Documentation
¶
Index ¶
- Constants
- func GenerateAuthKeyIfNotPresent(path string, keyLengthInBytes int) error
- type AuthorizationManager
- func (m *AuthorizationManager) AddAuthHeader(request *http.Request) error
- func (m *AuthorizationManager) GetRequestHandler(logger *slog.Logger, next http.Handler) http.Handler
- func (m *AuthorizationManager) LoadAuthKey() error
- func (m *AuthorizationManager) SetKey(key []byte)
- func (m *AuthorizationManager) ValidateRequest(request *http.Request) (string, error)
Constants ¶
const ( AuthorizationHeader string = "Authorization" BearerPrefix string = "Bearer " // How long a JWT is valid for after sending a request DefaultRequestLifespan time.Duration = time.Second * 5 )
const ( // The default length of the API authorization key, in bytes // Since the auth manager uses HS384, the default key length is 384 bits (equal to the output size of the underlying hash function). // See https://datatracker.ietf.org/doc/html/rfc2104#section-3 for more info. DefaultKeyLength int = 384 / 8 // The permissions to set on the API authorization key file KeyPermissions fs.FileMode = 0600 // The permissions to set on the API authorization key directory KeyDirPermissions fs.FileMode = 0700 )
Variables ¶
This section is empty.
Functions ¶
func GenerateAuthKeyIfNotPresent ¶
Generates a new authorization secret key if it's not already on disk. If the key already exists, this does nothing. NOTE: key length must be 48 bytes (hash size of HS384) or higher for security. See https://datatracker.ietf.org/doc/html/rfc2104#section-3
Types ¶
type AuthorizationManager ¶
type AuthorizationManager struct {
// contains filtered or unexported fields
}
Manager for API authorization
func NewAuthorizationManager ¶
func NewAuthorizationManager(keyPath string, clientName string, requestLifespan time.Duration) *AuthorizationManager
Creates a new API authorization manager. Note that the key is not loaded until one of the load methods is called or it's lazy loaded via AddAuthHeader.
func (*AuthorizationManager) AddAuthHeader ¶
func (m *AuthorizationManager) AddAuthHeader(request *http.Request) error
Adds the API authorization header to the provided request. If the key is not loaded, this will attempt to load it.
func (*AuthorizationManager) GetRequestHandler ¶
func (m *AuthorizationManager) GetRequestHandler(logger *slog.Logger, next http.Handler) http.Handler
Returns a request handler that validates the request before passing it to the next handler.
func (*AuthorizationManager) LoadAuthKey ¶
func (m *AuthorizationManager) LoadAuthKey() error
Loads the provided API authorization key from disk.
func (*AuthorizationManager) SetKey ¶
func (m *AuthorizationManager) SetKey(key []byte)
Sets the API authorization key directly - useful for testing.
func (*AuthorizationManager) ValidateRequest ¶
func (m *AuthorizationManager) ValidateRequest(request *http.Request) (string, error)
Validates the provided request by checking the authorization header. If the key is not loaded, this will attempt to load it.
Source Files