auth

package

v0.4.4 Latest Latest Go to latest Published: Feb 5, 2022 License: AGPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kcarretto/paragon

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ClearUserSession(w http.ResponseWriter)
func CreateUserSession(w http.ResponseWriter, req *http.Request, user *ent.User) *http.Request
func GetService(ctx context.Context) *ent.Service
func GetUser(ctx context.Context) *ent.User
type Authorizer
- func NewAuthorizer() *Authorizer
type MultiAuthenticator
- func (auth MultiAuthenticator) Authenticate(w http.ResponseWriter, req *http.Request) (*http.Request, error)
type Secret
- func NewSecret(length int) Secret
- func (secret Secret) Equals(value Secret) bool
- func (secret Secret) String() string
type ServiceAuthenticator
- func (auth ServiceAuthenticator) Authenticate(w http.ResponseWriter, req *http.Request) (*http.Request, error)
type UserAuthenticator
- func (auth UserAuthenticator) Authenticate(w http.ResponseWriter, req *http.Request) (*http.Request, error)

Constants ¶

View Source

const (
	SessionCookieName = "pg-session"
	UserCookieName    = "pg-userid"

	HeaderService   = "X-Pg-Service"
	HeaderSignature = "X-Pg-Signature"
	HeaderIdentity  = "X-Pg-Identity"
	HeaderEpoch     = "X-Pg-Epoch"
)

View Source

const (
	SessionTokenLength = 256
)

Variables ¶

View Source

var (
	ErrNotAuthenticated = fmt.Errorf("valid authentication for actor is required")
	ErrInvalidSignature = fmt.Errorf("valid signature for service is required")
	ErrMissingHeaders   = fmt.Errorf("missing authentication header(s)")
	ErrUnauthorized     = fmt.Errorf("actor is unauthorized to perform requested action")
)

Functions ¶

func ClearUserSession ¶

func ClearUserSession(w http.ResponseWriter)

ClearUserSession clears any user session associated with the request. It is a no-op if no user session is associated with the request.

func CreateUserSession ¶

func CreateUserSession(w http.ResponseWriter, req *http.Request, user *ent.User) *http.Request

CreateUserSession creates a new user session for a request. It adds the authenticated user to the request context and ensures session cookies are set. If user is nil, this is a no-op.

func GetService ¶

func GetService(ctx context.Context) *ent.Service

GetService from the context, returns nil for non-service contexts.

func GetUser ¶

func GetUser(ctx context.Context) *ent.User

GetUser from the context, returns nil for non-user contexts.

Types ¶

type Authorizer ¶

type Authorizer struct {
	// contains filtered or unexported fields
}

An Authorizer asserts various properties of a requesting context.

func NewAuthorizer ¶

func NewAuthorizer() *Authorizer

NewAuthorizer initializes and returns a new authorizer.

func (*Authorizer) Authorize ¶

func (authz *Authorizer) Authorize(ctx context.Context) error

Authorize the provided context based on the preconfigured rules.

func (*Authorizer) IsActivated ¶

func (authz *Authorizer) IsActivated() *Authorizer

IsActivated ensures that authorized users are activated.

func (*Authorizer) IsAdmin ¶

func (authz *Authorizer) IsAdmin() *Authorizer

IsAdmin ensures that authorized users have admin privileges.

type MultiAuthenticator ¶

type MultiAuthenticator struct {
	ServiceAuth ServiceAuthenticator
	UserAuth    UserAuthenticator
}

func (MultiAuthenticator) Authenticate ¶

func (auth MultiAuthenticator) Authenticate(w http.ResponseWriter, req *http.Request) (*http.Request, error)

type Secret ¶

type Secret string

Secret returns a redacted string when displayed.

func NewSecret ¶

func NewSecret(length int) Secret

NewSecret returns a new base64 encoded secret of the provided length.

func (Secret) Equals ¶

func (secret Secret) Equals(value Secret) bool

Equals performs a constant time comparison to determine if the provided secret is equal.

func (Secret) String ¶

func (secret Secret) String() string

String returns a redacted message to prevent the secret from being displayed.

type ServiceAuthenticator ¶

type ServiceAuthenticator struct {
	Graph *ent.Client
}

ServiceAuthenticator parses http requests for service headers and adds service context to the request where possible.

func (ServiceAuthenticator) Authenticate ¶

func (auth ServiceAuthenticator) Authenticate(w http.ResponseWriter, req *http.Request) (*http.Request, error)

Authenticate a request by wrapping it's context with the authenticated service identity. It will upsert new (unactivated) service identities if the public key is not already registered. Returns an error if invalid credentials are provided.

type UserAuthenticator ¶

type UserAuthenticator struct {
	Graph *ent.Client
}

UserAuthenticator parses http requests for session cookies and adds user context to the request where possible.

func (UserAuthenticator) Authenticate ¶

func (auth UserAuthenticator) Authenticate(w http.ResponseWriter, req *http.Request) (*http.Request, error)

Authenticate a request by wrapping it's context with the logged in user. If no user is logged in, the original request is returned. Returns an error if it fails to find the logged in user or if invalid credentials are provided.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
oauth

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL