Documentation ¶
Index ¶
- Constants
- func ClearCookie(w http.ResponseWriter, req *http.Request, name string)
- func Delay(ctx context.Context)
- func GetToken(req *http.Request) string
- func SetCookie(w http.ResponseWriter, req *http.Request, name, value string)
- func SetCookieAge(w http.ResponseWriter, req *http.Request, name, value string, ...)
- type Error
- type Field
- type Handler
- func (h *Handler) AddIdentityProvider(id string, idp IdentityProvider) error
- func (h *Handler) CreateSession(ctx context.Context, userAgent, userID string) (*authtoken.Token, error)
- func (h *Handler) EndAllUserSessionsTx(ctx context.Context, tx *sql.Tx) error
- func (h *Handler) EndUserSessionTx(ctx context.Context, tx *sql.Tx, id ...string) error
- func (h *Handler) FindAllUserSessions(ctx context.Context, userID string) ([]UserSession, error)
- func (h *Handler) IdentityProviderHandler(id string) http.HandlerFunc
- func (h *Handler) ServeLogout(w http.ResponseWriter, req *http.Request)
- func (h *Handler) ServeProviders(w http.ResponseWriter, req *http.Request)
- func (h *Handler) WrapHandler(wrapped http.Handler) http.Handler
- type HandlerConfig
- type Identity
- type IdentityProvider
- type ProviderInfo
- type RedirectURL
- type Redirector
- type RouteInfo
- type UserSession
Constants ¶
const CookieName = "goalert_session.2"
CookieName is the name of the auth session cookie.
Variables ¶
This section is empty.
Functions ¶
func ClearCookie ¶
func ClearCookie(w http.ResponseWriter, req *http.Request, name string)
ClearCookie will clear and expire the cookie with the given name, for all API prefixes.
func Delay ¶
Delay will block for a random delay (or until the context is Done).
It is useful in situations where there has been an auth failure.
func GetToken ¶
GetToken will return the auth token associated with a request.
Supported options (in priority order): - `token` (field or query) - Authorization: Bearer header
func SetCookie ¶
func SetCookie(w http.ResponseWriter, req *http.Request, name, value string)
SetCookie will set a cookie value for all API prefixes, respecting the current config parameters.
func SetCookieAge ¶
SetCookieAge behaves like SetCookie but also sets the MaxAge.
Types ¶
type Error ¶
type Error string
An Error can be returned to indicate an error message that should be displayed to the user attempting to authenticate.
func (Error) ClientError ¶
ClientError indicates an error meant for the client to see.
type Field ¶
type Field struct { // ID is the unique name/identifier of the field. // It will be used as the key name in the POST request. ID string // Label is the text displayed to the user for the field. Label string // Required indicates a field that must not be empty. Required bool // Password indicates the field should be treated as a password (gererally masked). Password bool // Scannable indicates the field can be entered via QR-code scan. Scannable bool }
Field represents a single form field for authentication.
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler will serve authentication requests for registered identity providers.
func NewHandler ¶
NewHandler creates a new Handler using the provided config.
func (*Handler) AddIdentityProvider ¶
func (h *Handler) AddIdentityProvider(id string, idp IdentityProvider) error
AddIdentityProvider registers a new IdentityProvider with the given ID.
func (*Handler) CreateSession ¶
func (h *Handler) CreateSession(ctx context.Context, userAgent, userID string) (*authtoken.Token, error)
CreateSession will start a new session for the given UserID, returning a newly signed token.
func (*Handler) EndAllUserSessionsTx ¶ added in v0.26.0
EndAllUserSessionsTx ends all sessions other than the user's currently active session
func (*Handler) EndUserSessionTx ¶ added in v0.26.0
func (*Handler) FindAllUserSessions ¶ added in v0.26.0
func (*Handler) IdentityProviderHandler ¶
func (h *Handler) IdentityProviderHandler(id string) http.HandlerFunc
IdentityProviderHandler will return a handler for the given provider ID.
It panics if the id has not been registered with AddIdentityProvider.
func (*Handler) ServeLogout ¶
func (h *Handler) ServeLogout(w http.ResponseWriter, req *http.Request)
ServeLogout will clear the current session cookie and end the session(s) (if any).
func (*Handler) ServeProviders ¶
func (h *Handler) ServeProviders(w http.ResponseWriter, req *http.Request)
ServeProviders will return a list of the currently enabled identity providers.
func (*Handler) WrapHandler ¶
WrapHandler will wrap an existing http.Handler so the Context of the request includes authentication information (if the request is authorized).
Updating and clearing the session cookie is automatically handled.
type HandlerConfig ¶
type HandlerConfig struct { UserStore *user.Store SessionKeyring keyring.Keyring APIKeyring keyring.Keyring IntKeyStore *integrationkey.Store CalSubStore *calsub.Store }
HandlerConfig provides configuration for the auth handler.
type Identity ¶
type Identity struct { // SubjectID should be a provider-specific identifier for an individual. SubjectID string Email string EmailVerified bool Name string }
Identity represents a user's proven identity.
type IdentityProvider ¶
type IdentityProvider interface { Info(context.Context) ProviderInfo ExtractIdentity(*RouteInfo, http.ResponseWriter, *http.Request) (*Identity, error) }
An IdentityProvider provides an option for a user to login (identify themselves).
Examples include user/pass, OIDC, LDAP, etc..
type ProviderInfo ¶
type ProviderInfo struct { // Title is a user-viewable string for identifying this provider. Title string // LogoURL is the optional URL of an icon to display with the provider. LogoURL string `json:",omitempty"` // Fields holds a list of fields to include with the request. // The order specified is the order displayed. Fields []Field `json:",omitempty"` // Hidden indicates that the provider is not intended for user visibility. Hidden bool `json:"-"` // Enabled indicates that the provider is currently turned on. Enabled bool `json:"-"` }
ProviderInfo holds the details for using a provider.
type RedirectURL ¶
type RedirectURL string
RedirectURL is a convenience type that can be returned as an error resulting in redirection. It implements the error and Redirector interfaces.
func (RedirectURL) Error ¶
func (RedirectURL) Error() string
func (RedirectURL) RedirectURL ¶
func (r RedirectURL) RedirectURL() string
RedirectURL implements the Redirector interface.
type Redirector ¶
type Redirector interface {
RedirectURL() string
}
A Redirector provides a target URL for redirecting a user.
type RouteInfo ¶
type RouteInfo struct { // Relative provides a path, relative to the base of the current // identity provider. RelativePath string // CurrentURL is calculated using the --public-url or AuthRefererURLs and // the current auth attempt's referer. It does not include // query parameters of the current request. CurrentURL string }
RouteInfo represents path information for the current request.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package basic implements a simple auth provider and backend that identifies a user via username & password combination.
|
Package basic implements a simple auth provider and backend that identifies a user via username & password combination. |
Package github implements an auth provider and backend that identifies a user via github account.
|
Package github implements an auth provider and backend that identifies a user via github account. |