ssolib

package
v0.0.0-...-01681b2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 10, 2018 License: MIT Imports: 42 Imported by: 0

Documentation

Index

Constants

View Source
const (
	OPENID_SCOPE = "openid"
	ID_TOKEN     = "id_token"
)
View Source
const (
	TOKEN_IDTOKEN osin.AuthorizeRequestType = "token id_token"
)

Variables

View Source
var (
	ErrNotAdmin = errors.New("only user in app's admin role can modify the app's role tree.")
)

Functions

func CreateIDToken

func CreateIDToken(issuer string, client_id string, sub string, userInfo *UserWithGroups, nonce string, access_token string, scopes []string) (string, error)

func HeartbeatToDB

func HeartbeatToDB(ctx context.Context)

在某些网络环境下,如果 ssoserver 和 mysql 之间的长连接在 idle 一段时间后,此连接上发送的数据包会被丢弃,导致查询超时。 为避免这种情况的发生,可以定时查询数据库,以保持连接 live 。

func IsAuthorizeRequestTypeEqual

func IsAuthorizeRequestTypeEqual(t1, t2 osin.AuthorizeRequestType) bool

func NewAuthenticateMiddleware

func NewAuthenticateMiddleware() server.Middleware

func ValidateFullName

func ValidateFullName(fullname string) error

func ValidateSlug

func ValidateSlug(slug string, maxLen int) error

func ValidateURI

func ValidateURI(uri string) error

func ValidateUserEmail

func ValidateUserEmail(email string, ctx context.Context) error

Types

type AddHandles

type AddHandles func(*Server)

添加一些与后端相关的 handler, 如用户注册相关等

type ApiError

type ApiError struct {
	Message string      `json:"message"`
	Data    interface{} `json:"data"`
}

type App

type App struct {
	Id          int    `json:"id"`
	FullName    string `json:"fullname"`
	Secret      string `json:"secret"`
	RedirectUri string `json:"redirect_uri"`
	AdminGroup  *Group `json:"admin_group"`
}

type AppResource

type AppResource struct {
	server.BaseResource
}

func (AppResource) Get

func (ar AppResource) Get(ctx context.Context, r *http.Request) (int, interface{})

only user in admin group of app can use this.

func (AppResource) Put

func (ar AppResource) Put(ctx context.Context, r *http.Request) (int, interface{})

type AppRole

type AppRole struct {
	AppId    int    `json:"app_id"`
	RoleName string `json:"role_name"`
	RoleId   int    `json:"role_id"`
}

type AppRoleResource

type AppRoleResource struct {
	server.BaseResource
}

AppRole: can get roles of everyone related to the app, not only the app owner

func (AppRoleResource) Delete

func (ar AppRoleResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (AppRoleResource) Get

func (ar AppRoleResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (AppRoleResource) Post

func (ar AppRoleResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type AppRolesOfUser

type AppRolesOfUser struct {
	AppId       int        `json:"id"`
	AppFullName string     `json:"fullname"`
	Roles       []UserRole `json:"roles"`
}

type AppsResource

type AppsResource struct {
	server.BaseResource
}

func (AppsResource) Get

func (ar AppsResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (AppsResource) Post

func (ar AppsResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type AuthenticateWare

type AuthenticateWare struct {
}

func (*AuthenticateWare) ServeHTTP

type BackendGroup

type BackendGroup struct {
	Group
	Backend iuser.GroupType `json:"backend"`
	Rules   string          `json:"rules"`
}

func (*BackendGroup) Validate

func (bg *BackendGroup) Validate() error

type Group

type Group struct {
	Name     string `json:"name"`
	FullName string `json:"fullname"`
}

func (*Group) Validate

func (g *Group) Validate() error

type GroupMemberResource

type GroupMemberResource struct {
	server.BaseResource
}

func (GroupMemberResource) Delete

func (gmr GroupMemberResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (GroupMemberResource) Put

func (gmr GroupMemberResource) Put(ctx context.Context, r *http.Request) (int, interface{})

type GroupMemberRole

type GroupMemberRole struct {
	Name     string `json:"name"`
	FullName string `json:"fullname"`
	Role     string `json:"role"`
}

type GroupResource

type GroupResource struct {
	server.BaseResource
}

func (GroupResource) Delete

func (gr GroupResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (GroupResource) Get

func (gr GroupResource) Get(ctx context.Context, r *http.Request) (int, interface{})

type GroupWithMembers

type GroupWithMembers struct {
	Name         string            `json:"name"`
	FullName     string            `json:"fullname"`
	Members      []MemberRole      `json:"members"`
	GroupMembers []GroupMemberRole `json:"group_members"`
}

type GroupWithRole

type GroupWithRole struct {
	Name     string `json:"name"`
	FullName string `json:"fullname"`
	Role     string `json:"role"`
}

type GroupsResource

type GroupsResource struct {
	server.BaseResource
}

func (GroupsResource) Get

func (gr GroupsResource) Get(ctx context.Context, r *http.Request) (int, interface{})

