proxy

package
v1.0.0-beta.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2018 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrAuthenticatorBypassed = errors.New("Authenticator is disabled")
View Source
var ErrAuthenticatorNotResponsible = errors.New("Authenticator not responsible")

Functions

func EnrichRequestedURL

func EnrichRequestedURL(r *http.Request)

EnrichRequestedURL sets Scheme and Host values in a URL passed down by a http server. Per default, the URL does not contain host nor scheme values.

func NewSimpleResponseWriter

func NewSimpleResponseWriter() *simpleResponseWriter

Types

type AuthenticationSession

type AuthenticationSession struct {
	Subject string
	Extra   map[string]interface{}
}

type Authenticator

type Authenticator interface {
	Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)
	GetID() string
}

type AuthenticatorAnonymous

type AuthenticatorAnonymous struct {
	AnonymousIdentifier string
}

func NewAuthenticatorAnonymous

func NewAuthenticatorAnonymous(anonymousIdentifier string) *AuthenticatorAnonymous

func (*AuthenticatorAnonymous) Authenticate

func (a *AuthenticatorAnonymous) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorAnonymous) GetID

func (a *AuthenticatorAnonymous) GetID() string

type AuthenticatorBroken

type AuthenticatorBroken struct{}

func NewAuthenticatorBroken

func NewAuthenticatorBroken() *AuthenticatorBroken

func (*AuthenticatorBroken) Authenticate

func (a *AuthenticatorBroken) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorBroken) GetID

func (a *AuthenticatorBroken) GetID() string

type AuthenticatorNoOp

type AuthenticatorNoOp struct{}

func NewAuthenticatorNoOp

func NewAuthenticatorNoOp() *AuthenticatorNoOp

func (*AuthenticatorNoOp) Authenticate

func (a *AuthenticatorNoOp) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorNoOp) GetID

func (a *AuthenticatorNoOp) GetID() string

type AuthenticatorOAuth2ClientCredentials

type AuthenticatorOAuth2ClientCredentials struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorOAuth2ClientCredentials

func NewAuthenticatorOAuth2ClientCredentials(tokenURL string) *AuthenticatorOAuth2ClientCredentials

func (*AuthenticatorOAuth2ClientCredentials) Authenticate

func (*AuthenticatorOAuth2ClientCredentials) GetID

type AuthenticatorOAuth2Configuration

type AuthenticatorOAuth2Configuration struct {
	// Scopes is an array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this rule.
	// If the token used in the Authorization header did not request that specific scope, the request is denied.
	Scopes []string `json:"required_scope"`
}

type AuthenticatorOAuth2Introspection

type AuthenticatorOAuth2Introspection struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorOAuth2Introspection

func NewAuthenticatorOAuth2Introspection(clientID, clientSecret, tokenURL, introspectionURL string, scopes []string, strategy fosite.ScopeStrategy) *AuthenticatorOAuth2Introspection

func (*AuthenticatorOAuth2Introspection) Authenticate

func (*AuthenticatorOAuth2Introspection) GetID

type AuthenticatorOAuth2IntrospectionConfiguration

type AuthenticatorOAuth2IntrospectionConfiguration struct {
	// An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.
	// If the token used in the Authorization header did not request that specific scope, the request is denied.
	Scopes []string `json:"required_scope"`

	// An array of audiences that are required when accessing an endpoint protected by this handler.
	// If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.
	Audience []string `json:"target_audience"`

	// The token must have been issued by one of the issuers listed in this array.
	Issuers []string `json:"trusted_issuers"`
}

type Authorizer

type Authorizer interface {
	Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
	GetID() string
}

type AuthorizerAllow

type AuthorizerAllow struct{}

func NewAuthorizerAllow

func NewAuthorizerAllow() *AuthorizerAllow

func (*AuthorizerAllow) Authorize

func (a *AuthorizerAllow) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

func (*AuthorizerAllow) GetID

func (a *AuthorizerAllow) GetID() string

type AuthorizerDeny

type AuthorizerDeny struct{}

func NewAuthorizerDeny

func NewAuthorizerDeny() *AuthorizerDeny

func (*AuthorizerDeny) Authorize

func (a *AuthorizerDeny) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

func (*AuthorizerDeny) GetID

func (a *AuthorizerDeny) GetID() string

type AuthorizerKetoWarden

type AuthorizerKetoWarden struct {
	K keto.WardenSDK
	// contains filtered or unexported fields
}

func NewAuthorizerKetoWarden

func NewAuthorizerKetoWarden(k keto.WardenSDK) *AuthorizerKetoWarden

func (*AuthorizerKetoWarden) Authorize

func (a *AuthorizerKetoWarden) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

func (*AuthorizerKetoWarden) GetID

func (a *AuthorizerKetoWarden) GetID() string

type AuthorizerKetoWardenConfiguration

type AuthorizerKetoWardenConfiguration struct {
	RequiredAction   string `json:"required_action" valid:",required"`
	RequiredResource string `json:"required_resource" valid:",required"`
}

type Claims

type Claims struct {
	Audience  []string `json:"aud,omitempty"`
	ExpiresAt int64    `json:"exp,omitempty"`
	Id        string   `json:"jti,omitempty"`
	IssuedAt  int64    `json:"iat,omitempty"`
	Issuer    string   `json:"iss,omitempty"`
	NotBefore int64    `json:"nbf,omitempty"`
	Subject   string   `json:"sub,omitempty"`
}

func (*Claims) Valid

func (c *Claims) Valid() error

type CredentialsIDToken

type CredentialsIDToken struct {
	// contains filtered or unexported fields
}

func NewCredentialsIssuerIDToken

func NewCredentialsIssuerIDToken(
	k rsakey.Manager,
	l logrus.FieldLogger,
	lifetime time.Duration,
	issuer string,
) *CredentialsIDToken

func (*CredentialsIDToken) GetID

func (a *CredentialsIDToken) GetID() string

func (*CredentialsIDToken) Issue

func (a *CredentialsIDToken) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

type CredentialsIDTokenConfig

type CredentialsIDTokenConfig struct {
	Audience []string `json:"aud"`
}

type CredentialsIssuer

type CredentialsIssuer interface {
	Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
	GetID() string
}

type CredentialsIssuerBroken

type CredentialsIssuerBroken struct{}

func NewCredentialsIssuerBroken

func NewCredentialsIssuerBroken() *CredentialsIssuerBroken

func (*CredentialsIssuerBroken) GetID

func (a *CredentialsIssuerBroken) GetID() string

func (*CredentialsIssuerBroken) Issue

type CredentialsIssuerNoOp

type CredentialsIssuerNoOp struct{}

func NewCredentialsIssuerNoOp

func NewCredentialsIssuerNoOp() *CredentialsIssuerNoOp

func (*CredentialsIssuerNoOp) GetID

func (a *CredentialsIssuerNoOp) GetID() string

func (*CredentialsIssuerNoOp) Issue

type MockWardenSDK

type MockWardenSDK struct {
	// contains filtered or unexported fields
}

Mock of WardenSDK interface

func NewMockWardenSDK

func NewMockWardenSDK(ctrl *gomock.Controller) *MockWardenSDK

func (*MockWardenSDK) EXPECT

func (_m *MockWardenSDK) EXPECT() *_MockWardenSDKRecorder

type MockauthenticatorOAuth2IntrospectionHelper

type MockauthenticatorOAuth2IntrospectionHelper struct {
	// contains filtered or unexported fields
}

Mock of authenticatorOAuth2IntrospectionHelper interface

func NewMockauthenticatorOAuth2IntrospectionHelper

func NewMockauthenticatorOAuth2IntrospectionHelper(ctrl *gomock.Controller) *MockauthenticatorOAuth2IntrospectionHelper

func (*MockauthenticatorOAuth2IntrospectionHelper) EXPECT

func (_m *MockauthenticatorOAuth2IntrospectionHelper) EXPECT() *_MockauthenticatorOAuth2IntrospectionHelperRecorder

func (*MockauthenticatorOAuth2IntrospectionHelper) Introspect

type Proxy

type Proxy struct {
	Logger         logrus.FieldLogger
	RequestHandler *RequestHandler
	KeyManager     rsakey.Manager
	Matcher        rule.Matcher
	H              herodot.Writer
}

func NewProxy

func NewProxy(handler *RequestHandler, logger logrus.FieldLogger, matcher rule.Matcher) *Proxy

func (*Proxy) Director

func (d *Proxy) Director(r *http.Request)

func (*Proxy) RoundTrip

func (d *Proxy) RoundTrip(r *http.Request) (*http.Response, error)

type RequestHandler

type RequestHandler struct {
	Logger                 logrus.FieldLogger
	AuthorizationHandlers  map[string]Authorizer
	AuthenticationHandlers map[string]Authenticator
	CredentialIssuers      map[string]CredentialsIssuer
	Issuer                 string
}

func NewRequestHandler

func NewRequestHandler(
	l logrus.FieldLogger,
	authenticationHandlers []Authenticator,
	authorizationHandlers []Authorizer,
	credentialIssuers []CredentialsIssuer,
) *RequestHandler

func (*RequestHandler) HandleRequest

func (d *RequestHandler) HandleRequest(r *http.Request, rl *rule.Rule) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL