authz

package

v1.3.24 Latest Latest Go to latest Published: Jan 6, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/greenpau/caddy-authorize

Links

Open Source Insights

Documentation ¶

Index ¶

type Authorizer
type BypassConfig
- func (b *BypassConfig) Validate() error
type HeaderInjectionConfig
- func (c *HeaderInjectionConfig) Validate() error
type InstanceManager
- func NewInstanceManager() *InstanceManager
- func (mgr *InstanceManager) Register(ctx context.Context, m *Authorizer) error
- func (mgr *InstanceManager) Validate(ctx context.Context, m *Authorizer) error
type InstanceStatus

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Authorizer ¶

type Authorizer struct {
	Name                       string `json:"-"`
	Context                    string `json:"context,omitempty" xml:"context,omitempty" yaml:"context,omitempty"`
	PrimaryInstance            bool   `json:"primary,omitempty" xml:"primary,omitempty" yaml:"primary,omitempty"`
	AuthURLPath                string `json:"auth_url_path,omitempty" xml:"auth_url_path,omitempty" yaml:"auth_url_path,omitempty"`
	AuthRedirectDisabled       bool   `json:"disable_auth_redirect,omitempty" xml:"disable_auth_redirect,omitempty" yaml:"disable_auth_redirect,omitempty"`
	AuthRedirectQueryDisabled  bool   `` /* 133-byte string literal not displayed */
	AuthRedirectQueryParameter string `` /* 127-byte string literal not displayed */
	// The status code for the HTTP redirect for non-authorized users.
	AuthRedirectStatusCode int `` /* 127-byte string literal not displayed */
	// Enable the redirect with Javascript, as opposed to HTTP redirect.
	RedirectWithJavascript bool `json:"redirect_with_javascript,omitempty" xml:"redirect_with_javascript,omitempty" yaml:"redirect_with_javascript,omitempty"`
	// The list of URI prefixes which bypass authorization.
	BypassConfigs []*BypassConfig `json:"bypass_configs,omitempty" xml:"bypass_configs,omitempty" yaml:"bypass_configs,omitempty"`
	// The list of mappings between header names and field names.
	HeaderInjectionConfigs []*HeaderInjectionConfig `json:"header_injection_configs,omitempty" xml:"header_injection_configs,omitempty" yaml:"header_injection_configs,omitempty"`
	AccessListRules        []*acl.RuleConfiguration `json:"access_list_rules,omitempty" xml:"access_list_rules,omitempty" yaml:"access_list_rules,omitempty"`
	CryptoKeyConfigs       []*kms.CryptoKeyConfig   `json:"crypto_key_configs,omitempty" xml:"crypto_key_configs,omitempty" yaml:"crypto_key_configs,omitempty"`
	// CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime.
	CryptoKeyStoreConfig        map[string]interface{}      `json:"crypto_key_store_config,omitempty" xml:"crypto_key_store_config,omitempty" yaml:"crypto_key_store_config,omitempty"`
	IdentityProviderConfig      *idp.IdentityProviderConfig `json:"identity_provider_config,omitempty" xml:"identity_provider_config,omitempty" yaml:"identity_provider_config,omitempty"`
	AllowedTokenSources         []string                    `json:"allowed_token_sources,omitempty" xml:"allowed_token_sources,omitempty" yaml:"allowed_token_sources,omitempty"`
	StripTokenEnabled           bool                        `json:"strip_token_enabled,omitempty" xml:"strip_token_enabled,omitempty" yaml:"strip_token_enabled,omitempty"`
	ForbiddenURL                string                      `json:"forbidden_url,omitempty" xml:"forbidden_url,omitempty" yaml:"forbidden_url,omitempty"`
	UserIdentityField           string                      `json:"user_identity_field,omitempty" xml:"user_identity_field,omitempty" yaml:"user_identity_field,omitempty"`
	ValidateBearerHeader        bool                        `json:"validate_bearer_header,omitempty" xml:"validate_bearer_header,omitempty" yaml:"validate_bearer_header,omitempty"`
	ValidateMethodPath          bool                        `json:"validate_method_path,omitempty" xml:"validate_method_path,omitempty" yaml:"validate_method_path,omitempty"`
	ValidateAccessListPathClaim bool                        `` /* 145-byte string literal not displayed */
	ValidateSourceAddress       bool                        `json:"validate_source_address,omitempty" xml:"validate_source_address,omitempty" yaml:"validate_source_address,omitempty"`
	PassClaimsWithHeaders       bool                        `json:"pass_claims_with_headers,omitempty" xml:"pass_claims_with_headers,omitempty" yaml:"pass_claims_with_headers,omitempty"`
	// contains filtered or unexported fields
}

Authorizer authorizes access to endpoints based on the presense and content of JWT token.

func (Authorizer) Authenticate ¶

func (m Authorizer) Authenticate(w http.ResponseWriter, r *http.Request, upstreamOptions map[string]interface{}) (map[string]interface{}, bool, error)

Authenticate authorizes access based on the presense and content of JWT token.

func (*Authorizer) Provision ¶

func (m *Authorizer) Provision(upstreamOptions map[string]interface{}) error

Provision provisions JWT authorization provider instances.

func (*Authorizer) Validate ¶

func (m *Authorizer) Validate() error

Validate implements caddy.Validator.

type BypassConfig ¶

type BypassConfig struct {
	MatchType string `json:"match_type,omitempty" xml:"match_type,omitempty" yaml:"match_type,omitempty"`
	URI       string `json:"uri,omitempty" xml:"uri,omitempty" yaml:"uri,omitempty"`
	// contains filtered or unexported fields
}

BypassConfig contains the entry for the authorization bypass.

func (*BypassConfig) Validate ¶

func (b *BypassConfig) Validate() error

Validate validates BypassConfig

type HeaderInjectionConfig ¶

type HeaderInjectionConfig struct {
	Header string `json:"header,omitempty" xml:"header,omitempty" yaml:"header,omitempty"`
	Field  string `json:"field,omitempty" xml:"field,omitempty" yaml:"field,omitempty"`
}

HeaderInjectionConfig contains the entry for the authorization bypass.

func (*HeaderInjectionConfig) Validate ¶

func (c *HeaderInjectionConfig) Validate() error

Validate validates HeaderInjectionConfig

type InstanceManager ¶

type InstanceManager struct {
	Members          map[string]*Authorizer `json:"members,omitempty" xml:"members,omitempty" yaml:"members,omitempty"`
	PrimaryInstances map[string]*Authorizer `json:"primary_instances,omitempty" xml:"primary_instances,omitempty" yaml:"primary_instances,omitempty"`
	MemberCount      map[string]int         `json:"member_count,omitempty" xml:"member_count,omitempty" yaml:"member_count,omitempty"`
	// contains filtered or unexported fields
}

InstanceManager provides access to all instances of the plugin.

var AuthManager *InstanceManager

AuthManager is the global authorization provider pool. It provides access to all instances of JWT plugin.

func NewInstanceManager ¶

func NewInstanceManager() *InstanceManager

NewInstanceManager returns a new instance of InstanceManager.

func (*InstanceManager) Register ¶

func (mgr *InstanceManager) Register(ctx context.Context, m *Authorizer) error

Register registers authorization provider instance with the pool.

func (*InstanceManager) Validate ¶

func (mgr *InstanceManager) Validate(ctx context.Context, m *Authorizer) error

Validate validates the provisioning of an Authorizer instance.

type InstanceStatus ¶

type InstanceStatus int

InstanceStatus is the state of an Instance.

const (
	// Unknown is indeterminate state.
	Unknown InstanceStatus = iota
	// BootstrapPrimary is primary instance is ready for bootstrapping.
	BootstrapPrimary
	// BootstrapSecondary is non-primary instance is ready for bootstrapping.
	BootstrapSecondary
	// DelaySecondary is non-primary instance is not ready for bootstrapping.
	DelaySecondary
	// DuplicatePrimary is a dumplicate primary instance.
	DuplicatePrimary
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL