auth

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 1, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncodeURIComponent added in v0.0.8 

func EncodeURIComponent(str string) string

Types

type AuthDB added in v0.0.8 

type AuthDB struct {
	// contains filtered or unexported fields
}

func NewAuthDB added in v0.0.8 

func NewAuthDB(gormdb *gorm.DB) *AuthDB

func (*AuthDB) DeleteAuthFlowById added in v0.0.8 

func (adb *AuthDB) DeleteAuthFlowById(entityId string) bool

func (*AuthDB) EnsureChannel added in v0.0.8 

func (adb *AuthDB) EnsureChannel(provider string, loginId string, params utils.StringMap) (*Channel, bool)

func (*AuthDB) EnsureIdentity added in v0.0.8 

func (adb *AuthDB) EnsureIdentity(idType string, idKey string, params utils.StringMap) (*Identity, bool)

func (*AuthDB) GetAuthFlowById added in v0.0.8 

func (adb *AuthDB) GetAuthFlowById(entityId string) (*AuthFlow, error)

func (*AuthDB) GetChannel added in v0.0.8 

func (adb *AuthDB) GetChannel(provider string, loginId string) (*Channel, error)

func (*AuthDB) GetIdentity added in v0.0.8 

func (adb *AuthDB) GetIdentity(idType string, idKey string) (*Identity, error)

func (*AuthDB) SaveAuthFlow added in v0.0.8 

func (adb *AuthDB) SaveAuthFlow(entity *AuthFlow) (err error)

*

  • Creates a new auth session object to track a login request.

func (*AuthDB) SaveChannel added in v0.0.8 

func (adb *AuthDB) SaveChannel(entity *Channel) (err error)

func (*AuthDB) SaveIdentity added in v0.0.8 

func (adb *AuthDB) SaveIdentity(entity *Identity) (err error)

type AuthFlow 

type AuthFlow struct {
	dal.BaseEntity

	// A unique Auth Session ID
	ID string

	// Kind of login being done
	Provider string

	// When this Auth session expires;
	ExpiresIn time.Time // 300

	// Handler that will continue the flow after a successful AuthFlow.
	HandlerName string // "login"

	// Parameters for the handler to continue with.
	HandlerParams dal.JsonField `gorm:"type:text"`
}

func (*AuthFlow) HasKey 

func (af *AuthFlow) HasKey() bool

And others things here

type AuthFlowCredentialsReceived 

type AuthFlowCredentialsReceived = func(ctx *gin.Context)

type AuthFlowFailedFunc added in v0.0.8 

type AuthFlowFailedFunc = func(authFlow *AuthFlow, ctx *gin.Context)

type AuthFlowIdentityEnsured 

type AuthFlowIdentityEnsured = func(channel *Channel, identity *Identity)

type AuthFlowStarted added in v0.0.8 

type AuthFlowStarted = func(authFlow *AuthFlow, ctx *gin.Context)

type AuthFlowStore 

type AuthFlowStore interface {
	GetAuthFlowById(authFlowId string) (*AuthFlow, error)
	DeleteAuthFlowById(authFlowId string) bool
	/**
	 * Creates a new auth session object to track a login request.
	 */
	SaveAuthFlow(authFlow *AuthFlow) *AuthFlow
}

type AuthFlowSucceededFunc added in v0.0.8 

type AuthFlowSucceededFunc = func(authFlow *AuthFlow, ctx *gin.Context)

type Authenticator 

type Authenticator struct {
	Provider      string
	ChannelStore  ChannelStore
	IdentityStore IdentityStore
	AuthFlowStore AuthFlowStore

	/**
	 * Step 1. This kicks off the actual auth where credentials can be
	 * extracted from the user.
	 */
	OnAuthFlowStarted AuthFlowStarted

	/**
	 * Step 2.  Once the auth flow is started (eg via a redirect to the provider),
	 * the provider can either redirect to the callback URL (or the user can submit
	 * credentials resulting in a post to this handler).  This gives us a chance to
	 * verify the credentials (and the caller/provider) and redirect success or
	 * failure as necessary.
	 */
	OnAuthFlowCredentialsReceived AuthFlowCredentialsReceived

	/**
	 * Step 3. If credential verification was a success then the provider returns
	 * valid tokens and profile information for us to use/extract.  This method
	 * allows us to extract the channel and identity information from this payload.
	 * This channel ID could be just the user's identity ID too (email, phone etc).
	 */
	IdentityFromProfile IdentityFromProfileFunc

	/**
	 * Step 4. In the previous step the channel and identity information that is
	 * extracted can be processed here by creating new User objects or associating
	 * with existing User objects as is fit within the logic of the application.
	 */
	OnIdentityEnsured AuthFlowIdentityEnsured

	/**
	 * Step 5. Finally after all auth is complete and successful, the continueAuthFlow
	 * callback allows the user to resume the original purpose of the auth flow.
	 * If this method is not provided then a simple redirect to "/" is performed.
	 */
	OnAuthFlowSucceeded AuthFlowSucceededFunc
	OnAuthFlowFailed    AuthFlowFailedFunc
}

*

  • A class that handles the multi step auth flow for verifying (and identifying) an
  • identity. *
  • The general workflow is as follows: *
  • 1. A user tries to access a resource at url ResourceUrl
  • 2. The request handler for ResourceUrl decides user is either not authenticated or
  • not authorized
  • - A user can be logged in but may require a different Agent or Role to be handy
  • to authorize access.
  • - The Authorizer will be redirected to at this point - getAuthorizer(ResourceUrl).startAuth(this);
  • 3. The Authorizer here may perform the auth without any control of "us".
  • 4. If Auth fails, the Authorizer will call back our failure endpoint.
  • 5. If AUth succeeds, the Authorizer will call our callback endpoint; *
  • General flow goes as follows: *
  • 1. User Visits /xyz
  • 2. Request handler for /xyz kicks off an auth if not logged in (more in step 10).
  • 3. Handler(/xyz) redirects to /auth/login?callbackURL=<callbackURL>
  • 4. User selects one of the login types /auth/<provider>/login?callbackURL=<callbackURL>
  • 5. Login handler creates a new authFlow instance and saves it in the
  • session. This will be used later. In (3) instead of a callbackURL
  • an authFlow can also be provided in which a new AuthFlow wont be
  • created.
  • 6. Here passport forwards off to the provider login callback to
  • perform all manner of logins.
  • 7. After login is completed the callback URL is called with credentials
  • (or failures in which case failure redirect is called).
  • 8. Here continueAuthFlow is called with a successful auth flow.
  • 9. Here we have the chance to handle the channel that was created
  • - saved as req.currChannel
  • 10. Now is a chance to create req.loggedInUser so it is available for
  • other requests going forward.

func (*Authenticator) AuthFlowCompleted 

func (auth *Authenticator) AuthFlowCompleted(success bool, ctx *gin.Context)

func (*Authenticator) AuthFlowFailed added in v0.0.8 

func (auth *Authenticator) AuthFlowFailed(ctx *gin.Context)

*

  • Step 4b. Instead of step 4, this is called (by the provider)
  • if auth failed.

func (*Authenticator) AuthFlowSucceeded added in v0.0.8 

func (auth *Authenticator) AuthFlowSucceeded(ctx *gin.Context)

*

  • Step 4. After auth is successful this method is called to resume the
  • auth flow for the original purpose it was kicked off.

func (*Authenticator) AuthFlowVerified 

func (auth *Authenticator) AuthFlowVerified(ctx *gin.Context, tokens utils.StringMap, params utils.StringMap, profile utils.StringMap) (*Channel, *Identity)

*

  • Step 3 - Method called auth has been verified with us receiving the verified
  • tokens etc. *
  • Here a channel is created along from the succeeded auth flow and is an
  • opportunity to extract identities and create users from this flow. *
  • This method is called after authFlowCredentialsReceived by the entity
  • verifying the auth flow credentials.

func (*Authenticator) EnsureAuthFlow 

func (auth *Authenticator) EnsureAuthFlow(authFlowId string, callbackURL string) (authFlow *AuthFlow)

*

  • Ensures that an auth flow exists and that it matches that for this
  • given provider.

func (*Authenticator) HandleAuthFlowCredentials 

func (auth *Authenticator) HandleAuthFlowCredentials(ctx *gin.Context)

*

  • Step 2. Called by the redirect/callback handler when credentials are provided
  • either by the user or by the auth provider.

func (*Authenticator) StartAuthFlow 

func (auth *Authenticator) StartAuthFlow(ctx *gin.Context)

*

  • Step 1 - Called to initiate the auth flow.

type CallbackRequest 

type CallbackRequest struct {
	Hostname string

	Path string

	// Method to call the callback URL on
	Method string

	// Headers for this request
	Headers utils.StringMap
	// contains filtered or unexported fields
}

func (*CallbackRequest) FullURL 

func (c *CallbackRequest) FullURL() string

type Channel 

type Channel struct {
	dal.BaseEntity

	Provider string `gorm:"primaryKey"`
	LoginId  string `gorm:"primaryKey"`

	/**
	 * Credentials for this channel (like access tokens, hashed passwords etc).
	 */
	Credentials dal.JsonField `gorm:"type:text"`

	/**
	 * Profile as passed by the provider of the channel.
	 */
	Profile dal.JsonField `gorm:"type:text"`

	/**
	 * When does this channel expire and needs another login/auth.
	 */
	ExpiresAt time.Time

	// The identity that this channel is verifying.
	IdentityKey string
}

*

  • Channel's represented federated verification objects. For example a Google
  • Signin would ensure that the user that goes through this flow will end up with
  • a Google signin Channel - which would verify a particular identity type.

func NewChannel added in v0.0.8 

func NewChannel(provider string, loginId string, params utils.StringMap) *Channel

func (*Channel) HasIdentity 

func (ch *Channel) HasIdentity() bool

func (*Channel) HasKey 

func (ch *Channel) HasKey() bool

func (*Channel) Key 

func (ch *Channel) Key() string

type ChannelStore 

type ChannelStore interface {
	SaveChannel(channel *Channel) error
	EnsureChannel(provider string, loginId string, params utils.StringMap) (*Channel, bool)
}

type EnsureLoginConfig 

type EnsureLoginConfig struct {
	GetRedirURL   func(ctx *gin.Context) string
	UserParamName string
}

type Identity 

type Identity struct {
	dal.BaseEntity

	// Type of identity being verified (eg email, phone etc).
	IdentityType string `gorm:"primaryKey"`

	// The key specific to the identity (eg an email address or a phone number etc).
	//
	// type + key should be unique through out the system.
	IdentityKey string `gorm:"primaryKey"`

	// The primary user that this identity can be associated with.
	// Identities do not need to be explicitly associted with a user especially
	// in systems where a single Identity can be used to front several users
	PrimaryUser string
}

*

  • An identify is a unique global "address" corresponding to a user.
  • For example the identify abc@example.com is a unique identify regardless
  • of which Channel is verifying it. Multiple channels can verify the same
  • entity, eg open auth by github, FB or Google can verify the same email
  • address.

func NewIdentity added in v0.0.8 

func NewIdentity(idType string, idKey string) *Identity

func (*Identity) HasKey 

func (id *Identity) HasKey() bool

func (*Identity) HasUser 

func (id *Identity) HasUser() bool

func (*Identity) Key 

func (id *Identity) Key() string

type IdentityFromProfileFunc 

type IdentityFromProfileFunc = func(profile utils.StringMap) (ChannelId string, IdentityType string, IdentityKey string)

type IdentityStore 

type IdentityStore interface {
	EnsureIdentity(identityType string, identityKey string, params utils.StringMap) (*Identity, bool)
}

type RequestHandler 

type RequestHandler = func(ctx *gin.Context)

func EnsureLogin added in v0.0.9 

func EnsureLogin(config *EnsureLoginConfig) RequestHandler

*

  • Redirects users to login screen of they are not logged in
  • @param req Request object
  • @param res Response object
  • @param next next function

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.