Documentation
¶
Overview ¶
Package auth handles auth
Index ¶
- Constants
- Variables
- func AuthContextFromRequest(c echo.Context) (*context.Context, error)
- func ClearAuthCookies(w http.ResponseWriter)
- func CookieExpired(cookie *http.Cookie) bool
- func GetAccessToken(c echo.Context) (string, error)
- func GetActorUserID(c echo.Context) (string, error)
- func GetClaims(c echo.Context) (*tokens.Claims, error)
- func GetContextName(key *ContextKey) string
- func GetOrganizationID(c echo.Context) (string, error)
- func GetOrganizationIDFromContext(ctx context.Context) (string, error)
- func GetRefreshToken(c echo.Context) (string, error)
- func GetUserIDFromContext(ctx context.Context) (string, error)
- func NewTestContextWithOrgID(sub, orgID string) (context.Context, error)
- func NewTestContextWithValidUser(subject string) (context.Context, error)
- func NewTestEchoContextWithOrgID(sub, orgID string) (echo.Context, error)
- func NewTestEchoContextWithValidUser(subject string) (echo.Context, error)
- func SetAuthCookies(w http.ResponseWriter, accessToken, refreshToken string)
- type ContextKey
Constants ¶
const ( // Authorization is the key used in HTTP headers or cookies to represent the authorization token Authorization = "Authorization" // AccessTokenCookie is the key used in cookies to represent the access token AccessTokenCookie = "access_token" // RefreshTokenCookie is the key used in cookies to represent the refresh token RefreshTokenCookie = "refresh_token" )
const ( // JWTAuthentication is the authentication type for JWT tokens JWTAuthentication = "jwt" // PATAuthentication is the authentication type for personal access tokens PATAuthentication = "pat" // APITokenAuthentication is the authentication type for API tokens APITokenAuthentication = "api_token" )
Variables ¶
var ( // ErrNoClaims is returned when no claims are found on the request context ErrNoClaims = errors.New("no claims found on the request context") // ErrNoUserInfo is returned when no user info is found on the request context ErrNoUserInfo = errors.New("no user info found on the request context") // ErrNoAuthUser is returned when no authenticated user is found on the request context ErrNoAuthUser = errors.New("could not identify authenticated user in request") // ErrUnverifiedUser is returned when the user is not verified ErrUnverifiedUser = errors.New("user is not verified") // ErrParseBearer is returned when the bearer token could not be parsed from the authorization header ErrParseBearer = errors.New("could not parse bearer token from authorization header") // ErrNoAuthorization is returned when no authorization header is found in the request ErrNoAuthorization = errors.New("no authorization header in request") // ErrNoRequest is returned when no request is found on the context ErrNoRequest = errors.New("no request found on the context") // ErrNoRefreshToken is returned when no refresh token is found on the request ErrNoRefreshToken = errors.New("no refresh token available on request") // ErrRefreshDisabled is returned when re-authentication with refresh tokens is disabled ErrRefreshDisabled = errors.New("re-authentication with refresh tokens disabled") // ErrUnableToConstructValidator is returned when the validator cannot be constructed ErrUnableToConstructValidator = errors.New("unable to construct validator") // ErrPasswordTooWeak is returned when the password is too weak ErrPasswordTooWeak = errors.New("password is too weak: use a combination of upper and lower case letters, numbers, and special characters") )
var ContextAccessToken = &ContextKey{"access_token"}
ContextAccessToken is the context key for the access token
var ContextAuthType = &ContextKey{"auth_type"}
ContextAuthType is the context key for the authentication type
var ContextRequestID = &ContextKey{"request_id"}
ContextRequestID is the context key for the request ID
var ContextUserClaims = &ContextKey{"user_claims"}
ContextUserClaims is the context key for the user claims
Functions ¶
func AuthContextFromRequest ¶
AuthContextFromRequest creates a context from the echo request context, copying fields that may be required for forwarded requests. This method should be called by handlers which need to forward requests to other services and need to preserve data from the original request such as the user's credentials.
func ClearAuthCookies ¶
func ClearAuthCookies(w http.ResponseWriter)
ClearAuthCookies is a helper function to clear authentication cookies on a echo request to effectively logger out a user.
func CookieExpired ¶
CookieExpired checks to see if a cookie is expired
func GetAccessToken ¶
GetAccessToken retrieves the bearer token from the authorization header and parses it to return only the JWT access token component of the header. Alternatively, if the authorization header is not present, then the token is fetched from cookies. If the header is missing or the token is not available, an error is returned.
NOTE: the authorization header takes precedence over access tokens in cookies.
func GetActorUserID ¶
GetActorUserID returns the user from the echo.Context
func GetClaims ¶
GetClaims fetches and parses central-server claims from the echo context. Returns an error if no claims exist on the context
func GetContextName ¶
func GetContextName(key *ContextKey) string
GetContextName returns the name of the context key
func GetOrganizationID ¶
GetOrganizationID returns the organization ID from the echo.Context
func GetOrganizationIDFromContext ¶
GetOrganizationIDFromContext returns the organization ID from context from context
func GetRefreshToken ¶
GetRefreshToken retrieves the refresh token from the cookies in the request. If the cookie is not present or expired then an error is returned.
func GetUserIDFromContext ¶
GetUserIDFromContext returns the actor subject from the echo context
func NewTestContextWithOrgID ¶
func NewTestEchoContextWithOrgID ¶
NewTestEchoContextWithOrgID creates an echo context with a fake orgID for testing purposes ONLY
func NewTestEchoContextWithValidUser ¶
NewTestEchoContextWithValidUser creates an echo context with a fake subject for testing purposes ONLY
func SetAuthCookies ¶
func SetAuthCookies(w http.ResponseWriter, accessToken, refreshToken string)
SetAuthCookies is a helper function to set authentication cookies on a echo request. The access token cookie (access_token) is an http only cookie that expires when the access token expires. The refresh token cookie is not an http only cookie (it can be accessed by client-side scripts) and it expires when the refresh token expires. Both cookies require https and will not be set (silently) over http connections.
Types ¶
type ContextKey ¶
type ContextKey struct {
// contains filtered or unexported fields
}
ContextKey is the key name for the additional context
Source Files