security

package
v0.2.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2025 License: MIT Imports: 6 Imported by: 5

Documentation

Overview

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security is a toolkit for security check and authorization

Package security is a toolkit for security check and authorization

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security is a package that provides security-related functions and types.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Index

Constants

View Source 
const (
	TokenCacheAccess  = "security:token:access"
	TokenCacheRefresh = "security:token:refresh"
)
View Source 
const (
	// HeaderAuthorize is the name of the authorization header.
	HeaderAuthorize = "Authorization"
	// HeaderContentType is the name of the content type header.
	HeaderContentType = "Content-Type"
	// HeaderContentLength is the name of the content length header.
	HeaderContentLength = "Content-Length"
	// HeaderUserAgent is the name of the user agent header.
	HeaderUserAgent = "User-Agent"
	// HeaderReferer is the name of the referer header.
	HeaderReferer = "Referer"
	// HeaderOrigin is the name of the origin header.
	HeaderOrigin = "Origin"
)
View Source 
const (
	// SchemeNTLM represents an NTLM authorization.
	SchemeNTLM = SchemeNegotiate
)

Variables

This section is empty.

Functions

func ContextIsRoot added in v0.1.23 

func ContextIsRoot(ctx context.Context) bool

ContextIsRoot checks if the context has the rootCtxKey set to true.

func NewClaimsContext added in v0.2.1 

func NewClaimsContext(ctx context.Context, claims Claims) context.Context

func NewPolicyContext added in v0.2.3 

func NewPolicyContext(ctx context.Context, policy Policy) context.Context

func NewTokenContext added in v0.2.1 

func NewTokenContext(ctx context.Context, token string) context.Context

func TokenFromContext added in v0.2.1 

func TokenFromContext(ctx context.Context) string

func WithRootContext added in v0.1.23 

func WithRootContext(ctx context.Context) context.Context

WithRootContext returns a new context with the rootCtxKey set to true.

Types

type Authenticator added in v0.1.7 

type Authenticator interface {
	// Authenticate returns a nil error and the AuthClaims info (if available).
	Authenticate(context.Context, string) (Claims, error)
	// AuthenticateContext returns a nil error and the AuthClaims info (if available).
	// if the subject is authenticated or a non-nil error with an appropriate error cause otherwise.
	AuthenticateContext(context.Context, TokenSource) (Claims, error)
	// DestroyToken invalidate a token by removing it from the token store.
	DestroyToken(context.Context, string) error
	// DestroyRefreshToken by removing from the token store to invalidate a refresh token
	DestroyRefreshToken(context.Context, string) error
}

Authenticator interface

type Authorizer added in v0.1.7 

type Authorizer interface {
	// Authorized checks if a user is authorized to perform an action.
	// It takes a context and a UserClaims object as input.
	// It returns a boolean indicating whether the user is authorized and an error if the check fails.
	Authorized(ctx context.Context, policy Policy, object string, action string) (bool, error)
	// AuthorizedWithDomain checks if a user is authorized to perform an action within a specific domain.
	// It takes a context, a UserClaims object, a domain, an object, and an action as input.
	// It returns a boolean indicating whether the user is authorized and an error if the check fails.
	AuthorizedWithDomain(ctx context.Context, policy Policy, domain string, object string, action string) (bool, error)
	// AuthorizedWithExtra checks if a user is authorized to perform an action within a specific domain.
	// It takes a context, a UserClaims object, a domain, an object, and an action as input.
	// It returns a boolean indicating whether the user is authorized and an error if the check fails.
	AuthorizedWithExtra(ctx context.Context, data ExtraData) (bool, error)
}

Authorizer is an interface that defines the methods for an authorizer. It is used to manage policies and check authorization.

type CacheStorage added in v0.2.1 

type CacheStorage interface {
	// Store stores the token with a specific expiration time to TokenService
	Store(context.Context, string, time.Duration) error
	// Exist checks if the token exists in the TokenService
	Exist(context.Context, string) (bool, error)
	// Remove deletes the token from the TokenService
	Remove(context.Context, string) error
	// Close closes the TokenService
	Close(context.Context) error
}

CacheStorage is the interface for cache the Authenticator token.

func NewCacheStorage added in v0.2.1 

func NewCacheStorage(ss ...StorageSetting) CacheStorage

NewCacheStorage creates a new cacheStorage with a c and optional StoreOptions

type Claims added in v0.0.42 

type Claims interface {
	// GetSubject returns the subject of the security
	GetSubject() string
	// GetIssuer returns the issuer of the security
	GetIssuer() string
	// GetAudience returns the audience of the security
	GetAudience() []string
	// GetExpiration returns the expiration time of the security
	GetExpiration() int64
	// GetNotBefore returns the time before which the security cannot be accepted
	GetNotBefore() int64
	// GetIssuedAt returns the time at which the security was issued
	GetIssuedAt() int64
	// GetID returns the unique identifier for the security
	GetID() string
	// GetScopes returns the scopes associated with the security
	GetScopes() map[string]bool
}

Claims is an interface that defines the methods that a security claims object should have It provides methods for getting the subject, issuer, audience, expiration, not before, issued at, JWT ID, and scopes of the claims

func ClaimsFromContext added in v0.2.1 

func ClaimsFromContext(ctx context.Context) Claims

func ClaimsWithExtra added in v0.2.3 

func ClaimsWithExtra(claims Claims, ext map[string]string) Claims

type Extra added in v0.2.3 

type Extra interface {
	// GetExtra returns the extra data as a map of strings
	GetExtra() map[string]string
	// Get returns the value associated with the given key
	Get(key string) (string, bool)
	// Set sets the value associated with the given key
	Set(key string, value string)
}

func ExtraObject added in v0.2.3 

func ExtraObject(extra any) (Extra, bool)

ExtraObject retrieves the ExtraData object from a Policy if it implements the ExtraData interface

type ExtraClaims added in v0.2.3 

type ExtraClaims struct {
	// Claims is the registered claims part of the ExtraClaims object.
	Claims Claims
	// Extra is the extra claims part of the ExtraClaims object.
	Extra Extra
}

ExtraClaims represents a claims object that contains both registered claims and extra claims.

func (ExtraClaims) Get added in v0.2.3 

func (e ExtraClaims) Get(key string) (string, bool)

Get returns the value of the given key from the extra claims.

func (ExtraClaims) GetAudience added in v0.2.3 

func (e ExtraClaims) GetAudience() []string

GetAudience returns the audience of the claims.

func (ExtraClaims) GetExpiration added in v0.2.3 

func (e ExtraClaims) GetExpiration() int64

GetExpiration returns the expiration time of the claims.

func (ExtraClaims) GetExtra added in v0.2.3 

func (e ExtraClaims) GetExtra() map[string]string

GetExtra returns the extra claims as a map of strings.

func (ExtraClaims) GetID added in v0.2.3 

func (e ExtraClaims) GetID() string

GetID returns the unique identifier for the claims.

func (ExtraClaims) GetIssuedAt added in v0.2.3 

func (e ExtraClaims) GetIssuedAt() int64

GetIssuedAt returns the time at which the claims were issued.

func (ExtraClaims) GetIssuer added in v0.2.3 

func (e ExtraClaims) GetIssuer() string

GetIssuer returns the issuer of the claims.

func (ExtraClaims) GetNotBefore added in v0.2.3 

func (e ExtraClaims) GetNotBefore() int64

GetNotBefore returns the time before which the claims cannot be accepted.

func (ExtraClaims) GetScopes added in v0.2.3 

func (e ExtraClaims) GetScopes() map[string]bool

GetScopes returns the scopes associated with the claims.

func (ExtraClaims) GetSubject added in v0.2.3 

func (e ExtraClaims) GetSubject() string

GetSubject returns the subject of the claims.

func (ExtraClaims) Set added in v0.2.3 

func (e ExtraClaims) Set(key string, value string)

Set sets the value of the given key in the extra claims.

type ExtraData added in v0.2.3 

type ExtraData interface {
	Extra
	// GetClaims returns the Claims object associated with the extra data,if Claims exists
	GetClaims() (Claims, bool)
	// HasClaims returns true if the extra data contains a Claims object
	HasClaims() bool
	// GetPolicy returns the Policy object associated with the extra data,if Policy exists
	GetPolicy() (Policy, bool)
	// HasPolicy returns true if the extra data contains a Policy object
	HasPolicy() bool
}

ExtraData is an interface that defines methods for handling extra data associated with the security claims

func DataWithExtra added in v0.2.3 

func DataWithExtra(claims Claims, policy Policy, ext map[string]string) ExtraData

type ExtraPolicy added in v0.2.3 

type ExtraPolicy struct {
	// Policy is the underlying-registered policy.
	Policy Policy
	// Extra is the additional metadata associated with the policy.
	Extra Extra
}

ExtraPolicy represents an extended policy that includes additional metadata.

func (ExtraPolicy) Get added in v0.2.3 

func (e ExtraPolicy) Get(key string) (string, bool)

func (ExtraPolicy) GetAction added in v0.2.3 

func (e ExtraPolicy) GetAction() string

GetAction returns the action of the policy.

func (ExtraPolicy) GetDomain added in v0.2.3 

func (e ExtraPolicy) GetDomain() string

GetDomain returns the domain of the policy.

func (ExtraPolicy) GetExtra added in v0.2.3 

func (e ExtraPolicy) GetExtra() map[string]string

func (ExtraPolicy) GetObject added in v0.2.3 

func (e ExtraPolicy) GetObject() string

GetObject returns the object of the policy.

func (ExtraPolicy) GetPermissions added in v0.2.3 

func (e ExtraPolicy) GetPermissions() []string

GetPermissions returns the permissions associated with the policy.

func (ExtraPolicy) GetRoles added in v0.2.3 

func (e ExtraPolicy) GetRoles() []string

GetRoles returns the roles associated with the policy.

func (ExtraPolicy) GetSubject added in v0.2.3 

func (e ExtraPolicy) GetSubject() string

GetSubject returns the subject of the policy.

func (ExtraPolicy) Set added in v0.2.3 

func (e ExtraPolicy) Set(key string, value string)

type Policy added in v0.1.7 

type Policy interface {
	// GetSubject returns the subject of the casbin policy
	GetSubject() string
	// GetObject returns the object of the casbin policy
	GetObject() string
	// GetAction returns the action of the casbin policy
	GetAction() string
	// GetDomain returns the domain of the casbin policy
	GetDomain() string
	// GetRoles returns a list of roles for the user
	GetRoles() []string
	// GetPermissions returns a list of permissions for the user
	GetPermissions() []string
}

Policy is an interface that defines the methods for a policy It provides methods for getting the subject, object, action, domain, roles, and permissions of the policy

func PolicyFromContext added in v0.2.3 

func PolicyFromContext(ctx context.Context) Policy

func PolicyWithExtra added in v0.2.3 

func PolicyWithExtra(policy Policy, ext map[string]string) Policy

type PolicyMap added in v0.2.3 

type PolicyMap map[string]any

type PolicyParser added in v0.2.3 

type PolicyParser func(ctx context.Context, claims Claims) (Policy, error)

PolicyParser is an interface that defines the methods for a user claims parser It takes a context and a Claims object as input and returns a Policy object and an error

type PolicyRegistry added in v0.2.3 

type PolicyRegistry interface {
	// AddPolicy adds a policy for a given subject, object, action, domain
	AddPolicy(sec string, pt string, rule []string) error
	// RemovePolicy removes a policy for a given subject, object, action, domain
	RemovePolicy(sec string, pt string, rule []string) error
	// SetRoles Set the role for a given context
	SetRoles(ctx context.Context, roles RoleMap) error
	// SetPolicies sets the policies for a given context
	SetPolicies(ctx context.Context, policies PolicyMap) error
	// SetPolicyRoles sets the policies for a given context.
	// It takes a context, a map of policies, and a map of roles as input.
	// It returns an error if the policies cannot be set.
	SetPolicyRoles(ctx context.Context, policies PolicyMap, roles RoleMap) error
}

PolicyRegistry is an interface that defines the methods for a policy manager

type RefreshTokenizer added in v0.2.3 

type RefreshTokenizer interface {
	Tokenizer
	// CreateRefreshClaims creates a new identity claims specifically for a refresh token.
	CreateRefreshClaims(context.Context, string) (Claims, error)
}

type RegisteredClaims added in v0.2.3 

type RegisteredClaims struct {
	ID         string          `json:"jti,omitempty"`
	Subject    string          `json:"sub,omitempty"`
	Issuer     string          `json:"iss,omitempty"`
	Audience   []string        `json:"aud,omitempty"`
	Expiration int64           `json:"exp,omitempty"`
	NotBefore  int64           `json:"nbf,omitempty"`
	IssuedAt   int64           `json:"iat,omitempty"`
	Scopes     map[string]bool `json:"scopes,omitempty"`
}

RegisteredClaims is a struct that implements the Claims interface It provides fields for the subject, issuer, audience, expiration, not before, issued at, JWT ID, and scopes of the claims json example: 

{
  "sub": "test_subject",
  "iss": "test_issuer",
  "aud": [
    "test_audience1",
    "test_audience2"
  ],
  "exp": 1735647621,
  "nbf": 1735644021,
  "iat": 1735644021,
  "jti": "test_jti",
  "scopes": {
    "scope1": true,
    "scope2": false
  }
}

func (RegisteredClaims) GetAudience added in v0.2.3 

func (r RegisteredClaims) GetAudience() []string

GetAudience returns the audience of the claims

func (RegisteredClaims) GetExpiration added in v0.2.3 

func (r RegisteredClaims) GetExpiration() int64

GetExpiration returns the expiration time of the claims

func (RegisteredClaims) GetID added in v0.2.3 

func (r RegisteredClaims) GetID() string

GetID returns the unique identifier for the claims

func (RegisteredClaims) GetIssuedAt added in v0.2.3 

func (r RegisteredClaims) GetIssuedAt() int64

GetIssuedAt returns the time at which the claims were issued

func (RegisteredClaims) GetIssuer added in v0.2.3 

func (r RegisteredClaims) GetIssuer() string

GetIssuer returns the issuer of the claims

func (RegisteredClaims) GetNotBefore added in v0.2.3 

func (r RegisteredClaims) GetNotBefore() int64

GetNotBefore returns the time before which the claims cannot be accepted

func (RegisteredClaims) GetScopes added in v0.2.3 

func (r RegisteredClaims) GetScopes() map[string]bool

GetScopes returns the scopes associated with the RegisteredClaims.

func (RegisteredClaims) GetSubject added in v0.2.3 

func (r RegisteredClaims) GetSubject() string

GetSubject returns the subject of the claims

type RegisteredPolicy added in v0.2.3 

type RegisteredPolicy struct {
	Subject     string   `json:"subject"`     // The subject of the policy.
	Object      string   `json:"object"`      // The object of the policy.
	Action      string   `json:"action"`      // The action of the policy.
	Domain      string   `json:"domain"`      // The domain of the policy.
	Roles       []string `json:"roles"`       // The roles associated with the policy.
	Permissions []string `json:"permissions"` // The permissions associated with the policy.
}

RegisteredPolicy represents a registered policy in your system. It contains information about the subject, object, action, domain, roles, and permissions.

func (RegisteredPolicy) GetAction added in v0.2.3 

func (r RegisteredPolicy) GetAction() string

GetAction returns the action of the policy.

func (RegisteredPolicy) GetDomain added in v0.2.3 

func (r RegisteredPolicy) GetDomain() string

GetDomain returns the domain of the policy.

func (RegisteredPolicy) GetObject added in v0.2.3 

func (r RegisteredPolicy) GetObject() string

GetObject returns the object of the policy.

func (RegisteredPolicy) GetPermissions added in v0.2.3 

func (r RegisteredPolicy) GetPermissions() []string

GetPermissions returns the permissions associated with the policy.

func (RegisteredPolicy) GetRoles added in v0.2.3 

func (r RegisteredPolicy) GetRoles() []string

GetRoles returns the roles associated with the policy.

func (RegisteredPolicy) GetSubject added in v0.2.3 

func (r RegisteredPolicy) GetSubject() string

GetSubject returns the subject of the policy.

type RoleMap added in v0.2.3 

type RoleMap map[string]any

type Scheme 

type Scheme int

Scheme represents the type of authorization. 

const (
	// SchemeAnonymous represents an anonymous authorization.
	SchemeAnonymous Scheme = iota
	// SchemeBasic represents a basic authorization.
	SchemeBasic
	// SchemeBearer represents a bearer authorization.
	SchemeBearer
	// SchemeDigest represents a digest authorization.
	SchemeDigest
	// SchemeHOBA represents a HTTP Origin-Bound Authentication (HOBA) authorization.
	SchemeHOBA
	// SchemeMutual represents a mutual authentication.
	SchemeMutual
	// SchemeNegotiate represents a negotiate authorization.
	SchemeNegotiate
	// SchemeVapid represents a VAPID authorization.
	SchemeVapid
	// SchemeSCRAM represents a SCRAM authorization.
	SchemeSCRAM
	// SchemeAWS4HMAC256 represents an AWS4-HMAC-SHA256 authorization.
	SchemeAWS4HMAC256
	// SchemeDPoP represents a DPoP authorization.
	SchemeDPoP
	// SchemeGNAP represents a GNAP authorization.
	SchemeGNAP
	// SchemePrivate represents a private authorization.
	SchemePrivate
	// SchemeOAuth represents an OAuth authorization.
	SchemeOAuth
	// SchemeUnknown represents an unknown authorization.
	SchemeUnknown
	SchemeMax
)

func (Scheme) Equal added in v0.1.9 

func (t Scheme) Equal(other string) bool

func (Scheme) Lower added in v0.1.9 

func (t Scheme) Lower() string

Lower returns the lowercase string representation of the Type.

func (Scheme) String 

func (i Scheme) String() string

type Security added in v0.0.42 

type Security interface {
	Authenticator
	Authorizer
}

Security represents the security interface.

type Serializer added in v0.1.7 

type Serializer interface {
	// Serialize serializes the given data into a byte slice
	Serialize(ctx context.Context, data Claims) ([]byte, error)
	// Deserialize deserializes the given byte slice into the given data
	Deserialize(ctx context.Context, data []byte) (Claims, error)
}

Serializer is an interface that defines the methods for a serializer

type StorageSetting added in v0.0.42 

type StorageSetting = func(*cacheStorage)

func WithCache added in v0.0.42 

func WithCache(c cache.Cache) StorageSetting

type TokenSource added in v0.2.6 

type TokenSource int

TokenSource type is defined to represent the origin of the token. 

const (
	// TokenSourceContext represents the token source for the context.
	TokenSourceContext TokenSource = iota
	// TokenSourceHeader represents the token source for the header, if you don't know server or client
	TokenSourceHeader
	// TokenSourceClientHeader represents the token source for the header.
	TokenSourceClientHeader
	// TokenSourceServerHeader represents the token source for the header.
	TokenSourceServerHeader
	// TokenSourceMetadata represents the token source for the metadata, if you don't know server or client.
	TokenSourceMetadata
	// TokenSourceMetadataClient represents the token source for the metadata.
	TokenSourceMetadataClient
	// TokenSourceMetadataServer represents the token source for the metadata.
	TokenSourceMetadataServer
	// TokenSourceQueryParameter represents the token source for the query.
	TokenSourceQueryParameter
	// TokenSourceCookie represents the token source for the cookie.
	TokenSourceCookie
	// TokenSourceURLParameter represents the token source for the parameter.
	TokenSourceURLParameter
	// TokenSourceForm represents the token source for the form.
	TokenSourceForm
	// TokenSourceRequestBody represents the token source for the body.
	TokenSourceRequestBody
	// TokenSourceSession represents the token source for the session.
	TokenSourceSession
	// TokenSourceUnknown represents an unknown token source.
	TokenSourceUnknown
)

TokenSource constants represent the different types of context.

func (TokenSource) String added in v0.2.6 

func (i TokenSource) String() string

type Tokenizer added in v0.2.1 

type Tokenizer interface {
	// CreateClaims creates a new identity claims.
	CreateClaims(context.Context, string) (Claims, error)
	// CreateToken inject user claims into token string.
	CreateToken(context.Context, Claims) (string, error)
	// ParseClaims parses a token string and returns the Claims.
	ParseClaims(context.Context, string) (Claims, error)
	// Validate validates if a token is valid.
	Validate(context.Context, string) (bool, error)
}

type UnimplementedClaims added in v0.1.7 

type UnimplementedClaims struct {
}

UnimplementedClaims is a struct that implements the Claims interface

func (UnimplementedClaims) GetAudience added in v0.1.7 

func (u UnimplementedClaims) GetAudience() []string

GetAudience returns an empty slice

func (UnimplementedClaims) GetExpiration added in v0.1.7 

func (u UnimplementedClaims) GetExpiration() int64

GetExpiration returns the current time

func (UnimplementedClaims) GetID added in v0.2.3 

func (u UnimplementedClaims) GetID() string

GetID returns an empty string

func (UnimplementedClaims) GetIssuedAt added in v0.1.7 

func (u UnimplementedClaims) GetIssuedAt() int64

GetIssuedAt returns the current time

func (UnimplementedClaims) GetIssuer added in v0.1.7 

func (u UnimplementedClaims) GetIssuer() string

GetIssuer returns an empty string

func (UnimplementedClaims) GetJWTID added in v0.1.23 

func (u UnimplementedClaims) GetJWTID() string

func (UnimplementedClaims) GetNotBefore added in v0.1.7 

func (u UnimplementedClaims) GetNotBefore() int64

GetNotBefore returns the current time

func (UnimplementedClaims) GetScopes added in v0.1.7 

func (u UnimplementedClaims) GetScopes() map[string]bool

GetScopes returns an empty map

func (UnimplementedClaims) GetSubject added in v0.1.7 

func (u UnimplementedClaims) GetSubject() string

GetSubject returns an empty string

type UnimplementedPolicy added in v0.2.3 

type UnimplementedPolicy struct {
}

func (UnimplementedPolicy) GetAction added in v0.2.3 

func (u UnimplementedPolicy) GetAction() string

func (UnimplementedPolicy) GetDomain added in v0.2.3 

func (u UnimplementedPolicy) GetDomain() string

func (UnimplementedPolicy) GetObject added in v0.2.3 

func (u UnimplementedPolicy) GetObject() string

func (UnimplementedPolicy) GetPermissions added in v0.2.3 

func (u UnimplementedPolicy) GetPermissions() []string

func (UnimplementedPolicy) GetRoles added in v0.2.3 

func (u UnimplementedPolicy) GetRoles() []string

func (UnimplementedPolicy) GetSubject added in v0.2.3 

func (u UnimplementedPolicy) GetSubject() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.