Documentation ¶
Index ¶
- Constants
- Variables
- func BinaryResponse(v interface{}, err *irma.RemoteError) (int, []byte)
- func DoResultCallback(callbackUrl string, result *SessionResult, issuer string, validity int, ...)
- func FilterStopError(err error) error
- func GocronPanicHandler(logger *logrus.Logger) gocron.PanicHandlerFunc
- func JsonResponse(v interface{}, err *irma.RemoteError) (int, []byte)
- func LocalIP() (string, error)
- func LogError(err error, msg ...string) error
- func LogFatal(err error, msg ...string) error
- func LogMiddleware(typ string, opts LogOptions) func(next http.Handler) http.Handler
- func LogRequest(typ, proto, method, url, from string, headers http.Header, message []byte)
- func LogResponse(url string, status int, duration time.Duration, binary bool, response []byte)
- func LogWarning(err error, msg ...string) error
- func NewLogger(verbosity int, quiet bool, json bool) *logrus.Logger
- func ParseBody(r *http.Request, input interface{}) error
- func ParseSessionRequest(request interface{}) (irma.RequestorRequest, error)
- func RecoverMiddleware(next http.Handler) http.Handler
- func RemoteError(err Error, message string) *irma.RemoteError
- func ReplacePortString(url string, port int) string
- func ResultJwt(sessionresult *SessionResult, issuer string, validity int, ...) (string, error)
- func SizeLimitMiddleware(next http.Handler) http.Handler
- func TLSConf(cert, certfile, key, keyfile string) (*tls.Config, error)
- func TimeoutMiddleware(except []string, timeout time.Duration) func(http.Handler) http.Handler
- func ToJson(o interface{}) string
- func TypeString(x interface{}) string
- func Verbosity(level int) logrus.Level
- func WriteBinaryResponse(w http.ResponseWriter, object interface{}, rerr *irma.RemoteError)
- func WriteError(w http.ResponseWriter, err Error, msg string)
- func WriteJson(w http.ResponseWriter, object interface{})
- func WriteResponse(w http.ResponseWriter, object interface{}, rerr *irma.RemoteError)
- func WriteString(w http.ResponseWriter, str string)
- type Configuration
- type Error
- type ErrorType
- type HTTPResponseRecorder
- type LegacySessionResult
- type LogOptions
- type RedisClient
- type RedisSettings
- type SessionHandler
- type SessionPackage
- type SessionResult
Constants ¶
const ( ComponentRevocation = "revocation" ComponentSession = "session" ComponentFrontendSession = "frontendsession" ComponentStatic = "static" )
const ( ReadTimeout = 2 * time.Second WriteTimeout = 2 * ReadTimeout )
Variables ¶
var ( ErrorUserNotRegistered = Error{Type: "USER_NOT_REGISTERED", Status: 403, Description: "User is not yet fully registered"} ErrorInvalidJWT = Error{Type: "UNAUTHORIZED", Status: 403, Description: "Invalid or expired jwt provided"} ErrorInvalidEmail = Error{Type: "INVALID_EMAIL", Status: 400, Description: "Invalid email address"} ErrorTooManyRequests = Error{Type: "TOO_MANY_REQUESTS", Status: 429, Description: "Too many requests"} )
Keyshare errors
var Logger *logrus.Logger = logrus.StandardLogger()
var PostSizeLimit int64 = 10 << 20 // 10 MB
Functions ¶
func BinaryResponse ¶ added in v0.5.0
func BinaryResponse(v interface{}, err *irma.RemoteError) (int, []byte)
func DoResultCallback ¶ added in v0.5.0
func DoResultCallback(callbackUrl string, result *SessionResult, issuer string, validity int, privatekey *rsa.PrivateKey)
func FilterStopError ¶ added in v0.8.0
func GocronPanicHandler ¶ added in v0.11.0
func GocronPanicHandler(logger *logrus.Logger) gocron.PanicHandlerFunc
func JsonResponse ¶
func JsonResponse(v interface{}, err *irma.RemoteError) (int, []byte)
JsonResponse JSON-marshals the specified object or error and returns it along with a suitable HTTP status code
func LogMiddleware ¶ added in v0.5.0
LogMiddleware is middleware for logging HTTP requests and responses.
func LogRequest ¶ added in v0.3.0
func LogResponse ¶ added in v0.3.0
func LogWarning ¶
func ParseSessionRequest ¶
func ParseSessionRequest(request interface{}) (irma.RequestorRequest, error)
ParseSessionRequest attempts to parse the input as an irma.RequestorRequest instance, accepting (skipping "irma.")
- RequestorRequest instances directly (ServiceProviderRequest, SignatureRequestorRequest, IdentityProviderRequest)
- SessionRequest instances (DisclosureRequest, SignatureRequest, IssuanceRequest)
- JSON representations ([]byte or string) of any of the above.
func RecoverMiddleware ¶ added in v0.11.0
RecoverMiddleware is middleware that logs and returns a 500 error if something unhandled (panic) occurs
func RemoteError ¶
func RemoteError(err Error, message string) *irma.RemoteError
RemoteError converts an error and an explaining message to an *irma.RemoteError.
func ReplacePortString ¶ added in v0.8.0
ReplacePortString is a helper that returns a copy of the specified url of the form "http(s)://...:port" with "port" replaced by the specified port.
func ResultJwt ¶ added in v0.5.0
func ResultJwt(sessionresult *SessionResult, issuer string, validity int, privatekey *rsa.PrivateKey) (string, error)
func TimeoutMiddleware ¶ added in v0.5.0
func TypeString ¶
func TypeString(x interface{}) string
func WriteBinaryResponse ¶ added in v0.5.0
func WriteBinaryResponse(w http.ResponseWriter, object interface{}, rerr *irma.RemoteError)
func WriteError ¶
func WriteError(w http.ResponseWriter, err Error, msg string)
WriteError writes the specified error and explaining message as JSON to the http.ResponseWriter.
func WriteJson ¶
func WriteJson(w http.ResponseWriter, object interface{})
WriteJson writes the specified object as JSON to the http.ResponseWriter.
func WriteResponse ¶
func WriteResponse(w http.ResponseWriter, object interface{}, rerr *irma.RemoteError)
WriteResponse writes the specified object or error as JSON to the http.ResponseWriter.
func WriteString ¶
func WriteString(w http.ResponseWriter, str string)
WriteString writes the specified string to the http.ResponseWriter.
Types ¶
type Configuration ¶
type Configuration struct { // irma_configuration. If not given, this will be popupated using SchemesPath. IrmaConfiguration *irma.Configuration `json:"-"` // Path to IRMA schemes to parse into IrmaConfiguration (only used if IrmaConfiguration == nil). // If left empty, default value is taken using DefaultSchemesPath(). // If an empty folder is specified, default schemes (irma-demo and pbdf) are downloaded into it. SchemesPath string `json:"schemes_path" mapstructure:"schemes_path"` // If specified, schemes found here are copied into SchemesPath (only used if IrmaConfiguration == nil) SchemesAssetsPath string `json:"schemes_assets_path" mapstructure:"schemes_assets_path"` // Disable scheme updating DisableSchemesUpdate bool `json:"disable_schemes_update" mapstructure:"disable_schemes_update"` // Update all schemes every x minutes (default value 0 means 60) (use DisableSchemesUpdate to disable) SchemesUpdateInterval int `json:"schemes_update" mapstructure:"schemes_update"` // Path to issuer private keys to parse IssuerPrivateKeysPath string `json:"privkeys" mapstructure:"privkeys"` // URL at which the IRMA app can reach this server during sessions URL string `json:"url" mapstructure:"url"` // Required to be set to true if URL does not begin with https:// in production mode. // In this case, the server would communicate with IRMA apps over plain HTTP. You must otherwise // ensure (using eg a reverse proxy with TLS enabled) that the attributes are protected in transit. DisableTLS bool `json:"disable_tls" mapstructure:"disable_tls"` // (Optional) email address of server admin, for incidental notifications such as breaking API changes // See https://github.com/privacybydesign/irmago/tree/master/server#specifying-an-email-address // for more information Email string `json:"email" mapstructure:"email"` // Enable server sent events for status updates (experimental; tends to hang when a reverse proxy is used) EnableSSE bool `json:"enable_sse" mapstructure:"enable_sse"` // StoreType in which session data will be stored. // If left empty, session data will be stored in memory by default. StoreType string `json:"store_type" mapstructure:"store_type"` // RedisSettings that need to be specified when Redis is used as session data store. RedisSettings *RedisSettings `json:"redis_settings" mapstructure:"redis_settings"` // Static session requests that can be created by POST /session/{name} StaticSessions map[string]interface{} `json:"static_sessions"` // Static session requests after parsing StaticSessionRequests map[string]irma.RequestorRequest `json:"-"` // Maximum duration of a session once a client connects in minutes (default value 0 means 15) MaxSessionLifetime int `json:"max_session_lifetime" mapstructure:"max_session_lifetime"` // Determines how long a session result is preserved in minutes (default value 0 means 5) SessionResultLifetime int `json:"session_result_lifetime" mapstructure:"session_result_lifetime"` // Used in the "iss" field of result JWTs from /result-jwt and /getproof JwtIssuer string `json:"jwt_issuer" mapstructure:"jwt_issuer"` // Private key to sign result JWTs with. If absent, /result-jwt and /getproof are disabled. JwtPrivateKey string `json:"jwt_privkey" mapstructure:"jwt_privkey"` JwtPrivateKeyFile string `json:"jwt_privkey_file" mapstructure:"jwt_privkey_file"` // Parsed JWT private key JwtRSAPrivateKey *rsa.PrivateKey `json:"-"` // Whether to allow callbackUrl to be set in session requests when no JWT privatekey is installed // (which is potentially unsafe depending on the setup) AllowUnsignedCallbacks bool `json:"allow_unsigned_callbacks" mapstructure:"allow_unsigned_callbacks"` // Whether to augment the clientreturnurl with the server token of the request (this allows for stateless // requestor servers more easily) AugmentClientReturnURL bool `json:"augment_client_return_url" mapstructure:"augment_client_return_url"` // Logging verbosity level: 0 is normal, 1 includes DEBUG level, 2 includes TRACE level Verbose int `json:"verbose" mapstructure:"verbose"` // Don't log anything at all Quiet bool `json:"quiet" mapstructure:"quiet"` // Output structured log in JSON format LogJSON bool `json:"log_json" mapstructure:"log_json"` // Custom logger instance. If specified, Verbose, Quiet and LogJSON are ignored. Logger *logrus.Logger `json:"-"` // Connection string for revocation database RevocationDBConnStr string `json:"revocation_db_str" mapstructure:"revocation_db_str"` // Database type for revocation database, supported: postgres, mysql RevocationDBType string `json:"revocation_db_type" mapstructure:"revocation_db_type"` // Credentials types for which revocation database should be hosted RevocationSettings irma.RevocationSettings `json:"revocation_settings" mapstructure:"revocation_settings"` // Production mode: enables safer and stricter defaults and config checking Production bool `json:"production" mapstructure:"production"` // contains filtered or unexported fields }
Configuration contains configuration for the irmaserver library and irmad.
func (*Configuration) Check ¶ added in v0.5.0
func (conf *Configuration) Check() error
Check ensures that the Configuration is loaded, usable and free of errors.
func (*Configuration) HavePrivateKeys ¶
func (conf *Configuration) HavePrivateKeys() bool
func (*Configuration) RedisClient ¶ added in v0.15.0
func (conf *Configuration) RedisClient() (*RedisClient, error)
RedisClient returns the Redis client using the settings from the configuration.
type Error ¶
type Error struct { Type ErrorType `json:"error"` Status int `json:"status"` Description string `json:"description"` }
Error represents an error that occurred during an IRMA sessions.
var ( ErrorInvalidTimestamp Error = Error{Type: "INVALID_TIMESTAMP", Status: 400, Description: "Timestamp was not an epoch boundary"} ErrorIssuingDisabled Error = Error{Type: "ISSUING_DISABLED", Status: 403, Description: "This server does not support issuing"} ErrorMalformedVerifierRequest Error = Error{Type: "MALFORMED_VERIFIER_REQUEST", Status: 400, Description: "Malformed verification request"} ErrorMalformedSignatureRequest Error = Error{Type: "MALFORMED_SIGNATURE_REQUEST", Status: 400, Description: "Malformed signature request"} ErrorMalformedIssuerRequest Error = Error{Type: "MALFORMED_ISSUER_REQUEST", Status: 400, Description: "Malformed issuer request"} ErrorAttributesWrong Error = Error{Type: "ATTRIBUTES_WRONG", Status: 400, Description: "Specified attribute(s) do not belong to this credential type or missing attributes"} ErrorCannotIssue Error = Error{Type: "CANNOT_ISSUE", Status: 500, Description: "Cannot issue this credential"} ErrorPairingRequired Error = Error{Type: "PAIRING_REQUIRED", Status: 403, Description: "Pairing is required first"} ErrorIssuanceFailed Error = Error{Type: "ISSUANCE_FAILED", Status: 500, Description: "Failed to create credential(s)"} ErrorInvalidProofs Error = Error{Type: "INVALID_PROOFS", Status: 400, Description: "Invalid secret key commitments and/or disclosure proofs"} ErrorAttributesMissing Error = Error{Type: "ATTRIBUTES_MISSING", Status: 400, Description: "Not all requested-for attributes were present"} ErrorAttributesExpired Error = Error{Type: "ATTRIBUTES_EXPIRED", Status: 400, Description: "Disclosed attributes were expired"} ErrorUnexpectedRequest Error = Error{Type: "UNEXPECTED_REQUEST", Status: 403, Description: "Unexpected request in this state"} ErrorUnknownPublicKey Error = Error{Type: "UNKNOWN_PUBLIC_KEY", Status: 403, Description: "Attributes were not valid against a known public key"} ErrorSessionUnknown Error = Error{Type: "SESSION_UNKNOWN", Status: 400, Description: "Unknown or expired session"} ErrorMalformedInput Error = Error{Type: "MALFORMED_INPUT", Status: 400, Description: "Input could not be parsed"} ErrorUnknown Error = Error{Type: "EXCEPTION", Status: 500, Description: "Encountered unexpected problem"} ErrorNextSession Error = Error{Type: "NEXT_SESSION", Status: 500, Description: "Error starting next session"} ErrorRevocation Error = Error{Type: "REVOCATION", Status: 500, Description: "Revocation error"} ErrorUnknownRevocationKey Error = Error{Type: "UNKNOWN_REVOCATION_KEY", Status: 404, Description: "No issuance records correspond to the given revocationKey"} ErrorUnsupported Error = Error{Type: "UNSUPPORTED", Status: 501, Description: "Unsupported by this server"} ErrorInvalidRequest Error = Error{Type: "INVALID_REQUEST", Status: 400, Description: "Invalid HTTP request"} ErrorProtocolVersion Error = Error{Type: "PROTOCOL_VERSION", Status: 400, Description: "Protocol version negotiation failed"} ErrorInvalidToken Error = Error{Type: "INVALID_TOKEN", Status: 403, Description: "Provided token is unknown or invalid"} ErrorInternal Error = Error{Type: "INTERNAL_ERROR", Status: 500, Description: "Internal server error"} ErrorRevalidateEmail Error = Error{Type: "REVALIDATE_EMAIL", Status: 500, Description: "Invalid email address is scheduled for revalidation"} )
General errors
type HTTPResponseRecorder ¶ added in v0.15.0
type HTTPResponseRecorder struct { Flushed bool // contains filtered or unexported fields }
func NewHTTPResponseRecorder ¶ added in v0.15.0
func NewHTTPResponseRecorder(w http.ResponseWriter) *HTTPResponseRecorder
func (*HTTPResponseRecorder) Flush ¶ added in v0.15.0
func (r *HTTPResponseRecorder) Flush()
Flush implements http.Flusher.
func (*HTTPResponseRecorder) Header ¶ added in v0.15.0
func (r *HTTPResponseRecorder) Header() http.Header
Header implements http.ResponseWriter
func (*HTTPResponseRecorder) Write ¶ added in v0.15.0
func (r *HTTPResponseRecorder) Write(b []byte) (int, error)
Write implements http.ResponseWriter
func (*HTTPResponseRecorder) WriteHeader ¶ added in v0.15.0
func (r *HTTPResponseRecorder) WriteHeader(statusCode int)
WriteHeader implements http.ResponseWriter
type LegacySessionResult ¶ added in v0.3.1
type LegacySessionResult struct { Token irma.RequestorToken `json:"token"` Status irma.ServerStatus `json:"status"` Type irma.Action `json:"type"` ProofStatus irma.ProofStatus `json:"proofStatus,omitempty"` Disclosed []*irma.DisclosedAttribute `json:"disclosed,omitempty"` Signature *irma.SignedMessage `json:"signature,omitempty"` Err *irma.RemoteError `json:"error,omitempty"` }
LegacySessionResult is a pre-condiscon version of SessionResult. Remove this when dropping support for legacy pre-condiscon session requests.
type LogOptions ¶ added in v0.5.0
type LogOptions struct {
Response, Headers, From, EncodeBinary bool
}
type RedisClient ¶ added in v0.15.0
type RedisSettings ¶ added in v0.9.0
type RedisSettings struct { Addr string `json:"address,omitempty" mapstructure:"address"` SentinelAddrs []string `json:"sentinel_addresses,omitempty" mapstructure:"sentinel_addresses"` SentinelMasterName string `json:"sentinel_master_name,omitempty" mapstructure:"sentinel_master_name"` AcceptInconsistencyRisk bool `json:"accept_inconsistency_risk,omitempty" mapstructure:"accept_inconsistency_risk"` // Username for Redis authentication. If username is empty, the default user is used. Username string `json:"username,omitempty" mapstructure:"username"` // Password for Redis authentication. Password string `json:"password,omitempty" mapstructure:"password"` // ACLUseKeyPrefixes ensures all Redis keys are prefixed with the username in the format "username:key". // This can be used for key permissions in the Redis ACL system. If ACLUseKeyPrefixes is false, no prefix is used. ACLUseKeyPrefixes bool `json:"acl_use_key_prefixes,omitempty" mapstructure:"acl_use_key_prefixes"` // SentinelUsername for Redis Sentinel authentication. If sentinel_username is empty, the default user is used. SentinelUsername string `json:"sentinel_username,omitempty" mapstructure:"sentinel_username"` // SentinelPassword for Redis Sentinel authentication. SentinelPassword string `json:"sentinel_password,omitempty" mapstructure:"sentinel_password"` DB int `json:"db,omitempty" mapstructure:"db"` TLSCertificate string `json:"tls_cert,omitempty" mapstructure:"tls_cert"` TLSCertificateFile string `json:"tls_cert_file,omitempty" mapstructure:"tls_cert_file"` TLSClientCertificateFile string `json:"tls_client_cert_file,omitempty" mapstructure:"tls_client_cert_file"` TLSClientKeyFile string `json:"tls_client_key_file,omitempty" mapstructure:"tls_client_key_file"` DisableTLS bool `json:"no_tls,omitempty" mapstructure:"no_tls"` }
type SessionHandler ¶ added in v0.5.0
type SessionHandler func(*SessionResult)
SessionHandler is a function that can handle a session result once an IRMA session has completed.
type SessionPackage ¶
type SessionPackage struct { SessionPtr *irma.Qr `json:"sessionPtr"` Token irma.RequestorToken `json:"token,omitempty"` FrontendRequest *irma.FrontendSessionRequest `json:"frontendRequest"` }
type SessionResult ¶
type SessionResult struct { Token irma.RequestorToken `json:"token"` Status irma.ServerStatus `json:"status"` Type irma.Action `json:"type"` ProofStatus irma.ProofStatus `json:"proofStatus,omitempty"` Disclosed [][]*irma.DisclosedAttribute `json:"disclosed,omitempty"` Signature *irma.SignedMessage `json:"signature,omitempty"` Err *irma.RemoteError `json:"error,omitempty"` NextSession irma.RequestorToken `json:"nextSession,omitempty"` LegacySession bool `json:"-"` // true if request was started with legacy (i.e. pre-condiscon) session request }
SessionResult contains session information such as the session status, type, possible errors, and disclosed attributes or attribute-based signature if appropriate to the session type.
func (*SessionResult) Legacy ¶ added in v0.3.0
func (r *SessionResult) Legacy() *LegacySessionResult
Legacy returns a pre-condiscon version of this SessionResult. Remove this when dropping support for legacy pre-condiscon session requests.
Directories ¶
Path | Synopsis |
---|---|
Required to be main when building a shared library
|
Required to be main when building a shared library |
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
|
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e. |
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.
|
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e. |