proxy

package
v0.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2019 License: Apache-2.0 Imports: 32 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrAuthenticatorBypassed = errors.New("Authenticator is disabled")
View Source 
var ErrAuthenticatorNotResponsible = errors.New("Authenticator not responsible")

Functions

func EnrichRequestedURL 

func EnrichRequestedURL(r *http.Request)

EnrichRequestedURL sets Scheme and Host values in a URL passed down by a http server. Per default, the URL does not contain host nor scheme values.

func NewSimpleResponseWriter 

func NewSimpleResponseWriter() *simpleResponseWriter

Types

type AuthenticationSession 

type AuthenticationSession struct {
	Subject string
	Extra   map[string]interface{}
}

type Authenticator 

type Authenticator interface {
	Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)
	GetID() string
}

type AuthenticatorAnonymous 

type AuthenticatorAnonymous struct {
	AnonymousIdentifier string
}

func NewAuthenticatorAnonymous 

func NewAuthenticatorAnonymous(anonymousIdentifier string) *AuthenticatorAnonymous

func (*AuthenticatorAnonymous) Authenticate 

func (a *AuthenticatorAnonymous) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorAnonymous) GetID 

func (a *AuthenticatorAnonymous) GetID() string

type AuthenticatorBroken 

type AuthenticatorBroken struct{}

func NewAuthenticatorBroken 

func NewAuthenticatorBroken() *AuthenticatorBroken

func (*AuthenticatorBroken) Authenticate 

func (a *AuthenticatorBroken) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorBroken) GetID 

func (a *AuthenticatorBroken) GetID() string

type AuthenticatorJWT 

type AuthenticatorJWT struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorJWT 

func NewAuthenticatorJWT(jwksURL string, scopeStrategy fosite.ScopeStrategy) (*AuthenticatorJWT, error)

func (*AuthenticatorJWT) Authenticate 

func (a *AuthenticatorJWT) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorJWT) GetID 

func (a *AuthenticatorJWT) GetID() string

type AuthenticatorNoOp 

type AuthenticatorNoOp struct{}

func NewAuthenticatorNoOp 

func NewAuthenticatorNoOp() *AuthenticatorNoOp

func (*AuthenticatorNoOp) Authenticate 

func (a *AuthenticatorNoOp) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorNoOp) GetID 

func (a *AuthenticatorNoOp) GetID() string

type AuthenticatorOAuth2ClientCredentials 

type AuthenticatorOAuth2ClientCredentials struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorOAuth2ClientCredentials 

func NewAuthenticatorOAuth2ClientCredentials(tokenURL string) (*AuthenticatorOAuth2ClientCredentials, error)

func (*AuthenticatorOAuth2ClientCredentials) Authenticate 

func (a *AuthenticatorOAuth2ClientCredentials) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorOAuth2ClientCredentials) GetID 

func (a *AuthenticatorOAuth2ClientCredentials) GetID() string

type AuthenticatorOAuth2Configuration 

type AuthenticatorOAuth2Configuration struct {
	// Scopes is an array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this rule.
	// If the token used in the Authorization header did not request that specific scope, the request is denied.
	Scopes []string `json:"required_scope"`
}

type AuthenticatorOAuth2Introspection 

type AuthenticatorOAuth2Introspection struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorOAuth2Introspection 

func NewAuthenticatorOAuth2Introspection(
	clientID, clientSecret, tokenURL, introspectionURL string,
	scopes []string, strategy fosite.ScopeStrategy,
) (*AuthenticatorOAuth2Introspection, error)

func (*AuthenticatorOAuth2Introspection) Authenticate 

func (a *AuthenticatorOAuth2Introspection) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorOAuth2Introspection) GetID 

func (a *AuthenticatorOAuth2Introspection) GetID() string

type AuthenticatorOAuth2IntrospectionConfiguration 

type AuthenticatorOAuth2IntrospectionConfiguration struct {
	// An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.
	// If the token used in the Authorization header did not request that specific scope, the request is denied.
	Scopes []string `json:"required_scope"`

	// An array of audiences that are required when accessing an endpoint protected by this handler.
	// If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.
	Audience []string `json:"target_audience"`

	// The token must have been issued by one of the issuers listed in this array.
	Issuers []string `json:"trusted_issuers"`
}

type AuthenticatorOAuth2JWTConfiguration 

type AuthenticatorOAuth2JWTConfiguration struct {
	// An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.
	// If the token used in the Authorization header did not request that specific scope, the request is denied.
	Scopes []string `json:"required_scope"`

	// An array of audiences that are required when accessing an endpoint protected by this handler.
	// If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.
	Audience []string `json:"target_audience"`

	// The token must have been issued by one of the issuers listed in this array.
	Issuers []string `json:"trusted_issuers"`

	AllowedAlgorithms []string `json:"allowed_algorithms"`
}

type Authorizer 

type Authorizer interface {
	Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
	GetID() string
}

type AuthorizerAllow 

type AuthorizerAllow struct{}

func NewAuthorizerAllow 

func NewAuthorizerAllow() *AuthorizerAllow

func (*AuthorizerAllow) Authorize 

func (a *AuthorizerAllow) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

func (*AuthorizerAllow) GetID 

func (a *AuthorizerAllow) GetID() string

type AuthorizerDeny 

type AuthorizerDeny struct{}

func NewAuthorizerDeny 

func NewAuthorizerDeny() *AuthorizerDeny

func (*AuthorizerDeny) Authorize 

func (a *AuthorizerDeny) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

func (*AuthorizerDeny) GetID 

func (a *AuthorizerDeny) GetID() string

type AuthorizerKetoWarden 

type AuthorizerKetoWarden struct {
	// contains filtered or unexported fields
}

func NewAuthorizerKetoWarden 

func NewAuthorizerKetoWarden(baseURL *url.URL) *AuthorizerKetoWarden

func (*AuthorizerKetoWarden) Authorize 

func (a *AuthorizerKetoWarden) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

func (*AuthorizerKetoWarden) GetID 

func (a *AuthorizerKetoWarden) GetID() string

func (*AuthorizerKetoWarden) ParseSubject 

func (a *AuthorizerKetoWarden) ParseSubject(session *AuthenticationSession, templateId, templateString string) (string, error)

type AuthorizerKetoWardenConfiguration 

type AuthorizerKetoWardenConfiguration struct {
	RequiredAction   string `json:"required_action" valid:",required"`
	RequiredResource string `json:"required_resource" valid:",required"`
	Subject          string `json:"subject"`
	Flavor           string `json:"flavor"`
}

type Claims 

type Claims struct {
	Audience  []string `json:"aud,omitempty"`
	ExpiresAt int64    `json:"exp,omitempty"`
	Id        string   `json:"jti,omitempty"`
	IssuedAt  int64    `json:"iat,omitempty"`
	Issuer    string   `json:"iss,omitempty"`
	NotBefore int64    `json:"nbf,omitempty"`
	Subject   string   `json:"sub,omitempty"`
}

func (*Claims) Valid 

func (c *Claims) Valid() error

type CredentialsCookies 

type CredentialsCookies struct {
	RulesCache *template.Template
}

func NewCredentialsIssuerCookies 

func NewCredentialsIssuerCookies() *CredentialsCookies

func (*CredentialsCookies) GetID 

func (a *CredentialsCookies) GetID() string

func (*CredentialsCookies) Issue 

func (a *CredentialsCookies) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) (http.Header, error)

type CredentialsCookiesConfig 

type CredentialsCookiesConfig struct {
	Cookies map[string]string `json:"cookies"`
}

type CredentialsHeaders 

type CredentialsHeaders struct {
	RulesCache *template.Template
}

func NewCredentialsIssuerHeaders 

func NewCredentialsIssuerHeaders() *CredentialsHeaders

func (*CredentialsHeaders) GetID 

func (a *CredentialsHeaders) GetID() string

func (*CredentialsHeaders) Issue 

func (a *CredentialsHeaders) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) (http.Header, error)

type CredentialsHeadersConfig 

type CredentialsHeadersConfig struct {
	Headers map[string]string `json:"headers"`
}

type CredentialsIDToken 

type CredentialsIDToken struct {
	// contains filtered or unexported fields
}

func NewCredentialsIssuerIDToken 

func NewCredentialsIssuerIDToken(
	k rsakey.Manager,
	l logrus.FieldLogger,
	lifetime time.Duration,
	issuer string,
) *CredentialsIDToken

func (*CredentialsIDToken) GetID 

func (a *CredentialsIDToken) GetID() string

func (*CredentialsIDToken) Issue 

func (a *CredentialsIDToken) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) (http.Header, error)

type CredentialsIDTokenConfig 

type CredentialsIDTokenConfig struct {
	Audience []string `json:"aud"`
}

type CredentialsIssuer 

type CredentialsIssuer interface {
	Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) (http.Header, error)
	GetID() string
}

type CredentialsIssuerBroken 

type CredentialsIssuerBroken struct{}

func NewCredentialsIssuerBroken 

func NewCredentialsIssuerBroken() *CredentialsIssuerBroken

func (*CredentialsIssuerBroken) GetID 

func (a *CredentialsIssuerBroken) GetID() string

func (*CredentialsIssuerBroken) Issue 

func (a *CredentialsIssuerBroken) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) (http.Header, error)

type CredentialsIssuerNoOp 

type CredentialsIssuerNoOp struct{}

func NewCredentialsIssuerNoOp 

func NewCredentialsIssuerNoOp() *CredentialsIssuerNoOp

func (*CredentialsIssuerNoOp) GetID 

func (a *CredentialsIssuerNoOp) GetID() string

func (*CredentialsIssuerNoOp) Issue 

func (a *CredentialsIssuerNoOp) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) (http.Header, error)

type Proxy 

type Proxy struct {
	Logger         logrus.FieldLogger
	RequestHandler *RequestHandler
	KeyManager     rsakey.Manager
	Matcher        rule.Matcher
	H              herodot.Writer
}

func NewProxy 

func NewProxy(handler *RequestHandler, logger logrus.FieldLogger, matcher rule.Matcher) *Proxy

func (*Proxy) Director 

func (d *Proxy) Director(r *http.Request)

func (*Proxy) RoundTrip 

func (d *Proxy) RoundTrip(r *http.Request) (*http.Response, error)

type RequestHandler 

type RequestHandler struct {
	Logger                 logrus.FieldLogger
	AuthorizationHandlers  map[string]Authorizer
	AuthenticationHandlers map[string]Authenticator
	CredentialIssuers      map[string]CredentialsIssuer
	Issuer                 string
}

func NewRequestHandler 

func NewRequestHandler(
	l logrus.FieldLogger,
	authenticationHandlers []Authenticator,
	authorizationHandlers []Authorizer,
	credentialIssuers []CredentialsIssuer,
) *RequestHandler

func (*RequestHandler) HandleRequest 

func (d *RequestHandler) HandleRequest(r *http.Request, rl *rule.Rule) (http.Header, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.