Documentation
¶
Index ¶
- Constants
- Variables
- func AccessLog(logger log.Logger) func(http.Handler) http.Handler
- func AccountResolver(optionSetters ...Option) func(next http.Handler) http.Handler
- func Authentication(auths []Authenticator, opts ...Option) func(next http.Handler) http.Handler
- func CreateHome(optionSetters ...Option) func(next http.Handler) http.Handler
- func HTTPSRedirect(next http.Handler) http.Handler
- func OIDCWellKnownRewrite(logger log.Logger, oidcISS string, rewrite bool, oidcClient *http.Client) func(http.Handler) http.Handler
- func SelectorCookie(optionSetters ...Option) func(next http.Handler) http.Handler
- type Authenticator
- type BasicAuthenticator
- type OIDCAuthenticator
- type OIDCProvider
- type Option
- func AccessTokenVerifyMethod(method string) Option
- func AutoprovisionAccounts(val bool) Option
- func CredentialsByUserAgent(v map[string]string) Option
- func EnableBasicAuth(enableBasicAuth bool) Option
- func HTTPClient(c *http.Client) Option
- func JWKSOptions(jo config.JWKS) Option
- func Logger(l log.Logger) Option
- func OIDCIss(iss string) Option
- func OIDCProviderFunc(f func() (OIDCProvider, error)) Option
- func PolicySelectorConfig(cfg config.PolicySelector) Option
- func PreSignedURLConfig(cfg config.PreSignedURL) Option
- func RevaGatewayClient(gc gateway.GatewayAPIClient) Option
- func SettingsRoleService(rc settingssvc.RoleService) Option
- func Store(sc storesvc.StoreService) Option
- func TokenCacheSize(size int) Option
- func TokenCacheTTL(ttl time.Duration) Option
- func TokenManagerConfig(cfg config.TokenManager) Option
- func UserCS3Claim(val string) Option
- func UserOIDCClaim(val string) Option
- func UserProvider(up backend.UserBackend) Option
- type Options
- type PublicShareAuthenticator
- type SignedURLAuthenticator
Constants ¶
const (
// WwwAuthenticate captures the Www-Authenticate header string.
WwwAuthenticate = "Www-Authenticate"
)
Variables ¶
var ( // SupportedAuthStrategies stores configured challenges. SupportedAuthStrategies []string // ProxyWwwAuthenticate is a list of endpoints that do not rely on reva underlying authentication, such as ocs. // services that fallback to reva authentication are declared in the "frontend" command on oCIS. It is a list of // regexp.Regexp which are safe to use concurrently. ProxyWwwAuthenticate = []regexp.Regexp{*regexp.MustCompile("/ocs/v[12].php/cloud/")} )
Functions ¶
func AccountResolver ¶
AccountResolver provides a middleware which mints a jwt and adds it to the proxied request based on the oidc-claims
func Authentication ¶
Authentication is a higher order authentication middleware.
func CreateHome ¶
CreateHome provides a middleware which sends a CreateHome request to the reva gateway
func HTTPSRedirect ¶
HTTPSRedirect redirects insecure requests to https
Types ¶
type Authenticator ¶
type Authenticator interface {
// Authenticate is used to authenticate incoming HTTP requests.
// The Authenticator may augment the request with user info or anything related to the
// authentication and return the augmented request.
Authenticate(*http.Request) (*http.Request, bool)
}
Authenticator is the common interface implemented by all request authenticators.
type BasicAuthenticator ¶
type BasicAuthenticator struct {
Logger log.Logger
UserProvider backend.UserBackend
UserCS3Claim string
UserOIDCClaim string
}
BasicAuthenticator is the authenticator responsible for HTTP Basic authentication.
func (BasicAuthenticator) Authenticate ¶
Authenticate implements the authenticator interface to authenticate requests via basic auth.
type OIDCAuthenticator ¶
type OIDCAuthenticator struct {
Logger log.Logger
HTTPClient *http.Client
OIDCIss string
TokenCacheTTL time.Duration
ProviderFunc func() (OIDCProvider, error)
AccessTokenVerifyMethod string
JWKSOptions config.JWKS
JWKS *keyfunc.JWKS
// contains filtered or unexported fields
}
OIDCAuthenticator is an authenticator responsible for OIDC authentication.
func NewOIDCAuthenticator ¶
func NewOIDCAuthenticator(logger log.Logger, tokenCacheTTL int, oidcHTTPClient *http.Client, oidcIss string, providerFunc func() (OIDCProvider, error), jwksOptions config.JWKS, accessTokenVerifyMethod string) *OIDCAuthenticator
NewOIDCAuthenticator returns a ready to use authenticator which can handle OIDC authentication.
func (*OIDCAuthenticator) Authenticate ¶
Authenticate implements the authenticator interface to authenticate requests via oidc auth.
type OIDCProvider ¶
type OIDCProvider interface {
UserInfo(ctx context.Context, ts oauth2.TokenSource) (*gOidc.UserInfo, error)
}
OIDCProvider used to mock the oidc provider during tests
type Option ¶
type Option func(o *Options)
Option defines a single option function.
func AccessTokenVerifyMethod ¶
AccessTokenVerifyMethod set the mechanism for access token verification
func AutoprovisionAccounts ¶
AutoprovisionAccounts provides a function to set the AutoprovisionAccounts config
func CredentialsByUserAgent ¶
CredentialsByUserAgent sets UserAgentChallenges.
func EnableBasicAuth ¶
EnableBasicAuth provides a function to set the EnableBasicAuth config
func HTTPClient ¶
HTTPClient provides a function to set the http client config option.
func JWKSOptions ¶
JWKS sets the options for fetching the JWKS from the IDP
func OIDCProviderFunc ¶
func OIDCProviderFunc(f func() (OIDCProvider, error)) Option
OIDCProviderFunc provides a function to set the the oidc provider function option.
func PolicySelectorConfig ¶
func PolicySelectorConfig(cfg config.PolicySelector) Option
PolicySelectorConfig provides a function to set the policy selector config option.
func PreSignedURLConfig ¶
func PreSignedURLConfig(cfg config.PreSignedURL) Option
PreSignedURLConfig provides a function to set the PreSignedURL config
func RevaGatewayClient ¶
func RevaGatewayClient(gc gateway.GatewayAPIClient) Option
RevaGatewayClient provides a function to set the the reva gateway service client option.
func SettingsRoleService ¶
func SettingsRoleService(rc settingssvc.RoleService) Option
SettingsRoleService provides a function to set the role service option.
func Store ¶
func Store(sc storesvc.StoreService) Option
Store provides a function to set the store option.
func TokenCacheSize ¶
TokenCacheSize provides a function to set the TokenCacheSize
func TokenCacheTTL ¶
TokenCacheTTL provides a function to set the TokenCacheTTL
func TokenManagerConfig ¶
func TokenManagerConfig(cfg config.TokenManager) Option
TokenManagerConfig provides a function to set the token manger config option.
func UserCS3Claim ¶
UserCS3Claim provides a function to set the UserClaimType config
func UserOIDCClaim ¶
UserOIDCClaim provides a function to set the UserClaim config
func UserProvider ¶
func UserProvider(up backend.UserBackend) Option
UserProvider sets the accounts user provider
type Options ¶
type Options struct {
// Logger to use for logging, must be set
Logger log.Logger
// TokenManagerConfig for communicating with the reva token manager
TokenManagerConfig config.TokenManager
// PolicySelectorConfig for using the policy selector
PolicySelector config.PolicySelector
// HTTPClient to use for communication with the oidcAuth provider
HTTPClient *http.Client
// UP
UserProvider backend.UserBackend
// SettingsRoleService for the roles API in settings
SettingsRoleService settingssvc.RoleService
// OIDCProviderFunc to lazily initialize an oidc provider, must be set for the oidc_auth middleware
OIDCProviderFunc func() (OIDCProvider, error)
// OIDCIss is the oidcAuth-issuer
OIDCIss string
// RevaGatewayClient to send requests to the reva gateway
RevaGatewayClient gateway.GatewayAPIClient
// Store for persisting data
Store storesvc.StoreService
// PreSignedURLConfig to configure the middleware
PreSignedURLConfig config.PreSignedURL
// UserOIDCClaim to read from the oidc claims
UserOIDCClaim string
// UserCS3Claim to use when looking up a user in the CS3 API
UserCS3Claim string
// AutoprovisionAccounts when an accountResolver does not exist.
AutoprovisionAccounts bool
// EnableBasicAuth to allow basic auth
EnableBasicAuth bool
// UserinfoCacheSize defines the max number of entries in the userinfo cache, intended for the oidc_auth middleware
UserinfoCacheSize int
// UserinfoCacheTTL sets the max cache duration for the userinfo cache, intended for the oidc_auth middleware
UserinfoCacheTTL time.Duration
// CredentialsByUserAgent sets the auth challenges on a per user-agent basis
CredentialsByUserAgent map[string]string
// AccessTokenVerifyMethod configures how access_tokens should be verified but the oidc_auth middleware.
// Possible values currently: "jwt" and "none"
AccessTokenVerifyMethod string
// JWKS sets the options for fetching the JWKS from the IDP
JWKS config.JWKS
}
Options defines the available options for this package.
type PublicShareAuthenticator ¶
type PublicShareAuthenticator struct {
}
PublicShareAuthenticator is the authenticator which can authenticate public share requests. It will add the share owner into the request context.
func (PublicShareAuthenticator) Authenticate ¶
Authenticate implements the authenticator interface to authenticate requests via public share auth.
type SignedURLAuthenticator ¶
type SignedURLAuthenticator struct {
Logger log.Logger
PreSignedURLConfig config.PreSignedURL
UserProvider backend.UserBackend
Store storesvc.StoreService
}
SignedURLAuthenticator is the authenticator responsible for authenticating signed URL requests.
func (SignedURLAuthenticator) Authenticate ¶
Authenticate implements the authenticator interface to authenticate requests via signed URL auth.
Source Files