middleware

package
v2.0.0-beta.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 13, 2022 License: Apache-2.0 Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// WwwAuthenticate captures the Www-Authenticate header string.
	WwwAuthenticate = "Www-Authenticate"
)

Variables

View Source
var (
	// SupportedAuthStrategies stores configured challenges.
	SupportedAuthStrategies []string

	// ProxyWwwAuthenticate is a list of endpoints that do not rely on reva underlying authentication, such as ocs.
	// services that fallback to reva authentication are declared in the "frontend" command on oCIS. It is a list of
	// regexp.Regexp which are safe to use concurrently.
	ProxyWwwAuthenticate = []regexp.Regexp{*regexp.MustCompile("/ocs/v[12].php/cloud/")}
)

Functions

func AccessLog

func AccessLog(logger log.Logger) func(http.Handler) http.Handler

AccessLog is a middleware to log http requests at info level logging.

func AccountResolver

func AccountResolver(optionSetters ...Option) func(next http.Handler) http.Handler

AccountResolver provides a middleware which mints a jwt and adds it to the proxied request based on the oidc-claims

func Authentication

func Authentication(auths []Authenticator, opts ...Option) func(next http.Handler) http.Handler

Authentication is a higher order authentication middleware.

func CreateHome

func CreateHome(optionSetters ...Option) func(next http.Handler) http.Handler

CreateHome provides a middleware which sends a CreateHome request to the reva gateway

func HTTPSRedirect

func HTTPSRedirect(next http.Handler) http.Handler

HTTPSRedirect redirects insecure requests to https

func OIDCWellKnownRewrite

func OIDCWellKnownRewrite(logger log.Logger, oidcISS string, rewrite bool, oidcClient *http.Client) func(http.Handler) http.Handler

OIDCWellKnownRewrite is a middleware that rewrites the /.well-known/openid-configuration endpoint for external IDPs.

func SelectorCookie

func SelectorCookie(optionSetters ...Option) func(next http.Handler) http.Handler

SelectorCookie provides a middleware which

Types

type Authenticator

type Authenticator interface {
	// Authenticate is used to authenticate incoming HTTP requests.
	// The Authenticator may augment the request with user info or anything related to the
	// authentication and return the augmented request.
	Authenticate(*http.Request) (*http.Request, bool)
}

Authenticator is the common interface implemented by all request authenticators.

type BasicAuthenticator

type BasicAuthenticator struct {
	Logger        log.Logger
	UserProvider  backend.UserBackend
	UserCS3Claim  string
	UserOIDCClaim string
}

BasicAuthenticator is the authenticator responsible for HTTP Basic authentication.

func (BasicAuthenticator) Authenticate

func (m BasicAuthenticator) Authenticate(r *http.Request) (*http.Request, bool)

Authenticate implements the authenticator interface to authenticate requests via basic auth.

type OIDCAuthenticator

type OIDCAuthenticator struct {
	Logger     log.Logger
	HTTPClient *http.Client
	OIDCIss    string

	TokenCacheTTL           time.Duration
	ProviderFunc            func() (OIDCProvider, error)
	AccessTokenVerifyMethod string
	JWKSOptions             config.JWKS

	JWKS *keyfunc.JWKS
	// contains filtered or unexported fields
}

OIDCAuthenticator is an authenticator responsible for OIDC authentication.

func NewOIDCAuthenticator

func NewOIDCAuthenticator(logger log.Logger, tokenCacheTTL int, oidcHTTPClient *http.Client, oidcIss string, providerFunc func() (OIDCProvider, error),
	jwksOptions config.JWKS, accessTokenVerifyMethod string) OIDCAuthenticator

NewOIDCAuthenticator returns a ready to use authenticator which can handle OIDC authentication.

func (OIDCAuthenticator) Authenticate

func (m OIDCAuthenticator) Authenticate(r *http.Request) (*http.Request, bool)

Authenticate implements the authenticator interface to authenticate requests via oidc auth.

type OIDCProvider

type OIDCProvider interface {
	UserInfo(ctx context.Context, ts oauth2.TokenSource) (*gOidc.UserInfo, error)
}

OIDCProvider used to mock the oidc provider during tests

type Option

type Option func(o *Options)

Option defines a single option function.

func AccessTokenVerifyMethod

func AccessTokenVerifyMethod(method string) Option

AccessTokenVerifyMethod set the mechanism for access token verification

func AutoprovisionAccounts

func AutoprovisionAccounts(val bool) Option

AutoprovisionAccounts provides a function to set the AutoprovisionAccounts config

func CredentialsByUserAgent

func CredentialsByUserAgent(v map[string]string) Option

CredentialsByUserAgent sets UserAgentChallenges.

func EnableBasicAuth

func EnableBasicAuth(enableBasicAuth bool) Option

EnableBasicAuth provides a function to set the EnableBasicAuth config

func HTTPClient

func HTTPClient(c *http.Client) Option

HTTPClient provides a function to set the http client config option.

func JWKSOptions

func JWKSOptions(jo config.JWKS) Option

JWKS sets the options for fetching the JWKS from the IDP

func Logger

func Logger(l log.Logger) Option

Logger provides a function to set the logger option.

func OIDCIss

func OIDCIss(iss string) Option

OIDCIss sets the oidcAuth issuer url

func OIDCProviderFunc

func OIDCProviderFunc(f func() (OIDCProvider, error)) Option

OIDCProviderFunc provides a function to set the the oidc provider function option.

func PolicySelectorConfig

func PolicySelectorConfig(cfg config.PolicySelector) Option

PolicySelectorConfig provides a function to set the policy selector config option.

func PreSignedURLConfig

func PreSignedURLConfig(cfg config.PreSignedURL) Option

PreSignedURLConfig provides a function to set the PreSignedURL config

func RevaGatewayClient

func RevaGatewayClient(gc gateway.GatewayAPIClient) Option

RevaGatewayClient provides a function to set the the reva gateway service client option.

func SettingsRoleService

func SettingsRoleService(rc settingssvc.RoleService) Option

SettingsRoleService provides a function to set the role service option.

func Store

func Store(sc storesvc.StoreService) Option

Store provides a function to set the store option.

func TokenCacheSize

func TokenCacheSize(size int) Option

TokenCacheSize provides a function to set the TokenCacheSize

func TokenCacheTTL

func TokenCacheTTL(ttl time.Duration) Option

TokenCacheTTL provides a function to set the TokenCacheTTL

func TokenManagerConfig

func TokenManagerConfig(cfg config.TokenManager) Option

TokenManagerConfig provides a function to set the token manger config option.

func UserCS3Claim

func UserCS3Claim(val string) Option

UserCS3Claim provides a function to set the UserClaimType config

func UserOIDCClaim

func UserOIDCClaim(val string) Option

UserOIDCClaim provides a function to set the UserClaim config

func UserProvider

func UserProvider(up backend.UserBackend) Option

UserProvider sets the accounts user provider

type Options

type Options struct {
	// Logger to use for logging, must be set
	Logger log.Logger
	// TokenManagerConfig for communicating with the reva token manager
	TokenManagerConfig config.TokenManager
	// PolicySelectorConfig for using the policy selector
	PolicySelector config.PolicySelector
	// HTTPClient to use for communication with the oidcAuth provider
	HTTPClient *http.Client
	// UP
	UserProvider backend.UserBackend
	// SettingsRoleService for the roles API in settings
	SettingsRoleService settingssvc.RoleService
	// OIDCProviderFunc to lazily initialize an oidc provider, must be set for the oidc_auth middleware
	OIDCProviderFunc func() (OIDCProvider, error)
	// OIDCIss is the oidcAuth-issuer
	OIDCIss string
	// RevaGatewayClient to send requests to the reva gateway
	RevaGatewayClient gateway.GatewayAPIClient
	// Store for persisting data
	Store storesvc.StoreService
	// PreSignedURLConfig to configure the middleware
	PreSignedURLConfig config.PreSignedURL
	// UserOIDCClaim to read from the oidc claims
	UserOIDCClaim string
	// UserCS3Claim to use when looking up a user in the CS3 API
	UserCS3Claim string
	// AutoprovisionAccounts when an accountResolver does not exist.
	AutoprovisionAccounts bool
	// EnableBasicAuth to allow basic auth
	EnableBasicAuth bool
	// UserinfoCacheSize defines the max number of entries in the userinfo cache, intended for the oidc_auth middleware
	UserinfoCacheSize int
	// UserinfoCacheTTL sets the max cache duration for the userinfo cache, intended for the oidc_auth middleware
	UserinfoCacheTTL time.Duration
	// CredentialsByUserAgent sets the auth challenges on a per user-agent basis
	CredentialsByUserAgent map[string]string
	// AccessTokenVerifyMethod configures how access_tokens should be verified but the oidc_auth middleware.
	// Possible values currently: "jwt" and "none"
	AccessTokenVerifyMethod string
	// JWKS sets the options for fetching the JWKS from the IDP
	JWKS config.JWKS
}

Options defines the available options for this package.

type PublicShareAuthenticator

type PublicShareAuthenticator struct {
	Logger            log.Logger
	RevaGatewayClient gateway.GatewayAPIClient
}

PublicShareAuthenticator is the authenticator which can authenticate public share requests. It will add the share owner into the request context.

func (PublicShareAuthenticator) Authenticate

func (a PublicShareAuthenticator) Authenticate(r *http.Request) (*http.Request, bool)

Authenticate implements the authenticator interface to authenticate requests via public share auth.

type SignedURLAuthenticator

type SignedURLAuthenticator struct {
	Logger             log.Logger
	PreSignedURLConfig config.PreSignedURL
	UserProvider       backend.UserBackend
	Store              storesvc.StoreService
}

SignedURLAuthenticator is the authenticator responsible for authenticating signed URL requests.

func (SignedURLAuthenticator) Authenticate

func (m SignedURLAuthenticator) Authenticate(r *http.Request) (*http.Request, bool)

Authenticate implements the authenticator interface to authenticate requests via signed URL auth.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL