authpubtkt

package

v1.69.0 Latest Latest Go to latest Published: Mar 13, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/orange-cloudfoundry/gobis-middlewares

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AuthPubTkt
- func NewAuthPubTkt() *AuthPubTkt
- func (AuthPubTkt) Handler(proxyRoute gobis.ProxyRoute, params interface{}, next http.Handler) (http.Handler, error)
- func (AuthPubTkt) Schema() interface{}
type AuthPubTktConfig
type AuthPubTktOptions

Constants ¶

View Source

const XRemoteUserData = "X-Remote-User-Data"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthPubTkt ¶

type AuthPubTkt struct{}

func NewAuthPubTkt ¶

func NewAuthPubTkt() *AuthPubTkt

func (AuthPubTkt) Handler ¶

func (AuthPubTkt) Handler(proxyRoute gobis.ProxyRoute, params interface{}, next http.Handler) (http.Handler, error)

func (AuthPubTkt) Schema ¶

func (AuthPubTkt) Schema() interface{}

type AuthPubTktConfig ¶

type AuthPubTktConfig struct {
	AuthPubTkt *AuthPubTktOptions `mapstructure:"auth_pubtkt" json:"auth_pubtkt" yaml:"auth_pubtkt"`
}

type AuthPubTktOptions ¶

type AuthPubTktOptions struct {
	// enable auth pubtkt
	Enabled bool `mapstructure:"enabled" json:"enabled" yaml:"enabled"`
	// A DSA or RSA public key in PEM format
	// This public key will be used to verify ticket signatures
	PublicKey string `mapstructure:"public_key" json:"public_key" yaml:"public_key"`
	// String indicating what digest algorithm to use when verifying ticket signatures
	// Valid values are SHA1, DSS1, SHA224, SHA256, SHA384, and SHA512
	// If not specified, the old defaults of SHA1 (for an RSA public key) or DSS1 (for a DSA public key) will be used.
	Digest string `mapstructure:"digest" json:"digest" yaml:"digest"`
	// URL that users without a valid ticket will be redirected to
	// The originally requested URL will be appended as a GET parameter (normally named "back", but can be changed with BackArgName)
	LoginURL string `mapstructure:"login_url" json:"login_url" yaml:"login_url"`
	// URL that users whose ticket has expired will be redirected to
	// If not set, LoginURL is used
	TimeoutURL string `mapstructure:"timeout_url" json:"timeout_url" yaml:"timeout_url"`
	// Same as TimeoutURL, but in case the request was a POST
	// If not set, TimeoutURL is used (and if that is not set either, LoginURL)
	PostTimeoutURL string `mapstructure:"post_timeout_url" json:"post_timeout_url" yaml:"post_timeout_url"`
	// URL that users whose ticket doesn't contain any of the required tokens (as set with Token) will be redirected to
	UnauthURL string `mapstructure:"unauth_url" json:"unauth_url" yaml:"unauth_url"`
	// URL that users whose ticket is within the grace period (as set with the graceperiod key in the ticket) before the actual expiry will be redirected to.
	// Only GET requests are redirected; POST requests are accepted normally. The script at this URL should check the ticket and issue a new one
	// If not set, LoginURL is used
	RefreshURL string `mapstructure:"refresh_url" json:"refresh_url" yaml:"refresh_url"`
	// A space separated list of headers to use for finding the ticket (case insensitive).
	// If this header specified is Cookie then the format of the value expects to be a valid cookie (subject to the CookieName directive).
	// Any other header assumes the value is a simple URL-encoded value of the ticket.
	// The first header that has content is tried and any other tickets in other header(s) are ignored.
	// example, use Cookie first, fallback to X-My-Auth: Header: []string{"Cookie", "X-My-Auth"}
	// Default: Cookie
	Headers []string `mapstructure:"headers" json:"headers" yaml:"headers"`
	// Name of the authentication cookie to use
	// Default: auth_pubtkt
	CookieName string `mapstructure:"cookie_name" json:"cookie_name" yaml:"cookie_name"`
	// Name of the GET argument with the originally requested URL (when redirecting to the login page)
	// Default: back
	BackArgName string `mapstructure:"back_arg_name" json:"back_arg_name" yaml:"back_arg_name"`
	// only accept tickets in HTTPS requests
	// Default: false
	RequireSSL bool `mapstructure:"require_ssl" json:"require_ssl" yaml:"require_ssl"`
	// token that must be present in a ticket for access to be granted
	// Multiple tokens may be specified; only one of them needs to be present in the ticket (i.e. any token can match, not all tokens need to match)
	Tokens []string `mapstructure:"tokens" json:"tokens" yaml:"tokens"`
	// if on, a fake Authorization header will be added to each request (username from ticket, fixed string "password" as the password).
	// This can be used in reverse proxy situations, and to prevent PHP from stripping username information from the request (which would then not be available for logging purposes)
	// Default: false
	FakeBasicAuth bool `mapstructure:"fake_basic_auth" json:"fake_basic_auth" yaml:"fake_basic_auth"`
	// if on, the value from the ticket's "bauth" field will be added to the request as a Basic Authorization header.
	// This can be used in reverse proxy situations where one needs complete control over the username and password (see also FakeBasicAuth, which should not be used at the same time).
	// Default: false
	PassthruBasicAuth bool `mapstructure:"passthru_basic_auth" json:"passthru_basic_auth" yaml:"passthru_basic_auth"`
	// if set, the bauth value will be decrypted using the given key before it is added to the Authorization header.
	// length must be exactly 16 characters (AES 128)
	PassthruBasicKey string `mapstructure:"passthru_basic_key" json:"passthru_basic_key" yaml:"passthru_basic_key"`
	// If set it will crypt/encrypt the cookie with this passphrase (not a key but a passphrase like in openssl)
	CypherPass string `mapstructure:"cypher_pass" json:"cypher_pass" yaml:"cypher_pass"`
	// Method of encryption under aes, it can be either cbc or ecb
	CypherMethod string `mapstructure:"cypher_method" json:"cypher_method" yaml:"cypher_method"`
	// If true it will check if ip which created the token is the correct ip who use it
	// Default: false
	CheckIpEnabled bool `mapstructure:"check_ip_enabled" json:"check_ip_enabled" yaml:"check_ip_enabled"`
	// If true and TKTCheckIpEnabled is true it will check ip from header X-Forwarded-For instead client remote ip
	// default: false
	CheckXForwardedIp bool `mapstructure:"check_xforwarded_ip" json:"check_xforwarded_ip" yaml:"check_xforwarded_ip"`
	// Passthrough if a previous middleware already set user context
	// This is helpful when you want add user with basic auth middleware
	TrustCurrentUser bool `mapstructure:"trust_current_user" json:"trust_current_user" yaml:"trust_current_user"`
}

Source Files ¶

View all Source files

auth_pubtkt.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL