auth

Documentation

Overview

Package auth is used to handle authorization using a gin.HandlerFunc defined by Middleware.

Index

• Constants
• type Router
  • func NewRouter(logger *logrus.Logger) *Router
  • func (r *Router) ExtractToken(secret string, authURL string, c *gin.Context) *jwt.Token
  • func (r *Router) Middleware(secrets Secrets, authURL string) gin.HandlerFunc
  • func (r *Router) UserMiddleware(c *gin.Context, secret string, authURL string)
• type Secrets

Constants

const (
	// AuthCookie is the name of the authorization cookie.
	AuthCookie = "kd-token"

	// AuthHeader is the key of the authorization header.
	AuthHeader = "Authorization"

	// AuthHeaderBearer is the prefix for the authorization token in AuthHeader.
	AuthHeaderBearer = "Bearer"

	// FirstNameLabel is the claim name for the firstname of the user
	FirstNameLabel = "firstName"

	// LastNameLabel is the claim name for the lastname of the user
	LastNameLabel = "lastName"

	// DisplayNameLabel is the claim name of the display name of the user
	DisplayNameLabel = "displayName"

	// CurrentUnitLabel is the claim name of the current unit of the user
	CurrentUnitLabel = "currentUnit"

	// RankLabel is the claim name of the rank of the user
	RankLabel = "rank"

	// JobLabel is the claim name of the job of the user
	JobLabel = "job"

	// UserNameLabel is the label for the full user name.
	UserNameLabel = "username"

	// AuthTypeHeader is the key of the servive-host header
	AuthTypeHeader = "Auth-Type"

	// DocsAuthTypeValue is the value of the docs-service for AuthTypeHeader key
	DocsAuthTypeValue = "Docs"

	// DEPRECATED: ServiceAuthTypeValue is the value of service for AuthTypeHeader key
	ServiceAuthTypeValue = "Service"

	// ServiceAuthCodeTypeValue is the value of service using the authorization code flow for AuthTypeHeader key
	ServiceAuthCodeTypeValue = "Service AuthCode"

	// ConfigWebUI is the name of the environment variable containing the path to the ui.
	ConfigWebUI = "web_ui"

	// DriveClientName is the client name of the Drive UI client.
	DriveClientName = "DriveUI"
)

Types

type Router

type Router struct {
	// contains filtered or unexported fields
}

Router is a structure that handels the authentication middleware.

func NewRouter

func NewRouter(
	logger *logrus.Logger,
) *Router

NewRouter creates a new Router. If logger is non-nil then it will be set as-is, otherwise logger would default to logrus.New().

func (*Router) ExtractToken

func (r *Router) ExtractToken(secret string, authURL string, c *gin.Context) *jwt.Token

ExtractToken extract the jwt token from c.Cookie(AuthCookie) or c.GetHeader(AuthHeader). If the token is invalid or expired, it will redirect the client to authURL, and return nil. If the token is valid, it will return the token.

func (*Router) Middleware

func (r *Router) Middleware(secrets Secrets, authURL string) gin.HandlerFunc

Middleware check that the client has valid authentication to use the route This function also set variables like user and service to the context.

func (*Router) UserMiddleware

func (r *Router) UserMiddleware(c *gin.Context, secret string, authURL string)

UserMiddleware is a middleware which validates the user requesting the operation. It validates the jwt token in c.Cookie(AuthCookie) or c.GetHeader(AuthHeader). If the token is not valid or expired, it will redirect the client to authURL. If the token is valid, it will set the user's data into the gin context at user.ContextUserKey.

type Secrets

type Secrets struct {
	Drive string
	Docs  string
}

Secrets is a struct that holds the application secrets.