auth

package
v0.7.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 6, 2023 License: AGPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// AuthSignInPath is the API path for users to sign in through
	AuthSignInPath = "/sign_in"
	// AuthCheckYourEmailPath users land here after registering a new account, instructs them to confirm their email
	AuthCheckYourEmailPath = "/check_your_email"
	// AuthWaitForApprovalPath users land here after confirming their email
	// but before an admin approves their account (if such is required)
	AuthWaitForApprovalPath = "/wait_for_approval"
	// AuthAccountDisabledPath users land here when their account is suspended by an admin
	AuthAccountDisabledPath = "/account_disabled"
	// AuthCallbackPath is the API path for receiving callback tokens from external OIDC providers
	AuthCallbackPath = "/callback"

	// OauthTokenPath is the API path to use for granting token requests to users with valid credentials
	OauthTokenPath = "/token" // #nosec G101 else we get a hardcoded credentials warning
	// OauthAuthorizePath is the API path for authorization requests (eg., authorize this app to act on my behalf as a user)
	OauthAuthorizePath = "/authorize"
	// OauthFinalizePath is the API path for completing user registration with additional user details
	OauthFinalizePath = "/finalize"
	// OauthOobTokenPath is the path for serving an html representation of an oob token page.
	OauthOobTokenPath = "/oob" // #nosec G101 else we get a hardcoded credentials warning

)

Variables

This section is empty.

Functions

This section is empty.

Types

type Module

type Module struct {
	// contains filtered or unexported fields
}

func New

func New(db db.DB, processor processing.Processor, idp oidc.IDP) *Module

New returns an Auth module which provides both 'oauth' and 'auth' endpoints.

It is safe to pass a nil idp if oidc is disabled.

func (*Module) AuthorizeGETHandler

func (m *Module) AuthorizeGETHandler(c *gin.Context)

AuthorizeGETHandler should be served as GET at https://example.org/oauth/authorize The idea here is to present an oauth authorize page to the user, with a button that they have to click to accept.

func (*Module) AuthorizePOSTHandler

func (m *Module) AuthorizePOSTHandler(c *gin.Context)

AuthorizePOSTHandler should be served as POST at https://example.org/oauth/authorize At this point we assume that the user has A) logged in and B) accepted that the app should act for them, so we should proceed with the authentication flow and generate an oauth token for them if we can.

func (*Module) CallbackGETHandler

func (m *Module) CallbackGETHandler(c *gin.Context)

CallbackGETHandler parses a token from an external auth provider.

func (*Module) FinalizePOSTHandler

func (m *Module) FinalizePOSTHandler(c *gin.Context)

FinalizePOSTHandler registers the user after additional data has been provided

func (*Module) OobHandler

func (m *Module) OobHandler(c *gin.Context)

func (*Module) RouteAuth

func (m *Module) RouteAuth(attachHandler func(method string, path string, f ...gin.HandlerFunc) gin.IRoutes)

RouteAuth routes all paths that should have an 'auth' prefix

func (*Module) RouteOauth

func (m *Module) RouteOauth(attachHandler func(method string, path string, f ...gin.HandlerFunc) gin.IRoutes)

RouteOauth routes all paths that should have an 'oauth' prefix

func (*Module) SignInGETHandler

func (m *Module) SignInGETHandler(c *gin.Context)

SignInGETHandler should be served at https://example.org/auth/sign_in. The idea is to present a sign in page to the user, where they can enter their username and password. The form will then POST to the sign in page, which will be handled by SignInPOSTHandler. If an idp provider is set, then the user will be redirected to that to do their sign in.

func (*Module) SignInPOSTHandler

func (m *Module) SignInPOSTHandler(c *gin.Context)

SignInPOSTHandler should be served at https://example.org/auth/sign_in. The idea is to present a sign in page to the user, where they can enter their username and password. The handler will then redirect to the auth handler served at /auth

func (*Module) TokenPOSTHandler

func (m *Module) TokenPOSTHandler(c *gin.Context)

TokenPOSTHandler should be served as a POST at https://example.org/oauth/token The idea here is to serve an oauth access token to a user, which can be used for authorizing against non-public APIs.

func (*Module) ValidatePassword

func (m *Module) ValidatePassword(ctx context.Context, email string, password string) (string, gtserror.WithCode)

ValidatePassword takes an email address and a password. The goal is to authenticate the password against the one for that email address stored in the database. If OK, we return the userid (a ulid) for that user, so that it can be used in further Oauth flows to generate a token/retreieve an oauth client from the db.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL