restrictions

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2021 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Restriction 

type Restriction struct {
	NotBefore   int64    `json:"nbf,omitempty"`
	ExpiresAt   int64    `json:"exp,omitempty"`
	Scope       string   `json:"scope,omitempty"`
	Audiences   []string `json:"audience,omitempty"`
	IPs         []string `json:"ip,omitempty"`
	GeoIPWhite  []string `json:"geoip_white,omitempty"`
	GeoIPBlack  []string `json:"geoip_black,omitempty"`
	UsagesAT    *int64   `json:"usages_AT,omitempty"`
	UsagesOther *int64   `json:"usages_other,omitempty"`
}

Restriction describes a token usage restriction

func (*Restriction) UsedAT 

func (r *Restriction) UsedAT(tx *sqlx.Tx, stid uuid.UUID) error

UsedAT will update the usages_AT value for this restriction; it should be called after this restriction was used to obtain an access token;

func (*Restriction) UsedOther 

func (r *Restriction) UsedOther(tx *sqlx.Tx, stid uuid.UUID) error

UsedOther will update the usages_other value for this restriction; it should be called after this restriction was used for other reasons than obtaining an access token;

type Restrictions 

type Restrictions []Restriction

Restrictions is a slice of Restriction

func Tighten 

func Tighten(old, wanted Restrictions) (res Restrictions)

Tighten tightens/restricts a Restrictions with another set; if the wanted Restrictions are not tighter the original ones are returned

func (*Restrictions) GetAudiences 

func (r *Restrictions) GetAudiences() (auds []string)

GetAudiences returns the union of all audiences, i.e. all audiences that must be requested at the issuer

func (*Restrictions) GetExpires 

func (r *Restrictions) GetExpires() int64

GetExpires gets the maximum (latest) expiration time of all restrictions

func (*Restrictions) GetNotBefore 

func (r *Restrictions) GetNotBefore() int64

GetNotBefore gets the minimal (earliest) notbefore time of all restrictions

func (*Restrictions) GetScopes 

func (r *Restrictions) GetScopes() (scopes []string)

GetScopes returns the union of all scopes, i.e. all scopes that must be requested at the issuer

func (Restrictions) GetValidForAT 

func (r Restrictions) GetValidForAT(tx *sqlx.Tx, ip string, stid uuid.UUID) (ret Restrictions)

GetValidForAT returns the subset of Restrictions that can be used to obtain an access token

func (Restrictions) GetValidForOther 

func (r Restrictions) GetValidForOther(tx *sqlx.Tx, ip string, stid uuid.UUID) (ret Restrictions)

GetValidForOther returns the subset of Restrictions that can be used for other actions than obtaining an access token

func (*Restrictions) Scan 

func (r *Restrictions) Scan(src interface{}) error

Scan implements the sql.Scanner interface.

func (*Restrictions) SetMaxAudiences 

func (r *Restrictions) SetMaxAudiences(mAud []string)

SetMaxAudiences sets the maximum audiences, i.e. all audiences are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested audiences that are dropped by the provider.

func (*Restrictions) SetMaxScopes 

func (r *Restrictions) SetMaxScopes(mScopes []string)

SetMaxScopes sets the maximum scopes, i.e. all scopes are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested scopes that are dropped by the provider. Don't use it to eliminate scopes that are not enabled for the oidc client, because it also could be a custom scope.

func (Restrictions) Value 

func (r Restrictions) Value() (driver.Value, error)

Value implements the driver.Valuer interface

func (Restrictions) VerifyForAT 

func (r Restrictions) VerifyForAT(tx *sqlx.Tx, ip string, stid uuid.UUID) bool

VerifyForAT verifies if this restrictions can be used to obtain an access token

func (Restrictions) VerifyForOther 

func (r Restrictions) VerifyForOther(tx *sqlx.Tx, ip string, stid uuid.UUID) bool

VerifyForOther verifies if this restrictions can be used for other actions than obtaining an access token

func (Restrictions) WithAudiences 

func (r Restrictions) WithAudiences(audiences []string) (ret Restrictions)

WithAudiences returns the subset of Restrictions that can be used with the specified audiences

func (Restrictions) WithScopes 

func (r Restrictions) WithScopes(scopes []string) (ret Restrictions)

WithScopes returns the subset of Restrictions that can be used with the specified scopes

type TokenUsage 

type TokenUsage struct {
	STID            string `db:"ST_id"`
	UsagesOtherUsed uint   `db:"usages_other"`
	UsagesATUsed    uint   `db:"usages_AT"`
}

TokenUsage holds the information about the usages of an super token

type TokenUsages 

type TokenUsages []TokenUsage

TokenUsages is a slice of TokenUsage

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.