auth

package
v0.47.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 18, 2024 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator wraps functionality for admin server auth. It provides endpoints for login/logout, creates users, issues cookie-based auth tokens, and provides middleware for authenticating requests. The implementation was derived from: https://auth0.com/docs/quickstart/webapp/golang/01-login.

func NewAuthenticator

func NewAuthenticator(logger *zap.Logger, adm *admin.Service, cookieStore *cookies.Store, opts *AuthenticatorOptions) (*Authenticator, error)

NewAuthenticator creates an Authenticator.

func (*Authenticator) Annotator

func (a *Authenticator) Annotator(ctx context.Context, r *http.Request) metadata.MD

Annotator is a gRPC-gateway annotator that moves access tokens in HTTP cookies to the "authorization" gRPC metadata.

func (*Authenticator) HTTPMiddleware

func (a *Authenticator) HTTPMiddleware(next http.Handler) http.Handler

HTTPMiddleware is a HTTP middleware variant of UnaryServerInterceptor. It additionally supports reading access tokens from cookies. It should be used for non-gRPC HTTP endpoints (CookieAuthAnnotator takes care of handling cookies in gRPC-gateway requests).

func (*Authenticator) HTTPMiddlewareLenient added in v0.42.0

func (a *Authenticator) HTTPMiddlewareLenient(next http.Handler) http.Handler

HTTPMiddlewareLenient is a lenient variant of HTTPMiddleware. If the authoriztion header is malformed or invalid, it will still succeed, setting anonClaims on the request.

func (*Authenticator) RegisterEndpoints

func (a *Authenticator) RegisterEndpoints(mux *http.ServeMux, limiter ratelimit.Limiter)

RegisterEndpoints adds HTTP endpoints for auth. The mux must be served on the ExternalURL of the Authenticator since the logic in these handlers relies on knowing the full external URIs. Note that these are not gRPC handlers, just regular HTTP endpoints that we mount on the gRPC-gateway mux.

func (*Authenticator) StreamServerInterceptor

func (a *Authenticator) StreamServerInterceptor() grpc.StreamServerInterceptor

StreamServerInterceptor is the streaming variant of UnaryServerInterceptor.

func (*Authenticator) UnaryServerInterceptor

func (a *Authenticator) UnaryServerInterceptor() grpc.UnaryServerInterceptor

UnaryServerInterceptor is a middleware for setting claims on runtime server requests. It authenticates the user and acquires the claims using the bearer token in the "authorization" request metadata field. If no bearer token is found, it will still succeed, setting anonClaims on the request. The assigned claims can be retrieved using GetClaims. If the interceptor succeeds, a Claims value is guaranteed to be set on the ctx.

type AuthenticatorOptions

type AuthenticatorOptions struct {
	AuthDomain       string
	AuthClientID     string
	AuthClientSecret string
	ExternalURL      string
	FrontendURL      string
}

AuthenticatorOptions provides options for Authenticator

type Claims

type Claims interface {
	OwnerType() OwnerType
	OwnerID() string
	AuthTokenID() string
	AuthTokenModel() any
	Superuser(ctx context.Context) bool
	OrganizationPermissions(ctx context.Context, orgID string) *adminv1.OrganizationPermissions
	ProjectPermissions(ctx context.Context, orgID, projectID string) *adminv1.ProjectPermissions
}

Claims resolves permissions for a requester.

func GetClaims

func GetClaims(ctx context.Context) Claims

GetClaims retrieves Claims from a request context. It should only be used in handlers intercepted by UnaryServerInterceptor or StreamServerInterceptor.

type DeviceCodeResponse

type DeviceCodeResponse struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationCompleteURI string `json:"verification_uri_complete"`
	ExpiresIn               int    `json:"expires_in"`
	PollingInterval         int    `json:"interval"`
}

DeviceCodeResponse encapsulates the response for obtaining a device code.

type OwnerType

type OwnerType string

OwnerType is an enum of types of claim owners

const (
	OwnerTypeAnon           OwnerType = "anon"
	OwnerTypeUser           OwnerType = "user"
	OwnerTypeService        OwnerType = "service"
	OwnerTypeDeployment     OwnerType = "deployment"
	OwnerTypeMagicAuthToken OwnerType = "magic_auth_token" // nolint:gosec // It's not a credential
)

type TokenRequest

type TokenRequest struct {
	GrantType  string `json:"grant_type"`
	DeviceCode string `json:"device_code"`
	ClientID   string `json:"client_id"`
}

TokenRequest encapsulates the request for obtaining an access token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL