Documentation ¶
Index ¶
- Constants
- Variables
- func AccessLog(logger log.Logger) func(http.Handler) http.Handler
- func AccountResolver(optionSetters ...Option) func(next http.Handler) http.Handler
- func Authentication(auths []Authenticator, opts ...Option) func(next http.Handler) http.Handler
- func CreateHome(optionSetters ...Option) func(next http.Handler) http.Handler
- func HTTPSRedirect(next http.Handler) http.Handler
- func OIDCWellKnownRewrite(logger log.Logger, oidcISS string, rewrite bool, oidcClient *http.Client) func(http.Handler) http.Handler
- func SelectorCookie(optionSetters ...Option) func(next http.Handler) http.Handler
- type Authenticator
- type BasicAuthenticator
- type OIDCAuthenticator
- type OIDCProvider
- type Option
- func AccessTokenVerifyMethod(method string) Option
- func AutoprovisionAccounts(val bool) Option
- func CredentialsByUserAgent(v map[string]string) Option
- func EnableBasicAuth(enableBasicAuth bool) Option
- func HTTPClient(c *http.Client) Option
- func JWKSOptions(jo config.JWKS) Option
- func Logger(l log.Logger) Option
- func OIDCIss(iss string) Option
- func OIDCProviderFunc(f func() (OIDCProvider, error)) Option
- func PolicySelectorConfig(cfg config.PolicySelector) Option
- func PreSignedURLConfig(cfg config.PreSignedURL) Option
- func RevaGatewayClient(gc gateway.GatewayAPIClient) Option
- func SettingsRoleService(rc settingssvc.RoleService) Option
- func Store(sc storesvc.StoreService) Option
- func TokenCacheSize(size int) Option
- func TokenCacheTTL(ttl time.Duration) Option
- func TokenManagerConfig(cfg config.TokenManager) Option
- func UserCS3Claim(val string) Option
- func UserOIDCClaim(val string) Option
- func UserProvider(up backend.UserBackend) Option
- type Options
- type PublicShareAuthenticator
- type SignedURLAuthenticator
Constants ¶
const (
// WwwAuthenticate captures the Www-Authenticate header string.
WwwAuthenticate = "Www-Authenticate"
)
Variables ¶
var ( // SupportedAuthStrategies stores configured challenges. SupportedAuthStrategies []string // ProxyWwwAuthenticate is a list of endpoints that do not rely on reva underlying authentication, such as ocs. // services that fallback to reva authentication are declared in the "frontend" command on oCIS. It is a list of // regexp.Regexp which are safe to use concurrently. ProxyWwwAuthenticate = []regexp.Regexp{*regexp.MustCompile("/ocs/v[12].php/cloud/")} )
Functions ¶
func AccountResolver ¶
AccountResolver provides a middleware which mints a jwt and adds it to the proxied request based on the oidc-claims
func Authentication ¶
Authentication is a higher order authentication middleware.
func CreateHome ¶
CreateHome provides a middleware which sends a CreateHome request to the reva gateway
func HTTPSRedirect ¶
HTTPSRedirect redirects insecure requests to https
Types ¶
type Authenticator ¶
type Authenticator interface { // Authenticate is used to authenticate incoming HTTP requests. // The Authenticator may augment the request with user info or anything related to the // authentication and return the augmented request. Authenticate(*http.Request) (*http.Request, bool) }
Authenticator is the common interface implemented by all request authenticators.
type BasicAuthenticator ¶
type BasicAuthenticator struct { Logger log.Logger UserProvider backend.UserBackend UserCS3Claim string UserOIDCClaim string }
BasicAuthenticator is the authenticator responsible for HTTP Basic authentication.
func (BasicAuthenticator) Authenticate ¶
Authenticate implements the authenticator interface to authenticate requests via basic auth.
type OIDCAuthenticator ¶
type OIDCAuthenticator struct { Logger log.Logger HTTPClient *http.Client OIDCIss string TokenCacheTTL time.Duration ProviderFunc func() (OIDCProvider, error) AccessTokenVerifyMethod string JWKSOptions config.JWKS JWKS *keyfunc.JWKS // contains filtered or unexported fields }
OIDCAuthenticator is an authenticator responsible for OIDC authentication.
func NewOIDCAuthenticator ¶
func NewOIDCAuthenticator(logger log.Logger, tokenCacheTTL int, oidcHTTPClient *http.Client, oidcIss string, providerFunc func() (OIDCProvider, error), jwksOptions config.JWKS, accessTokenVerifyMethod string) OIDCAuthenticator
NewOIDCAuthenticator returns a ready to use authenticator which can handle OIDC authentication.
func (OIDCAuthenticator) Authenticate ¶
Authenticate implements the authenticator interface to authenticate requests via oidc auth.
type OIDCProvider ¶
type OIDCProvider interface {
UserInfo(ctx context.Context, ts oauth2.TokenSource) (*gOidc.UserInfo, error)
}
OIDCProvider used to mock the oidc provider during tests
type Option ¶
type Option func(o *Options)
Option defines a single option function.
func AccessTokenVerifyMethod ¶
AccessTokenVerifyMethod set the mechanism for access token verification
func AutoprovisionAccounts ¶
AutoprovisionAccounts provides a function to set the AutoprovisionAccounts config
func CredentialsByUserAgent ¶
CredentialsByUserAgent sets UserAgentChallenges.
func EnableBasicAuth ¶
EnableBasicAuth provides a function to set the EnableBasicAuth config
func HTTPClient ¶
HTTPClient provides a function to set the http client config option.
func JWKSOptions ¶
JWKS sets the options for fetching the JWKS from the IDP
func OIDCProviderFunc ¶
func OIDCProviderFunc(f func() (OIDCProvider, error)) Option
OIDCProviderFunc provides a function to set the the oidc provider function option.
func PolicySelectorConfig ¶
func PolicySelectorConfig(cfg config.PolicySelector) Option
PolicySelectorConfig provides a function to set the policy selector config option.
func PreSignedURLConfig ¶
func PreSignedURLConfig(cfg config.PreSignedURL) Option
PreSignedURLConfig provides a function to set the PreSignedURL config
func RevaGatewayClient ¶
func RevaGatewayClient(gc gateway.GatewayAPIClient) Option
RevaGatewayClient provides a function to set the the reva gateway service client option.
func SettingsRoleService ¶
func SettingsRoleService(rc settingssvc.RoleService) Option
SettingsRoleService provides a function to set the role service option.
func Store ¶
func Store(sc storesvc.StoreService) Option
Store provides a function to set the store option.
func TokenCacheSize ¶
TokenCacheSize provides a function to set the TokenCacheSize
func TokenCacheTTL ¶
TokenCacheTTL provides a function to set the TokenCacheTTL
func TokenManagerConfig ¶
func TokenManagerConfig(cfg config.TokenManager) Option
TokenManagerConfig provides a function to set the token manger config option.
func UserCS3Claim ¶
UserCS3Claim provides a function to set the UserClaimType config
func UserOIDCClaim ¶
UserOIDCClaim provides a function to set the UserClaim config
func UserProvider ¶
func UserProvider(up backend.UserBackend) Option
UserProvider sets the accounts user provider
type Options ¶
type Options struct { // Logger to use for logging, must be set Logger log.Logger // TokenManagerConfig for communicating with the reva token manager TokenManagerConfig config.TokenManager // PolicySelectorConfig for using the policy selector PolicySelector config.PolicySelector // HTTPClient to use for communication with the oidcAuth provider HTTPClient *http.Client // UP UserProvider backend.UserBackend // SettingsRoleService for the roles API in settings SettingsRoleService settingssvc.RoleService // OIDCProviderFunc to lazily initialize an oidc provider, must be set for the oidc_auth middleware OIDCProviderFunc func() (OIDCProvider, error) // OIDCIss is the oidcAuth-issuer OIDCIss string // RevaGatewayClient to send requests to the reva gateway RevaGatewayClient gateway.GatewayAPIClient // Store for persisting data Store storesvc.StoreService // PreSignedURLConfig to configure the middleware PreSignedURLConfig config.PreSignedURL // UserOIDCClaim to read from the oidc claims UserOIDCClaim string // UserCS3Claim to use when looking up a user in the CS3 API UserCS3Claim string // AutoprovisionAccounts when an accountResolver does not exist. AutoprovisionAccounts bool // EnableBasicAuth to allow basic auth EnableBasicAuth bool // UserinfoCacheSize defines the max number of entries in the userinfo cache, intended for the oidc_auth middleware UserinfoCacheSize int // UserinfoCacheTTL sets the max cache duration for the userinfo cache, intended for the oidc_auth middleware UserinfoCacheTTL time.Duration // CredentialsByUserAgent sets the auth challenges on a per user-agent basis CredentialsByUserAgent map[string]string // AccessTokenVerifyMethod configures how access_tokens should be verified but the oidc_auth middleware. // Possible values currently: "jwt" and "none" AccessTokenVerifyMethod string // JWKS sets the options for fetching the JWKS from the IDP JWKS config.JWKS }
Options defines the available options for this package.
type PublicShareAuthenticator ¶
type PublicShareAuthenticator struct {}
PublicShareAuthenticator is the authenticator which can authenticate public share requests. It will add the share owner into the request context.
func (PublicShareAuthenticator) Authenticate ¶
Authenticate implements the authenticator interface to authenticate requests via public share auth.
type SignedURLAuthenticator ¶
type SignedURLAuthenticator struct { Logger log.Logger PreSignedURLConfig config.PreSignedURL UserProvider backend.UserBackend Store storesvc.StoreService }
SignedURLAuthenticator is the authenticator responsible for authenticating signed URL requests.
func (SignedURLAuthenticator) Authenticate ¶
Authenticate implements the authenticator interface to authenticate requests via signed URL auth.