auth

package

v3.4.1-wings+incompatible Latest Latest Go to latest Published: Sep 11, 2017 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rfliam/atc

Documentation ¶

Index ¶

Constants
Variables
func CSRFValidationHandler(handler http.Handler, rejector Rejector, userContextReader UserContextReader) http.Handler
func CheckAdminHandler(handler http.Handler, rejector Rejector) http.Handler
func CheckAuthenticationHandler(handler http.Handler, rejector Rejector) http.Handler
func CheckAuthorizationHandler(handler http.Handler, rejector Rejector) http.Handler
func IsAdmin(r *http.Request) bool
func IsAuthenticated(r *http.Request) bool
func IsAuthorized(r *http.Request) bool
func IsSystem(r *http.Request) bool
func NewCheckBuildReadAccessHandlerFactory(buildFactory db.BuildFactory) *checkBuildReadAccessHandlerFactory
func NewCheckBuildWriteAccessHandlerFactory(buildFactory db.BuildFactory) *checkBuildWriteAccessHandlerFactory
func NewCheckPipelineAccessHandlerFactory(teamFactory db.TeamFactory) *checkPipelineAccessHandlerFactory
func NewLogOutHandler(logger lager.Logger) http.Handler
func NewOAuthBeginHandler(logger lager.Logger, providerFactory ProviderFactory, ...) http.Handler
func NewOAuthCallbackHandler(logger lager.Logger, providerFactory ProviderFactory, ...) http.Handler
func NewOAuthHandler(logger lager.Logger, providerFactory ProviderFactory, ...) (http.Handler, error)
func WrapHandler(handler http.Handler, validator Validator, userContextReader UserContextReader) http.Handler
type AuthTokenGenerator
- func NewAuthTokenGenerator(privateKey *rsa.PrivateKey) AuthTokenGenerator
type CSRFTokenGenerator
- func NewCSRFTokenGenerator() CSRFTokenGenerator
type CheckBuildReadAccessHandlerFactory
type CheckBuildWriteAccessHandlerFactory
type CheckPipelineAccessHandlerFactory
type CheckWorkerTeamAccessHandlerFactory
- func NewCheckWorkerTeamAccessHandlerFactory(workerFactory db.WorkerFactory) CheckWorkerTeamAccessHandlerFactory
type CookieSetHandler
- func (handler CookieSetHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type JWTReader
- func (jr JWTReader) GetCSRFToken(r *http.Request) (string, bool)
- func (jr JWTReader) GetSystem(r *http.Request) (bool, bool)
- func (jr JWTReader) GetTeam(r *http.Request) (string, bool, bool)
type JWTValidator
- func (validator JWTValidator) IsAuthenticated(r *http.Request) bool
type LogOutHandler
- func (handler *LogOutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type OAuthBeginHandler
- func (handler *OAuthBeginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type OAuthCallbackHandler
- func (handler *OAuthCallbackHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type OAuthFactory
- func NewOAuthFactory(logger lager.Logger, atcExternalURL string, routes rata.Routes, ...) OAuthFactory
- func (of OAuthFactory) GetProvider(team db.Team, providerName string) (provider.Provider, bool, error)
type OAuthState
type ProviderFactory
type Rejector
type Team
- func GetTeam(r *http.Request) (Team, bool)
type TokenType
type TokenValue
type UnauthorizedRejector
- func (UnauthorizedRejector) Forbidden(w http.ResponseWriter, r *http.Request)
- func (UnauthorizedRejector) Unauthorized(w http.ResponseWriter, r *http.Request)
type UserContextReader
type Validator
- func NewBasicAuthValidator(team db.Team) Validator
- func NewGetTokenValidator(teamFactory db.TeamFactory) Validator
- func NewTeamAuthValidator(teamFactory db.TeamFactory, jwtValidator Validator) Validator

Constants ¶

View Source

const AuthCookieName = "ATC-Authorization"

View Source

const BuildContextKey = "build"

View Source

const CSRFHeaderName = "X-Csrf-Token"

View Source

const CSRFRequiredKey = "CSRFRequired"

View Source

const CSRFTokenKey = "csrfToken"

View Source

const OAuthStateCookie = "_concourse_oauth_state"

View Source

const PipelineContextKey = "pipeline"

View Source

const TokenTypeBearer = "Bearer"

