Documentation
¶
Index ¶
- Variables
- func NewAuthContext(db *bun.DB, kc *kclient.APIClient, apiKeySvc service.ApiKeyService, ...) authContext
- func NewAuthMiddleware(al *zap.Logger, opt Option) negroni.Handler
- func NewRemoteAuthMiddleware(al *zap.Logger, as string, opt Option) negroni.Handler
- func SetupAuthContext(auditLogger *zap.Logger) authContext
- type AuthPool
- type AuthPoolClient
- type AuthService
- type Option
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidAPIKey is returned when api key is invalid ErrInvalidAPIKey = errors.New("invalid api key") // ErrInvalidSignature is returns when signature is invalid ErrInvalidSignature = errors.New("invalid signature") )
Functions ¶
func NewAuthContext ¶
func NewAuthContext( db *bun.DB, kc *kclient.APIClient, apiKeySvc service.ApiKeyService, authzSvc service.AuthzService, ) authContext
NewAuthContext instantiate authContext. NewAuthContext creates authContext reusing dependency instances from calling function instead of creating new instances. To create authContext along with its dependencies, use SetupAuthContext.
func NewAuthMiddleware ¶
NewAuthMiddleware creates as a middleware for the HTTP server which does the auth and authz by talking to kratos server and casbin
func NewRemoteAuthMiddleware ¶
NewRemoteAuthMiddleware creates a middleware for the HTTP server which does auth and authz by talking to the auth service exposed by paralus via grpc.
func SetupAuthContext ¶
SetupAuthContext sets up new authContext along with its dependencies. If the caller already has instances of authContext fields created then use NewAuthContext instead.
Types ¶
type AuthPool ¶
type AuthPool interface {
Close()
NewClient(ctx context.Context) (AuthPoolClient, error)
}
AuthPool maintains pool of grpc connections to auth service
func NewAuthPool ¶
NewAuthPool returns auth pool
type AuthPoolClient ¶
type AuthPoolClient interface {
Unhealthy()
Close() error
rpcv3.AuthClient
}
AuthPoolClient is the interface for auth pool client
type AuthService ¶
type AuthService interface {
IsRequestAllowed(context.Context, *commonv3.IsRequestAllowedRequest) (*commonv3.IsRequestAllowedResponse, error)
}
func NewAuthService ¶
func NewAuthService(ac authContext) AuthService
type Option ¶
type Option struct {
// ExcludeRPCMethods is a list of full RPC method string in
// format /package.service/method (for example,
// /paralus.dev.rpc.v3.Idp/ListIdps). These RPC methods are to
// be excluded from the auth interceptor.
ExcludeRPCMethods []string
// ExcludeURLs is a list of URL regular expressions that are
// excluded from the auth middleware.
ExcludeURLs []string
// ExcludeAuthzMethods is a list of RPC method strings which only
// do authentication and not authorization.
ExcludeAuthzMethods []string
}
Source Files