Documentation
¶
Index ¶
- Variables
- func Asset(name string) ([]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func MustAsset(name string) []byte
- func NewExtAuth(cfg *ExtAuthConfig) *extAuth
- func NewStaticUserAuth(users map[string]*Requirements) *staticUsersAuth
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- type Authenticator
- type CodeToTokenResponse
- type ExtAuthConfig
- type ExtAuthResponse
- type ExtAuthStatus
- type GitHubAuth
- type GitHubAuthConfig
- type GitHubAuthRequest
- type GitHubTokenUser
- type GoogleAuth
- type GoogleAuthConfig
- type GoogleAuthRequest
- type GoogleTokenInfo
- type LDAPAuth
- type LDAPAuthConfig
- type Labels
- type MongoAuth
- type MongoAuthConfig
- type PasswordString
- type ProfileResponse
- type RefreshTokenResponse
- type Requirements
- type TokenDB
- type TokenDBImpl
- func (db *TokenDBImpl) DeleteToken(user string) error
- func (db *TokenDBImpl) GetValue(user string) (*TokenDBValue, error)
- func (db *TokenDBImpl) StoreToken(user string, v *TokenDBValue, updatePassword bool) (dp string, err error)
- func (db *TokenDBImpl) ValidateToken(user string, password PasswordString) error
- type TokenDBValue
Constants ¶
This section is empty.
Variables ¶
View Source
var ExpiredToken = errors.New("expired token")
View Source
var NoMatch = errors.New("did not match any rule")
View Source
var WrongPass = errors.New("wrong password for user")
Functions ¶
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/
foo.txt
img/
a.png
b.png
then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func NewExtAuth ¶
func NewExtAuth(cfg *ExtAuthConfig) *extAuth
func NewStaticUserAuth ¶
func NewStaticUserAuth(users map[string]*Requirements) *staticUsersAuth
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively
Types ¶
type Authenticator ¶
type Authenticator interface {
// Given a user name and a password (plain text), responds with the result or an error.
// Error should only be reported if request could not be serviced, not if it should be denied.
// A special NoMatch error is returned if the authorizer could not reach a decision,
// e.g. none of the rules matched.
// Another special WrongPass error is returned if the authorizer failed to authenticate.
// Implementations must be goroutine-safe.
Authenticate(user string, password PasswordString) (bool, Labels, error)
// Finalize resources in preparation for shutdown.
// When this call is made there are guaranteed to be no Authenticate requests in flight
// and there will be no more calls made to this instance.
Stop()
// Human-readable name of the authenticator.
Name() string
}
Authentication plugin interface.
type CodeToTokenResponse ¶
type CodeToTokenResponse struct {
IDToken string `json:"id_token,omitempty"`
AccessToken string `json:"access_token,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
ExpiresIn int64 `json:"expires_in,omitempty"`
TokenType string `json:"token_type,omitempty"`
// Returned in case of error.
Error string `json:"error,omitempty"`
ErrorDescription string `json:"error_description,omitempty"`
}
CodeToTokenResponse is sent by Google servers in response to the grant_type=authorization_code request.
type ExtAuthConfig ¶
func (*ExtAuthConfig) Validate ¶
func (c *ExtAuthConfig) Validate() error
type ExtAuthResponse ¶
type ExtAuthResponse struct {
Labels Labels `json:"labels,omitempty"`
}
type ExtAuthStatus ¶
type ExtAuthStatus int
const ( ExtAuthAllowed ExtAuthStatus = 0 ExtAuthDenied ExtAuthStatus = 1 ExtAuthNoMatch ExtAuthStatus = 2 ExtAuthError ExtAuthStatus = 3 )
type GitHubAuth ¶
type GitHubAuth struct {
// contains filtered or unexported fields
}
func NewGitHubAuth ¶
func NewGitHubAuth(c *GitHubAuthConfig) (*GitHubAuth, error)
func (*GitHubAuth) Authenticate ¶
func (gha *GitHubAuth) Authenticate(user string, password PasswordString) (bool, Labels, error)
func (*GitHubAuth) DoGitHubAuth ¶
func (gha *GitHubAuth) DoGitHubAuth(rw http.ResponseWriter, req *http.Request)
func (*GitHubAuth) Name ¶
func (gha *GitHubAuth) Name() string
func (*GitHubAuth) Stop ¶
func (gha *GitHubAuth) Stop()
type GitHubAuthConfig ¶
type GitHubAuthConfig struct {
Organization string `yaml:"organization,omitempty"`
ClientId string `yaml:"client_id,omitempty"`
ClientSecret string `yaml:"client_secret,omitempty"`
ClientSecretFile string `yaml:"client_secret_file,omitempty"`
TokenDB string `yaml:"token_db,omitempty"`
HTTPTimeout time.Duration `yaml:"http_timeout,omitempty"`
RevalidateAfter time.Duration `yaml:"revalidate_after,omitempty"`
GithubWebUri string `yaml:"github_web_uri,omitempty"`
GithubApiUri string `yaml:"github_api_uri,omitempty"`
}
type GitHubAuthRequest ¶
type GitHubTokenUser ¶
type GoogleAuth ¶
type GoogleAuth struct {
// contains filtered or unexported fields
}
func NewGoogleAuth ¶
func NewGoogleAuth(c *GoogleAuthConfig) (*GoogleAuth, error)
func (*GoogleAuth) Authenticate ¶
func (ga *GoogleAuth) Authenticate(user string, password PasswordString) (bool, Labels, error)
func (*GoogleAuth) DoGoogleAuth ¶
func (ga *GoogleAuth) DoGoogleAuth(rw http.ResponseWriter, req *http.Request)
func (*GoogleAuth) Name ¶
func (ga *GoogleAuth) Name() string
func (*GoogleAuth) Stop ¶
func (ga *GoogleAuth) Stop()
type GoogleAuthConfig ¶
type GoogleAuthConfig struct {
Domain string `yaml:"domain,omitempty"`
ClientId string `yaml:"client_id,omitempty"`
ClientSecret string `yaml:"client_secret,omitempty"`
ClientSecretFile string `yaml:"client_secret_file,omitempty"`
TokenDB string `yaml:"token_db,omitempty"`
HTTPTimeout int `yaml:"http_timeout,omitempty"`
}
type GoogleAuthRequest ¶
type GoogleTokenInfo ¶
type GoogleTokenInfo struct {
// AccessType: The access type granted with this token. It can be
// offline or online.
AccessType string `json:"access_type,omitempty"`
// Audience: Who is the intended audience for this token. In general the
// same as issued_to.
Audience string `json:"audience,omitempty"`
// Email: The email address of the user. Present only if the email scope
// is present in the request.
Email string `json:"email,omitempty"`
// ExpiresIn: The expiry time of the token, as number of seconds left
// until expiry.
ExpiresIn int64 `json:"expires_in,omitempty"`
// IssuedTo: To whom was the token issued to. In general the same as
// audience.
IssuedTo string `json:"issued_to,omitempty"`
// Scope: The space separated list of scopes granted to this token.
Scope string `json:"scope,omitempty"`
// TokenHandle: The token handle associated with this token.
TokenHandle string `json:"token_handle,omitempty"`
// UserId: The obfuscated user id.
UserId string `json:"user_id,omitempty"`
// VerifiedEmail: Boolean flag which is true if the email address is
// verified. Present only if the email scope is present in the request.
VerifiedEmail bool `json:"verified_email,omitempty"`
// Returned in case of error.
Error string `json:"error,omitempty"`
ErrorDescription string `json:"error_description,omitempty"`
}
From github.com/google-api-go-client/oauth2/v2/oauth2-gen.go
type LDAPAuth ¶
type LDAPAuth struct {
// contains filtered or unexported fields
}
func NewLDAPAuth ¶
func NewLDAPAuth(c *LDAPAuthConfig) (*LDAPAuth, error)
func (*LDAPAuth) Authenticate ¶
How to authenticate user, please refer to https://github.com/go-ldap/ldap/blob/master/example_test.go#L166
type LDAPAuthConfig ¶
type LDAPAuthConfig struct {
Addr string `yaml:"addr,omitempty"`
TLS string `yaml:"tls,omitempty"`
InsecureTLSSkipVerify bool `yaml:"insecure_tls_skip_verify,omitempty"`
Base string `yaml:"base,omitempty"`
Filter string `yaml:"filter,omitempty"`
BindDN string `yaml:"bind_dn,omitempty"`
BindPasswordFile string `yaml:"bind_password_file,omitempty"`
GroupBaseDN string `yaml:"group_base_dn,omitempty"`
GroupFilter string `yaml:"group_filter,omitempty"`
}
type MongoAuth ¶
type MongoAuth struct {
Collection string `yaml:"collection,omitempty"`
// contains filtered or unexported fields
}
func NewMongoAuth ¶
func NewMongoAuth(c *MongoAuthConfig) (*MongoAuth, error)
func (*MongoAuth) Authenticate ¶
type MongoAuthConfig ¶
type MongoAuthConfig struct {
MongoConfig *mgo_session.Config `yaml:"dial_info,omitempty"`
Collection string `yaml:"collection,omitempty"`
}
func (*MongoAuthConfig) Validate ¶
func (c *MongoAuthConfig) Validate(configKey string) error
Validate ensures that any custom config options in a Config are set correctly.
type PasswordString ¶
type PasswordString string
func (PasswordString) String ¶
func (ps PasswordString) String() string
type ProfileResponse ¶
type ProfileResponse struct {
Email string `json:"email,omitempty"`
VerifiedEmail bool `json:"verified_email,omitempty"`
}
ProfileResponse is sent by the /userinfo/v2/me endpoint. We use it to validate access token and (re)verify the email address associated with it.
type RefreshTokenResponse ¶
type RefreshTokenResponse struct {
AccessToken string `json:"access_token,omitempty"`
ExpiresIn int64 `json:"expires_in,omitempty"`
TokenType string `json:"token_type,omitempty"`
// Returned in case of error.
Error string `json:"error,omitempty"`
ErrorDescription string `json:"error_description,omitempty"`
}
CodeToTokenResponse is sent by Google servers in response to the grant_type=refresh_token request.
type Requirements ¶
type Requirements struct {
Password *PasswordString `yaml:"password,omitempty" json:"password,omitempty"`
}
func (Requirements) String ¶
func (r Requirements) String() string
type TokenDB ¶
type TokenDB interface {
// GetValue takes a username returns the corresponding token
GetValue(string) (*TokenDBValue, error)
// StoreToken takes a username and token, stores them in the DB
// and returns a password and error
StoreToken(string, *TokenDBValue, bool) (string, error)
// ValidateTOken takes a username and password
// and returns an error
ValidateToken(string, PasswordString) error
// DeleteToken takes a username
// and deletes the corresponding token from the DB
DeleteToken(string) error
// Composed from leveldb.DB
Close() error
}
TokenDB stores tokens using LevelDB
func NewTokenDB ¶
NewTokenDB returns a new TokenDB structure
type TokenDBImpl ¶
TokenDB stores tokens using LevelDB
func (*TokenDBImpl) DeleteToken ¶
func (db *TokenDBImpl) DeleteToken(user string) error
func (*TokenDBImpl) GetValue ¶
func (db *TokenDBImpl) GetValue(user string) (*TokenDBValue, error)
func (*TokenDBImpl) StoreToken ¶
func (db *TokenDBImpl) StoreToken(user string, v *TokenDBValue, updatePassword bool) (dp string, err error)
func (*TokenDBImpl) ValidateToken ¶
func (db *TokenDBImpl) ValidateToken(user string, password PasswordString) error
type TokenDBValue ¶
type TokenDBValue struct {
TokenType string `json:"token_type,omitempty"` // Usually "Bearer"
AccessToken string `json:"access_token,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
ValidUntil time.Time `json:"valid_until,omitempty"`
// DockerPassword is the temporary password we use to authenticate Docker users.
// Generated at the time of token creation, stored here as a BCrypt hash.
DockerPassword string `json:"docker_password,omitempty"`
}
TokenDBValue is stored in the database, JSON-serialized.
Source Files
Click to show internal directories.
Click to hide internal directories.