authenticator

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 10, 2024 License: GPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrAdminAuthenticatorSystemKey = errors.New("admin authenticator supports only one key named system")
	ErrNoAuthenticator             = errors.New("at least one vendor should be enable to have soteria")
	ErrNoDefaultCaseIssEntity      = errors.New("default case for iss-entity map is required")
	ErrNoDefaultCaseIssPeer        = errors.New("default case for iss-peer map is required")
	ErrInvalidAuthenticator        = errors.New("there is no authenticator to support your request")
)
View Source 
var (
	ErrInvalidSigningMethod = errors.New("signing method does not match with authenticator signing method")
	ErrIssNotFound          = errors.New("could not found iss in token claims")
	ErrSubNotFound          = errors.New("could not found sub in token claims")
	ErrInvalidClaims        = errors.New("invalid claims")
	ErrInvalidIP            = errors.New("IP is not valid")
	ErrInvalidAccessType    = errors.New("requested access type is invalid")
	ErrDecodeHashID         = errors.New("could not decode hash id")
	ErrInvalidSecret        = errors.New("invalid secret")
	ErrIncorrectPassword    = errors.New("username or password is worng")
)
View Source 
var (
	ErrInvalidKeyType = errors.New("cannot determine the key type")
	ErrNoKeys         = errors.New("at least one key required")
)
View Source 
var AuthenticateCounterMetric = promauto.NewCounterVec(prometheus.CounterOpts{
	Namespace: "dispatching",
	Subsystem: "soteria",
	Name:      "auth_total",
	Help:      "Total number of authentication attempts",
}, []string{"company", "status"})

nolint:exhaustruct,gochecknoglobals

Functions

func IncrementWithErrorAuthCounter 

func IncrementWithErrorAuthCounter(company string, err error)

nolint:cyclop

Types

type AdminAuthenticator 

type AdminAuthenticator struct {
	Key       any
	Company   string
	JwtConfig config.JWT
	Parser    *jwt.Parser
}

AdminAuthenticator is responsible for Acl/Auth/Token of the internal system users, these users have admin access.

func (AdminAuthenticator) ACL 

func (a AdminAuthenticator) ACL(
	_ acl.AccessType,
	_ string,
	_ string,
) (bool, error)

ACL check a system user access to a topic. because we returns is-admin: true, this endpoint shouldn't be called.

func (AdminAuthenticator) Auth 

func (a AdminAuthenticator) Auth(tokenString string) error

Auth check user authentication by checking the user's token isSuperuser is a flag that authenticator set it true when credentials is related to a superuser.

func (AdminAuthenticator) GetCompany 

func (a AdminAuthenticator) GetCompany() string

func (AdminAuthenticator) IsSuperuser 

func (a AdminAuthenticator) IsSuperuser() bool

func (AdminAuthenticator) ValidateAccessType 

func (a AdminAuthenticator) ValidateAccessType(_ acl.AccessType) bool

type Authenticator 

type Authenticator interface {
	// Auth check user authentication by checking the user's token.
	// it retruns error in case of any issue with the user token.
	Auth(tokenString string) error

	// ACL check a user access to a topic.
	ACL(
		accessType acl.AccessType,
		tokenString string,
		topic string,
	) (bool, error)

	// ValidateAccessType checks access type for specific topic
	ValidateAccessType(accessType acl.AccessType) bool

	// GetCompany Return the Company Field of The Inherited Objects
	GetCompany() string

	// IsSuperuser changes the Auth response in case of successful authentication
	// and shows user as superuser which disables the ACL.
	IsSuperuser() bool
}

type AutoAuthenticator 

type AutoAuthenticator struct {
	AllowedAccessTypes []acl.AccessType
	TopicManager       *topics.Manager
	Company            string
	JWTConfig          config.JWT
	Validator          validator.Client
	Parser             *jwt.Parser
	Tracer             trace.Tracer
	Logger             *zap.Logger
	// contains filtered or unexported fields
}

AutoAuthenticator is responsible for Acl/Auth/Token of users.

func (AutoAuthenticator) ACL 

func (a AutoAuthenticator) ACL(
	accessType acl.AccessType,
	tokenString string,
	topic string,
) (bool, error)

ACL check a user access to a topic. nolint: funlen, cyclop, dupl

func (AutoAuthenticator) Auth 

func (a AutoAuthenticator) Auth(tokenString string) error

Auth check user authentication by checking the user's token isSuperuser is a flag that authenticator set it true when credentials is related to a superuser.

func (AutoAuthenticator) GetCompany 

func (a AutoAuthenticator) GetCompany() string

func (AutoAuthenticator) IsSuperuser 

func (a AutoAuthenticator) IsSuperuser() bool

func (AutoAuthenticator) ValidateAccessType 

func (a AutoAuthenticator) ValidateAccessType(accessType acl.AccessType) bool

type Builder 

type Builder struct {
	Vendors                    []config.Vendor
	Logger                     *zap.Logger
	ValidatorConfig            config.Validator
	Tracer                     trace.Tracer
	BlackListUserLoggingConfig config.BlackListUserLogging
}

func (Builder) Authenticators 

func (b Builder) Authenticators() (map[string]Authenticator, error)

func (Builder) GenerateECDSAKeys 

func (b Builder) GenerateECDSAKeys(raw map[string]string) (map[string]any, error)

func (Builder) GenerateHMACKeys 

func (b Builder) GenerateHMACKeys(raw map[string]string) (map[string]any, error)

func (Builder) GenerateKeys 

func (b Builder) GenerateKeys(method string, keys map[string]string) (map[string]any, error)

func (Builder) GenerateRSAKeys 

func (b Builder) GenerateRSAKeys(raw map[string]string) (map[string]any, error)

func (Builder) GetAllowedAccessTypes 

func (b Builder) GetAllowedAccessTypes(accessTypes []string) ([]acl.AccessType, error)

GetAllowedAccessTypes will return all allowed access types in Soteria.

func (Builder) ValidateMappers 

func (b Builder) ValidateMappers(issEntityMap, issPeerMap map[string]string) error

type InvalidTopicError 

type InvalidTopicError struct {
	Topic string
}

func (InvalidTopicError) Error 

func (err InvalidTopicError) Error() string

type KeyNotFoundError 

type KeyNotFoundError struct {
	Issuer string
}

func (KeyNotFoundError) Error 

func (err KeyNotFoundError) Error() string

type ManualAuthenticator 

type ManualAuthenticator struct {
	Keys               map[string]any
	AllowedAccessTypes []acl.AccessType
	TopicManager       *topics.Manager
	Company            string
	JWTConfig          config.JWT
	Parser             *jwt.Parser
}

ManualAuthenticator is responsible for Acl/Auth/Token of users without calling any http client, etc.

func (ManualAuthenticator) ACL 

func (a ManualAuthenticator) ACL(
	accessType acl.AccessType,
	tokenString string,
	topic string,
) (bool, error)

ACL check a user access to a topic. nolint: funlen, cyclop, dupl

func (ManualAuthenticator) Auth 

func (a ManualAuthenticator) Auth(tokenString string) error

Auth check user authentication by checking the user's token.

func (ManualAuthenticator) GetCompany 

func (a ManualAuthenticator) GetCompany() string

func (ManualAuthenticator) IsSuperuser 

func (a ManualAuthenticator) IsSuperuser() bool

func (ManualAuthenticator) ValidateAccessType 

func (a ManualAuthenticator) ValidateAccessType(accessType acl.AccessType) bool

type TopicNotAllowedError 

type TopicNotAllowedError struct {
	Issuer     string
	Sub        string
	AccessType acl.AccessType
	Topic      string
	TopicType  string
}

func (TopicNotAllowedError) Error 

func (err TopicNotAllowedError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.