auth

package
v3.3.20 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2021 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package auth provides authentication and authorization capability

Index

Constants

View Source 
const (
	// BearerScheme used for Authorization header
	BearerScheme = "Bearer "
	// ScopePublic is the scope applied to a rule to allow access to the public
	ScopePublic = ""
	// ScopeAccount is the scope applied to a rule to limit to users with any valid account
	ScopeAccount = "*"
)

Variables

View Source 
var (
	// DefaultAuth holds default auth implementation
	DefaultAuth Auth = NewAuth()
	// ErrInvalidToken is when the token provided is not valid
	ErrInvalidToken = errors.New("invalid token provided")
	// ErrForbidden is when a user does not have the necessary scope to access a resource
	ErrForbidden = errors.New("resource forbidden")
)

Functions

func ContextWithAccount 

func ContextWithAccount(ctx context.Context, account *Account) context.Context

ContextWithAccount sets the account in the context

func VerifyAccess 

func VerifyAccess(rules []*Rule, acc *Account, res *Resource) error

VerifyAccess an account has access to a resource using the rules provided. If the account does not have access an error will be returned. If there are no rules provided which match the resource, an error will be returned

Types

type Access 

type Access int

Access defines the type of access a rule grants 

const (
	// AccessGranted to a resource
	AccessGranted Access = iota
	// AccessDenied to a resource
	AccessDenied
)

type Account 

type Account struct {
	// Metadata any other associated metadata
	Metadata metadata.Metadata `json:"metadata"`
	// ID of the account e.g. email or uuid
	ID string `json:"id"`
	// Type of the account, e.g. service
	Type string `json:"type"`
	// Issuer of the account
	Issuer string `json:"issuer"`
	// Secret for the account, e.g. the password
	Secret string `json:"secret"`
	// Scopes the account has access to
	Scopes []string `json:"scopes"`
}

Account provided by an auth provider

func AccountFromContext 

func AccountFromContext(ctx context.Context) (*Account, bool)

AccountFromContext gets the account from the context, which is set by the auth wrapper at the start of a call. If the account is not set, a nil account will be returned. The error is only returned when there was a problem retrieving an account

type Auth 

type Auth interface {
	// Init the auth
	Init(opts ...Option) error
	// Options set for auth
	Options() Options
	// Generate a new account
	Generate(id string, opts ...GenerateOption) (*Account, error)
	// Verify an account has access to a resource using the rules
	Verify(acc *Account, res *Resource, opts ...VerifyOption) error
	// Inspect a token
	Inspect(token string) (*Account, error)
	// Token generated using refresh token or credentials
	Token(opts ...TokenOption) (*Token, error)
	// Grant access to a resource
	Grant(rule *Rule) error
	// Revoke access to a resource
	Revoke(rule *Rule) error
	// Rules returns all the rules used to verify requests
	Rules(...RulesOption) ([]*Rule, error)
	// String returns the name of the implementation
	String() string
}

Auth provides authentication and authorization

func NewAuth added in v3.1.0 

func NewAuth(opts ...Option) Auth

NewAuth returns new noop auth

type GenerateOption 

type GenerateOption func(o *GenerateOptions)

GenerateOption func

func WithIssuer 

func WithIssuer(i string) GenerateOption

WithIssuer for the generated account

func WithMetadata 

func WithMetadata(md metadata.Metadata) GenerateOption

WithMetadata for the generated account

func WithProvider 

func WithProvider(p string) GenerateOption

WithProvider for the generated account

func WithScopes 

func WithScopes(s ...string) GenerateOption

WithScopes for the generated account

func WithSecret 

func WithSecret(s string) GenerateOption

WithSecret for the generated account

func WithType 

func WithType(t string) GenerateOption

WithType for the generated account

type GenerateOptions 

type GenerateOptions struct {
	Metadata metadata.Metadata
	Provider string
	Type     string
	Secret   string
	Issuer   string
	Scopes   []string
}

GenerateOptions struct

func NewGenerateOptions 

func NewGenerateOptions(opts ...GenerateOption) GenerateOptions

NewGenerateOptions from a slice of options

type Option 

type Option func(o *Options)

Option func

func Addrs 

func Addrs(addrs ...string) Option

Addrs is the auth addresses to use

func ClientToken 

func ClientToken(token *Token) Option

ClientToken sets the auth token to use when making requests

func Credentials 

func Credentials(id, secret string) Option

Credentials sets the auth credentials

func Issuer 

func Issuer(i string) Option

Issuer of the services account

func Logger added in v3.1.0 

func Logger(l logger.Logger) Option

Logger sets the logger

func LoginURL 

func LoginURL(url string) Option

LoginURL sets the auth LoginURL

func Meter added in v3.1.6 

func Meter(m meter.Meter) Option

Meter sets the meter

func Name added in v3.2.1 

func Name(n string) Option

Name sets the name

func PrivateKey 

func PrivateKey(key string) Option

PrivateKey is the JWT private key

func PublicKey 

func PublicKey(key string) Option

PublicKey is the JWT public key

func Store 

func Store(s store.Store) Option

Store to back auth

func Tracer added in v3.1.6 

func Tracer(t tracer.Tracer) Option

Tracer sets the meter

type Options 

type Options struct {
	// Context holds the external options
	Context context.Context
	// Meter used for metrics
	Meter meter.Meter
	// Logger used for logging
	Logger logger.Logger
	// Tracer used for tracing
	Tracer tracer.Tracer
	// Store used for stre data
	Store store.Store
	// Token is the services token used to authenticate itself
	Token *Token
	// LoginURL is the relative url path where a user can login
	LoginURL string
	// PrivateKey for encoding JWTs
	PrivateKey string
	// PublicKey for decoding JWTs
	PublicKey string
	// Secret is used to authenticate the service
	Secret string
	// ID is the services auth ID
	ID string
	// Issuer of the service's account
	Issuer string
	// Name holds the auth name
	Name string
	// Addrs sets the addresses of auth
	Addrs []string
}

Options struct holds auth options

func NewOptions 

func NewOptions(opts ...Option) Options

NewOptions creates Options struct from slice of options

type Resource 

type Resource struct {
	// Name of the resource, e.g. go.micro.service.notes
	Name string `json:"name"`
	// Type of resource, e.g. service
	Type string `json:"type"`
	// Endpoint resource e.g NotesService.Create
	Endpoint string `json:"endpoint"`
}

Resource is an entity such as a user or

type Rule 

type Rule struct {
	// Resource that rule belongs to
	Resource *Resource
	// ID of the rule
	ID string
	// Scope of the rule
	Scope string
	// Access flag allow/deny
	Access Access
	// Priority holds the rule priority
	Priority int32
}

Rule is used to verify access to a resource

type RulesOption 

type RulesOption func(o *RulesOptions)

RulesOption func

func RulesContext 

func RulesContext(ctx context.Context) RulesOption

RulesContext pass rules context

func RulesNamespace 

func RulesNamespace(ns string) RulesOption

RulesNamespace sets the rule namespace

type RulesOptions 

type RulesOptions struct {
	Context   context.Context
	Namespace string
}

RulesOptions struct

type Token 

type Token struct {
	// Time of token creation
	Created time.Time `json:"created"`
	// Time of token expiry
	Expiry time.Time `json:"expiry"`
	// The token to be used for accessing resources
	AccessToken string `json:"access_token"`
	// RefreshToken to be used to generate a new token
	RefreshToken string `json:"refresh_token"`
}

Token can be short or long lived

func (*Token) Expired 

func (t *Token) Expired() bool

Expired returns a boolean indicating if the token needs to be refreshed

type TokenOption 

type TokenOption func(o *TokenOptions)

TokenOption func

func WithCredentials 

func WithCredentials(id, secret string) TokenOption

WithCredentials sets tye id and secret

func WithExpiry 

func WithExpiry(ex time.Duration) TokenOption

WithExpiry for the token

func WithToken 

func WithToken(rt string) TokenOption

WithToken sets the refresh token

func WithTokenIssuer 

func WithTokenIssuer(iss string) TokenOption

WithTokenIssuer sets the token issuer option

type TokenOptions 

type TokenOptions struct {
	ID           string
	Secret       string
	RefreshToken string
	Issuer       string
	Expiry       time.Duration
}

TokenOptions struct

func NewTokenOptions 

func NewTokenOptions(opts ...TokenOption) TokenOptions

NewTokenOptions from a slice of options

type VerifyOption 

type VerifyOption func(o *VerifyOptions)

VerifyOption func

func VerifyContext 

func VerifyContext(ctx context.Context) VerifyOption

VerifyContext pass context to verify

func VerifyNamespace 

func VerifyNamespace(ns string) VerifyOption

VerifyNamespace sets thhe namespace for verify

type VerifyOptions 

type VerifyOptions struct {
	Context   context.Context
	Namespace string
}

VerifyOptions struct

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.