x

package
v0.14.0-pre.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 6, 2023 License: Apache-2.0 Imports: 49 Imported by: 3

Documentation

Overview

Package x provides various helpers that do not have an obvious home elsewhere.

The contract implied here, is that:

  • Package x does not depend on other parts of kratos
  • Packages outside kratos do not depend on x.

Index

Constants

View Source
const AdminPrefix = "/admin"
View Source
const CSRFTokenName = "csrf_token"
View Source
const OryLogoutToken = "ory_lo_"
View Source
const OrySessionToken = "ory_st_"

Variables

View Source
var (
	ErrInvalidCSRFToken = herodot.ErrForbidden.
						WithID(text.ErrIDCSRF).
						WithError("the request was rejected to protect you from Cross-Site-Request-Forgery").
						WithDetail("docs", "https://www.ory.sh/kratos/docs/debug/csrf").
						WithReason("Please retry the flow and optionally clear your cookies. The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues.")
	ErrGone = herodot.DefaultError{
		CodeField:    http.StatusGone,
		StatusField:  http.StatusText(http.StatusGone),
		ReasonField:  "",
		DebugField:   "",
		DetailsField: nil,
		ErrorField:   "The requested resource is no longer available because it has expired or is otherwise invalid.",
	}
)
View Source
var (
	ErrInvalidCSRFTokenAJAX = ErrInvalidCSRFToken.
							WithDetail("hint", "We detected an AJAX call, please ensure that CORS is enabled and configured correctly, and that your AJAX code sends cookies and has credentials enabled. For further debugging, check your Browser's Network Tab to see what cookies are included or excluded.")

	ErrInvalidCSRFTokenAJAXNoCookies     = ErrInvalidCSRFTokenAJAX.WithDetail("reject_reason", noCookie)
	ErrInvalidCSRFTokenAJAXCookieMissing = ErrInvalidCSRFTokenAJAX.WithDetail("reject_reason", cookieMissing)
	ErrInvalidCSRFTokenAJAXTokenNotSent  = ErrInvalidCSRFToken.WithDetail("hint", tokenNotSent)
	ErrInvalidCSRFTokenAJAXTokenMismatch = ErrInvalidCSRFTokenAJAX.WithDetail("reject_reason", tokenMismatch)
)
View Source
var (
	ErrInvalidCSRFTokenServer = ErrInvalidCSRFToken.
								WithDetail("hint", "We detected a regular browser or server-side call. To debug browser calls check your Browser's Network Tab to see what cookies are included or excluded. If you are calling from a server ensure that the appropriate cookies are being forwarded and that the SDK method is called correctly.")

	ErrInvalidCSRFTokenServerNoCookies     = ErrInvalidCSRFTokenServer.WithDetail("reject_reason", noCookie)
	ErrInvalidCSRFTokenServerCookieMissing = ErrInvalidCSRFTokenServer.WithDetail("reject_reason", cookieMissing)
	ErrInvalidCSRFTokenServerTokenNotSent  = ErrInvalidCSRFToken.WithDetail("hint", tokenNotSent)
	ErrInvalidCSRFTokenServerTokenMismatch = ErrInvalidCSRFTokenAJAX.WithDetail("reject_reason", tokenMismatch)
)
View Source
var CleanPath negroni.HandlerFunc = func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	r.URL.Path = httprouter.CleanPath(r.URL.Path)
	next(rw, r)
}
View Source
var EmptyUUID uuid.UUID
View Source
var FakeCSRFToken = base64.StdEncoding.EncodeToString([]byte(randx.MustString(32, randx.AlphaLowerNum)))
View Source
var PseudoPanic = herodot.DefaultError{
	StatusField: http.StatusText(http.StatusInternalServerError),
	ErrorField:  "Code Bug Detected",
	ReasonField: "The code ended up at a place where it should not have. Please report this as an issue at https://github.com/ory/kratos",
	CodeField:   http.StatusInternalServerError,
}

Functions

func AcceptToRedirectOrJSON

func AcceptToRedirectOrJSON(
	w http.ResponseWriter, r *http.Request, writer herodot.Writer, out interface{}, redirectTo string,
)

func AcceptsJSON

func AcceptsJSON(r *http.Request) bool

func AssertEqualTime

func AssertEqualTime(t *testing.T, expected, actual time.Time)

func CSRFCookieName

func CSRFCookieName(reg interface {
	config.Provider
}, r *http.Request) string

func CSRFErrorReason

func CSRFErrorReason(r *http.Request, reg interface {
	config.Provider
}) error

func CSRFFailureHandler

func CSRFFailureHandler(reg interface {
	config.Provider
	LoggingProvider
	WriterProvider
}) http.HandlerFunc

func CleanUpTestSMTP

func CleanUpTestSMTP()

func Coalesce added in v0.13.0

func Coalesce[T ~string](str ...T) T

Coalesce returns the first non-empty string value

func ContentNegotiationRedirection

func ContentNegotiationRedirection(
	w http.ResponseWriter, r *http.Request, out interface{}, writer herodot.Writer, returnTo string,
)

func DefaultCSRFToken

func DefaultCSRFToken(r *http.Request) string

func EasyCookieJar

func EasyCookieJar(t *testing.T, o *cookiejar.Options) *cookiejar.Jar

func EasyGet

func EasyGet(t *testing.T, c *http.Client, url string) (*http.Response, []byte)

func EasyGetBody

func EasyGetBody(t *testing.T, c *http.Client, url string) []byte

func EasyGetJSON

func EasyGetJSON(t *testing.T, c *http.Client, url string) (*http.Response, []byte)

func FakeCSRFTokenGenerator

func FakeCSRFTokenGenerator(r *http.Request) string

func FakeCSRFTokenGeneratorWithToken

func FakeCSRFTokenGeneratorWithToken(token string) func(r *http.Request) string

func HTTPLoaderContextMiddleware

func HTTPLoaderContextMiddleware(reg interface {
	HTTPClientProvider
}) negroni.HandlerFunc

func IsBrowserRequest

func IsBrowserRequest(r *http.Request) bool

func IsJSONRequest

func IsJSONRequest(r *http.Request) bool

func IsValidNumber

func IsValidNumber(s string) bool

IsValidNumber reports whether s is a valid JSON number literal.

Taken from encoding/json

func Keys added in v0.13.0

func Keys[K comparable, V any](m map[K]V) []K

func MaxItemsPerPage

func MaxItemsPerPage(is int) int

MaxItemsPerPage is used to prevent DoS attacks against large lists by limiting the items per page to 500.

func Must added in v1.0.0

func Must[T any](t T, err error) T

func MustEncodeJSON

func MustEncodeJSON(t *testing.T, in interface{}) string

func MustReadAll

func MustReadAll(r io.Reader) []byte

func NewCSRFHandler

func NewCSRFHandler(
	router http.Handler,
	reg interface {
		config.Provider
		LoggingProvider
		WriterProvider
	}) *nosurf.CSRFHandler

func NewStubFS

func NewStubFS(name string, data []byte) fs.FS

func NewTestCSRFHandler

func NewTestCSRFHandler(router http.Handler, reg interface {
	WithCSRFHandler(handler nosurf.Handler)
	WithCSRFTokenGenerator(CSRFToken)
	WriterProvider
	LoggingProvider
	config.Provider
}) *nosurf.CSRFHandler

func NewTestHTTPRequest

func NewTestHTTPRequest(t *testing.T, method, url string, body io.Reader) *http.Request

func NewUUID

func NewUUID() uuid.UUID

func NoCache

func NoCache(w http.ResponseWriter)

NoCache adds `Cache-Control: private, no-cache, no-store, must-revalidate` to the response header.

func NoCacheHandle

func NoCacheHandle(handle httprouter.Handle) httprouter.Handle

NoCacheHandle wraps httprouter.Handle with `Cache-Control: private, no-cache, no-store, must-revalidate` headers.

func NoCacheHandler

func NoCacheHandler(handle http.Handler) http.Handler

NoCacheHandler wraps http.HandlerFunc with `Cache-Control: private, no-cache, no-store, must-revalidate` headers.

func NoCacheHandlerFunc

func NoCacheHandlerFunc(handle http.HandlerFunc) http.HandlerFunc

NoCacheHandlerFunc wraps http.HandlerFunc with `Cache-Control: private, no-cache, no-store, must-revalidate` headers.

func NosurfBaseCookieHandler

func NosurfBaseCookieHandler(reg interface {
	config.Provider
}) func(w http.ResponseWriter, r *http.Request) http.Cookie

func PaginationHeader

func PaginationHeader(w http.ResponseWriter, u *url.URL, total int64, page, itemsPerPage int)

func ParsePagination

func ParsePagination(r *http.Request) (page, itemsPerPage int)

ParsePagination parses limit and page from *http.Request with given limits and defaults.

