security

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 30, 2024 License: MIT Imports: 6 Imported by: 5

Documentation

Overview

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security is a toolkit for security check and authorization

Package security is a toolkit for security check and authorization

Package security implements the functions, types, and interfaces for the module.

Package security is a package that provides security-related functions and types.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Index

Constants

View Source 
const (
	TokenCacheAccess  = "security:token:access"
	TokenCacheRefresh = "security:token:refresh"
)
View Source 
const (
	// HeaderAuthorize is the name of the authorization header.
	HeaderAuthorize = "Authorization"
	// HeaderContentType is the name of the content type header.
	HeaderContentType = "Content-Type"
	// HeaderContentLength is the name of the content length header.
	HeaderContentLength = "Content-Length"
	// HeaderUserAgent is the name of the user agent header.
	HeaderUserAgent = "User-Agent"
	// HeaderReferer is the name of the referer header.
	HeaderReferer = "Referer"
	// HeaderOrigin is the name of the origin header.
	HeaderOrigin = "Origin"
)
View Source 
const (
	// SchemeNTLM represents an NTLM authorization.
	SchemeNTLM = SchemeNegotiate
)

Variables

This section is empty.

Functions

func ContextIsRoot added in v0.1.23 

func ContextIsRoot(ctx context.Context) bool

func NewClaimsContext added in v0.2.1 

func NewClaimsContext(ctx context.Context, claims Claims) context.Context

func NewTokenContext added in v0.2.1 

func NewTokenContext(ctx context.Context, token string) context.Context

func NewUserClaimsContext added in v0.2.1 

func NewUserClaimsContext(ctx context.Context, claims UserClaims) context.Context

func TokenFromContext added in v0.2.1 

func TokenFromContext(ctx context.Context) string

func WithRootContext added in v0.1.23 

func WithRootContext(ctx context.Context) context.Context

Types

type Authenticator added in v0.1.7 

type Authenticator interface {
	// CreateIdentityClaims creates a new identity claims. bool true is for refresh token
	CreateIdentityClaims(context.Context, string, bool) (Claims, error)
	// Authenticate returns a nil error and the AuthClaims info (if available).
	Authenticate(context.Context, string) (Claims, error)
	// Verify validates if a token is valid.
	Verify(context.Context, string) (bool, error)
	// CreateToken inject user claims into token string.
	CreateToken(context.Context, Claims) (string, error)
}

Authenticator interface

type Authorizer added in v0.1.7 

type Authorizer interface {
	// SetPolicies sets the policies for a given context.
	// It takes a context, a map of policies, and a map of roles as input.
	// It returns an error if the policies cannot be set.
	SetPolicies(ctx context.Context, policies map[string]any, roles map[string]any) error

	// Authorized checks if a user is authorized to perform an action.
	// It takes a context and a UserClaims object as input.
	// It returns a boolean indicating whether the user is authorized and an error if the check fails.
	Authorized(ctx context.Context, claims UserClaims) (bool, error)
}

Authorizer is an interface that defines the methods for an authorizer. It is used to manage policies and check authorization.

type CacheStorage added in v0.2.1 

type CacheStorage interface {
	// Store stores the token with a specific expiration time to TokenService
	Store(context.Context, string, time.Duration) error
	// Exist checks if the token exists in the TokenService
	Exist(context.Context, string) (bool, error)
	// Remove deletes the token from the TokenService
	Remove(context.Context, string) error
	// Close closes the TokenService
	Close(context.Context) error
}

CacheStorage is the interface for cache the Authenticator token.

func NewCacheStorage added in v0.2.1 

func NewCacheStorage(ss ...StorageSetting) CacheStorage

NewCacheStorage creates a new cacheStorage with a c and optional StoreOptions

type Claims added in v0.0.42 

type Claims interface {
	// GetSubject returns the subject of the security
	GetSubject() string
	// GetIssuer returns the issuer of the security
	GetIssuer() string
	// GetAudience returns the audience of the security
	GetAudience() []string
	// GetExpiration returns the expiration time of the security
	GetExpiration() time.Time
	// GetNotBefore returns the time before which the security cannot be accepted
	GetNotBefore() time.Time
	// GetIssuedAt returns the time at which the security was issued
	GetIssuedAt() time.Time
	// GetJWTID returns the unique identifier for the security
	GetJWTID() string
	// GetScopes returns the scopes associated with the security
	GetScopes() map[string]bool
	// GetExtra returns any additional data associated with the security
	GetExtra() map[string]string
}

Claims is an interface that defines the methods that a security claims object should have

func ClaimsFromContext added in v0.2.1 

func ClaimsFromContext(ctx context.Context) Claims

type PolicyManager added in v0.1.7 

type PolicyManager interface {
	// AddPolicy adds a policy for a given subject, object, action, domain
	AddPolicy(sec string, pt string, rule []string) error
	// RemovePolicy removes a policy for a given subject, object, action, domain
	RemovePolicy(sec string, pt string, rule []string) error
	// SetPolicies sets the policies for a given context
	SetPolicies(context.Context, map[string]any) error
}

PolicyManager is an interface that defines the methods for a policy manager

type Scheme 

type Scheme int

Scheme represents the type of authorization. 

const (
	// SchemeAnonymous represents an anonymous authorization.
	SchemeAnonymous Scheme = iota
	// SchemeBasic represents a basic authorization.
	SchemeBasic
	// SchemeBearer represents a bearer authorization.
	SchemeBearer
	// SchemeDigest represents a digest authorization.
	SchemeDigest
	// SchemeHOBA represents a HTTP Origin-Bound Authentication (HOBA) authorization.
	SchemeHOBA
	// SchemeMutual represents a mutual authentication.
	SchemeMutual
	// SchemeNegotiate represents a negotiate authorization.
	SchemeNegotiate
	// SchemeVapid represents a VAPID authorization.
	SchemeVapid
	// SchemeSCRAM represents a SCRAM authorization.
	SchemeSCRAM
	// SchemeAWS4HMAC256 represents an AWS4-HMAC-SHA256 authorization.
	SchemeAWS4HMAC256
	// SchemeDPoP represents a DPoP authorization.
	SchemeDPoP
	// SchemeGNAP represents a GNAP authorization.
	SchemeGNAP
	// SchemePrivate represents a private authorization.
	SchemePrivate
	// SchemeOAuth represents an OAuth authorization.
	SchemeOAuth
	// SchemeUnknown represents an unknown authorization.
	SchemeUnknown
	SchemeMax
)

func (Scheme) Equal added in v0.1.9 

func (t Scheme) Equal(other string) bool

func (Scheme) Lower added in v0.1.9 

func (t Scheme) Lower() string

Lower returns the lowercase string representation of the Type.

func (Scheme) String 

func (i Scheme) String() string

type Serializer added in v0.1.7 

type Serializer interface {
	// Serialize serializes the given data into a byte slice
	Serialize(ctx context.Context, data Claims) ([]byte, error)
	// Deserialize deserializes the given byte slice into the given data
	Deserialize(ctx context.Context, data []byte) (Claims, error)
}

Serializer is an interface that defines the methods for a serializer

type StorageSetting added in v0.0.42 

type StorageSetting = func(*cacheStorage)

func WithCache added in v0.0.42 

func WithCache(c cache.Cache) StorageSetting

type TokenType 

type TokenType int

TokenType represents the type of token. 

const (
	// ContextTypeContext represents the context type for the context.
	ContextTypeContext TokenType = iota
	// ContextTypeClientHeader represents the context type for the header.
	ContextTypeClientHeader
	// ContextTypeServerHeader represents the context type for the header.
	ContextTypeServerHeader
	// ContextTypeMetadataClient represents the context type for the metadata.
	ContextTypeMetadataClient
	// ContextTypeMetadata represents the context type for the metadata.
	ContextTypeMetadata
	// ContextTypeQuery represents the context type for the query.
	ContextTypeQuery
	// ContextTypeCookie represents the context type for the cookie.
	ContextTypeCookie
	// ContextTypeParam represents the context type for the parameter.
	ContextTypeParam
	// ContextTypeForm represents the context type for the form.
	ContextTypeForm
	// ContextTypeBody represents the context type for the body.
	ContextTypeBody
	// ContextTypeSession represents the context type for the session.
	ContextTypeSession
	// ContextTypeUnknown represents an unknown context type.
	ContextTypeUnknown
)

ContextType constants represent the different types of context.

func (TokenType) String 

func (i TokenType) String() string

type Tokenizer added in v0.2.1 

type Tokenizer interface {
	// CreateIdentityClaims creates a new identity claims. bool true is for refresh token
	CreateIdentityClaims(context.Context, string, bool) (Claims, error)
	// CreateIdentityClaimsContext creates a new identity.It should be used when a new user is created.
	CreateIdentityClaimsContext(context.Context, TokenType, string) (context.Context, error)
	// Authenticate returns a nil error and the AuthClaims info (if available).
	Authenticate(context.Context, string) (Claims, error)
	// AuthenticateContext returns a nil error and the AuthClaims info (if available).
	// if the subject is authenticated or a non-nil error with an appropriate error cause otherwise.
	AuthenticateContext(context.Context, TokenType) (Claims, error)
	// Verify validates if a token is valid.
	Verify(context.Context, string) (bool, error)
	// VerifyContext validates if a token is valid.
	VerifyContext(context.Context, TokenType) (bool, error)
	// CreateToken inject user claims into token string.
	CreateToken(context.Context, Claims) (string, error)
	// CreateTokenContext inject user claims into context.
	CreateTokenContext(context.Context, TokenType, Claims) (context.Context, error)
	// DestroyToken invalidate a token by removing it from the token store.
	DestroyToken(context.Context, string) error
	// DestroyTokenContext invalidate a token by removing it from the token store.
	DestroyTokenContext(context.Context, TokenType) error
	// Close Cleans up the authenticator.
	Close(context.Context) error
}

type UnimplementedClaims added in v0.1.7 

type UnimplementedClaims struct {
}

UnimplementedClaims is a struct that implements the Claims interface

func (UnimplementedClaims) GetAudience added in v0.1.7 

func (u UnimplementedClaims) GetAudience() []string

GetAudience returns an empty slice

func (UnimplementedClaims) GetExpiration added in v0.1.7 

func (u UnimplementedClaims) GetExpiration() time.Time

GetExpiration returns the current time

func (UnimplementedClaims) GetExtra added in v0.1.7 

func (u UnimplementedClaims) GetExtra() map[string]string

GetExtra returns an empty map

func (UnimplementedClaims) GetIssuedAt added in v0.1.7 

func (u UnimplementedClaims) GetIssuedAt() time.Time

GetIssuedAt returns the current time

func (UnimplementedClaims) GetIssuer added in v0.1.7 

func (u UnimplementedClaims) GetIssuer() string

GetIssuer returns an empty string

func (UnimplementedClaims) GetJWTID added in v0.1.23 

func (u UnimplementedClaims) GetJWTID() string

func (UnimplementedClaims) GetJwtID added in v0.1.7 

func (u UnimplementedClaims) GetJwtID() string

GetJwtID returns an empty string

func (UnimplementedClaims) GetNotBefore added in v0.1.7 

func (u UnimplementedClaims) GetNotBefore() time.Time

GetNotBefore returns the current time

func (UnimplementedClaims) GetScopes added in v0.1.7 

func (u UnimplementedClaims) GetScopes() map[string]bool

GetScopes returns an empty map

func (UnimplementedClaims) GetSubject added in v0.1.7 

func (u UnimplementedClaims) GetSubject() string

GetSubject returns an empty string

type UnimplementedUserClaims added in v0.1.23 

type UnimplementedUserClaims struct {
}

func (UnimplementedUserClaims) GetAction added in v0.1.23 

func (u UnimplementedUserClaims) GetAction() string

func (UnimplementedUserClaims) GetClaims added in v0.1.23 

func (u UnimplementedUserClaims) GetClaims() Claims

func (UnimplementedUserClaims) GetDomain added in v0.1.23 

func (u UnimplementedUserClaims) GetDomain() string

func (UnimplementedUserClaims) GetExtra added in v0.1.23 

func (u UnimplementedUserClaims) GetExtra() map[string]string

func (UnimplementedUserClaims) GetObject added in v0.1.23 

func (u UnimplementedUserClaims) GetObject() string

func (UnimplementedUserClaims) GetSubject added in v0.1.23 

func (u UnimplementedUserClaims) GetSubject() string

func (UnimplementedUserClaims) IsRoot added in v0.1.23 

func (u UnimplementedUserClaims) IsRoot() bool

type UserClaims added in v0.1.14 

type UserClaims interface {
	// GetSubject returns the subject of the casbin policy
	GetSubject() string
	// GetObject returns the object of the casbin policy
	GetObject() string
	// GetAction returns the action of the casbin policy
	GetAction() string
	// GetDomain returns the domain of the casbin policy
	GetDomain() string
	// GetClaims returns the claims of the casbin policy
	GetClaims() Claims
	// GetExtra returns the extra information of the casbin policy
	GetExtra() map[string]string
}

UserClaims is an interface that defines the methods for a casbin policy

func UserClaimsFromContext added in v0.2.1 

func UserClaimsFromContext(ctx context.Context) UserClaims

type UserClaimsParser added in v0.1.14 

type UserClaimsParser func(ctx context.Context, claims Claims) (UserClaims, error)

UserClaimsParser is an interface that defines the methods for a user claims parser

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.