Documentation
¶
Overview ¶
Package auth handles auth
Index ¶
- Constants
- Variables
- func AccessTokenFromContext(ctx context.Context) (string, bool)
- func AccessTokenFromContextOr(ctx context.Context, def string) string
- func AddOrganizationIDToContext(ctx context.Context, orgID string) error
- func AddSubscriptionToContext(ctx context.Context, subscription bool) error
- func ClearAuthCookies(w http.ResponseWriter)
- func CookieExpired(cookie *http.Cookie) bool
- func GetAPIKey(c echo.Context) (string, error)
- func GetAuthzSubjectType(ctx context.Context) string
- func GetBearerToken(c echo.Context) (string, error)
- func GetOrganizationIDFromContext(ctx context.Context) (string, error)
- func GetOrganizationIDsFromContext(ctx context.Context) ([]string, error)
- func GetRefreshToken(c echo.Context) (string, error)
- func GetSubjectIDFromContext(ctx context.Context) (string, error)
- func GetSubscriptionFromContext(ctx context.Context) bool
- func IsAPITokenAuthentication(ctx context.Context) bool
- func MustAccessTokenFromContext(ctx context.Context) string
- func MustRefreshTokenFromContext(ctx context.Context) string
- func MustRequestIDFromContext(ctx context.Context) string
- func NewTestContextWithOrgID(sub, orgID string) context.Context
- func NewTestContextWithSubscription(subscription bool) context.Context
- func NewTestContextWithValidUser(subject string) context.Context
- func RefreshTokenFromContext(ctx context.Context) (string, bool)
- func RequestIDFromContext(ctx context.Context) (string, bool)
- func SetAccessToken(c echo.Context, token string)
- func SetAuthCookies(w http.ResponseWriter, accessToken, refreshToken string, ...)
- func SetAuthenticatedUserContext(c echo.Context, user *AuthenticatedUser)
- func SetOrganizationIDInAuthContext(ctx context.Context, orgID string) error
- func SetRefreshToken(c echo.Context, token string)
- func SetRequestID(c echo.Context, token string)
- func WithAccessAndRefreshToken(ctx context.Context, accessToken, refreshToken string) context.Context
- func WithAccessToken(ctx context.Context, token string) context.Context
- func WithAuthenticatedUser(ctx context.Context, user *AuthenticatedUser) context.Context
- func WithRefreshToken(ctx context.Context, token string) context.Context
- func WithRequestID(ctx context.Context, requestID string) context.Context
- type AuthenticatedUser
- func AuthenticatedUserFromContext(ctx context.Context) (*AuthenticatedUser, bool)
- func AuthenticatedUserFromContextOr(ctx context.Context, def *AuthenticatedUser) *AuthenticatedUser
- func AuthenticatedUserFromContextOrFunc(ctx context.Context, f func() *AuthenticatedUser) *AuthenticatedUser
- func GetAuthenticatedUserContext(c echo.Context) (*AuthenticatedUser, bool)
- func GetAuthenticatedUserContextOr(c echo.Context, def *AuthenticatedUser) *AuthenticatedUser
- func GetAuthenticatedUserContextOrFunc(c echo.Context, f func() *AuthenticatedUser) *AuthenticatedUser
- func GetAuthenticatedUserFromContext(ctx context.Context) (*AuthenticatedUser, error)
- func MustAuthenticatedUserFromContext(ctx context.Context) *AuthenticatedUser
- func MustGetAuthenticatedUserContext(c echo.Context) *AuthenticatedUser
- type AuthenticationType
- type ContextAccessToken
- type ContextRefreshToken
- type ContextRequestID
- type ManagedGroupContextKey
- type OrgSubscriptionContextKey
- type OrganizationCreationContextKey
Constants ¶
const ( // Authorization is the key used in HTTP headers or cookies to represent the authorization token Authorization = "Authorization" // APIKeyHeader is the key used in HTTP headers to represent the API key APIKeyHeader = "X-API-Key" //nolint:gosec // AccessTokenCookie is the key used in cookies to represent the access token AccessTokenCookie = "access_token" // RefreshTokenCookie is the key used in cookies to represent the refresh token RefreshTokenCookie = "refresh_token" )
const ( // UserSubjectType is the subject type for user accounts UserSubjectType = "user" // ServiceSubjectType is the subject type for service accounts ServiceSubjectType = "service" )
Variables ¶
var ( // ErrNoClaims is returned when no claims are found on the request context ErrNoClaims = errors.New("no claims found on the request context") // ErrNoUserInfo is returned when no user info is found on the request context ErrNoUserInfo = errors.New("no user info found on the request context") // ErrNoAuthUser is returned when no authenticated user is found on the request context ErrNoAuthUser = errors.New("could not identify authenticated user in request") // ErrUnverifiedUser is returned when the user is not verified ErrUnverifiedUser = errors.New("user is not verified") // ErrParseBearer is returned when the bearer token could not be parsed from the authorization header ErrParseBearer = errors.New("could not parse bearer token from authorization header") // ErrNoAuthorization is returned when no authorization header is found in the request ErrNoAuthorization = errors.New("no authorization header in request") // ErrNoAPIKey is returned when no API key is found in the request ErrNoAPIKey = errors.New("no API key found in request") // ErrNoRequest is returned when no request is found on the context ErrNoRequest = errors.New("no request found on the context") // ErrNoRefreshToken is returned when no refresh token is found on the request ErrNoRefreshToken = errors.New("no refresh token available on request") // ErrRefreshDisabled is returned when re-authentication with refresh tokens is disabled ErrRefreshDisabled = errors.New("re-authentication with refresh tokens disabled") // ErrUnableToConstructValidator is returned when the validator cannot be constructed ErrUnableToConstructValidator = errors.New("unable to construct validator") // ErrPasswordTooWeak is returned when the password is too weak ErrPasswordTooWeak = errors.New("password is too weak: use a combination of upper and lower case letters, numbers, and special characters") // ErrCouldNotFetchSubscription is returned when the subscription could not be fetched ErrCouldNotFetchSubscription = errors.New("could not fetch subscription") )
Functions ¶
func AccessTokenFromContext ¶ added in v0.4.2
AccessTokenFromContext retrieves the access token from the context
func AccessTokenFromContextOr ¶ added in v0.4.2
AccessTokenFromContextOr retrieves the access token from the context or returns the provided default value if not found
func AddOrganizationIDToContext ¶
AddOrganizationIDToContext appends an authorized organization ID to the context. This generally should not be used, as the authorized organization should be determined by the claims or the token. This is only used in cases where the a user is newly authorized to an organization and the organization ID is not in the token claims
func AddSubscriptionToContext ¶ added in v0.3.2
AddSubscriptionToContext appends a subscription to the context
func ClearAuthCookies ¶
func ClearAuthCookies(w http.ResponseWriter)
ClearAuthCookies is a helper function to clear authentication cookies on a echo request to effectively logger out a user.
func CookieExpired ¶
CookieExpired checks to see if a cookie is expired
func GetAPIKey ¶ added in v0.7.1
GetAPIKey retrieves the API key from the authorization header or the X-API-Key header.
func GetAuthzSubjectType ¶
GetAuthzSubjectType returns the subject type based on the authentication type
func GetBearerToken ¶ added in v0.9.0
GetBearerToken retrieves the bearer token from the authorization header and parses it to return only the JWT access token component of the header. Alternatively, if the authorization header is not present, then the token is fetched from cookies. If the header is missing or the token is not available, an error is returned.
NOTE: the authorization header takes precedence over access tokens in cookies.
func GetOrganizationIDFromContext ¶
GetOrganizationIDFromContext returns the organization ID from context
func GetOrganizationIDsFromContext ¶
GetOrganizationIDFromContext returns the organization ID from context
func GetRefreshToken ¶
GetRefreshToken retrieves the refresh token from the cookies in the request. If the cookie is not present or expired then an error is returned.
func GetSubjectIDFromContext ¶ added in v0.9.0
GetSubjectIDFromContext returns the actor subject from the context In most cases this will be the user ID, but in the case of an API token it will be the token ID
func GetSubscriptionFromContext ¶ added in v0.3.2
GetSubscriptionFromContext returns the active subscription from the context
func IsAPITokenAuthentication ¶
IsAPITokenAuthentication returns true if the authentication type is API token this is used to determine if the request is from a service account
func MustAccessTokenFromContext ¶ added in v0.4.2
MustAccessTokenFromContext retrieves the access token from the context or panics if not found
func MustRefreshTokenFromContext ¶ added in v0.9.0
MustRefreshTokenFromContext retrieves the access token from the context or panics if not found
func MustRequestIDFromContext ¶ added in v0.4.2
MustRequestIDFromContext retrieves the request ID from the context or panics if not found
func NewTestContextWithOrgID ¶
NewTestContextWithOrgID creates a context with a fake orgID for testing purposes only (why all caps jeez keep it down)
func NewTestContextWithSubscription ¶ added in v0.3.2
NewTestContextWithSubscription creates a context with an active subscription for testing purposes only
func RefreshTokenFromContext ¶ added in v0.9.0
RefreshTokenFromContext retrieves the refresh token from the context
func RequestIDFromContext ¶ added in v0.4.2
RequestIDFromContext retrieves the request ID from the context
func SetAccessToken ¶ added in v0.9.0
SetAccessToken sets the access token context in the echo context
func SetAuthCookies ¶
func SetAuthCookies(w http.ResponseWriter, accessToken, refreshToken string, c sessions.CookieConfig)
SetAuthCookies is a helper function to set authentication cookies on a echo request. The access token cookie (access_token) is an http only cookie that expires when the access token expires. The refresh token cookie is not an http only cookie (it can be accessed by client-side scripts) and it expires when the refresh token expires. Both cookies require https and will not be set (silently) over http connections.
func SetAuthenticatedUserContext ¶
func SetAuthenticatedUserContext(c echo.Context, user *AuthenticatedUser)
SetAuthenticatedUserContext sets the authenticated user context in the echo context
func SetOrganizationIDInAuthContext ¶ added in v0.1.4
SetOrganizationIDInAuthContext sets the organization ID in the auth context this should only be used when creating a new organization and subsequent updates need to happen in the context of the new organization
func SetRefreshToken ¶ added in v0.9.0
SetRefreshToken sets the refresh token context in the echo context
func SetRequestID ¶ added in v0.9.0
SetRequestID sets the request id in the echo context
func WithAccessAndRefreshToken ¶ added in v0.9.0
func WithAccessAndRefreshToken(ctx context.Context, accessToken, refreshToken string) context.Context
WithAccessAndRefreshToken sets the access and refresh tokens in the context
func WithAccessToken ¶ added in v0.4.2
WithAccessToken sets the access token in the context
func WithAuthenticatedUser ¶ added in v0.4.2
func WithAuthenticatedUser(ctx context.Context, user *AuthenticatedUser) context.Context
WithAuthenticatedUser sets the authenticated user in the context
func WithRefreshToken ¶ added in v0.9.0
WithRefreshToken sets the refresh token in the context
Types ¶
type AuthenticatedUser ¶
type AuthenticatedUser struct { // SubjectID is the user ID of the authenticated user or the api token ID if the user is an API token SubjectID string // SubjectName is the name of the authenticated user SubjectName string // SubjectEmail is the email of the authenticated user SubjectEmail string // OrganizationID is the organization ID of the authenticated user OrganizationID string // OrganizationName is the name of the organization the user is authenticated to OrganizationName string // OrganizationIDs is the list of organization IDs the user is authorized to access OrganizationIDs []string // AuthenticationType is the type of authentication used to authenticate the user (JWT, PAT, API Token) AuthenticationType AuthenticationType // ActiveSubscription is the active subscription for the user ActiveSubscription bool }
AuthenticatedUser contains the user and organization ID for the authenticated user
func AuthenticatedUserFromContext ¶ added in v0.4.2
func AuthenticatedUserFromContext(ctx context.Context) (*AuthenticatedUser, bool)
AuthenticatedUserFromContext retrieves the authenticated user from the context
func AuthenticatedUserFromContextOr ¶ added in v0.4.2
func AuthenticatedUserFromContextOr(ctx context.Context, def *AuthenticatedUser) *AuthenticatedUser
AuthenticatedUserFromContextOr retrieves the authenticated user from the context or returns the provided default value if not found
func AuthenticatedUserFromContextOrFunc ¶ added in v0.4.2
func AuthenticatedUserFromContextOrFunc(ctx context.Context, f func() *AuthenticatedUser) *AuthenticatedUser
AuthenticatedUserFromContextOrFunc retrieves the authenticated user from the context or returns the result of the provided function if not found
func GetAuthenticatedUserContext ¶
func GetAuthenticatedUserContext(c echo.Context) (*AuthenticatedUser, bool)
GetAuthenticatedUserContext retrieves the authenticated user from the echo context
func GetAuthenticatedUserContextOr ¶ added in v0.4.2
func GetAuthenticatedUserContextOr(c echo.Context, def *AuthenticatedUser) *AuthenticatedUser
GetAuthenticatedUserContextOr retrieves the authenticated user from the echo context or returns the provided default value if not found
func GetAuthenticatedUserContextOrFunc ¶ added in v0.4.2
func GetAuthenticatedUserContextOrFunc(c echo.Context, f func() *AuthenticatedUser) *AuthenticatedUser
GetAuthenticatedUserContextOrFunc retrieves the authenticated user from the echo context or returns the result of the provided function if not found
func GetAuthenticatedUserFromContext ¶ added in v0.9.0
func GetAuthenticatedUserFromContext(ctx context.Context) (*AuthenticatedUser, error)
GetAuthenticatedUserFromContext attempts to retrieve the authenticated user from the context and will return an error if the user is not found
func MustAuthenticatedUserFromContext ¶ added in v0.4.2
func MustAuthenticatedUserFromContext(ctx context.Context) *AuthenticatedUser
MustAuthenticatedUserFromContext retrieves the authenticated user from the context or panics if not found
func MustGetAuthenticatedUserContext ¶ added in v0.4.2
func MustGetAuthenticatedUserContext(c echo.Context) *AuthenticatedUser
MustGetAuthenticatedUserContext retrieves the authenticated user from the echo context or panics if not found
type AuthenticationType ¶
type AuthenticationType string
AuthenticationType represents the type of authentication used It can be JWT, PAT (Personal Access Token), or API Token
const ( // JWTAuthentication is the authentication type for JWT tokens JWTAuthentication AuthenticationType = "jwt" // PATAuthentication is the authentication type for personal access tokens PATAuthentication AuthenticationType = "pat" // APITokenAuthentication is the authentication type for API tokens, commonly used for service authentication for machine-to-machine communication APITokenAuthentication AuthenticationType = "api_token" )
func GetAuthTypeFromContext ¶
func GetAuthTypeFromContext(ctx context.Context) AuthenticationType
GetAuthTypeFromEchoContext retrieves the authentication type from the context if it was set
func GetAuthTypeFromEchoContext ¶
func GetAuthTypeFromEchoContext(ctx echo.Context) AuthenticationType
GetAuthTypeFromEchoContext retrieves the authentication type from the context
type ContextAccessToken ¶
type ContextAccessToken struct {
// contains filtered or unexported fields
}
ContextAccessToken is the context key for the access token
type ContextRefreshToken ¶
type ContextRefreshToken struct {
// contains filtered or unexported fields
}
ContextRefreshToken is the context key for the refresh token
type ContextRequestID ¶
type ContextRequestID struct {
// contains filtered or unexported fields
}
ContextRequestID is the context key for the request ID
type ManagedGroupContextKey ¶ added in v0.9.1
type ManagedGroupContextKey struct{}
ManagedGroupContextKey is the context key name for the managed group context
type OrgSubscriptionContextKey ¶ added in v0.9.1
type OrgSubscriptionContextKey struct{}
OrgSubscriptionContextKey is the context key name for the organization subscription context
type OrganizationCreationContextKey ¶ added in v0.8.6
type OrganizationCreationContextKey struct{}
OrganizationCreationContextKey is the context key name for the organization creation context