登录的用户得到自己所在的 groups 列表

func (GroupsResource) Post

func (gr GroupsResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type JWKs

type JWKs struct {
	Keys []*gojwk.Key `json:"keys"`
}

type JWT

type JWT struct {
	Header map[string]interface{}
	Claims map[string]interface{}
	Sig    string
	Token  string
}

func (*JWT) ClaimsJson

func (jwt *JWT) ClaimsJson() []byte

func (*JWT) HeaderJson

func (jwt *JWT) HeaderJson() []byte

func (*JWT) Init

func (jwt *JWT) Init()

func (*JWT) Sign

func (jwt *JWT) Sign() error

type MeResource

type MeResource struct {
	server.BaseResource
}

func (MeResource) Get

func (mr MeResource) Get(ctx context.Context, r *http.Request) (int, interface{})

type MemberResource

type MemberResource struct {
	server.BaseResource
}

func (MemberResource) Delete

func (mr MemberResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (MemberResource) Get

func (mr MemberResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (MemberResource) Put

func (mr MemberResource) Put(ctx context.Context, r *http.Request) (int, interface{})

type MemberRole

type MemberRole struct {
	Name string `json:"name"`
	Role string `json:"role"`
}

type Mock

type Mock struct {
	Restore func()
}

for test only

func MockParams

func MockParams(t *testing.T, pairs map[string]string) *Mock

for test only

func MockReverse

func MockReverse(t *testing.T, url string) *Mock

for test only

type OIDC_Configuration

type OIDC_Configuration struct {
	Issuer                string                      `json:"issuer"`
	AuthEnd               string                      `json:"authorization_endpoint"`
	TokenEnd              string                      `json:"token_endpoint"`
	UserInfoEnd           string                      `json:"userinfo_endpoint"`
	JwksUri               string                      `json:"jwks_uri"`
	ResponseTypeSupported []osin.AuthorizeRequestType `json:"response_types_supported"`
	ScopesSupported       []string                    `json:"scopes_supported"`
	ClaimsSupported       []string                    `json:"claims_supported"`
}

TODO 完整的 openid-configuration

type Resource

type Resource struct {
	Id          int    `json:"id"`
	Name        string `json:"name"`
	Description string `json:"description"`
	Data        string `json:"data"`
}

type ResourceResource

type ResourceResource struct {
	server.BaseResource
}

func (ResourceResource) Delete

func (rr ResourceResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (ResourceResource) Get

func (rr ResourceResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (ResourceResource) Post

func (rr ResourceResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type Resources

type Resources struct {
	Resources []Resource `json:"resources"`
}

type ResourcesResource

type ResourcesResource struct {
	server.BaseResource
}

func (ResourcesResource) Get

func (rsr ResourcesResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (ResourcesResource) Post

func (rsr ResourcesResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type Role

type Role struct {
	RoleId int    `json:"id"`
	Type   string `json:"type"`
	Name   string `json:"name"`
	Parent int    `json:"parent_id"`
}

type RoleMember

type RoleMember struct {
	UserName   string `json:"user"`
	MemberType string `json:"type"`
}

type RoleMemberResource

type RoleMemberResource struct {
	server.BaseResource
}

func (RoleMemberResource) Delete

func (rmr RoleMemberResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (RoleMemberResource) Put

func (rmr RoleMemberResource) Put(ctx context.Context, r *http.Request) (int, interface{})

add member to role

type RoleMemberType

type RoleMemberType struct {
	MemberType string `json:"type"`
}

type RoleMembers

type RoleMembers struct {
	role.Role
	Type    string       `json:"type"`
	Members []RoleMember `json:"members"`
}

type RoleMembersReq

type RoleMembersReq struct {
	RoleId     int
	Action     string
	MemberList []RoleMember `json:"members"`
}

type RoleModifyReq

type RoleModifyReq struct {
	Name   string `json:"name"`
	Desc   string `json:"description"`
	Parent int    `json:"parent_id"`
}

type RoleReq

type RoleReq struct {
	AppId  int    `json:"app_id"`
	Name   string `json:"name"`
	Desc   string `json:"description"`
	Parent int    `json:"parent_id"`
}

type RoleResource

type RoleResource struct {
	server.BaseResource
}

func (RoleResource) Delete

func (rr RoleResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (RoleResource) Post

func (rr RoleResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type RoleResourceReq

type RoleResourceReq struct {
	Action    string
	Resources []int `json:"resource_list"`
}

type RoleResourceResource

type RoleResourceResource struct {
	server.BaseResource
}

func (RoleResourceResource) Post

func (rrr RoleResourceResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type RolesResource

type RolesResource struct {
	server.BaseResource
}

func (RolesResource) Get

func (rsr RolesResource) Get(ctx context.Context, r *http.Request) (int, interface{})

func (RolesResource) Post

func (rsr RolesResource) Post(ctx context.Context, r *http.Request) (int, interface{})

type Server

type Server struct {
	*server.Server
	// contains filtered or unexported fields
}

func NewServer

func NewServer(
	mysqlDSN, siteURL, smtpAddr, emailFrom, emailFromPassword, emailSuffix string,
	emailTLS, isDebug bool, prikeyfile string, pubkeyfile string, sentryDSN string, queryUser bool) *Server

func (*Server) AuthorizationEndpoint

func (s *Server) AuthorizationEndpoint(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) BatchUsers

func (s *Server) BatchUsers(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

Batch return users' profiles and groups(optional)

func (*Server) Home

func (*Server) Jwks_uriEndpoint

func (s *Server) Jwks_uriEndpoint(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) ListenAndServe

func (s *Server) ListenAndServe(addr string, addHandlers AddHandles) error

func (*Server) NewOidcConfig

func (s *Server) NewOidcConfig(ctx context.Context) *OIDC_Configuration

func (*Server) OidcConfig

func (s *Server) OidcConfig(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) PageApplication

func (s *Server) PageApplication(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) RoleMembers

func (s *Server) RoleMembers(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

func (*Server) SetUserBackend

func (s *Server) SetUserBackend(ub iuser.UserBackend)

func (*Server) UserInfo

func (*Server) UsersList

func (s *Server) UsersList(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context

type TestHelper

type TestHelper struct {
	T   *testing.T
	Ctx context.Context
}

func NewTestHelper

func NewTestHelper(t *testing.T) *TestHelper

type TokenConfig

type TokenConfig struct {
	Issuer     string
	CertFile   string
	KeyFile    string
	Expiration int64
	// contains filtered or unexported fields
}

type TokenEndpoint

type TokenEndpoint struct {
	server.BaseResource
}

func (TokenEndpoint) Get

func (te TokenEndpoint) Get(ctx context.Context, r *http.Request) (int, interface{})

func (TokenEndpoint) Post

func (te TokenEndpoint) Post(ctx context.Context, r *http.Request) (int, interface{})

type UserResource

type UserResource struct {
	server.BaseResource
}

func (UserResource) Delete

func (ur UserResource) Delete(ctx context.Context, r *http.Request) (int, interface{})

func (UserResource) Get

func (ur UserResource) Get(ctx context.Context, r *http.Request) (int, interface{})

this api will return both ldap groups and database groups, but if database=true, only database groups will be returned. in database, both ldap groups and database groups exist and ldap groups' backend=1, database groups' backend=0

type UserRole

type UserRole struct {
	RoleName string `json:"name"`
	RoleId   int    `json:"id"`
	Type     string `json:"type"`
	Parent   int    `json:"parent_id"`
}

type UserRoles

type UserRoles []UserRole

type UserWithGroups

type UserWithGroups struct {
	User   iuser.UserProfile `json:"user,omitempty"`
	Groups []string          `json:"groups"`
}

func GetUserWithGroups

func GetUserWithGroups(ctx context.Context, u iuser.User) *UserWithGroups

func (*UserWithGroups) MarshalJSON

func (ug *UserWithGroups) MarshalJSON() ([]byte, error)

该函数必须是 *UserWithGroups, 否则会产生递归调用,即 绝对不可写成 func (ug UserWithGroups) MarshalJSON() ([]byte, error) {} 即想要调用也必须传入 *UserWithGroups

Directories

Path Synopsis
app

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL