Documentation
¶
Index ¶
- Constants
- func AbortWithErrorJSON(c *gin.Context, err error)
- type AccessToken
- type AccessTokenMiddlewareOpts
- type NewServerOpts
- type ResponseError
- type Server
- func (s *Server) AccessTokenMiddleware(opts AccessTokenMiddlewareOpts) func(c *gin.Context)
- func (s *Server) AllowIpMiddleware() (gin.HandlerFunc, error)
- func (s *Server) MiddlewareCountMetrics(c *gin.Context)
- func (s *Server) MiddlewareLogger(parentLog *slog.Logger) func(c *gin.Context)
- func (s *Server) MiddlewareLoggerMask(exp *regexp.Regexp, replace string) gin.HandlerFunc
- func (s *Server) MiddlewareMaxBodySize(c *gin.Context)
- func (s *Server) MiddlewareRequestId(c *gin.Context)
- func (s *Server) RequestKeyMiddleware() gin.HandlerFunc
- func (s *Server) RouteApiConfirmPost(c *gin.Context)
- func (s *Server) RouteApiListGet(c *gin.Context)
- func (s *Server) RouteAuthConfirm(c *gin.Context)
- func (s *Server) RouteAuthSignin(c *gin.Context)
- func (s *Server) RouteHealthzHandler(w http.ResponseWriter, r *http.Request)
- func (s *Server) RouteRequestOperations(op requestOperation) gin.HandlerFunc
- func (s *Server) RouteRequestResult(c *gin.Context)
- func (s *Server) Run(ctx context.Context) error
Constants ¶
const ( OperationEncrypt requestOperation = iota OperationDecrypt OperationSign OperationVerify OperationWrapKey OperationUnwrapKey )
const ( // Request is pending StatusPending requestStatus = iota // Request is completed and was successful StatusComplete // Request is completed and was canceled StatusCanceled // Request has been removed // This is only used in the public response StatusRemoved )
Variables ¶
This section is empty.
Functions ¶
func AbortWithErrorJSON ¶ added in v1.3.0
AbortWithErrorJSON aborts a Gin context and sends a response with a JSON error message. Pass an ErrorResponse object to be able to customize the status code; it defaults to 500 otherwise. If the status code is >= 500, the message is not sent to users directly.
Types ¶
type AccessToken ¶
type AccessToken struct {
TokenType string `json:"token_type"`
Resource string `json:"resource"`
Scope string `json:"scope"`
ExpiresIn int `json:"expires_in"`
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
Error string `json:"error"`
ErrorDescription string `json:"error_description"`
}
AccessToken contains the details of the access token
type AccessTokenMiddlewareOpts ¶
type AccessTokenMiddlewareOpts struct {
// If true, the request fails if the token is not present
Required bool
// If true, allows reading an access token directly from the Authorization header, as a Bearer token
// This is an access token with permissions on Azure Key Vault directly
AllowAccessTokenInHeader bool
}
type NewServerOpts ¶ added in v1.3.0
type NewServerOpts struct {
Log *slog.Logger
Webhook webhook.Webhook
Metrics *metrics.RevaulterMetrics
TraceExporter sdkTrace.SpanExporter
// contains filtered or unexported fields
}
NewServerOpts contains options for the NewServer method
type ResponseError ¶ added in v1.3.0
ResponseError is used to send JSON responses with an error
func NewResponseError ¶ added in v1.3.0
func NewResponseError(code int, message string) ResponseError
NewResponseError creates a new ErrorResponse with the code and message
func NewResponseErrorf ¶ added in v1.3.0
func NewResponseErrorf(code int, messageFmt string, args ...any) ResponseError
NewResponseErrorf creates a new ErrorResponse with the code and formatted message
func (ResponseError) Error ¶ added in v1.3.0
func (e ResponseError) Error() string
Error implements the error interface
func (ResponseError) MarshalJSON ¶ added in v1.3.0
func (e ResponseError) MarshalJSON() ([]byte, error)
MarshalJSON implements a JSON marshaller that returns an object with the error key