func ParseUUID

func ParseUUID(in string) uuid.UUID

func PointToUUID

func PointToUUID(id uuid.UUID) *uuid.UUID

func RandomDelay

func RandomDelay(base, deviation time.Duration) time.Duration

RandomDelay returns a time randomly chosen from a normal distribution with mean of base and max/min of base +- deviation From the docstring for the rand.NormFloat64(): To produce a different normal distribution, callers can adjust the output using:

sample = NormFloat64() * desiredStdDev + desiredMean

Since 99.73% of values in a normal distribution lie within three standard deviations from the mean (https://en.wikipedia.org/wiki/68%E2%80%9395%E2%80%9399.7_rule), by taking the standard deviation to be deviation/3, we can get a distribution which fits our bounds nicely with minimal clipping when we take max/mins to cut off the tails.

func RecoverStatusCode

func RecoverStatusCode(err error, fallback int) int

func RedirectAdminMiddleware

func RedirectAdminMiddleware(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc)

func RedirectToAdminRoute

func RedirectToAdminRoute(reg config.Provider) httprouter.Handle

func RedirectToPublicRoute

func RedirectToPublicRoute(reg config.Provider) httprouter.Handle

func RequestURL

func RequestURL(r *http.Request) *url.URL

func RequireEqualTime

func RequireEqualTime(t *testing.T, expected, actual time.Time)

func RequireJSONMarshal

func RequireJSONMarshal(t *testing.T, in interface{}) []byte

func RunTestSMTP

func RunTestSMTP() (smtp, api string, err error)

func SDKError

func SDKError(err error) error

func SecureContentNegotiationRedirection

func SecureContentNegotiationRedirection(
	w http.ResponseWriter, r *http.Request, out interface{},
	requestURL string, writer herodot.Writer, c *config.Config,
	opts ...SecureRedirectOption,
) error

func SecureRedirectTo

func SecureRedirectTo(r *http.Request, defaultReturnTo *url.URL, opts ...SecureRedirectOption) (returnTo *url.URL, err error)

SecureRedirectTo implements a HTTP redirector who mitigates open redirect vulnerabilities by working with allow lists.

func SecureRedirectToIsAllowedHost

func SecureRedirectToIsAllowedHost(returnTo *url.URL, allowed url.URL) bool

SecureRedirectToIsAllowedHost validates if the redirect_to param is allowed for a given wildcard

func SessionGetString

func SessionGetString(r *http.Request, s sessions.StoreExact, id string, key interface{}) (string, error)

SessionGetString returns a string for the given id and key or an error if the session is invalid, the key does not exist, or the key value is not a string.

func SessionGetStringOr

func SessionGetStringOr(r *http.Request, s sessions.StoreExact, id, key, fallback string) string

SessionGetStringOr returns a string for the given id and key or the fallback value if the session is invalid, the key does not exist, or the key value is not a string.

func SessionPersistValues

func SessionPersistValues(w http.ResponseWriter, r *http.Request, s sessions.StoreExact, id string, values map[string]interface{}) error

SessionPersistValues adds values to the session store and persists the changes.

func SessionUnset

func SessionUnset(w http.ResponseWriter, r *http.Request, s sessions.StoreExact, id string) error

func SessionUnsetKey

func SessionUnsetKey(w http.ResponseWriter, r *http.Request, s sessions.StoreExact, id, key string) error

func StructToMap

func StructToMap(s interface{}) (map[string]interface{}, error)

func TakeOverReturnToParameter added in v0.11.0

func TakeOverReturnToParameter(from string, to string, fallback ...string) (string, error)

TakeOverReturnToParameter carries over the return_to parameter to a new URL If `from` does not contain the `return_to` query parameter, the first non-empty value from `fallback` is used instead.

func TypeMap

func TypeMap(m map[string]string) (map[string]interface{}, error)

func UntypedMapToJSON

func UntypedMapToJSON(m map[string]string) (json.RawMessage, error)

Types

type CSRFProvider

type CSRFProvider interface {
	CSRFHandler() nosurf.Handler
}

type CSRFToken

type CSRFToken func(r *http.Request) string

type CSRFTokenGeneratorProvider

type CSRFTokenGeneratorProvider interface {
	GenerateCSRFToken(r *http.Request) string
}

type ConvertibleBoolean

type ConvertibleBoolean bool

ConvertibleBoolean can unmarshal both booleans and strings.

