Documentation
¶
Index ¶
- Constants
- func CreateSession(ctx context.Context, session *Session) error
- func DeleteSession(ctx context.Context, token string) error
- func FetchCertificates(discoveryURL string, log zerolog.Logger) (map[string]CertificateList, error)
- func GetUser(ctx context.Context) *service.User
- func Init(db *sql.DB)
- func JWTValidator(certificates map[string]CertificateList, audience string) jwt.Keyfunc
- func SetUser(ctx context.Context, user *service.User) context.Context
- func TrimNaisTeamPrefix(team string) string
- type Azure
- type AzureGroupClient
- type CertificateList
- type EncodedCertificate
- type GoogleGroupClient
- type Key
- type KeyDiscovery
- type MemberOfGroup
- type MemberOfResponse
- type Middleware
- type MiddlewareHandler
- type Session
- type SessionRetriever
- type TokenResponse
Constants ¶
View Source
const ( AzureGraphMemberOfEndpoint = "https://graph.microsoft.com/v1.0/me/memberOf/microsoft.graph.group?$select=mail,groupTypes,displayName" CacheDuration = 1 * time.Hour )
View Source
const ContextUserKey contextKey = 1
Variables ¶
This section is empty.
Functions ¶
func FetchCertificates ¶
func JWTValidator ¶
func JWTValidator(certificates map[string]CertificateList, audience string) jwt.Keyfunc
func TrimNaisTeamPrefix ¶
Types ¶
type Azure ¶
func (*Azure) KeyDiscoveryURL ¶
func (*Azure) Middleware ¶
func (a *Azure) Middleware( keyDiscoveryURL string, azureGroups *AzureGroupClient, googleGroups *GoogleGroupClient, db *sql.DB, log zerolog.Logger, ) MiddlewareHandler
type AzureGroupClient ¶
type AzureGroupClient struct {
Client *http.Client
OAuthClientID string
OAuthClientSecret string
OAuthTenantID string
// contains filtered or unexported fields
}
func NewAzureGroups ¶
func (*AzureGroupClient) GroupsForUser ¶
type CertificateList ¶
type CertificateList []*x509.Certificate
type EncodedCertificate ¶
type EncodedCertificate string
func (EncodedCertificate) Decode ¶
func (c EncodedCertificate) Decode() (*x509.Certificate, error)
Decode a base64 encoded certificate into a X509 structure.
type GoogleGroupClient ¶
type GoogleGroupClient struct {
// contains filtered or unexported fields
}
func NewGoogleGroups ¶
func NewGoogleGroups(ctx context.Context, credentailFile, subject string) (*GoogleGroupClient, error)
type Key ¶
type Key struct {
Kid string `json:"kid"`
X5c []EncodedCertificate `json:"x5c"`
}
type KeyDiscovery ¶
type KeyDiscovery struct {
Keys []Key `json:"keys"`
}
func DiscoverURL ¶
func DiscoverURL(url string) (*KeyDiscovery, error)
func (*KeyDiscovery) Map ¶
func (k *KeyDiscovery) Map() (result map[string]CertificateList, err error)
Map transform a KeyDiscovery object into a dictionary with "kid" as key and lists of decoded X509 certificates as values.
Returns an error if any certificate does not decode.
type MemberOfGroup ¶
type MemberOfResponse ¶
type MemberOfResponse struct {
Groups []MemberOfGroup `json:"value"`
}
type Middleware ¶
type Middleware struct {
// contains filtered or unexported fields
}
type Session ¶
type SessionRetriever ¶
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.