restrictions

package
v0.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2021 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Restriction 

type Restriction struct {
	NotBefore       unixtime.UnixTime `json:"nbf,omitempty"`
	ExpiresAt       unixtime.UnixTime `json:"exp,omitempty"`
	api.Restriction `json:",inline"`
}

Restriction describes a token usage restriction

func (Restriction) ToUsedRestriction 

func (r Restriction) ToUsedRestriction(tx *sqlx.Tx, id mtid.MTID) (UsedRestriction, error)

ToUsedRestriction turns a Restriction into an UsedRestriction

func (*Restriction) UsedAT 

func (r *Restriction) UsedAT(tx *sqlx.Tx, id mtid.MTID) error

UsedAT will update the usages_AT value for this restriction; it should be called after this restriction was used to obtain an access token;

func (*Restriction) UsedOther 

func (r *Restriction) UsedOther(tx *sqlx.Tx, id mtid.MTID) error

UsedOther will update the usages_other value for this restriction; it should be called after this restriction was used for other reasons than obtaining an access token;

type Restrictions 

type Restrictions []Restriction

Restrictions is a slice of Restriction

func Tighten 

func Tighten(old, wanted Restrictions) (res Restrictions, ok bool)

Tighten tightens/restricts a Restrictions with another set; if the wanted Restrictions are not tighter the original ones are returned

func (*Restrictions) ClearUnsupportedKeys added in v0.3.0 

func (r *Restrictions) ClearUnsupportedKeys()

ClearUnsupportedKeys sets default values for the keys that are not supported by this instance

func (*Restrictions) EnforceMaxLifetime added in v0.3.0 

func (r *Restrictions) EnforceMaxLifetime(issuer string) (changed bool)

EnforceMaxLifetime enforces the maximum mytoken lifetime set by server admins. Returns true if the restrictions was changed.

func (*Restrictions) GetAudiences 

func (r *Restrictions) GetAudiences() (auds []string)

GetAudiences returns the union of all audiences, i.e. all audiences that must be requested at the issuer

func (*Restrictions) GetExpires 

func (r *Restrictions) GetExpires() unixtime.UnixTime

GetExpires gets the maximum (latest) expiration time of all restrictions

func (*Restrictions) GetNotBefore 

func (r *Restrictions) GetNotBefore() unixtime.UnixTime

GetNotBefore gets the minimal (earliest) notbefore time of all restrictions

func (*Restrictions) GetScopes 

func (r *Restrictions) GetScopes() (scopes []string)

GetScopes returns the union of all scopes, i.e. all scopes that must be requested at the issuer

func (Restrictions) GetValidForAT 

func (r Restrictions) GetValidForAT(tx *sqlx.Tx, ip string, myID mtid.MTID) (ret Restrictions)

GetValidForAT returns the subset of Restrictions that can be used to obtain an access token

func (Restrictions) GetValidForOther 

func (r Restrictions) GetValidForOther(tx *sqlx.Tx, ip string, myID mtid.MTID) (ret Restrictions)

GetValidForOther returns the subset of Restrictions that can be used for other actions than obtaining an access token

func (*Restrictions) ReplaceThisIp 

func (r *Restrictions) ReplaceThisIp(ip string)

ReplaceThisIp replaces the special value 'this' with the given ip.

func (*Restrictions) Scan 

func (r *Restrictions) Scan(src interface{}) error

Scan implements the sql.Scanner interface.

func (*Restrictions) SetMaxAudiences 

func (r *Restrictions) SetMaxAudiences(mAud []string)

SetMaxAudiences sets the maximum audiences, i.e. all audiences are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested audiences that are dropped by the provider.

func (*Restrictions) SetMaxScopes 

func (r *Restrictions) SetMaxScopes(mScopes []string)

SetMaxScopes sets the maximum scopes, i.e. all scopes are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested scopes that are dropped by the provider. Don't use it to eliminate scopes that are not enabled for the oidc client, because it also could be a custom scope.

func (Restrictions) ToUsedRestrictions 

func (r Restrictions) ToUsedRestrictions(tx *sqlx.Tx, id mtid.MTID) (ur []UsedRestriction, err error)

ToUsedRestrictions turns a Restrictions into a slice of UsedRestriction

func (Restrictions) Value 

func (r Restrictions) Value() (driver.Value, error)

Value implements the driver.Valuer interface

func (Restrictions) VerifyForAT 

func (r Restrictions) VerifyForAT(tx *sqlx.Tx, ip string, id mtid.MTID) bool

VerifyForAT verifies if this restrictions can be used to obtain an access token

func (Restrictions) VerifyForOther 

func (r Restrictions) VerifyForOther(tx *sqlx.Tx, ip string, id mtid.MTID) bool

VerifyForOther verifies if this restrictions can be used for other actions than obtaining an access token

func (Restrictions) WithAudiences 

func (r Restrictions) WithAudiences(audiences []string) (ret Restrictions)

WithAudiences returns the subset of Restrictions that can be used with the specified audiences

func (Restrictions) WithScopes 

func (r Restrictions) WithScopes(scopes []string) (ret Restrictions)

WithScopes returns the subset of Restrictions that can be used with the specified scopes

type TokenUsage 

type TokenUsage struct {
	MTID            string `db:"MT_id"`
	UsagesOtherUsed uint   `db:"usages_other"`
	UsagesATUsed    uint   `db:"usages_AT"`
}

TokenUsage holds the information about the usages of an my token

type TokenUsages 

type TokenUsages []TokenUsage

TokenUsages is a slice of TokenUsage

type UsedRestriction 

type UsedRestriction struct {
	Restriction
	UsagesATDone    *int64 `json:"usages_AT_done,omitempty"`
	UsagesOtherDone *int64 `json:"usages_other_done,omitempty"`
}

UsedRestriction is a type for a restriction that has been used and additionally has information how often is has been used

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.