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the server based on Gin
func NewServer ¶
func NewServer(opts NewServerOpts) (*Server, error)
NewServer creates a new Server object and initializes it
func (*Server) AccessTokenMiddleware ¶
func (s *Server) AccessTokenMiddleware(opts AccessTokenMiddlewareOpts) func(c *gin.Context)
AccessTokenMiddleware is a middleware that requires the user to be authenticated and present a cookie with the access token for Azure Key Vault Note that this middleware doesn't validate the access token in any way (not even making sure it's a valid JWT), it just ensures the token is present; it's Azure Key Vault's responsibility to validate the token This injects the token in the request's context if it exists and it's valid
func (*Server) AllowIpMiddleware ¶
func (s *Server) AllowIpMiddleware() (gin.HandlerFunc, error)
AllowIpMiddleware is a middleware that allows requests from certain IPs only
func (*Server) MiddlewareCountMetrics ¶ added in v1.3.0
MiddlewareCountMetrics is a Gin middleware that records requests served by the server
func (*Server) MiddlewareLogger ¶ added in v1.3.0
MiddlewareLogger is a Gin middleware that uses slog for logging
func (*Server) MiddlewareLoggerMask ¶ added in v1.3.0
MiddlewareLoggerMask returns a Gin middleware that adds the "log-mask" to mask the path using a regular expression
func (*Server) MiddlewareMaxBodySize ¶ added in v1.3.0
MiddlewareMaxBodySize is a middleware that limits the size of the request body
func (*Server) MiddlewareRequestId ¶ added in v1.3.0
MiddlewareRequestId is a middleware that generates a unique request ID for each request
func (*Server) RequestKeyMiddleware ¶ added in v1.1.0
func (s *Server) RequestKeyMiddleware() gin.HandlerFunc
RequestKeyMiddleware is a middleware that asserts that the Authorization header contains the shared requestKey
func (*Server) RouteApiConfirmPost ¶
RouteApiConfirmPost is the handler for the POST /api/confirm request This receives the results of the confirm/reject action
func (*Server) RouteApiListGet ¶
RouteApiListGet is the handler for the GET /api/list request This returns the list of all pending requests If the Accept header is `application/x-ndjson`, then this sends a stream of records, updated as soon as they come in, using the NDJSON format (https://github.com/ndjson/ndjson-spec)
func (*Server) RouteAuthConfirm ¶
RouteAuthConfirm is the handler for the GET /auth/confirm request This exchanges an authorization code for an access token
func (*Server) RouteAuthSignin ¶
RouteAuthSignin is the handler for the GET /auth/signin request This redirects the user to the page where they can sign in
func (*Server) RouteHealthzHandler ¶
func (s *Server) RouteHealthzHandler(w http.ResponseWriter, r *http.Request)
RouteHealthzHandler is the handler for the GET /healthz request as a http.Handler. It can be used to ping the server and ensure everything is working.
func (*Server) RouteRequestOperations ¶
func (s *Server) RouteRequestOperations(op requestOperation) gin.HandlerFunc
RouteRequestOperations is the handler for the routes that perform operations: - POST /request/encrypt - POST /request/decrypt - POST /request/sign - POST /request/verify - POST /request/wrapkey - POST /request/unwrapkey
func (*Server) RouteRequestResult ¶
RouteRequestResult is the handler for the GET /request/result/:state request This can be invoked by the app to periodically poll for the result
Source Files
¶
- middleware-auth.go
- middleware-ip-allow.go
- middleware-logger.go
- middlewares.go
- route-api-confirm.go
- route-api-list.go
- route-auth.go
- route-healthz.go
- route-request-operations.go
- route-request-result.go
- server.go
- static.go
- tls-certs.go
- util-errorresponse.go
- util-requeststate.go
- util-securecookies.go
- util-statenotifications.go