server

package
v0.1.64 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 30, 2021 License: GPL-3.0 Imports: 26 Imported by: 0

Documentation

Overview

Package server provides an http oauth REST API

Index

Constants

View Source
const (
	// AuthRequestParam is the name of the request token parameter
	AuthRequestParam = "request_token"
)

Variables

View Source
var (
	// ErrMissingParameter is returned when a parameter is missing
	ErrMissingParameter = func(u *url.URL, param string) api.Responder {
		msg := fmt.Sprintf("parameter %s is a required", param)

		if u == nil {
			return oauth.Errorf(oauth.ErrorCodeInvalidRequest, msg)
		}

		return api.Redirect(u, map[string]string{
			"error":             string(oauth.ErrorCodeInvalidRequest),
			"error_description": msg,
		})
	}

	// ErrInvalidParameter is returned when a parameter is valid
	ErrInvalidParameter = func(u *url.URL, param string) api.Responder {
		msg := fmt.Sprintf("parameter %s is not valid", param)

		if u == nil {
			return oauth.Errorf(oauth.ErrorCodeInvalidRequest, msg)
		}

		return api.Redirect(u, map[string]string{
			"error":             string(oauth.ErrorCodeInvalidRequest),
			"error_description": msg,
		})
	}

	// ErrInvalidContext is returned when the context can not be resolved
	ErrInvalidContext = func(u *url.URL) api.Responder {
		msg := fmt.Sprintf("invalid context")

		if u == nil {
			return oauth.Errorf(oauth.ErrorCodeInvalidRequest, msg)
		}

		return api.Redirect(u, map[string]string{
			"error":             string(oauth.ErrorCodeInvalidRequest),
			"error_description": msg,
		})
	}

	// ErrExpiredRequestToken is returned when the token is expired
	ErrExpiredRequestToken = func(u *url.URL) api.Responder {
		msg := fmt.Sprintf("request token expired")

		if u == nil {
			return oauth.Errorf(oauth.ErrorCodeAccessDenied, msg)
		}

		return api.Redirect(u, map[string]string{
			"error":             string(oauth.ErrorCodeAccessDenied),
			"error_description": msg,
		})
	}

	// ErrUserNotFound is returned when the user is not found
	ErrUserNotFound = func(u *url.URL) api.Responder {
		msg := fmt.Sprintf("user not found")

		if u == nil {
			return oauth.Errorf(oauth.ErrorCodeAccessDenied, msg)
		}

		return api.Redirect(u, map[string]string{
			"error":             string(oauth.ErrorCodeAccessDenied),
			"error_description": msg,
		})
	}

	// ErrUnauthorizedRediretURI is returned when the redirect uri is not authorized
	ErrUnauthorizedRediretURI = func(u *url.URL) api.Responder {
		msg := fmt.Sprintf("unauthorized redirect uri")

		if u == nil {
			return oauth.Errorf(oauth.ErrorCodeAccessDenied, msg)
		}

		return api.Redirect(u, map[string]string{
			"error":             string(oauth.ErrorCodeAccessDenied),
			"error_description": msg,
		})
	}

	// ErrUnauthorized is returned when the request has been denied
	ErrUnauthorized = func(u *url.URL, reason string) api.Responder {
		msg := fmt.Sprintf("unauthorized request: %s", reason)

		if u == nil {
			return oauth.Errorf(oauth.ErrorCodeAccessDenied, msg)
		}

		return api.Redirect(u, map[string]string{
			"error":             string(oauth.ErrorCodeAccessDenied),
			"error_description": msg,
		})
	}

	// ErrBadRequest is used for invalid requests
	ErrBadRequest = func(u *url.URL, reason string) api.Responder {
		msg := fmt.Sprintf("bad request: %s", reason)

		if u == nil {
			return oauth.Errorf(oauth.ErrorCodeInvalidRequest, msg)
		}

		return api.Redirect(u, map[string]string{
			"error":             string(oauth.ErrorCodeInvalidRequest),
			"error_description": msg,
		})
	}

	// ErrServerError is used for internal errors
	ErrServerError = func(u *url.URL, f string, args ...interface{}) api.Responder {
		msg := fmt.Sprintf(f, args...)

		if u == nil {
			return oauth.Errorf(oauth.ErrorCodeServerError, msg)
		}

		return api.Redirect(u, map[string]string{
			"error":             string(oauth.ErrorCodeServerError),
			"error_description": msg,
		})
	}
)
View Source
var (
	// DefaultCodeChallengeMethod is the only challenge method
	DefaultCodeChallengeMethod = "plain"
)

Functions

func EnsureURI

func EnsureURI(uri string, search []string, r ...*http.Request) (*url.URL, error)

EnsureURI checks that a uri matches within a list

func VerifySend added in v0.1.10

func VerifySend(ctx context.Context, params *VerifySendParams) error

VerifySend sends a verification to the user

Types

type AuthorizeParams

type AuthorizeParams struct {
	AppURI              *string  `json:"app_uri"`
	Audience            *string  `json:"audience,omitempty"`
	ClientID            string   `json:"client_id"`
	CodeChallenge       *string  `json:"code_challenge"`
	CodeChallengeMethod *string  `json:"code_challenge_method,omitempty"`
	RedirectURI         *string  `json:"redirect_uri"`
	ResponseType        string   `json:"response_type"`
	Scope               []string `json:"scope"`
	State               *string  `json:"state,omitempty"`
	Nonce               *string  `json:"nonce,omitempty"`
}

AuthorizeParams contains all the bound params for the authorize operation

func (*AuthorizeParams) Validate

func (p *AuthorizeParams) Validate() error

Validate validates the params

type ErrorResponder added in v0.1.46

type ErrorResponder struct {
	api.Responder
	// contains filtered or unexported fields
}

func (ErrorResponder) Error added in v0.1.46

func (e ErrorResponder) Error() string

type JWKSInput added in v0.1.2

type JWKSInput struct {
}

JWKSInput is the input for the jwks route

type LoginParams

type LoginParams struct {
	Login        string `json:"login"`
	Password     string `json:"password"`
	RequestToken string `json:"request_token"`
}

LoginParams contains all the bound params for the login operation

func (LoginParams) Validate

func (p LoginParams) Validate() error

Validate validates LoginParams

type LogoutParams

type LogoutParams struct {
	Audience              *string `json:"audience,omitempty"`
	ClientID              *string `json:"client_id"`
	RedirectURI           *string `json:"redirect_uri,omitempty"`
	PostLogoutRedirectURI *string `json:"post_logout_redirect_uri,omitempty"`
	TokenHint             *string `json:"id_token_hint,omitempty"`
	State                 *string `json:"state"`
}

LogoutParams contains all the bound params for the logout operation

func (LogoutParams) Validate

func (p LogoutParams) Validate() error

Validate validates LogoutParams

type OIDConfigInput added in v0.1.2

type OIDConfigInput struct {
}

OIDConfigInput is the input for the jwks route

type Option

type Option func(s *Server)

Option provides the server options, these will override th defaults and instance values.

func WithAllowedGrants

func WithAllowedGrants(g oauth.Permissions) Option

WithAllowedGrants sets allowed grants

func WithAuthorizer

func WithAuthorizer(a oauth.Authorizer) Option

WithAuthorizer sets the oauth.Authorizer for the necessary calls

func WithCodeStore

func WithCodeStore(c oauth.CodeStore) Option

WithCodeStore changes the default code store for the server

func WithOTPLen added in v0.1.38

func WithOTPLen(l int) Option

func WithRequestTokenLifetime added in v0.1.37

func WithRequestTokenLifetime(d time.Duration) Option

func WithSessionStore

func WithSessionStore(c oauth.SessionStore) Option

WithSessionStore changes the default session store for the server

type PasswordCreateParams

type PasswordCreateParams struct {
	Login        *string                     `json:"login,omitempty"`
	Notify       []oauth.NotificationChannel `json:"notify"`
	Type         PasswordType                `json:"type"`
	RequestToken *string                     `json:"request_token,omitempty"`
	AppURI       *oauth.URI                  `json:"app_uri,omitempty"`
	RedirectURI  *oauth.URI                  `json:"redirect_uri,omitempty"`
	CodeVerifier *string                     `json:"code_verifier,omitempty"`
}

PasswordCreateParams is the input to the password get route

func (PasswordCreateParams) Validate

func (p PasswordCreateParams) Validate() error

Validate validates PasswordGetInput

type PasswordType

type PasswordType string

PasswordType defines a password type

const (
	// PasswordTypeLink is a magic password link
	PasswordTypeLink PasswordType = "link"

	// PasswordTypeCode is a one-time use password code
	PasswordTypeCode PasswordType = "code"

	// PasswordTypeReset sends both a link with the password scope and a code
	PasswordTypeReset PasswordType = "reset"
)

func (PasswordType) Validate

func (p PasswordType) Validate() error

Validate validates the PasswordType

type PasswordUpdateParams

type PasswordUpdateParams struct {
	Password    string     `json:"password"`
	ResetCode   string     `json:"reset_code"`
	RedirectURI *oauth.URI `json:"redirect_uri"`
}

PasswordUpdateParams are used by the password update route

func (PasswordUpdateParams) Validate

func (p PasswordUpdateParams) Validate() error

Validate validates PasswordGetInput

type RedirectError added in v0.1.17

type RedirectError func(u *url.URL) api.Responder

RedirectError defines a redirect error handler

type Server

type Server struct {
	*api.Server
	// contains filtered or unexported fields
}

Server is an API server it can be used standalone vi Server() or integrared via Handler()

func New

func New(ctrl oauth.Controller, opts ...interface{}) *Server

New returns a new Server instance

func (*Server) Sessions

func (s *Server) Sessions() oauth.SessionStore

Sessions returns the sessions

type SessionParams

type SessionParams struct {
	RequestToken string     `json:"request_token"`
	AuthCode     bool       `json:"auth_code"`
	RedirectURI  *oauth.URI `json:"redirect_uri"`
	State        *string    `json:"state,omitempty"`
}

SessionParams is the session request parameters

type SignupParams

type SignupParams struct {
	Email        *string `json:"email,omitempty"`
	InviteCode   *string `json:"invite_code"`
	Login        string  `json:"login"`
	Name         *string `json:"name"`
	Password     *string `json:"password"`
	SignupOnly   bool    `json:"signup_only"`
	RequestToken string  `json:"request_token"`
}

SignupParams contains all the bound params for the signup operation

func (SignupParams) Validate

func (p SignupParams) Validate() error

Validate validates SignupParams

type TokenIntrospectParams added in v0.1.34

type TokenIntrospectParams struct {
	Token string `json:"token"`
}

TokenIntrospectParams is the parameters for token introspect

type TokenParams

type TokenParams struct {
	Audience        *string  `json:"audience,omitempty"`
	ClientID        *string  `json:"client_id"`
	ClientSecret    *string  `json:"client_secret,omitempty"`
	Code            *string  `json:"code,omitempty"`
	CodeVerifier    *string  `json:"code_verifier"`
	GrantType       string   `json:"grant_type"`
	Password        *string  `json:"password,omitempty"`
	RefreshNonce    *string  `json:"refresh_nonce,omitempty"`
	RefreshToken    *string  `json:"refresh_token,omitempty"`
	RefreshVerifier *string  `json:"refresh_verifier,omitempty"`
	Scope           []string `json:"scope,omitempty"`
	Username        *string  `json:"username,omitempty"`
}

TokenParams contains all the bound params for the token operation

func (TokenParams) Validate

func (p TokenParams) Validate() error

Validate validate TokenParams

type TokenRevokeParams added in v0.1.34

type TokenRevokeParams struct {
	Token string `json:"token"`
}

TokenRevokeParams is the parameters for token revoke

type UserInfoUpdateParams

type UserInfoUpdateParams struct {
	Profile oauth.Profile `json:"profile,omitempty"`
}

UserInfoUpdateParams contains all the bound params for the user info update operation

type VerifyParams

type VerifyParams struct {
	RedirectURI string `json:"redirect_uri"`
}

VerifyParams contains the email verify params

func (VerifyParams) Validate

func (p VerifyParams) Validate() error

Validate validates UserEmailVerifyParams

type VerifySendParams

type VerifySendParams struct {
	Method oauth.NotificationChannel `json:"method"`
	Signup bool                      `json:"-"`
	// contains filtered or unexported fields
}

VerifySendParams are the params for the verification send method

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL