securitas

package module

v0.0.0-...-b7fbc1a Latest Latest Go to latest Published: Feb 25, 2023 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/oconnormi/securitas

Links

Open Source Insights

README ¶

Securitas

Small net/http middleware for requiring token based authn and supporting claims based authz via a groups claim.

RequireToken usage

the RequireToken middleware can enforce that a token is present on a request. By default some simple validation is performed using JWK as well checking for expiry. Additional validations can be configured as desired.

net/http

func HomeHandler(w http.ResponseWriter, r *http.Request) {
    token := r.Context().Value("Token").(jwt.Token)
    name, ok := token.Get("name")
    if !ok {
        w.WriteHeader(http.StatusInternalServerError)
        return
    }
    w.WriteHeader(http.StatusOK)
    w.Write([]byte(fmt.Sprintf("Welcome Home %s", name))
}

func main() {
    requireToken = securitas.NewRequireToken(
        "https://myidp/realm/certs",
        jwt.WithIssuer("https://myidp/realm"),
        jwt.WithAudience("https://myapp.example.com")
    )
    http.Handle("/", requireToken.Validate(HomeHandler)
	log.Fatal(http.ListenAndServe(":8080", nil))
}

Chi

package main

func HomeHandler(w http.ResponseWriter, r *http.Request) {
    token := r.Context().Value("Token").(jwt.Token)
    name, ok := token.Get("name")
    if !ok {
        w.WriteHeader(http.StatusInternalServerError)
        return
    }
    w.WriteHeader(http.StatusOK)
    w.Write([]byte(fmt.Sprintf("Welcome Home %s", name))
}

func main() {
    r := chi.NewRouter()
    requireToken = securitas.NewRequireToken(
        "https://myidp/realm/certs",
        jwt.WithIssuer("https://myidp/realm"),
        jwt.WithAudience("https://myapp.example.com")
    )
    r.Use(requireToken.Validate)
    r.Get("/", HomeHandler)
}

Documentation ¶

Index ¶

Constants
type GroupsContextKey
type RequireGroups
- func (v RequireGroups) Validate(next http.Handler) http.Handler
type RequireToken
- func NewRequireToken(jwksUrl string, options ...jwt.ValidateOption) (RequireToken, error)
- func (v RequireToken) Validate(next http.Handler) http.Handler
type TokenContextKey
type Validator

Constants ¶

View Source

const (
	TOKEN_CTX_KEY  TokenContextKey  = "Token"
	GROUPS_CTX_KEY GroupsContextKey = "Groups"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type GroupsContextKey ¶

type GroupsContextKey string

type RequireGroups ¶

type RequireGroups struct {
	Required []string
}

func (RequireGroups) Validate ¶

func (v RequireGroups) Validate(next http.Handler) http.Handler

type RequireToken ¶

type RequireToken struct {
	ValidationOptions *[]jwt.ValidateOption
	// contains filtered or unexported fields
}

func NewRequireToken ¶

func NewRequireToken(jwksUrl string, options ...jwt.ValidateOption) (RequireToken, error)

func (RequireToken) Validate ¶

func (v RequireToken) Validate(next http.Handler) http.Handler

type TokenContextKey ¶

type TokenContextKey string

type Validator ¶

type Validator interface {
	Validate(next http.Handler) http.Handler
}

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL