auth

package
v1.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 22, 2020 License: MIT Imports: 8 Imported by: 5

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source
var (
	// ErrNoMatch is returned by Authenticator when request not authenticated,
	// and all registered Strategies returned errors.
	ErrNoMatch = errors.New("authenticator: No authentication strategy matched")

	// ErrDisabledPath is a soft error similar to EOF.
	// returned by Authenticator when a attempting to authenticate request have a disabled path.
	// Authenticator return DisabledPath only to signal the caller.
	// The caller should continue the request flow, and never return the error to the end users.
	ErrDisabledPath = errors.New("authenticator: Disabled Path")

	// ErrNOOP is a soft error similar to EOF,
	// returned by strategies that have NoOpAuthenticate function to indicate there no op,
	// and signal authenticator to unauthenticate the request.
	ErrNOOP = errors.New("NOOP")
)
View Source
var ErrInvalidStrategy = errors.New("Invalid strategy")

ErrInvalidStrategy is returned by Append/Revoke functions, when passed strategy does not implement Append/Revoke.

Functions

func Append

func Append(s Strategy, key string, info Info, r *http.Request) error

Append new Info to a strategy store. if passed strategy does not implement Append type ErrInvalidStrategy returned, Otherwise, nil.

WARNING: Append function does not guarantee safe concurrency, It's natively depends on strategy store.

Example
strategy := &mockStrategy{}
info := NewDefaultUser("1", "2", nil, nil)
token := "90d64460d14870c08c81352a05dedd3465940a7"
r, _ := http.NewRequest("POST", "/login", nil)
// append new token to cached bearer strategy
err := Append(strategy, token, info, r)
fmt.Println(err)
Output:

<nil>

func CtxWithUser added in v1.3.2

func CtxWithUser(ctx context.Context, info Info) context.Context

CtxWithUser Save user information in context.

func RequestWithUser added in v1.0.0

func RequestWithUser(info Info, r *http.Request) *http.Request

RequestWithUser Save user information in request context.

func Revoke

func Revoke(s Strategy, key string, r *http.Request) error

Revoke delete Info from strategy store. if passed strategy does not implement Revoke type ErrInvalidStrategy returned, Otherwise, nil.

WARNING: Revoke function does not guarantee safe concurrency, It's natively depends on strategy store.

Example
strategy := &mockStrategy{}
r, _ := http.NewRequest("GET", "/logout", nil)
// assume token extracted from header
token := "90d64460d14870c08c81352a05dedd3465940a7"
err := Revoke(strategy, token, r)
fmt.Println(err)
Output:

<nil>

func SetInfoConstructor added in v1.2.0

func SetInfoConstructor(c InfoConstructor)

SetInfoConstructor replace the default InfoConstructor with any function that has the appropriate signature. This allows the developers to create custom user info from their own struct instead of using the DefaultUser that go-guardian expose.

Default is NewDefaultUser

func SetWWWAuthenticate added in v1.2.2

func SetWWWAuthenticate(w http.ResponseWriter, realm string, strategies ...Strategy)

SetWWWAuthenticate adds a HTTP WWW-Authenticate header to the provided ResponseWriter's headers. by consolidating the result of calling Challenge methods on provided strategies. if strategy contains an Challenge method call it. Otherwise, strategy ignored.

Types

type Authenticator

type Authenticator interface {
	// Authenticate dispatch the request to the registered authentication strategies,
	// and return user information from the first strategy that successfully authenticates the request.
	// Otherwise, an aggregated error returned.
	// if request attempt to visit a disabled path, ErrDisabledPath returned to signal the caller,
	// Otherwise, start the authentication process.
	// See ErrDisabledPath documentation for more info.
	//
	// NOTICE: Authenticate does not guarantee the order strategies run in.
	Authenticate(r *http.Request) (Info, error)
	// EnableStrategy register a new strategy to the authenticator.
	EnableStrategy(key StrategyKey, strategy Strategy)
	// DisableStrategy unregister a strategy from the authenticator.
	DisableStrategy(key StrategyKey)
	// Strategy return a registered strategy, Otherwise, nil.
	Strategy(key StrategyKey) Strategy
	// DisabledPaths return a map[string]struct{} represents a paths disabled from authentication.
	// Typically the paths are given during authenticator initialization.
	DisabledPaths() map[string]struct{}
}

Authenticator carry the registered authentication strategies, and represents the first API to authenticate received requests.

func New

func New(paths ...string) Authenticator

New return new Authenticator and disables authentication process at a given paths. The returned authenticator not safe for concurrent access.

type DefaultUser

type DefaultUser struct {
	// contains filtered or unexported fields
}

DefaultUser implement Info interface and provides a simple user information.

func NewDefaultUser

func NewDefaultUser(name, id string, groups []string, extensions map[string][]string) *DefaultUser

NewDefaultUser return new default user

func (*DefaultUser) Extensions

func (d *DefaultUser) Extensions() map[string][]string

Extensions return additional information.

func (*DefaultUser) Groups

func (d *DefaultUser) Groups() []string

Groups returns the names of the groups the user is a member of

func (*DefaultUser) ID

func (d *DefaultUser) ID() string

ID returns a unique value identify a particular user

func (*DefaultUser) MarshalBinary added in v1.2.2

func (d *DefaultUser) MarshalBinary() ([]byte, error)

MarshalBinary encodes the default user into a binary form and returns the result.

func (*DefaultUser) MarshalJSON added in v1.2.2

func (d *DefaultUser) MarshalJSON() ([]byte, error)

MarshalJSON encodes the default user into a json and returns the result.

func (*DefaultUser) SetExtensions

func (d *DefaultUser) SetExtensions(exts map[string][]string)

SetExtensions to contain additional information.

func (*DefaultUser) SetGroups

func (d *DefaultUser) SetGroups(groups []string)

SetGroups set the names of the groups the user is a member of.

func (*DefaultUser) UnmarshalBinary added in v1.2.2

func (d *DefaultUser) UnmarshalBinary(data []byte) error

UnmarshalBinary decode the binary form generated by MarshalBinary.

func (*DefaultUser) UnmarshalJSON added in v1.2.2

func (d *DefaultUser) UnmarshalJSON(data []byte) error

UnmarshalJSON decode the json generated by MarshalJSON.

func (*DefaultUser) UserName

func (d *DefaultUser) UserName() string

UserName returns the name that uniquely identifies this user among all other active users.

type Info

type Info interface {
	// UserName returns the name that uniquely identifies this user among all
	// other active users.
	UserName() string
	// ID returns a unique value identify a particular user
	ID() string
	// Groups returns the names of the groups the user is a member of
	Groups() []string
	// Extensions can contain any additional information.
	Extensions() map[string][]string
	// SetGroups set the names of the groups the user is a member of.
	SetGroups(groups []string)
	// SetExtensions to contain additional information.
	SetExtensions(exts map[string][]string)
}

Info describes a user that has been authenticated to the system.

func NewUserInfo added in v1.2.0

func NewUserInfo(name, id string, groups []string, extensions map[string][]string) Info

NewUserInfo implements InfoConstructor and return Info object. Typically called from strategies to create a new user object when its authenticated.

func User added in v1.0.0

func User(r *http.Request) Info

User return user information from request context.

func UserFromCtx added in v1.3.2

func UserFromCtx(ctx context.Context) Info

UserFromCtx return user information from context.

type InfoConstructor added in v1.2.0

type InfoConstructor func(name, id string, groups []string, extensions map[string][]string) Info

InfoConstructor define function signature to create new Info object.

type Option added in v1.3.0

type Option interface {
	Apply(v interface{})
}

Option configures Strategy using the functional options paradigm popularized by Rob Pike and Dave Cheney. If you're unfamiliar with this style, see https://commandcenter.blogspot.com/2014/01/self-referential-functions-and-design.html and https://dave.cheney.net/2014/10/17/functional-options-for-friendly-apis.

type OptionFunc added in v1.3.0

type OptionFunc func(v interface{})

OptionFunc implements Option interface.

func (OptionFunc) Apply added in v1.3.0

func (fn OptionFunc) Apply(v interface{})

Apply the configuration to the provided strategy.

type Strategy

type Strategy interface {
	// Authenticate users requests and return user information or error.
	Authenticate(ctx context.Context, r *http.Request) (Info, error)
}

Strategy represents an authentication mechanism or method to authenticate users requests.

type StrategyKey

type StrategyKey string

StrategyKey define a custom type to expose a strategy identifier.

Directories

Path Synopsis
strategies
basic
Package basic provides authentication strategy, to authenticate HTTP requests using the standard basic scheme.
Package basic provides authentication strategy, to authenticate HTTP requests using the standard basic scheme.
bearer
Package bearer provides authentication strategy, to authenticate HTTP requests based on the bearer token.
Package bearer provides authentication strategy, to authenticate HTTP requests based on the bearer token.
digest
Package digest provides authentication strategy, to authenticate HTTP requests using the standard digest scheme as described in RFC 7616.
Package digest provides authentication strategy, to authenticate HTTP requests using the standard digest scheme as described in RFC 7616.
kubernetes
Package kubernetes provide auth strategy to authenticate, incoming HTTP requests using a Kubernetes Service Account Token.
Package kubernetes provide auth strategy to authenticate, incoming HTTP requests using a Kubernetes Service Account Token.
ldap
Package ldap provides authentication strategy, to authenticate HTTP requests and builds, extracts user informations from LDAP Server.
Package ldap provides authentication strategy, to authenticate HTTP requests and builds, extracts user informations from LDAP Server.
x509
Package x509 provides authentication strategy, to authenticate HTTPS requests and builds, extracts user informations from client certificates.
Package x509 provides authentication strategy, to authenticate HTTPS requests and builds, extracts user informations from client certificates.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL