Documentation
¶
Overview ¶
Package auth contains types for authenticating and authorizing requests.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrForbidden can be returned from Authenticator implementations when // the user provides invalid credentials. ErrForbidden = errors.New("auth: forbidden") // ErrTwoFactor can be returned by an Authenticator implementation when // a two factor code is either invalid or required. ErrTwoFactor = errors.New("auth: two factor code required or invalid") )
Functions ¶
This section is empty.
Types ¶
type AccessTokenAuthenticator ¶
type AccessTokenAuthenticator struct {
// contains filtered or unexported fields
}
AccessTokenAuthenticator is an Authenticator that uses empire JWT access tokens to authenticate.
func NewAccessTokenAuthenticator ¶
func NewAccessTokenAuthenticator(e *empire.Empire) *AccessTokenAuthenticator
NewAccessTokenAuthenticator reutrns a new AccessTokenAuthenticator.
func (*AccessTokenAuthenticator) Authenticate ¶
func (a *AccessTokenAuthenticator) Authenticate(_ string, token string, _ string) (*empire.User, error)
Authenticate authenticates the access token, which should be provided as the password parameter. Username and otp are ignored.
type Authenticator ¶
type Authenticator interface {
// Authenticate should check the credentials and return the Empire user.
Authenticate(username, password, twofactor string) (*empire.User, error)
}
Authenticator represents something that, given a username, password and OTP can authenticate an Empire user.
func Anyone ¶
func Anyone(user *empire.User) Authenticator
Anyone returns an Authenticator that let's anyone in and sets them as the given user.
func MultiAuthenticator ¶
func MultiAuthenticator(authenticators ...Authenticator) Authenticator
MultiAuthenticator returns an Authenticator that tries each Authenticator until one succeeds or they all fail.
It will proceed to the next authenticator when the error returned is ErrForbidden. Any other errors are bubbled up (e.g. ErrTwoFactor).
func StaticAuthenticator ¶
func StaticAuthenticator(username, password, otp string, user *empire.User) Authenticator
StaticAuthenticator returns an Authenticator that returns the provided user when the given credentials are provided.
func WithAuthorization ¶
func WithAuthorization(authenticator Authenticator, authorizer Authorizer) Authenticator
WithAuthorization wraps an Authenticator to also perform an Authorization after to user is successfully authenticated.
type AuthenticatorFunc ¶
AuthenticatorFunc is a function signature that implements the Authenticator interface.
func (AuthenticatorFunc) Authenticate ¶
func (fn AuthenticatorFunc) Authenticate(username, password, otp string) (*empire.User, error)
Authenticate calls the AuthenticatorFunc.
type Authorizer ¶
type Authorizer interface {
// Authorize should check that the user has access to perform the
// action. If not, ErrUnauthorized should be returned.
Authorize(*empire.User) error
}
Authorizer represents something that can perform an authorization check.
func CacheAuthorization ¶
func CacheAuthorization(a Authorizer, expiration time.Duration) Authorizer
CacheAuthorization wraps an Authorizer in an in memory cache that expires after the given expiration. Only positive authorizations will be cached.
type AuthorizerFunc ¶
type UnauthorizedError ¶
type UnauthorizedError struct {
Reason string
}
UnauthorizedError can be returned from Authorizer implementations when the user is not authorized to perform an action.
func (*UnauthorizedError) Error ¶
func (e *UnauthorizedError) Error() string
Source Files
Directories