middleware

package
v0.14.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 9, 2023 License: BSD-3-Clause Imports: 19 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FromAuthHeader

func FromAuthHeader(r *http.Request) (string, error)

FromAuthHeader is a "TokenExtractor" that takes a give request and extracts the JWT token from the Authorization header.

func OnError

func OnError(w http.ResponseWriter, r *http.Request, err string)

Types

type AccessControl added in v0.10.4

type AccessControl struct {
	// contains filtered or unexported fields
}

AccessControl middleware to restrict to make POST/PUT/DELETE requests by admin only

func NewAccessControl added in v0.10.4

func NewAccessControl(audience, userIDClaim string, isUserAdmin IsUserAdminFunc) *AccessControl

NewAccessControl instance constructor

func (*AccessControl) Handler added in v0.10.4

func (a *AccessControl) Handler(h http.Handler) http.Handler

Handler method of the middleware which forbids all modify requests for non admin users It also adds

type IsUserAdminFunc added in v0.6.0

type IsUserAdminFunc func(claims jwtclaims.AuthorizationClaims) (bool, error)

type JSONWebKey added in v0.11.5

type JSONWebKey struct {
	Kty string   `json:"kty"`
	Kid string   `json:"kid"`
	Use string   `json:"use"`
	N   string   `json:"n"`
	E   string   `json:"e"`
	X5c []string `json:"x5c"`
}

JSONWebKey is a representation of a Jason Web Key

type JWTMiddleware

type JWTMiddleware struct {
	Options Options
}

func New

func New(options ...Options) *JWTMiddleware

New constructs a new Secure instance with supplied options.

func NewJwtMiddleware

func NewJwtMiddleware(issuer string, audience string, keysLocation string) (*JWTMiddleware, error)

NewJwtMiddleware creates new middleware to verify the JWT token sent via Authorization header

func (*JWTMiddleware) CheckJWTFromRequest

func (m *JWTMiddleware) CheckJWTFromRequest(w http.ResponseWriter, r *http.Request) error

func (*JWTMiddleware) Handler

func (m *JWTMiddleware) Handler(h http.Handler) http.Handler

func (*JWTMiddleware) HandlerWithNext

func (m *JWTMiddleware) HandlerWithNext(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

HandlerWithNext is a special implementation for Negroni, but could be used elsewhere.

func (*JWTMiddleware) ValidateAndParse

func (m *JWTMiddleware) ValidateAndParse(token string) (*jwt.Token, error)

ValidateAndParse validates and parses a given access token against jwt standards and signing methods

type Jwks

type Jwks struct {
	Keys []JSONWebKey `json:"keys"`
}

Jwks is a collection of JSONWebKey obtained from Config.HttpServerConfig.AuthKeysLocation

type Options

type Options struct {
	// The function that will return the Key to validate the JWT.
	// It can be either a shared secret or a public key.
	// Default value: nil
	ValidationKeyGetter jwt.Keyfunc
	// The name of the property in the request where the user information
	// from the JWT will be stored.
	// Default value: "user"
	UserProperty string
	// The function that will be called when there's an error validating the token
	// Default value:
	ErrorHandler errorHandler
	// A boolean indicating if the credentials are required or not
	// Default value: false
	CredentialsOptional bool
	// A function that extracts the token from the request
	// Default: FromAuthHeader (i.e., from Authorization header as bearer token)
	Extractor TokenExtractor
	// Debug flag turns on debugging output
	// Default: false
	Debug bool
	// When set, all requests with the OPTIONS method will use authentication
	// Default: false
	EnableAuthOnOptions bool
	// When set, the middelware verifies that tokens are signed with the specific signing algorithm
	// If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks
	// Important to avoid security issues described here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
	// Default: nil
	SigningMethod jwt.SigningMethod
}

Options is a struct for specifying configuration options for the middleware.

type TokenExtractor

type TokenExtractor func(r *http.Request) (string, error)

TokenExtractor is a function that takes a request as input and returns either a token or an error. An error should only be returned if an attempt to specify a token was found, but the information was somehow incorrectly formed. In the case where a token is simply not present, this should not be treated as an error. An empty string should be returned in that case.

func FromFirst

func FromFirst(extractors ...TokenExtractor) TokenExtractor

FromFirst returns a function that runs multiple token extractors and takes the first token it finds

func FromParameter

func FromParameter(param string) TokenExtractor

FromParameter returns a function that extracts the token from the specified query string parameter

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL