auth

package
v0.0.34 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthDB added in v0.0.8 

type AuthDB struct {
	// contains filtered or unexported fields
}

func NewAuthDB added in v0.0.8 

func NewAuthDB(gormdb *gorm.DB) *AuthDB

func (*AuthDB) DeleteAuthFlowById added in v0.0.8 

func (adb *AuthDB) DeleteAuthFlowById(entityId string) bool

func (*AuthDB) EnsureChannel added in v0.0.8 

func (adb *AuthDB) EnsureChannel(provider string, loginId string, params utils.StringMap) (*Channel, bool)

func (*AuthDB) EnsureIdentity added in v0.0.8 

func (adb *AuthDB) EnsureIdentity(idType string, idKey string, params utils.StringMap) (*Identity, bool)

func (*AuthDB) GetAuthFlowById added in v0.0.8 

func (adb *AuthDB) GetAuthFlowById(entityId string) (*AuthFlow, error)

func (*AuthDB) GetChannel added in v0.0.8 

func (adb *AuthDB) GetChannel(provider string, loginId string) (*Channel, error)

func (*AuthDB) GetIdentity added in v0.0.8 

func (adb *AuthDB) GetIdentity(idType string, idKey string) (*Identity, error)

func (*AuthDB) SaveAuthFlow added in v0.0.8 

func (adb *AuthDB) SaveAuthFlow(entity *AuthFlow) (err error)

*

  • Creates a new auth session object to track a login request.

func (*AuthDB) SaveChannel added in v0.0.8 

func (adb *AuthDB) SaveChannel(entity *Channel) (err error)

func (*AuthDB) SaveIdentity added in v0.0.8 

func (adb *AuthDB) SaveIdentity(entity *Identity) (err error)

type AuthFlow 

type AuthFlow struct {
	dal.BaseEntity

	// A unique Auth Session ID
	ID string

	// Kind of login being done
	Provider string

	// When this Auth session expires;
	ExpiresIn time.Time // 300

	// Handler that will continue the flow after a successful AuthFlow.
	HandlerName string // "login"

	// Parameters for the handler to continue with.
	HandlerParams dal.JsonField `gorm:"type:text"`
}

func (*AuthFlow) HasKey 

func (af *AuthFlow) HasKey() bool

And others things here

type AuthFlowCredentialsReceived 

type AuthFlowCredentialsReceived = func(ctx *gin.Context)

type AuthFlowFailedFunc added in v0.0.8 

type AuthFlowFailedFunc = func(authFlow *AuthFlow, ctx *gin.Context)

type AuthFlowIdentityEnsured 

type AuthFlowIdentityEnsured = func(channel *Channel, identity *Identity)

type AuthFlowStarted added in v0.0.8 

type AuthFlowStarted = func(authFlow *AuthFlow, ctx *gin.Context)

type AuthFlowStore 

type AuthFlowStore interface {
	GetAuthFlowById(authFlowId string) (*AuthFlow, error)
	DeleteAuthFlowById(authFlowId string) bool
	/**
	 * Creates a new auth session object to track a login request.
	 */
	SaveAuthFlow(authFlow *AuthFlow) *AuthFlow
}

type AuthFlowSucceededFunc added in v0.0.8 

type AuthFlowSucceededFunc = func(authFlow *AuthFlow, ctx *gin.Context)

type Authenticator 

type Authenticator struct {
	Provider      string
	ChannelStore  ChannelStore
	IdentityStore IdentityStore
	AuthFlowStore AuthFlowStore

	/**
	 * Step 1. This kicks off the actual auth where credentials can be
	 * extracted from the user.
	 */
	OnAuthFlowStarted AuthFlowStarted

	/**
	 * Step 2.  Once the auth flow is started (eg via a redirect to the provider),
	 * the provider can either redirect to the callback URL (or the user can submit
	 * credentials resulting in a post to this handler).  This gives us a chance to
	 * verify the credentials (and the caller/provider) and redirect success or
	 * failure as necessary.
	 */
	OnAuthFlowCredentialsReceived AuthFlowCredentialsReceived

	/**
	 * Step 3. If credential verification was a success then the provider returns
	 * valid tokens and profile information for us to use/extract.  This method
	 * allows us to extract the channel and identity information from this payload.
	 * This channel ID could be just the user's identity ID too (email, phone etc).
	 */
	IdentityFromProfile IdentityFromProfileFunc

	/**
	 * Step 4. In the previous step the channel and identity information that is
	 * extracted can be processed here by creating new User objects or associating
	 * with existing User objects as is fit within the logic of the application.
	 */
	OnIdentityEnsured AuthFlowIdentityEnsured

	/**
	 * Step 5. Finally after all auth is complete and successful, the continueAuthFlow
	 * callback allows the user to resume the original purpose of the auth flow.
	 * If this method is not provided then a simple redirect to "/" is performed.
	 */
	OnAuthFlowSucceeded AuthFlowSucceededFunc
	OnAuthFlowFailed    AuthFlowFailedFunc
}

*

  • A class that handles the multi step auth flow for verifying (and identifying) an
  • identity. *
  • The general workflow is as follows: *
  • 1. A user tries to access a resource at url ResourceUrl
  • 2. The request handler for ResourceUrl decides user is either not authenticated or
  • not authorized
  • - A user can be logged in but may require a different Agent or Role to be handy
  • to authorize access.
  • - The Authorizer will be redirected to at this point - getAuthorizer(ResourceUrl).startAuth(this);
  • 3. The Authorizer here may perform the auth without any control of "us".
  • 4. If Auth fails, the Authorizer will call back our failure endpoint.
  • 5. If AUth succeeds, the Authorizer will call our callback endpoint; *
  • General flow goes as follows: *
  • 1. User Visits /xyz
  • 2. Request handler for /xyz kicks off an auth if not logged in (more in step 10).
  • 3. Handler(/xyz) redirects to /auth/login?callbackURL=<callbackURL>
  • 4. User selects one of the login types /auth/<provider>/login?callbackURL=<callbackURL>
  • 5. Login handler creates a new authFlow instance and saves it in the
  • session. This will be used later. In (3) instead of a callbackURL
  • an authFlow can also be provided in which a new AuthFlow wont be
  • created.
  • 6. Here passport forwards off to the provider login callback to
  • perform all manner of logins.
  • 7. After login is completed the callback URL is called with credentials
  • (or failures in which case failure redirect is called).
  • 8. Here continueAuthFlow is called with a successful auth flow.
  • 9. Here we have the chance to handle the channel that was created
  • - saved as req.currChannel
  • 10. Now is a chance to create req.loggedInUser so it is available for
  • other requests going forward.

func (*Authenticator) AuthFlowCompleted 

func (auth *Authenticator) AuthFlowCompleted(success bool, ctx *gin.Context)

func (*Authenticator) AuthFlowFailed added in v0.0.8 

func (auth *Authenticator) AuthFlowFailed(ctx *gin.Context)

*

  • Step 4b. Instead of step 4, this is called (by the provider)
  • if auth failed.

func (*Authenticator) AuthFlowSucceeded added in v0.0.8 

func (auth *Authenticator) AuthFlowSucceeded(ctx *gin.Context)

*

  • Step 4. After auth is successful this method is called to resume the
  • auth flow for the original purpose it was kicked off.

func (*Authenticator) AuthFlowVerified 

func (auth *Authenticator) AuthFlowVerified(ctx *gin.Context, tokens utils.StringMap, params utils.StringMap, profile utils.StringMap) (*Channel, *Identity)

*

  • Step 3 - Method called auth has been verified with us receiving the verified
  • tokens etc. *
  • Here a channel is created along from the succeeded auth flow and is an
  • opportunity to extract identities and create users from this flow. *
  • This method is called after authFlowCredentialsReceived by the entity
  • verifying the auth flow credentials.

func (*Authenticator) EnsureAuthFlow 

func (auth *Authenticator) EnsureAuthFlow(authFlowId string, callbackURL string) (authFlow *AuthFlow)

*

  • Ensures that an auth flow exists and that it matches that for this
  • given provider.

func (*Authenticator) HandleAuthFlowCredentials 

func (auth *Authenticator) HandleAuthFlowCredentials(ctx *gin.Context)

*

  • Step 2. Called by the redirect/callback handler when credentials are provided
  • either by the user or by the auth provider.

func (*Authenticator) StartAuthFlow 

func (auth *Authenticator) StartAuthFlow(ctx *gin.Context)

*

  • Step 1 - Called to initiate the auth flow.

type CallbackRequest 

type CallbackRequest struct {
	Hostname string

	Path string

	// Method to call the callback URL on
	Method string

	// Headers for this request
	Headers utils.StringMap
	// contains filtered or unexported fields
}

func (*CallbackRequest) FullURL 

func (c *CallbackRequest) FullURL() string

type Channel 

type Channel struct {
	dal.BaseEntity

	Provider string `gorm:"primaryKey"`
	LoginId  string `gorm:"primaryKey"`

	/**
	 * Credentials for this channel (like access tokens, hashed passwords etc).
	 */
	Credentials dal.JsonField `gorm:"type:text"`

	/**
	 * Profile as passed by the provider of the channel.
	 */
	Profile dal.JsonField `gorm:"type:text"`

	/**
	 * When does this channel expire and needs another login/auth.
	 */
	ExpiresAt time.Time

	// The identity that this channel is verifying.
	IdentityKey string
}

*

  • Channel's represented federated verification objects. For example a Google
  • Signin would ensure that the user that goes through this flow will end up with
  • a Google signin Channel - which would verify a particular identity type.

func NewChannel added in v0.0.8 

func NewChannel(provider string, loginId string, params utils.StringMap) *Channel

func (*Channel) HasIdentity 

func (ch *Channel) HasIdentity() bool

func (*Channel) HasKey 

func (ch *Channel) HasKey() bool

func (*Channel) Key 

func (ch *Channel) Key() string

type ChannelStore 

type ChannelStore interface {
	SaveChannel(channel *Channel) error
	EnsureChannel(provider string, loginId string, params utils.StringMap) (*Channel, bool)
}

type EnsureLoginConfig 

type EnsureLoginConfig struct {
	GetRedirURL   func(ctx *gin.Context) string
	UserParamName string
}

type Identity 

type Identity struct {
	dal.BaseEntity

	// Type of identity being verified (eg email, phone etc).
	IdentityType string `gorm:"primaryKey"`

	// The key specific to the identity (eg an email address or a phone number etc).
	//
	// type + key should be unique through out the system.
	IdentityKey string `gorm:"primaryKey"`

	// The primary user that this identity can be associated with.
	// Identities do not need to be explicitly associted with a user especially
	// in systems where a single Identity can be used to front several users
	PrimaryUser string
}

*

  • An identify is a unique global "address" corresponding to a user.
  • For example the identify abc@example.com is a unique identify regardless
  • of which Channel is verifying it. Multiple channels can verify the same
  • entity, eg open auth by github, FB or Google can verify the same email
  • address.

func NewIdentity added in v0.0.8 

func NewIdentity(idType string, idKey string) *Identity

func (*Identity) HasKey 

func (id *Identity) HasKey() bool

func (*Identity) HasUser 

func (id *Identity) HasUser() bool

func (*Identity) Key 

func (id *Identity) Key() string

type IdentityFromProfileFunc 

type IdentityFromProfileFunc = func(profile utils.StringMap) (ChannelId string, IdentityType string, IdentityKey string)

type IdentityStore 

type IdentityStore interface {
	EnsureIdentity(identityType string, identityKey string, params utils.StringMap) (*Identity, bool)
}

type RequestHandler 

type RequestHandler = func(ctx *gin.Context)

func EnsureLogin added in v0.0.9 

func EnsureLogin(config *EnsureLoginConfig) RequestHandler

*

  • Redirects users to login screen of they are not logged in
  • @param req Request object
  • @param res Response object
  • @param next next function

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.