auth

package
v0.0.0-...-1703ca6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2025 License: MIT Imports: 21 Imported by: 0

README

Auth Proxy Auth

This package provides auth for the other services. This involves reading from requests, validating JWTs, making sure the database agrees with what is being passed, and then handing off to handlers with the auth information in context.

Documentation

Index

Constants

View Source 
const (
	JwtQueryParam = "jwt"
)

Variables

This section is empty.

Functions

func JwtBearerHeaderVal 

func JwtBearerHeaderVal(tokenString string) string

func SetAuthOnRequestContext 

func SetAuthOnRequestContext(r *http.Request, auth RequestAuth) *http.Request

SetAuthOnRequestContext sets the auth information into the context for the request so that later handlers can retrieve the auth information.

func SetJwtHeader 

func SetJwtHeader(h http.Header, tokenString string)

func SetJwtQueryParm 

func SetJwtQueryParm(q url.Values, tokenString string)

func SetJwtRequestHeader 

func SetJwtRequestHeader(w *http.Request, tokenString string)

func SetJwtResponseHeader 

func SetJwtResponseHeader(w http.ResponseWriter, tokenString string)

func TestAuthService 

func TestAuthService(t *testing.T, serviceId config.ServiceId, cfg config.C) (config.C, A, *AuthTestUtil)

func TestAuthServiceWithDb 

func TestAuthServiceWithDb(serviceId config.ServiceId, cfg config.C, db database.DB) (config.C, A, *AuthTestUtil)

Types

type A 

type A interface {
	Required() gin.HandlerFunc
	Optional() gin.HandlerFunc
	AdminOnly() gin.HandlerFunc

	Auth(next http.Handler) http.Handler  // Auth middleware adds auth from session and populates actor info
	Trace(next http.Handler) http.Handler // Trace middleware doesn't require valid actor but if actor info presented populates info

	// Token signs claims to a JWT token using the GlobalAESKey. This is intended to generate tokens that are used
	// to roundtrip from 3rd parties, transfer authentication between services, etc.
	Token(ctx context.Context, claims *jwt2.AuthProxyClaims) (string, error)
	Parse(ctx context.Context, tokenString string) (*jwt2.AuthProxyClaims, error)
	Set(ctx context.Context, w http.ResponseWriter, claims *jwt2.AuthProxyClaims) (*jwt2.AuthProxyClaims, error)
	Reset(w http.ResponseWriter)
}

func NewService 

func NewService(opts Opts) A

NewService makes an auth service

func StandardAuthService 

func StandardAuthService(
	cfg config.C,
	service config.Service,
	db database.DB,
	redis redis.R,
) A

type AuthTestUtil 

type AuthTestUtil struct {
	// contains filtered or unexported fields
}

AuthTestUtil provides utility functions and helpers for testing authentication-related functionality.

func (*AuthTestUtil) NewSignedRequestForActorId 

func (atu *AuthTestUtil) NewSignedRequestForActorId(method, url string, body io.Reader, actorId string) (*http.Request, error)

func (*AuthTestUtil) SignRequestAs 

func (atu *AuthTestUtil) SignRequestAs(ctx context.Context, req *http.Request, a jwt2.Actor) (*http.Request, error)

func (*AuthTestUtil) SignRequestCookieAs 

func (atu *AuthTestUtil) SignRequestCookieAs(ctx context.Context, req *http.Request, a jwt2.Actor) (*http.Request, error)

func (*AuthTestUtil) SignRequestHeaderAs 

func (atu *AuthTestUtil) SignRequestHeaderAs(ctx context.Context, req *http.Request, a jwt2.Actor) (*http.Request, error)

type Opts 

type Opts struct {
	// Configuration for the overall application. Provides many options that control the system.
	Config config.C

	// The service using this authentication
	Service config.Service

	// UsesQueryParam defines if the auth will accept tokens form the jwt query param. Needed
	// for authorized link-in scenarios for services
	UsesQueryParam bool

	// UsesAuthorizationHeader defines if the auth will accept tokens in the Authorization header. This is needed
	// if the service takes calls from other services or CLI tools.
	UsesAuthorizationHeader bool

	// UsesCookies defines if the auth will accept cookies. This is needed for services that interact with
	// a frontend in the browser.
	UsesCookies bool

	AudSecrets    bool // uses different secret for differed auds. important: adds pre-parsing of unverified token
	SendJWTHeader bool // if enabled send JWT as a header instead of cookie

	Logger       logger.L // logger interface, default is no logging at all
	RefreshCache RefreshCache
	Validator    Validator
	Db           database.DB
	Redis        redis.R
}

Opts holds constructor params

type RefreshCache 

type RefreshCache interface {
	Get(key string) (value jwt.AuthProxyClaims, ok bool)
	Set(key string, value jwt.AuthProxyClaims)
}

RefreshCache defines interface storing and retrieving refreshed tokens

func NewMemoryRefreshCache 

func NewMemoryRefreshCache() RefreshCache

type RequestAuth 

type RequestAuth interface {
	IsAuthenticated() bool
	GetActor() *database.Actor
	MustGetActor() database.Actor
	ContextWith(ctx context.Context) context.Context
}

RequestAuth is the interface for objects that are returned for establishing auth methods.

func GetAuthFromContext 

func GetAuthFromContext(ctx context2.Context) RequestAuth

GetAuthFromContext gets the auth from context. If no auth is in context, it returns an unauthenticated auth.

func GetAuthFromGinContext 

func GetAuthFromGinContext(c *gin.Context) RequestAuth

GetAuthFromGinContext returns auth info from a request. This auth info can be authenticated or unauthenticated.

func GetAuthFromRequest 

func GetAuthFromRequest(r *http.Request) RequestAuth

GetAuthFromRequest returns auth info for the request. If the request is unauthenticated, it will return a value indicating not authenticated.

func MustGetAuthFromGinContext 

func MustGetAuthFromGinContext(c *gin.Context) RequestAuth

MustGetAuthFromGinContext returns an authenticated request info. If the request is not authenticated, this method panics.

func MustGetAuthFromRequest 

func MustGetAuthFromRequest(r *http.Request) RequestAuth

MustGetAuthFromRequest gets an authenticated info for the request. If the request is not authenticated, it panics.

func NewUnauthenticatedRequestAuth 

func NewUnauthenticatedRequestAuth() RequestAuth

type Validator 

type Validator interface {
	Validate(token string, claims jwt.AuthProxyClaims) bool
}

Validator defines interface to accept o reject claims with consumer defined logic It works with valid token and allows to reject some, based on token match or user's fields

type ValidatorFunc 

type ValidatorFunc func(token string, claims jwt.AuthProxyClaims) bool

ValidatorFunc type is an adapter to allow the use of ordinary functions as Validator. If f is a function with the appropriate signature, ValidatorFunc(f) is a Validator that calls f.

func (ValidatorFunc) Validate 

func (f ValidatorFunc) Validate(token string, claims jwt.AuthProxyClaims) bool

Validate calls f(id)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.