auth

package
v0.8.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2025 License: Apache-2.0 Imports: 12 Imported by: 3

Documentation

Overview

Package auth handles auth

Index

Constants

View Source 
const (
	// Authorization is the key used in HTTP headers or cookies to represent the authorization token
	Authorization = "Authorization"
	// APIKeyHeader is the key used in HTTP headers to represent the API key
	APIKeyHeader = "X-API-Key" //nolint:gosec
	// AccessTokenCookie is the key used in cookies to represent the access token
	AccessTokenCookie = "access_token"
	// RefreshTokenCookie is the key used in cookies to represent the refresh token
	RefreshTokenCookie = "refresh_token"
)
View Source 
const (
	// UserSubjectType is the subject type for user accounts
	UserSubjectType = "user"
	// ServiceSubjectType is the subject type for service accounts
	ServiceSubjectType = "service"
)

Variables

View Source 
var (
	// ErrNoClaims is returned when no claims are found on the request context
	ErrNoClaims = errors.New("no claims found on the request context")
	// ErrNoUserInfo is returned when no user info is found on the request context
	ErrNoUserInfo = errors.New("no user info found on the request context")
	// ErrNoAuthUser is returned when no authenticated user is found on the request context
	ErrNoAuthUser = errors.New("could not identify authenticated user in request")
	// ErrUnverifiedUser is returned when the user is not verified
	ErrUnverifiedUser = errors.New("user is not verified")
	// ErrParseBearer is returned when the bearer token could not be parsed from the authorization header
	ErrParseBearer = errors.New("could not parse bearer token from authorization header")
	// ErrNoAuthorization is returned when no authorization header is found in the request
	ErrNoAuthorization = errors.New("no authorization header in request")
	// ErrNoAPIKey is returned when no API key is found in the request
	ErrNoAPIKey = errors.New("no API key found in request")
	// ErrNoRequest is returned when no request is found on the context
	ErrNoRequest = errors.New("no request found on the context")
	// ErrNoRefreshToken is returned when no refresh token is found on the request
	ErrNoRefreshToken = errors.New("no refresh token available on request")
	// ErrRefreshDisabled is returned when re-authentication with refresh tokens is disabled
	ErrRefreshDisabled = errors.New("re-authentication with refresh tokens disabled")
	// ErrUnableToConstructValidator is returned when the validator cannot be constructed
	ErrUnableToConstructValidator = errors.New("unable to construct validator")
	// ErrPasswordTooWeak is returned when the password is too weak
	ErrPasswordTooWeak = errors.New("password is too weak: use a combination of upper and lower case letters, numbers, and special characters")
	// ErrCouldNotFetchSubscription is returned when the subscription could not be fetched
	ErrCouldNotFetchSubscription = errors.New("could not fetch subscription")
)
View Source 
var ContextAccessToken = &ContextKey{"access_token"}

ContextAccessToken is the context key for the access token

View Source 
var ContextAuthenticatedUser = &ContextKey{"authenticated_user"}

ContextAuthenticatedUser is the context key for the user claims

View Source 
var ContextRefreshToken = &ContextKey{"refresh_token"}

ContextAccessToken is the context key for the access token

View Source 
var ContextRequestID = &ContextKey{"request_id"}

ContextRequestID is the context key for the request ID

Functions

func AccessTokenFromContext added in v0.4.2 

func AccessTokenFromContext(ctx context.Context) (string, bool)

AccessTokenFromContext retrieves the access token from the context

func AccessTokenFromContextOr added in v0.4.2 

func AccessTokenFromContextOr(ctx context.Context, def string) string

AccessTokenFromContextOr retrieves the access token from the context or returns the provided default value if not found

func AccessTokenFromContextOrFunc added in v0.4.2 

func AccessTokenFromContextOrFunc(ctx context.Context, f func() string) string

AccessTokenFromContextOrFunc retrieves the access token from the context or returns the result of the provided function if not found

func AddAuthenticatedUserContext 

func AddAuthenticatedUserContext(c echo.Context, user *AuthenticatedUser) context.Context

AddAuthenticatedUserContext adds the authenticated user context and returns the context

func AddOrganizationIDToContext 

func AddOrganizationIDToContext(ctx context.Context, orgID string) error

AddOrganizationIDToContext appends an authorized organization ID to the context. This generally should not be used, as the authorized organization should be determined by the claims or the token. This is only used in cases where the a user is newly authorized to an organization and the organization ID is not in the token claims

func AddSubscriptionToContext added in v0.3.2 

func AddSubscriptionToContext(ctx context.Context, subscription bool) error

AddSubscriptionToContext appends a subscription to the context

func AuthContextFromRequest 

func AuthContextFromRequest(c echo.Context) (*context.Context, error)

AuthContextFromRequest creates a context from the echo request context, copying fields that may be required for forwarded requests. This method should be called by handlers which need to forward requests to other services and need to preserve data from the original request such as the user's credentials.

func ClearAuthCookies 

func ClearAuthCookies(w http.ResponseWriter)

ClearAuthCookies is a helper function to clear authentication cookies on a echo request to effectively logger out a user.

func CookieExpired 

func CookieExpired(cookie *http.Cookie) bool

CookieExpired checks to see if a cookie is expired

func GetAPIKey added in v0.7.1 

func GetAPIKey(c echo.Context) (string, error)

GetAPIKey retrieves the API key from the authorization header or the X-API-Key header.

func GetAccessToken 

func GetAccessToken(c echo.Context) (string, error)

GetAccessToken retrieves the bearer token from the authorization header and parses it to return only the JWT access token component of the header. Alternatively, if the authorization header is not present, then the token is fetched from cookies. If the header is missing or the token is not available, an error is returned.

NOTE: the authorization header takes precedence over access tokens in cookies.

func GetAccessTokenContext 

func GetAccessTokenContext(c context.Context) (string, error)

GetAccessTokenContext gets the authenticated user context

func GetAuthzSubjectType 

func GetAuthzSubjectType(ctx context.Context) string

GetAuthzSubjectType returns the subject type based on the authentication type

func GetContextName 

func GetContextName(key *ContextKey) string

GetContextName returns the name of the context key

func GetOrganizationIDFromContext 

func GetOrganizationIDFromContext(ctx context.Context) (string, error)

GetOrganizationIDFromContext returns the organization ID from context

func GetOrganizationIDsFromContext 

func GetOrganizationIDsFromContext(ctx context.Context) ([]string, error)

GetOrganizationIDsFromContext returns the list of organization IDs from context

func GetOrganizationNameFromContext 

func GetOrganizationNameFromContext(ctx context.Context) (string, error)

GetOrganizationNameFromContext returns the organization name from context

func GetRefreshToken 

func GetRefreshToken(c echo.Context) (string, error)

GetRefreshToken retrieves the refresh token from the cookies in the request. If the cookie is not present or expired then an error is returned.

func GetRefreshTokenContext 

func GetRefreshTokenContext(c context.Context) (string, error)

GetRefreshTokenContext gets the authenticated user context

func GetSubscriptionFromContext added in v0.3.2 

func GetSubscriptionFromContext(ctx context.Context) (bool, error)

GetSubscriptionFromContext returns the active subscription from the context

func GetUserIDFromContext 

func GetUserIDFromContext(ctx context.Context) (string, error)

GetUserIDFromContext returns the actor subject from the context

func GetUserNameFromContext 

func GetUserNameFromContext(ctx context.Context) (string, error)

GetUserNameFromContext returns the actor name from the context

func IsAPITokenAuthentication 

func IsAPITokenAuthentication(ctx context.Context) bool

func MustAccessTokenFromContext added in v0.4.2 

func MustAccessTokenFromContext(ctx context.Context) string

MustAccessTokenFromContext retrieves the access token from the context or panics if not found

func MustRequestIDFromContext added in v0.4.2 

func MustRequestIDFromContext(ctx context.Context) string

MustRequestIDFromContext retrieves the request ID from the context or panics if not found

func NewSetAuthenticatedUserContext added in v0.4.2 

func NewSetAuthenticatedUserContext(c echo.Context, user *AuthenticatedUser)

NewSetAuthenticatedUserContext sets the authenticated user context in the echo context

func NewTestContextWithOrgID 

func NewTestContextWithOrgID(sub, orgID string) (context.Context, error)

NewTestContextWithOrgID creates a context with a fake orgID for testing purposes only (why all caps jeez keep it down)

func NewTestContextWithSubscription added in v0.3.2 

func NewTestContextWithSubscription(subscription bool) (context.Context, error)

NewTestContextWithOrgID creates a context with a fake orgID for testing purposes only (why all caps jeez keep it down)

func NewTestContextWithValidUser 

func NewTestContextWithValidUser(subject string) (context.Context, error)

func NewTestEchoContextWithOrgID 

func NewTestEchoContextWithOrgID(sub, orgID string) (echo.Context, error)

NewTestEchoContextWithOrgID creates an echo context with a fake orgID for testing purposes ONLY

func NewTestEchoContextWithSubscription added in v0.3.2 

func NewTestEchoContextWithSubscription(subscription bool) (echo.Context, error)

NewTestEchoContextWithOrgID creates an echo context with a fake orgID for testing purposes ONLY

func NewTestEchoContextWithValidUser 

func NewTestEchoContextWithValidUser(subject string) (echo.Context, error)

NewTestEchoContextWithValidUser creates an echo context with a fake subject for testing purposes ONLY

func RequestIDFromContext added in v0.4.2 

func RequestIDFromContext(ctx context.Context) (string, bool)

RequestIDFromContext retrieves the request ID from the context

func RequestIDFromContextOr added in v0.4.2 

func RequestIDFromContextOr(ctx context.Context, def string) string

RequestIDFromContextOr retrieves the request ID from the context or returns the provided default value if not found

func RequestIDFromContextOrFunc added in v0.4.2 

func RequestIDFromContextOrFunc(ctx context.Context, f func() string) string

RequestIDFromContextOrFunc retrieves the request ID from the context or returns the result of the provided function if not found

func SetAccessTokenContext 

func SetAccessTokenContext(c echo.Context, token string)

SetAccessTokenContext sets the access token context in the echo context

func SetAuthCookies 

func SetAuthCookies(w http.ResponseWriter, accessToken, refreshToken string, c sessions.CookieConfig)

SetAuthCookies is a helper function to set authentication cookies on a echo request. The access token cookie (access_token) is an http only cookie that expires when the access token expires. The refresh token cookie is not an http only cookie (it can be accessed by client-side scripts) and it expires when the refresh token expires. Both cookies require https and will not be set (silently) over http connections.

func SetAuthenticatedUserContext 

func SetAuthenticatedUserContext(c echo.Context, user *AuthenticatedUser)

SetAuthenticatedUserContext sets the authenticated user context in the echo context

func SetOrganizationIDInAuthContext added in v0.1.4 

func SetOrganizationIDInAuthContext(ctx context.Context, orgID string) error

SetOrganizationIDInAuthContext sets the organization ID in the auth context this should only be used when creating a new organization and subsequent updates need to happen in the context of the new organization

func SetRefreshTokenContext 

func SetRefreshTokenContext(c echo.Context, token string)

SetRefreshTokenContext sets the refresh token context in the echo context

func WithAccessToken added in v0.4.2 

func WithAccessToken(ctx context.Context, token string) context.Context

WithAccessToken sets the access token in the context

func WithAuthenticatedUser added in v0.4.2 

func WithAuthenticatedUser(ctx context.Context, user *AuthenticatedUser) context.Context

WithAuthenticatedUser sets the authenticated user in the context

func WithRequestID added in v0.4.2 

func WithRequestID(ctx context.Context, requestID string) context.Context

WithRequestID sets the request ID in the context

Types

type AuthenticatedUser 

type AuthenticatedUser struct {
	// SubjectID is the user ID of the authenticated user or the api token ID if the user is an API token
	SubjectID string
	// SubjectName is the name of the authenticated user
	SubjectName string
	// SubjectEmail is the email of the authenticated user
	SubjectEmail string
	// OrganizationID is the organization ID of the authenticated user
	OrganizationID string
	// OrganizationName is the name of the organization the user is authenticated to
	OrganizationName string
	// OrganizationIDs is the list of organization IDs the user is authorized to access
	OrganizationIDs []string
	// AuthenticationType is the type of authentication used to authenticate the user (JWT, PAT, API Token)
	AuthenticationType AuthenticationType
	// ActiveSubscription is the active subscription for the user
	ActiveSubscription bool
}

AuthenticatedUser contains the user and organization ID for the authenticated user

func AuthenticatedUserFromContext added in v0.4.2 

func AuthenticatedUserFromContext(ctx context.Context) (*AuthenticatedUser, bool)

AuthenticatedUserFromContext retrieves the authenticated user from the context

func AuthenticatedUserFromContextOr added in v0.4.2 

func AuthenticatedUserFromContextOr(ctx context.Context, def *AuthenticatedUser) *AuthenticatedUser

AuthenticatedUserFromContextOr retrieves the authenticated user from the context or returns the provided default value if not found

func AuthenticatedUserFromContextOrFunc added in v0.4.2 

func AuthenticatedUserFromContextOrFunc(ctx context.Context, f func() *AuthenticatedUser) *AuthenticatedUser

AuthenticatedUserFromContextOrFunc retrieves the authenticated user from the context or returns the result of the provided function if not found

func GetAuthenticatedUserContext 

func GetAuthenticatedUserContext(c context.Context) (*AuthenticatedUser, error)

GetAuthenticatedUserContext gets the authenticated user context

func GetAuthenticatedUserContextOr added in v0.4.2 

func GetAuthenticatedUserContextOr(c echo.Context, def *AuthenticatedUser) *AuthenticatedUser

GetAuthenticatedUserContextOr retrieves the authenticated user from the echo context or returns the provided default value if not found

func GetAuthenticatedUserContextOrFunc added in v0.4.2 

func GetAuthenticatedUserContextOrFunc(c echo.Context, f func() *AuthenticatedUser) *AuthenticatedUser

GetAuthenticatedUserContextOrFunc retrieves the authenticated user from the echo context or returns the result of the provided function if not found

func MustAuthenticatedUserFromContext added in v0.4.2 

func MustAuthenticatedUserFromContext(ctx context.Context) *AuthenticatedUser

MustAuthenticatedUserFromContext retrieves the authenticated user from the context or panics if not found

func MustGetAuthenticatedUserContext added in v0.4.2 

func MustGetAuthenticatedUserContext(c echo.Context) *AuthenticatedUser

MustGetAuthenticatedUserContext retrieves the authenticated user from the echo context or panics if not found

func NewGetAuthenticatedUserContext added in v0.4.2 

func NewGetAuthenticatedUserContext(c echo.Context) (*AuthenticatedUser, bool)

NewGetAuthenticatedUserContext retrieves the authenticated user from the echo context

type AuthenticationType 

type AuthenticationType string
const (
	// JWTAuthentication is the authentication type for JWT tokens
	JWTAuthentication AuthenticationType = "jwt"
	// PATAuthentication is the authentication type for personal access tokens
	PATAuthentication AuthenticationType = "pat"
	// APITokenAuthentication is the authentication type for API tokens
	APITokenAuthentication AuthenticationType = "api_token"
)

func GetAuthTypeFromContext 

func GetAuthTypeFromContext(ctx context.Context) AuthenticationType

GetAuthTypeFromEchoContext retrieves the authentication type from the context

func GetAuthTypeFromEchoContext 

func GetAuthTypeFromEchoContext(c echo.Context) AuthenticationType

GetAuthTypeFromEchoContext retrieves the authentication type from the echo context

type ContextKey 

type ContextKey struct {
	// contains filtered or unexported fields
}

ContextKey is the key name for the additional context

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.