func (*ConvertibleBoolean) UnmarshalJSON

func (bit *ConvertibleBoolean) UnmarshalJSON(data []byte) error

type CookieProvider

type CookieProvider interface {
	CookieManager(ctx context.Context) sessions.StoreExact
	ContinuityCookieManager(ctx context.Context) sessions.StoreExact
}

type FakeCSRFHandler

type FakeCSRFHandler struct {
	// contains filtered or unexported fields
}

func NewFakeCSRFHandler

func NewFakeCSRFHandler(name string) *FakeCSRFHandler

func (*FakeCSRFHandler) DisableGlob

func (f *FakeCSRFHandler) DisableGlob(s string)

func (*FakeCSRFHandler) DisableGlobs

func (f *FakeCSRFHandler) DisableGlobs(s ...string)

func (*FakeCSRFHandler) DisablePath

func (f *FakeCSRFHandler) DisablePath(s string)

func (*FakeCSRFHandler) ExemptPath

func (f *FakeCSRFHandler) ExemptPath(s string)

func (*FakeCSRFHandler) IgnoreGlob

func (f *FakeCSRFHandler) IgnoreGlob(s string)

func (*FakeCSRFHandler) IgnoreGlobs

func (f *FakeCSRFHandler) IgnoreGlobs(s ...string)

func (*FakeCSRFHandler) IgnorePath

func (f *FakeCSRFHandler) IgnorePath(s string)

func (*FakeCSRFHandler) RegenerateToken

func (f *FakeCSRFHandler) RegenerateToken(w http.ResponseWriter, r *http.Request) string

func (*FakeCSRFHandler) ServeHTTP

func (f *FakeCSRFHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type HTTPClientProvider

type HTTPClientProvider interface {
	HTTPClient(ctx context.Context, opts ...httpx.ResilientOptions) *retryablehttp.Client
}

type Ider

type Ider interface {
	RequestID() string
}

type LoggingProvider

type LoggingProvider interface {
	Logger() *logrusx.Logger
	Audit() *logrusx.Logger
}

type PaginationParams

type PaginationParams struct {
	// Items per Page
	//
	// This is the number of items per page.
	//
	// required: false
	// in: query
	// default: 250
	// min: 1
	// max: 1000
	PerPage int `json:"per_page"`

	// Pagination Page
	//
	// This value is currently an integer, but it is not sequential. The value is not the page number, but a
	// reference. The next page can be any number and some numbers might return an empty list.
	//
	// For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.
	//
	// required: false
	// in: query
	// default: 1
	// min: 1
	Page int `json:"page"`
}

swagger:model pagination

type RouterAdmin

type RouterAdmin struct {
	*httprouter.Router
}

func NewRouterAdmin

func NewRouterAdmin() *RouterAdmin

func (*RouterAdmin) DELETE

func (r *RouterAdmin) DELETE(publicPath string, handle httprouter.Handle)

func (*RouterAdmin) GET

func (r *RouterAdmin) GET(publicPath string, handle httprouter.Handle)

func (*RouterAdmin) HEAD

func (r *RouterAdmin) HEAD(publicPath string, handle httprouter.Handle)

func (*RouterAdmin) Handle

func (r *RouterAdmin) Handle(method, publicPath string, handle httprouter.Handle)

func (*RouterAdmin) Handler

func (r *RouterAdmin) Handler(method, publicPath string, handler http.Handler)

func (*RouterAdmin) HandlerFunc

func (r *RouterAdmin) HandlerFunc(method, publicPath string, handler http.HandlerFunc)

func (*RouterAdmin) Lookup

func (r *RouterAdmin) Lookup(method, publicPath string)

func (*RouterAdmin) PATCH

func (r *RouterAdmin) PATCH(publicPath string, handle httprouter.Handle)

func (*RouterAdmin) POST

func (r *RouterAdmin) POST(publicPath string, handle httprouter.Handle)

func (*RouterAdmin) PUT

func (r *RouterAdmin) PUT(publicPath string, handle httprouter.Handle)

type RouterPublic

type RouterPublic struct {
	*httprouter.Router
}

func NewRouterPublic

func NewRouterPublic() *RouterPublic

func (*RouterPublic) DELETE

func (r *RouterPublic) DELETE(path string, handle httprouter.Handle)

func (*RouterPublic) GET

func (r *RouterPublic) GET(path string, handle httprouter.Handle)

func (*RouterPublic) HEAD

func (r *RouterPublic) HEAD(path string, handle httprouter.Handle)

func (*RouterPublic) Handle

func (r *RouterPublic) Handle(method, path string, handle httprouter.Handle)

func (*RouterPublic) Handler

func (r *RouterPublic) Handler(method, path string, handler http.Handler)

func (*RouterPublic) HandlerFunc

func (r *RouterPublic) HandlerFunc(method, path string, handler http.HandlerFunc)

func (*RouterPublic) PATCH

func (r *RouterPublic) PATCH(path string, handle httprouter.Handle)

func (*RouterPublic) POST

func (r *RouterPublic) POST(path string, handle httprouter.Handle)

func (*RouterPublic) PUT

func (r *RouterPublic) PUT(path string, handle httprouter.Handle)

type SecureRedirectOption

type SecureRedirectOption func(*secureRedirectOptions)

func SecureRedirectAllowSelfServiceURLs

func SecureRedirectAllowSelfServiceURLs(publicURL *url.URL) SecureRedirectOption

SecureRedirectAllowSelfServiceURLs allows the caller to define `?return_to=` values which contain the server's URL and `/self-service` path prefix. Useful for redirecting to the login endpoint, for example.

func SecureRedirectAllowURLs

func SecureRedirectAllowURLs(urls []url.URL) SecureRedirectOption

SecureRedirectAllowURLs allows the given URLs for redirects.

func SecureRedirectOverrideDefaultReturnTo

func SecureRedirectOverrideDefaultReturnTo(defaultReturnTo *url.URL) SecureRedirectOption

SecureRedirectOverrideDefaultReturnTo overrides the defaultReturnTo address specified as the second arg.

func SecureRedirectReturnTo added in v0.11.0

func SecureRedirectReturnTo(returnTo string) SecureRedirectOption

SecureRedirectReturnTo uses the provided URL to redirect the user to it.

func SecureRedirectUseSourceURL

func SecureRedirectUseSourceURL(source string) SecureRedirectOption

SecureRedirectUseSourceURL uses the given source URL (checks the `?return_to` value) instead of r.URL.

type SimpleLoggerWithClient added in v0.11.0

type SimpleLoggerWithClient struct {
	L *logrusx.Logger
	C *retryablehttp.Client
	T *otelx.Tracer
}

func (*SimpleLoggerWithClient) Audit added in v0.11.0

func (*SimpleLoggerWithClient) HTTPClient added in v0.11.0

func (s *SimpleLoggerWithClient) HTTPClient(_ context.Context, _ ...httpx.ResilientOptions) *retryablehttp.Client

func (*SimpleLoggerWithClient) Logger added in v0.11.0

func (s *SimpleLoggerWithClient) Logger() *logrusx.Logger

func (*SimpleLoggerWithClient) Tracer added in v0.11.0

type StubFS

type StubFS struct {
	// contains filtered or unexported fields
}

func (*StubFS) Close

func (stub *StubFS) Close() error

func (*StubFS) IsDir

func (stub *StubFS) IsDir() bool

func (*StubFS) ModTime

func (stub *StubFS) ModTime() time.Time

func (*StubFS) Mode

func (stub *StubFS) Mode() fs.FileMode

func (*StubFS) Name

func (stub *StubFS) Name() string

func (*StubFS) Open

func (stub *StubFS) Open(name string) (fs.File, error)

func (*StubFS) Read

func (stub *StubFS) Read(bytes []byte) (int, error)

func (*StubFS) Size

func (stub *StubFS) Size() int64

func (*StubFS) Stat

func (stub *StubFS) Stat() (fs.FileInfo, error)

func (*StubFS) Sys

func (stub *StubFS) Sys() interface{}

type TracingProvider

type TracingProvider interface {
	Tracer(ctx context.Context) *otelx.Tracer
}

type TransportWithHeader

type TransportWithHeader struct {
	http.RoundTripper
	// contains filtered or unexported fields
}

func NewTransportWithHeader

func NewTransportWithHeader(h http.Header) *TransportWithHeader

func (*TransportWithHeader) RoundTrip

func (ct *TransportWithHeader) RoundTrip(req *http.Request) (*http.Response, error)

type TransportWithHost

type TransportWithHost struct {
	http.RoundTripper
	// contains filtered or unexported fields
}

func NewTransportWithHost

func NewTransportWithHost(host string) *TransportWithHost

func (*TransportWithHost) RoundTrip

func (ct *TransportWithHost) RoundTrip(req *http.Request) (*http.Response, error)

type WriterProvider

type WriterProvider interface {
	Writer() herodot.Writer
}

Directories

Path Synopsis
Ory Kratos
Ory Kratos

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL