osecure

package module
v4.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 6, 2020 License: GPL-3.0 Imports: 11 Imported by: 0

README

osecure

OSecure provide login functionality via cookie session and an OAuth2 provider

Documentation

Overview

Package osecure provides simple login service based on OAuth client.

Package osecure provides simple login service based on OAuth client.

Package osecure provides simple login service based on OAuth client.

Index

Constants

View Source 
const (
	ErrorStringFailedToExchangeAuthorizationCode = "failed to exchange authorization code"
	ErrorStringUnableToSetCookie                 = "unable to set cookie"
	ErrorStringUnauthorized                      = "unauthorized"
	ErrorStringCannotIntrospectToken             = "cannot introspect token"
	ErrorStringCannotGetPermission               = "cannot get permission"
	ErrorStringInvalidState                      = "invalid state"
)
View Source 
const (
	SessionExpireTime    = 86400
	PermissionExpireTime = 600
)

Variables

View Source 
var (
	ErrorInvalidSession                 = errors.New("invalid session")                       // Authorize()
	ErrorInvalidAuthorizationSyntax     = errors.New("invalid authorization syntax")          // Authorize()
	ErrorUnsupportedAuthorizationScheme = errors.New("unsupported authorization scheme")      // Authorize()
	ErrorInvalidClientID                = errors.New("invalid client ID (audience of token)") // Authorize()
	ErrorInvalidUserID                  = errors.New("invalid user ID (subject of token)")    // not used

)

Functions

func AttachRequestWithSessionData 

func AttachRequestWithSessionData(r *http.Request, sessionData *AuthSessionData) *http.Request

AttachRequestWithSessionData append session data into request context.

func CompareErrorMessage 

func CompareErrorMessage(err error, msg string) bool

func WrapError 

func WrapError(msg string, err error) error

Types

type AuthSessionCookieData 

type AuthSessionCookieData struct {
	Token                *oauth2.Token
	Permissions          StringSet
	PermissionsExpiresAt time.Time
}

func (*AuthSessionCookieData) GetPermissions 

func (cookieData *AuthSessionCookieData) GetPermissions() []string

GetPermissions lists the permissions of the current user and client.

func (*AuthSessionCookieData) HasPermission 

func (cookieData *AuthSessionCookieData) HasPermission(permission string) bool

HasPermission checks if the current user has such permission.

type AuthSessionData 

type AuthSessionData struct {
	UserID   string
	ClientID string
	*AuthSessionCookieData
}

func GetRequestSessionData 

func GetRequestSessionData(r *http.Request) (*AuthSessionData, bool)

GetRequestSessionData get session data from request context.

func (*AuthSessionData) GetClientID 

func (data *AuthSessionData) GetClientID() string

GetClientID get client ID of the current user session.

func (*AuthSessionData) GetUserID 

func (data *AuthSessionData) GetUserID() string

GetUserID get user ID of the current user session.

type CookieConfig 

type CookieConfig struct {
	AuthenticationKey string `yaml:"authentication_key" env:"akey"`
	EncryptionKey     string `yaml:"encryption_key" env:"ekey"`
}

CookieConfig is a config of github.com/gorilla/securecookie. Recommended configurations are base64 of 64 bytes key for AuthenticationKey, and base64 of 32 bytes key for EncryptionKey.

type GetPermissionsFunc 

type GetPermissionsFunc func(ctx context.Context, userID string, clientID string, token *oauth2.Token) (permissions []string, err error)

type IntrospectTokenFunc 

type IntrospectTokenFunc func(ctx context.Context, accessToken string) (userID string, clientID string, expiresAt int64, extra map[string]interface{}, err error)

type OAuthConfig 

type OAuthConfig struct {
	ClientID     string   `yaml:"client_id" env:"client_id"`
	ClientSecret string   `yaml:"client_secret" env:"client_secret"`
	Scopes       []string `yaml:"scopes" env:"scopes"`
	AuthURL      string   `yaml:"auth_url" env:"auth_url"`
	TokenURL     string   `yaml:"token_url" env:"token_url"`
	AppIDList    []string `yaml:"app_id_list" env:"app_id_list"`
}

OAuthConfig is a config of osecure.

type OAuthSession 

type OAuthSession struct {
	// contains filtered or unexported fields
}

func NewOAuthSession 

func NewOAuthSession(name string, cookieConf *CookieConfig, oauthConf *OAuthConfig, tokenVerifier *TokenVerifier, callbackURL string, stateHandler StateHandler) *OAuthSession

NewOAuthSession creates osecure session.

func (*OAuthSession) Authorize 

func (s *OAuthSession) Authorize(w http.ResponseWriter, r *http.Request) (*AuthSessionData, error)

Authorize authorize user by verifying cookie or bearer token. if user is authorized, return valid session data. else, return error.

func (*OAuthSession) CallbackView 

func (s *OAuthSession) CallbackView(w http.ResponseWriter, r *http.Request)

CallbackView is a http handler for the authentication redirection of the auth server.

func (*OAuthSession) ClearSession 

func (s *OAuthSession) ClearSession(w http.ResponseWriter, r *http.Request) error

ClearSession clear session.

func (*OAuthSession) EndOAuth 

func (s *OAuthSession) EndOAuth(w http.ResponseWriter, r *http.Request) (string, error)

EndOAuth finish OAuth flow. it will verify state, exchange from authorization code to token, set cookie to make user logged in.

func (*OAuthSession) LogOut 

func (s *OAuthSession) LogOut(redirect string) http.HandlerFunc

LogOut is a http handler to log out the user.

func (*OAuthSession) SecuredF 

func (s *OAuthSession) SecuredF(isAPI bool) func(http.HandlerFunc) http.HandlerFunc

SecuredF is a http middleware for http.HandlerFunc to check if the current user has logged in.

func (*OAuthSession) SecuredH 

func (s *OAuthSession) SecuredH(isAPI bool) func(http.Handler) http.Handler

SecuredH is a http middleware for http.Handler to check if the current user has logged in.

func (*OAuthSession) StartOAuth 

func (s *OAuthSession) StartOAuth(w http.ResponseWriter, r *http.Request) error

StartOAuth redirect to endpoint of OAuth service provider for OAuth flow.

type StateHandler 

type StateHandler interface {
	Generate(cookieStore *sessions.CookieStore, w http.ResponseWriter, r *http.Request) (state string, err error)
	Verify(cookieStore *sessions.CookieStore, w http.ResponseWriter, r *http.Request, state string) (continueURI string, err error)
}

type StringSet 

type StringSet map[string]struct{}

func NewStringSet 

func NewStringSet(a []string) StringSet

func (StringSet) Add 

func (s StringSet) Add(x string)

func (StringSet) Contain 

func (s StringSet) Contain(x string) bool

func (StringSet) List 

func (s StringSet) List() []string

func (StringSet) Remove 

func (s StringSet) Remove(x string)

type TokenVerifier 

type TokenVerifier struct {
	IntrospectTokenFunc IntrospectTokenFunc
	GetPermissionsFunc  GetPermissionsFunc
}

Source Files

View all Source files

Directories

Path Synopsis
Package osecure/contrib provides plugins for simple login service based on OAuth client.
 Package osecure/contrib provides plugins for simple login service based on OAuth client.
Package osecure/state_handler provides state generator and verifier in OAuth flow.
 Package osecure/state_handler provides state generator and verifier in OAuth flow.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.