Documentation ¶
Index ¶
- func ClearCSRFCookie(r *http.Request, c *http.Cookie) *http.Cookie
- func ClearCookie(r *http.Request) *http.Cookie
- func FindCSRFCookie(r *http.Request, state string) (c *http.Cookie, err error)
- func GetLogger() *logrus.Logger
- func MakeCSRFCookie(r *http.Request, nonce string) *http.Cookie
- func MakeCookie(r *http.Request, email string) *http.Cookie
- func MakeState(r *http.Request, p provider.Provider, nonce string) string
- func NewDefaultLogger() *logrus.Logger
- func Nonce() (string, error)
- func ValidateCSRFCookie(c *http.Cookie, state string) (valid bool, provider string, redirect string, err error)
- func ValidateCookie(r *http.Request, c *http.Cookie) (string, error)
- func ValidateDomains(email string, domains CommaSeparatedList) bool
- func ValidateEmail(email, ruleName string) bool
- func ValidateState(state string) error
- func ValidateWhitelist(email string, whitelist CommaSeparatedList) bool
- type CommaSeparatedList
- type Config
- type CookieDomain
- type CookieDomains
- type Rule
- type Server
- func (r *Server) AllowHandler(rule string) http.HandlerFunc
- func (r *Server) AuthCallbackHandler() http.HandlerFunc
- func (r *Server) AuthHandler(provider, rule string) http.HandlerFunc
- func (r *Server) DefaultHandler(rw http.ResponseWriter, rq *http.Request)
- func (r *Server) LogoutHandler() http.HandlerFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClearCSRFCookie ¶
ClearCSRFCookie clear csrf cookie from request
func FindCSRFCookie ¶
FindCSRFCookie find csrf cookie
func MakeCSRFCookie ¶
MakeCSRFCookie build csrf cookie
func MakeCookie ¶
MakeCookie build cookie
func NewDefaultLogger ¶
NewDefaultLogger build default logger
func ValidateCSRFCookie ¶
func ValidateCSRFCookie(c *http.Cookie, state string) (valid bool, provider string, redirect string, err error)
ValidateCSRFCookie check csrf cookie
func ValidateCookie ¶
ValidateCookie validate the cookie for request
func ValidateDomains ¶
func ValidateDomains(email string, domains CommaSeparatedList) bool
ValidateDomains check domains
func ValidateWhitelist ¶
func ValidateWhitelist(email string, whitelist CommaSeparatedList) bool
ValidateWhitelist check whitelist
Types ¶
type CommaSeparatedList ¶
type CommaSeparatedList []string
CommaSeparatedList slice
func (*CommaSeparatedList) MarshalFlag ¶
func (r *CommaSeparatedList) MarshalFlag() (string, error)
MarshalFlag marshal flag
func (*CommaSeparatedList) UnmarshalFlag ¶
func (r *CommaSeparatedList) UnmarshalFlag(s string) error
UnmarshalFlag unmarshal flag
type Config ¶
type Config struct { Path string `long:"url-path" env:"URL_PATH" default:"/_oauth" description:"Callback URL Path"` Port int `long:"port" env:"PORT" default:"5137" description:"Port to listen on"` AuthHost string `long:"auth-host" env:"AUTH_HOST" description:"Single host to use when returning from 3rd party auth"` CookieName string `long:"cookie-name" env:"COOKIE_NAME" default:"_forward_auth" description:"Cookie Name"` CookieDomains []CookieDomain `long:"cookie-domain" env:"COOKIE_DOMAIN" env-delim:"," description:"Domain to set auth cookie on, can be set multiple times"` InsecureCookie bool `long:"insecure-cookie" env:"INSECURE_COOKIE" description:"Use insecure cookies"` CSRFCookieName string `long:"csrf-cookie-name" env:"CSRF_COOKIE_NAME" default:"_forward_auth_csrf" description:"CSRF Cookie Name"` SecretString string `long:"secret" env:"SECRET" description:"Secret used for signing (required)" json:"-"` LifetimeString int `long:"lifetime" env:"LIFETIME" default:"43200" description:"Lifetime in seconds"` LogoutRedirect string `long:"logout-redirect" env:"LOGOUT_REDIRECT" description:"URL to redirect to following logout"` DefaultAction string `long:"default-action" env:"DEFAULT_ACTION" default:"auth" choice:"auth" choice:"allow" description:"Default action"` DefaultProvider string `` /* 147-byte string literal not displayed */ Domains CommaSeparatedList `long:"domain" env:"DOMAIN" env-delim:"," description:"Only allow given email domains, can be set multiple times"` Whitelist CommaSeparatedList `long:"whitelist" env:"WHITELIST" env-delim:"," description:"Only allow given email addresses, can be set multiple times"` MatchWhitelistOrDomain bool `` /* 157-byte string literal not displayed */ Providers provider.Providers `group:"providers" namespace:"providers" env-namespace:"PROVIDERS"` Rules map[string]*Rule `long:"rule.<name>.<param>" description:"Rule definitions, param can be: \"action\", \"rule\" or \"provider\""` Configure func(s string) error `long:"config" env:"CONFIG" description:"Path to config file" json:"-"` // Filled during transformations Secret []byte `json:"-"` Lifetime time.Duration // Legacy CookieDomainsLegacy CookieDomains `long:"cookie-domains" env:"COOKIE_DOMAINS" description:"DEPRECATED - Use \"cookie-domain\""` CookieSecretLegacy string `long:"cookie-secret" env:"COOKIE_SECRET" description:"DEPRECATED - Use \"secret\"" json:"-"` CookieSecureLegacy string `long:"cookie-secure" env:"COOKIE_SECURE" description:"DEPRECATED - Use \"insecure-cookie\""` ClientIDLegacy string `long:"client-id" env:"CLIENT_ID" description:"DEPRECATED - Use \"providers.google.client-id\""` ClientSecretLegacy string `long:"client-secret" env:"CLIENT_SECRET" description:"DEPRECATED - Use \"providers.google.client-id\"" json:"-"` PromptLegacy string `long:"prompt" env:"PROMPT" description:"DEPRECATED - Use \"providers.google.prompt\""` // Logger LogLevel string `` /* 174-byte string literal not displayed */ LogFormat string `long:"log-format" env:"LOG_FORMAT" default:"text" choice:"text" choice:"json" choice:"pretty" description:"Log format"` }
Config auth global configuration
func (*Config) GetConfiguredProvider ¶
GetConfiguredProvider get provider
func (*Config) GetProvider ¶
GetProvider get provider from config
type CookieDomain ¶
CookieDomain definition
func (*CookieDomain) MarshalFlag ¶
func (r *CookieDomain) MarshalFlag() (string, error)
MarshalFlag get domain
func (*CookieDomain) Match ¶
func (r *CookieDomain) Match(host string) bool
Match whether the given host is match
func (*CookieDomain) UnmarshalFlag ¶
func (r *CookieDomain) UnmarshalFlag(v string) error
UnmarshalFlag from given arg
type CookieDomains ¶
type CookieDomains []CookieDomain
CookieDomains CookieDomain slice
func (*CookieDomains) MarshalFlag ¶
func (r *CookieDomains) MarshalFlag() (string, error)
MarshalFlag get domains
func (*CookieDomains) UnmarshalFlag ¶
func (r *CookieDomains) UnmarshalFlag(v string) error
UnmarshalFlag from given args
type Rule ¶
type Rule struct { Action string Rule string Provider string Whitelist CommaSeparatedList Domains CommaSeparatedList }
Rule definition
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server definition
func (*Server) AllowHandler ¶
func (r *Server) AllowHandler(rule string) http.HandlerFunc
AllowHandler allow handler
func (*Server) AuthCallbackHandler ¶
func (r *Server) AuthCallbackHandler() http.HandlerFunc
AuthCallbackHandler authorize callback handler
func (*Server) AuthHandler ¶
func (r *Server) AuthHandler(provider, rule string) http.HandlerFunc
AuthHandler authorize request
func (*Server) DefaultHandler ¶
func (r *Server) DefaultHandler(rw http.ResponseWriter, rq *http.Request)
DefaultHandler overwrite the request from forward request
func (*Server) LogoutHandler ¶
func (r *Server) LogoutHandler() http.HandlerFunc
LogoutHandler logout request handler