security

package
v0.1.47 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2025 License: MIT Imports: 18 Imported by: 1

Documentation

Overview

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Index

Constants

View Source 
const (
	MetadataAuthZ = "x-md-global-security-authz"
	MetadataAuthN = "x-md-global-security-authn"
)
View Source 
const (
	// MetadataSecurityTokenKey is the default token key.
	MetadataSecurityTokenKey = "x-md-global-security-token-key"
	// MetadataSecuritySkipKey is the default skip key.
	MetadataSecuritySkipKey = "x-md-global-security-skip-key"
)
View Source 
const (
	StringBoolTrue  = "true"
	StringBoolFalse = "false"
)
View Source 
const (
	ErrorCreateOptionNil = errors.String("authenticator middleware create failed: option is nil")
)

Variables

View Source 
var (
	ErrInvalidToken          = securityv1.ErrorSecurityErrorReasonBearerTokenMissing("bearer token missing")
	ErrInvalidClaims         = securityv1.ErrorSecurityErrorReasonInvalidClaims("invalid bearer token")
	ErrMissingClaims         = securityv1.ErrorSecurityErrorReasonInvalidClaims("missing scheme")
	ErrTokenNotFound         = securityv1.ErrorSecurityErrorReasonTokenNotFound("token not found")
	ErrMissingToken          = securityv1.ErrorSecurityErrorReasonBearerTokenMissing("bearer token missing")
	ErrInvalidAuthentication = securityv1.ErrorSecurityErrorReasonInvalidAuthentication("unauthenticated")
	ErrInvalidAuthorization  = securityv1.ErrorSecurityErrorReasonInvalidAuthorization("unauthorized")
)

Functions

func BridgeMiddleware added in v0.1.41 

func BridgeMiddleware(authenticator security.Authenticator, authorizer security.Authorizer, bss ...BridgeSetting) middleware.Middleware

func ClaimFromTokenTypeContext 

func ClaimFromTokenTypeContext(ctx context.Context, tokenType security.TokenSource) (security.Claims, error)

func FromMetaData 

func FromMetaData(key string) func(ctx context.Context) string

func FromMetaDataKey 

func FromMetaDataKey(ctx context.Context, key string) string

func IsSkipped 

func IsSkipped(ctx context.Context, key string) bool

func NewAuthN 

func NewAuthN(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middleware, error)

NewAuthN is a server authenticator middleware.

func NewAuthNClient 

func NewAuthNClient(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middleware, error)

NewAuthNClient is a client authenticator middleware.

func NewAuthNServer 

func NewAuthNServer(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middleware, error)

NewAuthNServer is a server authenticator middleware.

func NewAuthZ 

func NewAuthZ(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middleware, error)

NewAuthZ returns a new server middleware.

func NewAuthZClient 

func NewAuthZClient(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middleware, error)

NewAuthZClient returns a new server middleware.

func NewAuthZServer 

func NewAuthZServer(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middleware, error)

NewAuthZServer returns a new server middleware.

func NewAuthenticator added in v0.1.41 

func NewAuthenticator(tokenizer security.Tokenizer, ss ...AuthNSetting) security.Authenticator

func NewSkipContext 

func NewSkipContext(ctx context.Context) context.Context

func SkipFromContext 

func SkipFromContext(ctx context.Context) bool

func SkipperServer added in v0.1.26 

func SkipperServer(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middleware, bool)

SkipperServer returns a middleware that skips certain operations based on the provided configuration. It takes a Security configuration and a variable number of OptionSettings. If the Skipper is not configured, it returns nil and false.

func TokenFromContext 

func TokenFromContext(ctx context.Context, tokenType security.TokenSource, scheme string) (string, error)

TokenFromContext .

func TokenFromTransportClient added in v0.1.42 

func TokenFromTransportClient(authorize string, scheme string) func(ctx context.Context) string

func TokenFromTransportServer added in v0.1.42 

func TokenFromTransportServer(authorize string, scheme string) func(ctx context.Context) string

func TokenToContext added in v0.1.42 

func TokenToContext(ctx context.Context, tokenType security.TokenSource, scheme string, token string) context.Context

TokenToContext .

func WithSkipContextClient 

func WithSkipContextClient(ctx context.Context, key string) context.Context

func WithSkipContextServer 

func WithSkipContextServer(ctx context.Context, key string) context.Context

Types

type AuthNSetting added in v0.1.41 

type AuthNSetting = func(authenticator *Authenticator)

func WithCache added in v0.1.40 

func WithCache(cache security.CacheStorage) AuthNSetting

func WithScheme added in v0.1.40 

func WithScheme(scheme security.Scheme) AuthNSetting

type Authenticator added in v0.1.41 

type Authenticator struct {
	Tokenizer security.Tokenizer
	Cache     security.CacheStorage
	Scheme    security.Scheme
}

func (Authenticator) Authenticate added in v0.1.41 

func (obj Authenticator) Authenticate(ctx context.Context, s string) (security.Claims, error)

func (Authenticator) AuthenticateContext added in v0.1.41 

func (obj Authenticator) AuthenticateContext(ctx context.Context, tokenType security.TokenSource) (security.Claims, error)

func (Authenticator) DestroyRefreshToken added in v0.1.41 

func (obj Authenticator) DestroyRefreshToken(ctx context.Context, tokenStr string) error

func (Authenticator) DestroyToken added in v0.1.41 

func (obj Authenticator) DestroyToken(ctx context.Context, tokenStr string) error

type Bridge added in v0.1.41 

type Bridge struct {
	// TokenSource is the source of the token.
	TokenSource security.TokenSource
	// Scheme is the scheme used for the authorization header.
	Scheme security.Scheme
	// AuthenticationHeader is the header used for the authorization header.
	AuthenticationHeader string
	// Authenticator is the authenticator used for the authorization header.
	Authenticator security.Authenticator
	// Authorizer is the authorizer used for the authorization header.
	Authorizer security.Authorizer
	// SkipKey is the key used to skip authentication.
	SkipKey string
	// PublicPaths are the public paths that do not require authentication.
	PublicPaths []string
	// Skipper is the function used to skip authentication.
	Skipper func(string) bool
	// IsRoot is the function used to check if the request is root.
	IsRoot func(ctx context.Context, claims security.Claims) bool
	// Data is the permission data from the database.
	Data Data
}

func (Bridge) Build added in v0.1.42 

func (obj Bridge) Build() middleware.Middleware

func (Bridge) PolicyParser added in v0.1.41 

func (obj Bridge) PolicyParser(ctx context.Context, claims security.Claims, object, action string) (security.Policy, error)

func (Bridge) SkipFromContext added in v0.1.41 

func (obj Bridge) SkipFromContext(ctx context.Context) (context.Context, bool)

func (Bridge) TokenParser added in v0.1.41 

func (obj Bridge) TokenParser(ctx context.Context) string

func (Bridge) WithContext added in v0.1.42 

func (obj Bridge) WithContext(ctx context.Context, token string) context.Context

type BridgeSetting added in v0.1.42 

type BridgeSetting = func(*Bridge)

type Data added in v0.1.41 

type Data interface {
	QueryRoles(ctx context.Context, subject string) ([]string, error)
	QueryPermissions(ctx context.Context, subject string) ([]string, error)
}

type Option 

type Option struct {
	// Authorizer is the authorizer used to authorize the request.
	Authorizer security.Authorizer
	// Tokenizer is the authenticator used to authenticate the request.
	Authenticator security.Authenticator
	// Serializer is the serializer used to serialize the claims.
	Serializer security.Serializer
	// TokenKey is the key used to store the token in the context.
	TokenKey string
	// Scheme is the scheme used for the authorization header.
	Scheme string
	// HeaderAuthorize is the name of the authorization header.
	HeaderAuthorize string
	// SkipKey is the key used to skip authentication.
	SkipKey string
	// PublicPaths are the public paths that do not require authentication.
	PublicPaths []string
	// TokenParser is the parser used to parse the token from the context.
	TokenParser func(ctx context.Context) string
	// PolicyParser is the parser used to parse the user claims.
	PolicyParser security.PolicyParser
	// Skipper is the function used to skip authentication.
	Skipper func(string) bool
	// IsRoot is the function used to check if the request is root.
	IsRoot func(ctx context.Context, claims security.Claims) bool
}

Option is a struct that contains the settings for the security middleware.

func (*Option) ApplyDefaults 

func (o *Option) ApplyDefaults()

ApplyDefaults applies the default settings to the option.

func (*Option) ParsePolicy added in v0.1.41 

func (o *Option) ParsePolicy(ctx context.Context, claims security.Claims) (security.Policy, error)

ParsePolicy parses the user claims from the context.

func (*Option) WithConfig 

func (o *Option) WithConfig(cfg *configv1.Security) *Option

WithConfig applies the configuration to the option.

type OptionSetting 

type OptionSetting = func(option *Option)

OptionSetting is a function that sets an option.

func WithAuthenticator 

func WithAuthenticator(authenticator security.Authenticator) OptionSetting

WithAuthenticator sets the token.

func WithAuthorizer 

func WithAuthorizer(authorizer security.Authorizer) OptionSetting

WithAuthorizer sets the authorizer.

func WithConfig 

func WithConfig(cfg *configv1.Security) OptionSetting

WithConfig sets the configuration.

func WithSkipKey 

func WithSkipKey(key string) OptionSetting

WithSkipKey sets the skip key.

func WithSkipper 

func WithSkipper(paths ...string) OptionSetting

WithSkipper sets the public paths.

func WithTokenKey 

func WithTokenKey(key string) OptionSetting

WithTokenKey sets the token key.

func WithTokenParser 

func WithTokenParser(parser func(ctx context.Context) string) OptionSetting

WithTokenParser sets the token parser.

type ResponseWriter 

type ResponseWriter func(context.Context, security.Claims) (string, error)

ResponseWriter is a function that writes a response to the http.ResponseWriter.

type TokenParser 

type TokenParser func(context.Context, string) (security.Claims, error)

TokenParser is a function that parses a token from the context.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.