auth

package
v2.1.0-mercury-20230522 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 22, 2023 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// APIKey is the header name for the API token identifier for user authentication.
	APIKey = "X-API-KEY"

	// APISecret is the header name for the API token secret for user authentication.
	APISecret = "X-API-SECRET"

	// SessionName is the session name
	SessionName = "clsession"

	// SessionIDKey is the session ID key in the session map
	SessionIDKey = "clsession_id"

	// SessionUserKey is the User key in the session map
	SessionUserKey = "user"

	// SessionExternalInitiatorKey is the External Initiator key in the session map
	SessionExternalInitiatorKey = "external_initiator"
)

Variables

This section is empty.

Functions

func Authenticate

func Authenticate(store Authenticator, methods ...authMethod) gin.HandlerFunc

Authenticate is middleware which authenticates the request by attempting to authenticate using all the provided methods.

func AuthenticateBySession

func AuthenticateBySession(c *gin.Context, authr Authenticator) error

AuthenticateBySession authenticates the request by the session cookie.

Implements authMethod

func AuthenticateByToken

func AuthenticateByToken(c *gin.Context, authr Authenticator) error

AuthenticateByToken authenticates a User by their API token.

Implements authMethod

func AuthenticateExternalInitiator

func AuthenticateExternalInitiator(c *gin.Context, store Authenticator) error

AuthenticateExternalInitiator authenticates an external initiator request.

Implements authMethod

func AuthenticateGQL

func AuthenticateGQL(authenticator Authenticator, lggr logger.Logger) gin.HandlerFunc

AuthenticateGQL middleware checks the session cookie for a user and sets it on the request context if it exists. It is the responsibility of each resolver to validate whether it requires an authenticated user.

We currently only support GQL authentication by session cookie.

func GetAuthenticatedExternalInitiator

func GetAuthenticatedExternalInitiator(c *gin.Context) (*bridges.ExternalInitiator, bool)

GetAuthenticatedExternalInitiator extracts the external initiator from the context.

func GetAuthenticatedUser

func GetAuthenticatedUser(c *gin.Context) (*clsessions.User, bool)

GetAuthenticatedUser extracts the authentication user from the context.

func RequiresAdminRole

func RequiresAdminRole(handler func(*gin.Context)) func(*gin.Context)

RequiresAdminRole extracts the user object from the context, and asserts the user's role is 'admin'

func RequiresEditRole

func RequiresEditRole(handler func(*gin.Context)) func(*gin.Context)

RequiresEditRole extracts the user object from the context, and asserts the user's role is at least 'edit'

func RequiresRunRole

func RequiresRunRole(handler func(*gin.Context)) func(*gin.Context)

RequiresRunRole extracts the user object from the context, and asserts the user's role is at least 'run'

func SetGQLAuthenticatedSession

func SetGQLAuthenticatedSession(ctx context.Context, user clsessions.User, sessionID string) context.Context

SetGQLAuthenticatedSession sets the authenticated session in the context

There shouldn't be a need to do this outside of testing

Types

type Authenticator

type Authenticator interface {
	AuthorizedUserWithSession(sessionID string) (clsessions.User, error)
	FindExternalInitiator(eia *auth.Token) (*bridges.ExternalInitiator, error)
	FindUser(email string) (clsessions.User, error)
	FindUserByAPIToken(apiToken string) (clsessions.User, error)
}

Authenticator defines the interface to authenticate requests against a datastore.

type GQLSession

type GQLSession struct {
	SessionID string
	User      *clsessions.User
}

func GetGQLAuthenticatedSession

func GetGQLAuthenticatedSession(ctx context.Context) (*GQLSession, bool)

GetGQLAuthenticatedSession extracts the authentication session from a context.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL