apiguard

package
v0.0.0-...-e0772cd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 6, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var PolicyMap = map[string]policyInfo{
	"developer": {
		// contains filtered or unexported fields
	},
	"basic": {
		// contains filtered or unexported fields
	},
	"standard": {
		// contains filtered or unexported fields
	},
	"enterprise": {
		// contains filtered or unexported fields
	},
}

Policy map generated from API Guard service Must be kept in sync with the API Guard service

Functions

func EmailFromTokenHeaderName 

func EmailFromTokenHeaderName() string

func GetBasicPolicyInfo 

func GetBasicPolicyInfo() (policyInfo, error)

This probably needs a revamp when we look at subscription based policy mapping

Types

type ApiKey 

type ApiKey struct {
	Key       string
	KeyId     string // API Guard specific key ID
	ExpiresAt time.Time
}

type Context 

type Context struct {
	// Remote client address
	RemoteAddr string

	// Request ID generated by the API Guard or passed by client
	RequestID string

	// Path as seen by the API Guard. This is important
	// to avoid parser differential vulnerabilities
	Path string

	// Secret shared between API Guard and Server. This enables
	// API servers to verify that the request is actually coming from API Guard
	// and not spoofed.
	TrustToken string

	// Meta Data stored in the API Key by client applications
	Key KeyInfo

	// Token info, available when JWT token is used
	Token TokenInfo
}

Context represent the information passed by the API guard to the API handler (down stream servers).

func SecurelyBuildFromHeader 

func SecurelyBuildFromHeader(header http.Header, tokens ...string) (*Context, error)

SecurelyBuildFromHeader builds a context from the header and validates the trust token. Multiple tokens can be passed to allow zero downtime token rotation at the API Guard.

type KeyArgs 

type KeyArgs struct {
	Info      KeyInfo
	Tags      []string
	Alias     string
	PolicyId  string
	Policies  []string
	ExpiresAt time.Time
}

type KeyGen 

type KeyGen func() (string, error)

type KeyInfo 

type KeyInfo struct {
	OrganizationID string `json:"org_id"`
	TeamID         string `json:"team_id"`
	UserID         string `json:"user_id"`
	KeyID          string `json:"key_id"`
}

These are metadata associated with the API key at the time of creation. This is useful to set application specific information that can be passed across the API Guard to the API server.

type ManagementClient 

type ManagementClient interface {
	// Create a key in the API Guard. We will also generate a custom key and
	// not depend on API Guard's key generation.
	CreateKey(context.Context, KeyArgs) (ApiKey, error)

	// Create a key with a custom supplied key string
	CreateCustomKey(context.Context, string, KeyArgs) (ApiKey, error)

	// Get a key by Key Hash. The actual API key is NOT included in the response
	GetKey(context.Context, string) (ApiKey, error)

	// List policies in the API Guard
	ListPolicies(context.Context) ([]Policy, error)

	// Delete an API key by key hash
	DeleteKey(context.Context, string) error
}

Contract for a management client

func NewManagementClient 

func NewManagementClient(baseUrl, token string, opts ...ManagementClientOpts) (ManagementClient, error)

NewManagementClient creates a new management client for the API Guard.

func NewManagementClientFromEnvConfig 

func NewManagementClientFromEnvConfig() (ManagementClient, error)

Helper to standardize the creation of a management client from environment based configuration

type ManagementClientOpts 

type ManagementClientOpts func(*managementClient)

func WithHTTPClient 

func WithHTTPClient(httpClient http.Client) ManagementClientOpts

func WithKeyGen 

func WithKeyGen(keyGen KeyGen) ManagementClientOpts

type Policy 

type Policy struct {
	InternalID string
	ID         string
	Name       string

	Rate         float64
	RateInterval float64

	QuotaMax         int64
	QuotaRemaining   int64
	QuotaRenewalRate int64

	ThrottleInterval   float64
	ThrottleRetryLimit float64

	AccessRights []PolicyAccess

	Active bool
	Tags   []string

	Metadata map[string]interface{}
}

type PolicyAccess 

type PolicyAccess struct {
	ApiID   string
	ApiName string
}

type TokenInfo 

type TokenInfo struct {
	Email         string `json:"email"`
	EmailVerified bool   `json:"email_verified"`
	Subject       string `json:"sub"`
	Audience      string `json:"aud"`
}

Source Files

View all Source files

Directories

Path Synopsis
* Tyk Gateway API * * The Tyk Gateway API is the primary means for integrating your application with the Tyk API Gateway system.
 * Tyk Gateway API * * The Tyk Gateway API is the primary means for integrating your application with the Tyk API Gateway system.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.