interceptors

package
v1.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package interceptors defines a set of JWT interceptors that are capable of extracting information from the request JWT, check its validity and pass the information to downstream methods in the context.

Index

Constants

View Source 
const ClientTimeout = 30 * time.Second

Variables

This section is empty.

Functions

func AddClaimToContext added in v1.6.0 

func AddClaimToContext(claim *njwt.Claim, ctx context.Context) (context.Context, error)

AddClaimToContext returns new Context joining the claim information

func CreateTestIncomingContext added in v1.2.1 

func CreateTestIncomingContext(header string, token string) (context.Context, context.CancelFunc)

func CreateTestOutgoingContext added in v1.2.1 

func CreateTestOutgoingContext(header string, token string) (context.Context, context.CancelFunc)

func GetClaimFromContext 

func GetClaimFromContext(ctx context.Context) (*njwt.ExtendedAuthxClaim, error)

GetClaimFromContext gets user info from context

func GetTestAuthxClaim added in v1.2.1 

func GetTestAuthxClaim() *njwt.AuthxClaim

GetTestAuthxClaim returns a random AuthxClaim to use in the tests

func GetTestJWTConfig added in v1.2.1 

func GetTestJWTConfig() config.JWTConfig

GetTestJWTConfig returns a JWTConfig to use in the tests

func JwtInterceptor 

func JwtInterceptor(config config.JWTConfig) grpc.UnaryServerInterceptor

JwtInterceptor verifies the JWT token and adds the claim information in the context

func JwtStreamInterceptor added in v1.1.0 

func JwtStreamInterceptor(config config.JWTConfig) grpc.StreamServerInterceptor

JwtStreamInterceptor verifies the JWT token and adds the claim information in the context

func WithServerJWTInterceptor 

func WithServerJWTInterceptor(config config.JWTConfig) grpc.ServerOption

WithServerJWTInterceptor creates a gRPC interceptor that verifies the JWT received is valid

func WithServerJWTStreamInterceptor added in v1.1.0 

func WithServerJWTStreamInterceptor(config config.JWTConfig) grpc.ServerOption

func WithZoneAwareJWTInterceptor added in v1.6.0 

func WithZoneAwareJWTInterceptor(config config.JWTConfig, secretProvider SecretProvider) grpc.ServerOption

WithZoneAwareJWTInterceptor creates a gRPC interceptor that verifies if the JWT received is valid attending to the zone that issued it.

func WithZoneAwareJWTStreamInterceptor added in v1.7.0 

func WithZoneAwareJWTStreamInterceptor(config config.JWTConfig, secretProvider SecretProvider) grpc.ServerOption

WithZoneAwareJWTStreamInterceptor creates a gRPC stream interceptor that verifies if the JWT received is // valid attending to the zone that issued it.

func ZoneAwareJWTInterceptor added in v1.6.0 

func ZoneAwareJWTInterceptor(config config.JWTConfig, secretProvider SecretProvider) grpc.UnaryServerInterceptor

ZoneAwareJWTInterceptor verifies the JWT token and adds the claim information in the context

func ZoneAwareJWTStreamInterceptor added in v1.7.0 

func ZoneAwareJWTStreamInterceptor(config config.JWTConfig, secretProvider SecretProvider) grpc.StreamServerInterceptor

ZoneAwareJWTStreamInterceptor verifies the JWT token and adds the claim information in the context

Types

type CachedSecret added in v1.6.0 

type CachedSecret struct {
	// contains filtered or unexported fields
}

CachedSecret stores a JWT secret with the timestamp in which it has been retrieved.

func (*CachedSecret) Clone added in v1.6.0 

func (cs *CachedSecret) Clone() *CachedSecret

Clone a cached secret.

type InterceptorZoneSecretManager added in v1.6.0 

type InterceptorZoneSecretManager struct {
	sync.RWMutex

	SecretCache map[string]*CachedSecret
	// contains filtered or unexported fields
}

InterceptorZoneSecretManager offers a cached zone JWT signing secret retrieval interface. Elements retrieved from the SecretsClient are stored in an internal cache for a period of time before being evicted.

func (*InterceptorZoneSecretManager) Evict added in v1.6.0 

func (izsm *InterceptorZoneSecretManager) Evict()

Evict old entries of the cache attending to the creation timestamp.

func (*InterceptorZoneSecretManager) GetZoneSecret added in v1.6.0 

func (izsm *InterceptorZoneSecretManager) GetZoneSecret(zoneID string) (*string, error)

GetZoneSecret retrieves JWT signing secret associated with a given zone identifier.

type SecretProvider added in v1.5.0 

type SecretProvider interface {
	// GetZoneSecret retrieves the signing secret associated with a Zone so that
	// it can be used in the token validation process.
	GetZoneSecret(zoneID string) (*string, error)
}

SecretProvider defines the methods required for a secret provider. This enables the JWT interceptor to retrieve the secret that corresponds to the signing zone to check the validity of the token.

func NewInterceptorZoneSecretManager added in v1.6.0 

func NewInterceptorZoneSecretManager(config config.JWTConfig, secretsClient grpc_jwt_go.SecretsClient, zoneCacheTTL time.Duration) SecretProvider

NewInterceptorZoneSecretManager creates a zone manager that communicates with the secrets service to retrieve zone signing secrets.

type StreamContextWrapper added in v1.1.0 

type StreamContextWrapper interface {
	grpc.ServerStream
	SetContext(context.Context)
}

StreamContextWrapper is an interface that allows to set new context to stream

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.