Documentation ¶
Index ¶
- Variables
- func EnrichRequestedURL(r *http.Request)
- func NewSimpleResponseWriter() *simpleResponseWriter
- type AuthenticationSession
- type Authenticator
- type AuthenticatorAnonymous
- type AuthenticatorBroken
- type AuthenticatorNoOp
- type AuthenticatorOAuth2ClientCredentials
- type AuthenticatorOAuth2Configuration
- type AuthenticatorOAuth2Introspection
- type AuthenticatorOAuth2IntrospectionConfiguration
- type Authorizer
- type AuthorizerAllow
- type AuthorizerDeny
- type AuthorizerKetoWarden
- type AuthorizerKetoWardenConfiguration
- type Claims
- type CredentialsIDToken
- type CredentialsIDTokenConfig
- type CredentialsIssuer
- type CredentialsIssuerBroken
- type CredentialsIssuerNoOp
- type MockWardenSDK
- func (_m *MockWardenSDK) EXPECT() *_MockWardenSDKRecorder
- func (_m *MockWardenSDK) IsOAuth2AccessTokenAuthorized(body swagger.WardenOAuth2AccessTokenAuthorizationRequest) (*swagger.WardenOAuth2AccessTokenAuthorizationResponse, *swagger.APIResponse, ...)
- func (_m *MockWardenSDK) IsOAuth2ClientAuthorized(body swagger.WardenOAuth2ClientAuthorizationRequest) (*swagger.WardenOAuth2ClientAuthorizationResponse, *swagger.APIResponse, error)
- func (_m *MockWardenSDK) IsSubjectAuthorized(body swagger.WardenSubjectAuthorizationRequest) (*swagger.WardenSubjectAuthorizationResponse, *swagger.APIResponse, error)
- type MockauthenticatorOAuth2IntrospectionHelper
- type Proxy
- type RequestHandler
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrAuthenticatorBypassed = errors.New("Authenticator is disabled")
View Source
var ErrAuthenticatorNotResponsible = errors.New("Authenticator not responsible")
Functions ¶
func EnrichRequestedURL ¶
EnrichRequestedURL sets Scheme and Host values in a URL passed down by a http server. Per default, the URL does not contain host nor scheme values.
func NewSimpleResponseWriter ¶
func NewSimpleResponseWriter() *simpleResponseWriter
Types ¶
type AuthenticationSession ¶
type Authenticator ¶
type Authenticator interface { Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error) GetID() string }
type AuthenticatorAnonymous ¶
type AuthenticatorAnonymous struct {
AnonymousIdentifier string
}
func NewAuthenticatorAnonymous ¶
func NewAuthenticatorAnonymous(anonymousIdentifier string) *AuthenticatorAnonymous
func (*AuthenticatorAnonymous) Authenticate ¶
func (a *AuthenticatorAnonymous) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)
func (*AuthenticatorAnonymous) GetID ¶
func (a *AuthenticatorAnonymous) GetID() string
type AuthenticatorBroken ¶
type AuthenticatorBroken struct{}
func NewAuthenticatorBroken ¶
func NewAuthenticatorBroken() *AuthenticatorBroken
func (*AuthenticatorBroken) Authenticate ¶
func (a *AuthenticatorBroken) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)
func (*AuthenticatorBroken) GetID ¶
func (a *AuthenticatorBroken) GetID() string
type AuthenticatorNoOp ¶
type AuthenticatorNoOp struct{}
func NewAuthenticatorNoOp ¶
func NewAuthenticatorNoOp() *AuthenticatorNoOp
func (*AuthenticatorNoOp) Authenticate ¶
func (a *AuthenticatorNoOp) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)
func (*AuthenticatorNoOp) GetID ¶
func (a *AuthenticatorNoOp) GetID() string
type AuthenticatorOAuth2ClientCredentials ¶
type AuthenticatorOAuth2ClientCredentials struct {
// contains filtered or unexported fields
}
func NewAuthenticatorOAuth2ClientCredentials ¶
func NewAuthenticatorOAuth2ClientCredentials(tokenURL string) *AuthenticatorOAuth2ClientCredentials
func (*AuthenticatorOAuth2ClientCredentials) Authenticate ¶
func (a *AuthenticatorOAuth2ClientCredentials) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)
func (*AuthenticatorOAuth2ClientCredentials) GetID ¶
func (a *AuthenticatorOAuth2ClientCredentials) GetID() string
type AuthenticatorOAuth2Configuration ¶
type AuthenticatorOAuth2Configuration struct { // Scopes is an array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this rule. // If the token used in the Authorization header did not request that specific scope, the request is denied. Scopes []string `json:"required_scope"` }
type AuthenticatorOAuth2Introspection ¶
type AuthenticatorOAuth2Introspection struct {
// contains filtered or unexported fields
}
func NewAuthenticatorOAuth2Introspection ¶
func NewAuthenticatorOAuth2Introspection(clientID, clientSecret, tokenURL, introspectionURL string, scopes []string, strategy fosite.ScopeStrategy) *AuthenticatorOAuth2Introspection
func (*AuthenticatorOAuth2Introspection) Authenticate ¶
func (a *AuthenticatorOAuth2Introspection) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)
func (*AuthenticatorOAuth2Introspection) GetID ¶
func (a *AuthenticatorOAuth2Introspection) GetID() string
type AuthenticatorOAuth2IntrospectionConfiguration ¶
type AuthenticatorOAuth2IntrospectionConfiguration struct { // An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler. // If the token used in the Authorization header did not request that specific scope, the request is denied. Scopes []string `json:"required_scope"` // An array of audiences that are required when accessing an endpoint protected by this handler. // If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied. Audience []string `json:"target_audience"` // The token must have been issued by one of the issuers listed in this array. Issuers []string `json:"trusted_issuers"` }
type Authorizer ¶
type Authorizer interface { Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error GetID() string }
type AuthorizerAllow ¶
type AuthorizerAllow struct{}
func NewAuthorizerAllow ¶
func NewAuthorizerAllow() *AuthorizerAllow
func (*AuthorizerAllow) Authorize ¶
func (a *AuthorizerAllow) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
func (*AuthorizerAllow) GetID ¶
func (a *AuthorizerAllow) GetID() string
type AuthorizerDeny ¶
type AuthorizerDeny struct{}
func NewAuthorizerDeny ¶
func NewAuthorizerDeny() *AuthorizerDeny
func (*AuthorizerDeny) Authorize ¶
func (a *AuthorizerDeny) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
func (*AuthorizerDeny) GetID ¶
func (a *AuthorizerDeny) GetID() string
type AuthorizerKetoWarden ¶
func NewAuthorizerKetoWarden ¶
func NewAuthorizerKetoWarden(k keto.WardenSDK) *AuthorizerKetoWarden
func (*AuthorizerKetoWarden) Authorize ¶
func (a *AuthorizerKetoWarden) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
func (*AuthorizerKetoWarden) GetID ¶
func (a *AuthorizerKetoWarden) GetID() string
type Claims ¶
type CredentialsIDToken ¶
type CredentialsIDToken struct {
// contains filtered or unexported fields
}
func NewCredentialsIssuerIDToken ¶
func NewCredentialsIssuerIDToken( k rsakey.Manager, l logrus.FieldLogger, lifetime time.Duration, issuer string, ) *CredentialsIDToken
func (*CredentialsIDToken) GetID ¶
func (a *CredentialsIDToken) GetID() string
func (*CredentialsIDToken) Issue ¶
func (a *CredentialsIDToken) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
type CredentialsIDTokenConfig ¶
type CredentialsIDTokenConfig struct {
Audience []string `json:"aud"`
}
type CredentialsIssuer ¶
type CredentialsIssuer interface { Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error GetID() string }
type CredentialsIssuerBroken ¶
type CredentialsIssuerBroken struct{}
func NewCredentialsIssuerBroken ¶
func NewCredentialsIssuerBroken() *CredentialsIssuerBroken
func (*CredentialsIssuerBroken) GetID ¶
func (a *CredentialsIssuerBroken) GetID() string
func (*CredentialsIssuerBroken) Issue ¶
func (a *CredentialsIssuerBroken) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
type CredentialsIssuerNoOp ¶
type CredentialsIssuerNoOp struct{}
func NewCredentialsIssuerNoOp ¶
func NewCredentialsIssuerNoOp() *CredentialsIssuerNoOp
func (*CredentialsIssuerNoOp) GetID ¶
func (a *CredentialsIssuerNoOp) GetID() string
func (*CredentialsIssuerNoOp) Issue ¶
func (a *CredentialsIssuerNoOp) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
type MockWardenSDK ¶
type MockWardenSDK struct {
// contains filtered or unexported fields
}
Mock of WardenSDK interface
func NewMockWardenSDK ¶
func NewMockWardenSDK(ctrl *gomock.Controller) *MockWardenSDK
func (*MockWardenSDK) EXPECT ¶
func (_m *MockWardenSDK) EXPECT() *_MockWardenSDKRecorder
func (*MockWardenSDK) IsOAuth2AccessTokenAuthorized ¶
func (_m *MockWardenSDK) IsOAuth2AccessTokenAuthorized(body swagger.WardenOAuth2AccessTokenAuthorizationRequest) (*swagger.WardenOAuth2AccessTokenAuthorizationResponse, *swagger.APIResponse, error)
func (*MockWardenSDK) IsOAuth2ClientAuthorized ¶
func (_m *MockWardenSDK) IsOAuth2ClientAuthorized(body swagger.WardenOAuth2ClientAuthorizationRequest) (*swagger.WardenOAuth2ClientAuthorizationResponse, *swagger.APIResponse, error)
func (*MockWardenSDK) IsSubjectAuthorized ¶
func (_m *MockWardenSDK) IsSubjectAuthorized(body swagger.WardenSubjectAuthorizationRequest) (*swagger.WardenSubjectAuthorizationResponse, *swagger.APIResponse, error)
type MockauthenticatorOAuth2IntrospectionHelper ¶
type MockauthenticatorOAuth2IntrospectionHelper struct {
// contains filtered or unexported fields
}
Mock of authenticatorOAuth2IntrospectionHelper interface
func NewMockauthenticatorOAuth2IntrospectionHelper ¶
func NewMockauthenticatorOAuth2IntrospectionHelper(ctrl *gomock.Controller) *MockauthenticatorOAuth2IntrospectionHelper
func (*MockauthenticatorOAuth2IntrospectionHelper) EXPECT ¶
func (_m *MockauthenticatorOAuth2IntrospectionHelper) EXPECT() *_MockauthenticatorOAuth2IntrospectionHelperRecorder
func (*MockauthenticatorOAuth2IntrospectionHelper) Introspect ¶
func (_m *MockauthenticatorOAuth2IntrospectionHelper) Introspect(token string, scopes []string, strategy fosite.ScopeStrategy) (*authentication.IntrospectionResponse, error)
type Proxy ¶
type Proxy struct { Logger logrus.FieldLogger RequestHandler *RequestHandler KeyManager rsakey.Manager Matcher rule.Matcher H herodot.Writer }
func NewProxy ¶
func NewProxy(handler *RequestHandler, logger logrus.FieldLogger, matcher rule.Matcher) *Proxy
type RequestHandler ¶
type RequestHandler struct { Logger logrus.FieldLogger AuthorizationHandlers map[string]Authorizer AuthenticationHandlers map[string]Authenticator CredentialIssuers map[string]CredentialsIssuer Issuer string }
func NewRequestHandler ¶
func NewRequestHandler( l logrus.FieldLogger, authenticationHandlers []Authenticator, authorizationHandlers []Authorizer, credentialIssuers []CredentialsIssuer, ) *RequestHandler
func (*RequestHandler) HandleRequest ¶
Source Files ¶
- authenticator.go
- authenticator_anonymous.go
- authenticator_broken.go
- authenticator_noop.go
- authenticator_oauth2_client_credentials.go
- authenticator_oauth2_introspection.go
- authenticator_oauth2_introspection_mock.go
- authorizer.go
- authorizer_allow.go
- authorizer_deny.go
- authorizer_keto_warden.go
- credentials_issuer.go
- credentials_issuer_broken.go
- credentials_issuer_id_token.go
- credentials_issuer_noop.go
- keto_sdk_mock.go
- proxy.go
- request_handler.go
- response_writer.go
Click to show internal directories.
Click to hide internal directories.