middleware

package
v10.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BearerAccessTokenAuthFuncGRPC added in v10.1.0 

func BearerAccessTokenAuthFuncGRPC(validator authentication.AccessTokenAuthentication) grpc_auth.AuthFunc

BearerAccessTokenAuthFuncGRPC returns a grpc_auth.AuthFunc that validates incoming access tokens found in the Authorization header. These tokens are bearer tokens signed by different authentication providers. The validator function received as an argument performs the validation for every incoming bearer token.

func BearerJWTAuthFuncGRPC added in v10.1.0 

func BearerJWTAuthFuncGRPC(auth authentication.Authentication, claimInjector ClaimInjectorJWT) grpc_auth.AuthFunc

BearerJWTAuthFuncGRPC returns a new grpc_auth.AuthFunc to use with the gazebo-web authentication library.

The passed in context.Context will contain the gRPC metadata.MD object (for header-based authentication) and the peer.Peer information that can contain transport-based credentials (e.g. `credentials.AuthInfo`). 

auth := authentication.New[...]()

srv := grpc.NewServer(
	grpc.StreamInterceptor(grpc_auth.StreamServerInterceptor(BearerJWTAuthFuncGRPC(auth))),
	grpc.UnaryInterceptor(grpc_auth.UnaryServerInterceptor(BearerJWTAuthFuncGRPC(auth))),
)

func EmailClaimer 

func EmailClaimer(ctx context.Context, token jwt.Claims) (context.Context, error)

EmailClaimer is a ClaimInjectorJWT that extracts the "email" custom claim from an incoming JWT token and stores it in the request context.

func ExtractGRPCAuthEmail 

func ExtractGRPCAuthEmail(ctx context.Context) (string, error)

ExtractGRPCAuthEmail extracts the custom email (email) claim from the context metadata. This claim is usually injected in a middleware such as BearerJWT or BearerJWTAuthFuncGRPC, if present.

This claim is expected in those provider that inject an email address in their JWT. Not all providers do such thing.

This function only works with gRPC requests. It returns an error if the metadata couldn't be parsed or the email is not present.

func ExtractGRPCAuthSubject 

func ExtractGRPCAuthSubject(ctx context.Context) (string, error)

ExtractGRPCAuthSubject extracts the authentication subject (sub) claim from the context metadata. This claim is usually injected in a middleware such as BearerJWT or BearerJWTAuthFuncGRPC, if present.

From the RFC7519, section 4.1.2: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2 

The "sub" (subject) claim identifies the principal that is the subject of the JWT. The claims in a JWT are normally
statements about the subject. The subject value MUST either be scoped to be locally unique in the context of the
issuer or be globally unique. The processing of this claim is generally application specific. The "sub" value is a
case-sensitive string containing a StringOrURI value.

This function only works with gRPC requests. It returns an error if the metadata couldn't be parsed or the subject is not present.

func ExtractGRPCMetadata 

func ExtractGRPCMetadata(ctx context.Context, key string) (string, error)

ExtractGRPCMetadata extracts the first value of the given key. This only works for gRPC servers, not clients.

func InjectGRPCAuthEmail 

func InjectGRPCAuthEmail(ctx context.Context, email string) context.Context

InjectGRPCAuthEmail injects the custom email (email) claim into the given context metadata. See ExtractGRPCAuthSubject for information on how to extract this value.

func InjectGRPCAuthSubject 

func InjectGRPCAuthSubject(ctx context.Context, sub string) context.Context

InjectGRPCAuthSubject injects the authentication subject (sub) claim into the given context metadata. See ExtractGRPCAuthSubject for information on how to extract this value.

func InjectGRPCMetadata 

func InjectGRPCMetadata(ctx context.Context, key string, value string) context.Context

InjectGRPCMetadata injects the given key and value into a context using grpc metadata. This only works for gRPC servers, not clients.

func LoggerGRPC 

func LoggerGRPC(l *zap.Logger) grpc_logging.Logger

LoggerGRPC adapts zap logger to interceptor logger. Code copied from: 

https://github.com/grpc-ecosystem/go-grpc-middleware/blob/a18e1e2bacb23afca0f52b228f6b4efbb5f57822/interceptors/logging/examples/zap/example_test.go#L17

func SubjectClaimer 

func SubjectClaimer(ctx context.Context, token jwt.Claims) (context.Context, error)

SubjectClaimer is a ClaimInjectorJWT that extracts the "sub" claim from an incoming JWT token and stores it in the request context.

Types

type ClaimInjectorBehavior 

type ClaimInjectorBehavior func(ctx context.Context, err error) (context.Context, error)

ClaimInjectorBehavior is used in combination with ClaimInjectorJWT when grouping different claim injectors by using GroupClaimInjectors.

type ClaimInjectorJWT 

type ClaimInjectorJWT func(ctx context.Context, token jwt.Claims) (context.Context, error)

ClaimInjectorJWT allows authentication layers to inject JWT claims into a context.Context. 

Rules when creating a new claim injector:
- Must always return ctx, even in error handlers.
- Claim validation might be required depending on the underlying jwt.Claims implementation.

func GroupMandatoryClaimInjectors 

func GroupMandatoryClaimInjectors(injectors ...ClaimInjectorJWT) ClaimInjectorJWT

GroupMandatoryClaimInjectors returns a mandatory ClaimInjectorJWT that wraps and calls all provided injectors. This is useful to configure multiple mandatory claim injectors for servers with a single function call. Check groupClaimInjectors to understand how grouping works.

func GroupOptionalClaimInjectors 

func GroupOptionalClaimInjectors(injectors ...ClaimInjectorJWT) ClaimInjectorJWT

GroupOptionalClaimInjectors returns an optional ClaimInjectorJWT that wraps and calls all provided injectors. This is useful to configure multiple optional claim injectors for servers with a single function call. Check groupClaimInjectors to understand how grouping works.

type Extractor 

type Extractor = request.Extractor

Extractor extracts a string value from an HTTP request. It's usually used to extract a header from an HTTP request, but can also be used for extracting a user and password from the body.

There are a few implementations already provided by the request package, for example: Bearer tokens: request.BearerExtractor

type Middleware 

type Middleware func(http.Handler) http.Handler

Middleware is used to modify or augment the behavior of an HTTP request handler.

func BearerJWT added in v10.1.0 

func BearerJWT(authentication authentication.Authentication) Middleware

BearerJWT returns a Middleware for authenticating users using Bearer Tokens in JWT format.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.