Documentation ¶
Index ¶
- Variables
- func Append(s Strategy, key string, info Info, r *http.Request) error
- func CtxWithUser(ctx context.Context, info Info) context.Context
- func RequestWithUser(info Info, r *http.Request) *http.Request
- func Revoke(s Strategy, key string, r *http.Request) error
- func SetInfoConstructor(c InfoConstructor)
- func SetWWWAuthenticate(w http.ResponseWriter, realm string, strategies ...Strategy)
- type Authenticator
- type DefaultUser
- func (d *DefaultUser) Extensions() map[string][]string
- func (d *DefaultUser) Groups() []string
- func (d *DefaultUser) ID() string
- func (d *DefaultUser) MarshalBinary() ([]byte, error)
- func (d *DefaultUser) MarshalJSON() ([]byte, error)
- func (d *DefaultUser) SetExtensions(exts map[string][]string)
- func (d *DefaultUser) SetGroups(groups []string)
- func (d *DefaultUser) UnmarshalBinary(data []byte) error
- func (d *DefaultUser) UnmarshalJSON(data []byte) error
- func (d *DefaultUser) UserName() string
- type Info
- type InfoConstructor
- type Option
- type OptionFunc
- type Strategy
- type StrategyKey
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoMatch is returned by Authenticator when request not authenticated, // and all registered Strategies returned errors. ErrNoMatch = errors.New("authenticator: No authentication strategy matched") // ErrDisabledPath is a soft error similar to EOF. // returned by Authenticator when a attempting to authenticate request have a disabled path. // Authenticator return DisabledPath only to signal the caller. // The caller should continue the request flow, and never return the error to the end users. ErrDisabledPath = errors.New("authenticator: Disabled Path") // ErrNOOP is a soft error similar to EOF, // returned by strategies that have NoOpAuthenticate function to indicate there no op, // and signal authenticator to unauthenticate the request. ErrNOOP = errors.New("NOOP") )
var ErrInvalidStrategy = errors.New("Invalid strategy")
ErrInvalidStrategy is returned by Append/Revoke functions, when passed strategy does not implement Append/Revoke.
Functions ¶
func Append ¶
Append new Info to a strategy store. if passed strategy does not implement Append type ErrInvalidStrategy returned, Otherwise, nil.
WARNING: Append function does not guarantee safe concurrency, It's natively depends on strategy store.
Example ¶
strategy := &mockStrategy{} info := NewDefaultUser("1", "2", nil, nil) token := "90d64460d14870c08c81352a05dedd3465940a7" r, _ := http.NewRequest("POST", "/login", nil) // append new token to cached bearer strategy err := Append(strategy, token, info, r) fmt.Println(err)
Output: <nil>
func CtxWithUser ¶ added in v1.3.2
CtxWithUser Save user information in context.
func RequestWithUser ¶ added in v1.0.0
RequestWithUser Save user information in request context.
func Revoke ¶
Revoke delete Info from strategy store. if passed strategy does not implement Revoke type ErrInvalidStrategy returned, Otherwise, nil.
WARNING: Revoke function does not guarantee safe concurrency, It's natively depends on strategy store.
Example ¶
strategy := &mockStrategy{} r, _ := http.NewRequest("GET", "/logout", nil) // assume token extracted from header token := "90d64460d14870c08c81352a05dedd3465940a7" err := Revoke(strategy, token, r) fmt.Println(err)
Output: <nil>
func SetInfoConstructor ¶ added in v1.2.0
func SetInfoConstructor(c InfoConstructor)
SetInfoConstructor replace the default InfoConstructor with any function that has the appropriate signature. This allows the developers to create custom user info from their own struct instead of using the DefaultUser that go-guardian expose.
Default is NewDefaultUser
func SetWWWAuthenticate ¶ added in v1.2.2
func SetWWWAuthenticate(w http.ResponseWriter, realm string, strategies ...Strategy)
SetWWWAuthenticate adds a HTTP WWW-Authenticate header to the provided ResponseWriter's headers. by consolidating the result of calling Challenge methods on provided strategies. if strategy contains an Challenge method call it. Otherwise, strategy ignored.
Types ¶
type Authenticator ¶
type Authenticator interface { // Authenticate dispatch the request to the registered authentication strategies, // and return user information from the first strategy that successfully authenticates the request. // Otherwise, an aggregated error returned. // if request attempt to visit a disabled path, ErrDisabledPath returned to signal the caller, // Otherwise, start the authentication process. // See ErrDisabledPath documentation for more info. // // NOTICE: Authenticate does not guarantee the order strategies run in. Authenticate(r *http.Request) (Info, error) // EnableStrategy register a new strategy to the authenticator. EnableStrategy(key StrategyKey, strategy Strategy) // DisableStrategy unregister a strategy from the authenticator. DisableStrategy(key StrategyKey) // Strategy return a registered strategy, Otherwise, nil. Strategy(key StrategyKey) Strategy // DisabledPaths return a map[string]struct{} represents a paths disabled from authentication. // Typically the paths are given during authenticator initialization. DisabledPaths() map[string]struct{} }
Authenticator carry the registered authentication strategies, and represents the first API to authenticate received requests.
func New ¶
func New(paths ...string) Authenticator
New return new Authenticator and disables authentication process at a given paths. The returned authenticator not safe for concurrent access.
type DefaultUser ¶
type DefaultUser struct {
// contains filtered or unexported fields
}
DefaultUser implement Info interface and provides a simple user information.
func NewDefaultUser ¶
func NewDefaultUser(name, id string, groups []string, extensions map[string][]string) *DefaultUser
NewDefaultUser return new default user
func (*DefaultUser) Extensions ¶
func (d *DefaultUser) Extensions() map[string][]string
Extensions return additional information.
func (*DefaultUser) Groups ¶
func (d *DefaultUser) Groups() []string
Groups returns the names of the groups the user is a member of
func (*DefaultUser) ID ¶
func (d *DefaultUser) ID() string
ID returns a unique value identify a particular user
func (*DefaultUser) MarshalBinary ¶ added in v1.2.2
func (d *DefaultUser) MarshalBinary() ([]byte, error)
MarshalBinary encodes the default user into a binary form and returns the result.
func (*DefaultUser) MarshalJSON ¶ added in v1.2.2
func (d *DefaultUser) MarshalJSON() ([]byte, error)
MarshalJSON encodes the default user into a json and returns the result.
func (*DefaultUser) SetExtensions ¶
func (d *DefaultUser) SetExtensions(exts map[string][]string)
SetExtensions to contain additional information.
func (*DefaultUser) SetGroups ¶
func (d *DefaultUser) SetGroups(groups []string)
SetGroups set the names of the groups the user is a member of.
func (*DefaultUser) UnmarshalBinary ¶ added in v1.2.2
func (d *DefaultUser) UnmarshalBinary(data []byte) error
UnmarshalBinary decode the binary form generated by MarshalBinary.
func (*DefaultUser) UnmarshalJSON ¶ added in v1.2.2
func (d *DefaultUser) UnmarshalJSON(data []byte) error
UnmarshalJSON decode the json generated by MarshalJSON.
func (*DefaultUser) UserName ¶
func (d *DefaultUser) UserName() string
UserName returns the name that uniquely identifies this user among all other active users.
type Info ¶
type Info interface { // UserName returns the name that uniquely identifies this user among all // other active users. UserName() string // ID returns a unique value identify a particular user ID() string // Groups returns the names of the groups the user is a member of Groups() []string // Extensions can contain any additional information. Extensions() map[string][]string // SetGroups set the names of the groups the user is a member of. SetGroups(groups []string) // SetExtensions to contain additional information. SetExtensions(exts map[string][]string) }
Info describes a user that has been authenticated to the system.
func NewUserInfo ¶ added in v1.2.0
NewUserInfo implements InfoConstructor and return Info object. Typically called from strategies to create a new user object when its authenticated.
func UserFromCtx ¶ added in v1.3.2
UserFromCtx return user information from context.
type InfoConstructor ¶ added in v1.2.0
InfoConstructor define function signature to create new Info object.
type Option ¶ added in v1.3.0
type Option interface {
Apply(v interface{})
}
Option configures Strategy using the functional options paradigm popularized by Rob Pike and Dave Cheney. If you're unfamiliar with this style, see https://commandcenter.blogspot.com/2014/01/self-referential-functions-and-design.html and https://dave.cheney.net/2014/10/17/functional-options-for-friendly-apis.
type OptionFunc ¶ added in v1.3.0
type OptionFunc func(v interface{})
OptionFunc implements Option interface.
func (OptionFunc) Apply ¶ added in v1.3.0
func (fn OptionFunc) Apply(v interface{})
Apply the configuration to the provided strategy.
type Strategy ¶
type Strategy interface { // Authenticate users requests and return user information or error. Authenticate(ctx context.Context, r *http.Request) (Info, error) }
Strategy represents an authentication mechanism or method to authenticate users requests.
type StrategyKey ¶
type StrategyKey string
StrategyKey define a custom type to expose a strategy identifier.
Directories ¶
Path | Synopsis |
---|---|
strategies
|
|
basic
Package basic provides authentication strategy, to authenticate HTTP requests using the standard basic scheme.
|
Package basic provides authentication strategy, to authenticate HTTP requests using the standard basic scheme. |
bearer
Package bearer provides authentication strategy, to authenticate HTTP requests based on the bearer token.
|
Package bearer provides authentication strategy, to authenticate HTTP requests based on the bearer token. |
digest
Package digest provides authentication strategy, to authenticate HTTP requests using the standard digest scheme as described in RFC 7616.
|
Package digest provides authentication strategy, to authenticate HTTP requests using the standard digest scheme as described in RFC 7616. |
kubernetes
Package kubernetes provide auth strategy to authenticate, incoming HTTP requests using a Kubernetes Service Account Token.
|
Package kubernetes provide auth strategy to authenticate, incoming HTTP requests using a Kubernetes Service Account Token. |
ldap
Package ldap provides authentication strategy, to authenticate HTTP requests and builds, extracts user informations from LDAP Server.
|
Package ldap provides authentication strategy, to authenticate HTTP requests and builds, extracts user informations from LDAP Server. |
x509
Package x509 provides authentication strategy, to authenticate HTTPS requests and builds, extracts user informations from client certificates.
|
Package x509 provides authentication strategy, to authenticate HTTPS requests and builds, extracts user informations from client certificates. |