Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACL ¶
type ACL struct {
// A list of Required accessors. These must be true for all requests that
// pass through this resource.
Required []Method
// A list of optional accessors. At least one of these must be true
// in order for a request to flow through this resource. If this is not
// defined then only Required will be used.
Any []Method
}
For some request times access can be limited in several different ways including: IP white listing and authentication. This object allows those methods to be configured.
type BasicAuth ¶
type BasicAuth struct {
// Access to the htpasswd data.
Users *secretloader.HTPasswd
// The realm that will be returned to the user if they fail to auth.
Realm string
// The tags required for this resource. If no tags are required then
// all users will be allowed.
UserTags []string
}
If a Request can be authenticated with Basic Auth then this will handle the authentication cycle.
type Method ¶
type Method interface {
// contains filtered or unexported methods
}
A tool used to validate that a given request is allowed to proceed. It is expected that this gets implemented by the various authentication methods in the access package.
type SAML ¶
type SAML struct {
// The Secret Loader that manages access to the SAML Identity Provider.
Provider *secretloader.SAMLProvider
// How long to allow SAML based authentication to be valid for. Setting
// this too high will make it impossible to expunge a logged in user from
// the system without removing the user completely. Setting it too low
// will be annoying for users as they will have to login constantly.
CookieValidity time.Duration
// The name of the cookie to use for authentication. This name should
// not conflict with any other possible cookies used on this domain.
CookieName string
// The domain that the cookie will be limited too.
CookieDomain string
// Used for encrypting the contents of the cookie.
CookieTool *cookie.CookieTool
// Set to secure if the cookie should only ever be returned over https.
CookieSecure bool
// The amount of time that a user has after being directed to the
// Identity Provider before the login attempt is considered
// expired.
LoginDuration time.Duration
// The name of the SAML attribute that will be used when assigning login
// names. This is useful if your provider uses displayName over say
// uid. If not set this will default to "uid"
UserNameAttribute string
// The name of the SAML attribute that will be used when setting up
// tags. Each tag within this attribute will be usable with the
// UserTags portion of the SAMLAuth object type.
TagAttribute string
}
Handle all of configuration for a SAML provider that can be used with access control lists.
type SAMLAuth ¶
type SAMLAuth struct {
// The reference to the common provider for this SAML instance.
Source *SAML
// If provided then users must have all of the given tags to be able
// to authenticate to this service.
UserTags []string
}
A specific implementation of a SAMLAuth that will validate that the user has logged in.
type WebAuth ¶
type WebAuth struct {
// The Provider that configures users.
Provider *WebAuthProvider
// A list of tags that users must have in order to access this
// resource. All tags must be present in the user profile for this
// to work. Alternatively if this is left nil then all users
// will be allowed access.
UserTags []string
}
An acl.Method implementation of WebAuthProvider that uses the provider but allows individual resources to configure Tags required by users.
type WebAuthProvider ¶
type WebAuthProvider struct {
// Access to the htpasswd data.
Users *secretloader.HTPasswd
// How long to allow the web authentication to be valid for. Setting this
// too high will make it impossible to expunge a logged in user from the
// system without removing the user entry completely. Setting it too low
// will be annoying for users as they will have to login in constantly.
CookieValidity time.Duration
// The Name of the cookie to use when setting the authorized cookie.
CookieName string
// The domain that web login cookies should be restricted too.
CookieDomain string
// Used for encrypting the contents of the cookie.
CookieTool *cookie.CookieTool
}
If a Request can be authenticated with Web Auth then this will handle the authentication cycle.
func (*WebAuthProvider) LoginGet ¶
func (w *WebAuthProvider) LoginGet(ir *request.Request)
Handles requests to /_login (GET)
func (*WebAuthProvider) LoginPost ¶
func (w *WebAuthProvider) LoginPost(ir *request.Request)
Handles request to /_login (POST)
type WhiteList ¶
type WhiteList struct {
// A list of IP/Mask combinations that can be used to limit who can
// access a given resource within the HTTP server.
CIDRs []net.IPNet
// Allow the following IPs to set the value of RemoteAddr via the
// X-Forwarded-For header. This should be restricted to a list of
// trusted hosts as they will effectively be able to circumvent the
// IP white listing process.
AllowXForwardedForFrom []net.IPNet
}
Handles CIDR white listing requests.
Source Files
Click to show internal directories.
Click to hide internal directories.