Documentation ¶
Index ¶
- Variables
- func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error)
- func GetActualRemoteHost(r *http.Request) (host string, err error)
- func LoadClientTLS(config *viper.Viper, component string) grpc.DialOption
- func LoadServerTLS(config *viper.Viper, component string) grpc.ServerOption
- type EncodedJwt
- type Guard
- type SeaweedFileIdClaims
- type SigningKey
Constants ¶
This section is empty.
Variables ¶
View Source
var (
)Functions ¶
func DecodeJwt ¶
func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error)
func LoadClientTLS ¶
func LoadClientTLS(config *viper.Viper, component string) grpc.DialOption
func LoadServerTLS ¶
func LoadServerTLS(config *viper.Viper, component string) grpc.ServerOption
Types ¶
type EncodedJwt ¶
type EncodedJwt string
func GenJwt ¶
func GenJwt(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt
func GetJwt ¶
func GetJwt(r *http.Request) EncodedJwt
type Guard ¶
type Guard struct { SigningKey SigningKey ExpiresAfterSec int ReadSigningKey SigningKey ReadExpiresAfterSec int // contains filtered or unexported fields }
Guard is to ensure data access security. There are 2 ways to check access:
- white list. It's checking request ip address.
- JSON Web Token(JWT) generated from secretKey. The jwt can come from:
- url parameter jwt=...
- request header "Authorization"
- cookie with the name "jwt"
The white list is checked first because it is easy. Then the JWT is checked.
The Guard will also check these claims if provided: 1. "exp" Expiration Time 2. "nbf" Not Before
Generating JWT:
- use HS256 to sign
- optionally set "exp", "nbf" fields, in Unix time, the number of seconds elapsed since January 1, 1970 UTC.
Referenced: https://github.com/pkieltyka/jwtauth/blob/master/jwtauth.go
func (*Guard) WhiteList ¶
func (g *Guard) WhiteList(f http.HandlerFunc) http.HandlerFunc
type SeaweedFileIdClaims ¶
type SeaweedFileIdClaims struct { Fid string `json:"fid"` jwt.StandardClaims }
type SigningKey ¶
type SigningKey []byte
Click to show internal directories.
Click to hide internal directories.