Variables ¶

View Source

var ErrUnparsableHeader = errors.New("cannot parse 'Authorization' header")

View Source

var SigningMethod = jwt.SigningMethodRS256

Functions ¶

func CSRFValidationHandler ¶

func CSRFValidationHandler(
	handler http.Handler,
	rejector Rejector,
	userContextReader UserContextReader,
) http.Handler

func CheckAdminHandler ¶

func CheckAdminHandler(
	handler http.Handler,
	rejector Rejector,
) http.Handler

func CheckAuthenticationHandler ¶

func CheckAuthenticationHandler(
	handler http.Handler,
	rejector Rejector,
) http.Handler

func CheckAuthorizationHandler ¶

func CheckAuthorizationHandler(
	handler http.Handler,
	rejector Rejector,
) http.Handler

func IsAdmin ¶

func IsAdmin(r *http.Request) bool

func IsAuthenticated ¶

func IsAuthenticated(r *http.Request) bool

func IsAuthorized ¶

func IsAuthorized(r *http.Request) bool

func IsSystem ¶

func IsSystem(r *http.Request) bool

func NewCheckBuildReadAccessHandlerFactory ¶

func NewCheckBuildReadAccessHandlerFactory(
	buildFactory db.BuildFactory,
) *checkBuildReadAccessHandlerFactory

func NewCheckBuildWriteAccessHandlerFactory ¶

func NewCheckBuildWriteAccessHandlerFactory(
	buildFactory db.BuildFactory,
) *checkBuildWriteAccessHandlerFactory

func NewCheckPipelineAccessHandlerFactory ¶

func NewCheckPipelineAccessHandlerFactory(
	teamFactory db.TeamFactory,
) *checkPipelineAccessHandlerFactory

func NewLogOutHandler ¶

func NewLogOutHandler(logger lager.Logger) http.Handler

func NewOAuthBeginHandler ¶

func NewOAuthBeginHandler(
	logger lager.Logger,
	providerFactory ProviderFactory,
	privateKey *rsa.PrivateKey,
	teamFactory db.TeamFactory,
	expire time.Duration,
	isTLSEnabled bool,
) http.Handler

func NewOAuthCallbackHandler ¶

func NewOAuthCallbackHandler(
	logger lager.Logger,
	providerFactory ProviderFactory,
	privateKey *rsa.PrivateKey,
	teamFactory db.TeamFactory,
	expire time.Duration,
	isTLSEnabled bool,
) http.Handler

func NewOAuthHandler ¶

func NewOAuthHandler(
	logger lager.Logger,
	providerFactory ProviderFactory,
	teamFactory db.TeamFactory,
	signingKey *rsa.PrivateKey,
	expire time.Duration,
	isTLSEnabled bool,
) (http.Handler, error)

func WrapHandler ¶

func WrapHandler(
	handler http.Handler,
	validator Validator,
	userContextReader UserContextReader,
) http.Handler

Types ¶

type AuthTokenGenerator ¶

type AuthTokenGenerator interface {
	GenerateToken(expiration time.Time, teamName string, isAdmin bool, csrfToken string) (TokenType, TokenValue, error)
}

func NewAuthTokenGenerator ¶

func NewAuthTokenGenerator(privateKey *rsa.PrivateKey) AuthTokenGenerator

type CSRFTokenGenerator ¶

type CSRFTokenGenerator interface {
	GenerateToken() (string, error)
}

func NewCSRFTokenGenerator ¶

func NewCSRFTokenGenerator() CSRFTokenGenerator

type CheckBuildReadAccessHandlerFactory ¶

type CheckBuildReadAccessHandlerFactory interface {
	AnyJobHandler(delegateHandler http.Handler, rejector Rejector) http.Handler
	CheckIfPrivateJobHandler(delegateHandler http.Handler, rejector Rejector) http.Handler
}

type CheckBuildWriteAccessHandlerFactory ¶

type CheckBuildWriteAccessHandlerFactory interface {
	HandlerFor(delegateHandler http.Handler, rejector Rejector) http.Handler
}

type CheckPipelineAccessHandlerFactory ¶

type CheckPipelineAccessHandlerFactory interface {
	HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
}

type CheckWorkerTeamAccessHandlerFactory ¶

type CheckWorkerTeamAccessHandlerFactory interface {
	HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
}

func NewCheckWorkerTeamAccessHandlerFactory ¶

func NewCheckWorkerTeamAccessHandlerFactory(
	workerFactory db.WorkerFactory,
) CheckWorkerTeamAccessHandlerFactory

type CookieSetHandler ¶

type CookieSetHandler struct {
	Handler http.Handler
}

func (CookieSetHandler) ServeHTTP ¶

func (handler CookieSetHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type JWTReader ¶

type JWTReader struct {
	PublicKey *rsa.PublicKey
}

func (JWTReader) GetCSRFToken ¶

func (jr JWTReader) GetCSRFToken(r *http.Request) (string, bool)

func (JWTReader) GetSystem ¶

func (jr JWTReader) GetSystem(r *http.Request) (bool, bool)

func (JWTReader) GetTeam ¶

func (jr JWTReader) GetTeam(r *http.Request) (string, bool, bool)

type JWTValidator ¶

type JWTValidator struct {
	PublicKey *rsa.PublicKey
}

func (JWTValidator) IsAuthenticated ¶

func (validator JWTValidator) IsAuthenticated(r *http.Request) bool

type LogOutHandler ¶

type LogOutHandler struct {
	// contains filtered or unexported fields
}

func (*LogOutHandler) ServeHTTP ¶

func (handler *LogOutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthBeginHandler ¶

type OAuthBeginHandler struct {
	// contains filtered or unexported fields
}

func (*OAuthBeginHandler) ServeHTTP ¶

func (handler *OAuthBeginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthCallbackHandler ¶

type OAuthCallbackHandler struct {
	// contains filtered or unexported fields
}

func (*OAuthCallbackHandler) ServeHTTP ¶

func (handler *OAuthCallbackHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthFactory ¶

type OAuthFactory struct {
	// contains filtered or unexported fields
}

func NewOAuthFactory ¶

func NewOAuthFactory(logger lager.Logger, atcExternalURL string, routes rata.Routes, callback string) OAuthFactory

func (OAuthFactory) GetProvider ¶

func (of OAuthFactory) GetProvider(team db.Team, providerName string) (provider.Provider, bool, error)

type OAuthState ¶

type OAuthState struct {
	Redirect     string `json:"redirect"`
	TeamName     string `json:"team_name"`
	FlyLocalPort string `json:"fly_local_port"`
}

type ProviderFactory ¶

type ProviderFactory interface {
	GetProvider(db.Team, string) (provider.Provider, bool, error)
}

type Rejector ¶

type Rejector interface {
	Unauthorized(http.ResponseWriter, *http.Request)
	Forbidden(http.ResponseWriter, *http.Request)
}

type Team ¶

type Team interface {
	Name() string
	IsAdmin() bool
	IsAuthorized(teamName string) bool
}

func GetTeam ¶

func GetTeam(r *http.Request) (Team, bool)

type TokenType ¶

type TokenType string

type TokenValue ¶

type TokenValue string

type UnauthorizedRejector ¶

type UnauthorizedRejector struct{}

func (UnauthorizedRejector) Forbidden ¶

func (UnauthorizedRejector) Forbidden(w http.ResponseWriter, r *http.Request)

func (UnauthorizedRejector) Unauthorized ¶

func (UnauthorizedRejector) Unauthorized(w http.ResponseWriter, r *http.Request)

type UserContextReader ¶

type UserContextReader interface {
	GetTeam(r *http.Request) (string, bool, bool)
	GetSystem(r *http.Request) (bool, bool)
	GetCSRFToken(r *http.Request) (string, bool)
}

type Validator ¶

type Validator interface {
	IsAuthenticated(*http.Request) bool
}

func NewBasicAuthValidator ¶

func NewBasicAuthValidator(team db.Team) Validator

func NewGetTokenValidator ¶

func NewGetTokenValidator(
	teamFactory db.TeamFactory,
) Validator

func NewTeamAuthValidator ¶

func NewTeamAuthValidator(
	teamFactory db.TeamFactory,
	jwtValidator Validator,
) Validator

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authfakes Code generated by counterfeiter.	Code generated by counterfeiter.
genericoauth
github
githubfakes Code generated by counterfeiter.	Code generated by counterfeiter.
gitlab
gitlabfakes Code generated by counterfeiter.	Code generated by counterfeiter.
provider
providerfakes Code generated by counterfeiter.	Code generated by counterfeiter.
routes
uaa
verifier

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL