:"SECRET" description:"Secret used for signing (required)" json:"-"`
	LifetimeString         int                  `long:"lifetime" env:"LIFETIME" default:"43200" description:"Lifetime in seconds"`
	LogoutRedirect         string               `long:"logout-redirect" env:"LOGOUT_REDIRECT" description:"URL to redirect to following logout"`
	DefaultAction          string               `long:"default-action" env:"DEFAULT_ACTION" default:"auth" choice:"auth" choice:"allow" description:"Default action"`
	DefaultProvider        string               `` /* 147-byte string literal not displayed */
	Domains                CommaSeparatedList   `long:"domain" env:"DOMAIN" env-delim:"," description:"Only allow given email domains, can be set multiple times"`
	Whitelist              CommaSeparatedList   `long:"whitelist" env:"WHITELIST" env-delim:"," description:"Only allow given email addresses, can be set multiple times"`
	MatchWhitelistOrDomain bool                 `` /* 157-byte string literal not displayed */
	Providers              provider.Providers   `group:"providers" namespace:"providers" env-namespace:"PROVIDERS"`
	Rules                  map[string]*Rule     `long:"rule.<name>.<param>" description:"Rule definitions, param can be: \"action\", \"rule\" or \"provider\""`
	Configure              func(s string) error `long:"config" env:"CONFIG" description:"Path to config file" json:"-"`

	// Filled during transformations
	Secret   []byte `json:"-"`
	Lifetime time.Duration

	// Legacy
	CookieDomainsLegacy CookieDomains `long:"cookie-domains" env:"COOKIE_DOMAINS" description:"DEPRECATED - Use \"cookie-domain\""`
	CookieSecretLegacy  string        `long:"cookie-secret" env:"COOKIE_SECRET" description:"DEPRECATED - Use \"secret\""  json:"-"`
	CookieSecureLegacy  string        `long:"cookie-secure" env:"COOKIE_SECURE" description:"DEPRECATED - Use \"insecure-cookie\""`
	ClientIDLegacy      string        `long:"client-id" env:"CLIENT_ID" description:"DEPRECATED - Use \"providers.google.client-id\""`
	ClientSecretLegacy  string        `long:"client-secret" env:"CLIENT_SECRET" description:"DEPRECATED - Use \"providers.google.client-id\""  json:"-"`
	PromptLegacy        string        `long:"prompt" env:"PROMPT" description:"DEPRECATED - Use \"providers.google.prompt\""`

	// Logger
	LogLevel  string `` /* 174-byte string literal not displayed */
	LogFormat string `long:"log-format" env:"LOG_FORMAT" default:"text" choice:"text" choice:"json" choice:"pretty" description:"Log format"`
}

Config auth global configuration

func NewConfig

func NewConfig(args []string) (*Config, error)

NewConfig build config

func NewGlobalConfig

func NewGlobalConfig() *Config

NewGlobalConfig build global config

func (*Config) GetConfiguredProvider

func (r *Config) GetConfiguredProvider(name string) (provider.Provider, error)

GetConfiguredProvider get provider

func (*Config) GetProvider

func (r *Config) GetProvider(name string) (provider.Provider, error)

GetProvider get provider from config

func (*Config) String

func (r *Config) String() string

func (*Config) Validate

func (r *Config) Validate() *Config

Validate check config

type CookieDomain

type CookieDomain struct {
	Domain       string
	DomainLen    int
	SubDomain    string
	SubDomainLen int
}

CookieDomain definition

func NewCookieDomain

func NewCookieDomain(domain string) *CookieDomain

NewCookieDomain generate

func (*CookieDomain) MarshalFlag

func (r *CookieDomain) MarshalFlag() (string, error)

MarshalFlag get domain

func (*CookieDomain) Match

func (r *CookieDomain) Match(host string) bool

Match whether the given host is match

func (*CookieDomain) UnmarshalFlag

func (r *CookieDomain) UnmarshalFlag(v string) error

UnmarshalFlag from given arg

type CookieDomains

type CookieDomains []CookieDomain

CookieDomains CookieDomain slice

func (*CookieDomains) MarshalFlag

func (r *CookieDomains) MarshalFlag() (string, error)

MarshalFlag get domains

func (*CookieDomains) UnmarshalFlag

func (r *CookieDomains) UnmarshalFlag(v string) error

UnmarshalFlag from given args

type Rule

type Rule struct {
	Action    string
	Rule      string
	Provider  string
	Whitelist CommaSeparatedList
	Domains   CommaSeparatedList
}

Rule definition

func NewRule

func NewRule() *Rule

NewRule build rule

func (*Rule) Validate

func (r *Rule) Validate(cfg *Config) error

Validate rule validate action

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server definition

func NewServer

func NewServer() *Server

NewServer build server

func (*Server) AllowHandler

func (r *Server) AllowHandler(rule string) http.HandlerFunc

AllowHandler allow handler

func (*Server) AuthCallbackHandler

func (r *Server) AuthCallbackHandler() http.HandlerFunc

AuthCallbackHandler authorize callback handler

func (*Server) AuthHandler

func (r *Server) AuthHandler(provider, rule string) http.HandlerFunc

AuthHandler authorize request

func (*Server) DefaultHandler

func (r *Server) DefaultHandler(rw http.ResponseWriter, rq *http.Request)

DefaultHandler overwrite the request from forward request

func (*Server) LogoutHandler

func (r *Server) LogoutHandler() http.HandlerFunc

LogoutHandler logout request handler

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL