Documentation ¶
Overview ¶
package bascule provides a token interface and basic implementation, which can be validated and added and taken from a context. Some basic checks which can be used to validate are also provided.
Index ¶
- Variables
- func NonEmptyStringListCheck(_ context.Context, vals []interface{}) error
- func WithAuthentication(ctx context.Context, auth Authentication) context.Context
- type Attributes
- type AttributesOptions
- type Authentication
- type Authorization
- type ClaimsWithLeeway
- type Error
- type Errors
- type JWTParser
- type Leeway
- type Logger
- type MultiError
- type Request
- type Token
- type Validator
- type ValidatorFunc
- func CreateAllowAllCheck() ValidatorFunc
- func CreateListAttributeCheck(key string, checks ...func(context.Context, []interface{}) error) ValidatorFunc
- func CreateNonEmptyPrincipalCheck() ValidatorFunc
- func CreateNonEmptyTypeCheck() ValidatorFunc
- func CreateValidTypeCheck(validTypes []string) ValidatorFunc
- type Validators
Constants ¶
This section is empty.
Variables ¶
var (
ErrorKey interface{} = "error"
)
Functions ¶
func NonEmptyStringListCheck ¶
NonEmptyStringListCheck checks that the list of values given are a list of one or more nonempty strings.
func WithAuthentication ¶
func WithAuthentication(ctx context.Context, auth Authentication) context.Context
WithAuthentication adds the auth given to the context given, provided a way for other users of the context to get the authentication.
Types ¶
type Attributes ¶
type Attributes interface { Get(key string) (interface{}, bool) GetBool(key string) (bool, bool) GetDuration(key string) (time.Duration, bool) GetFloat64(key string) (float64, bool) GetInt64(key string) (int64, bool) GetIntSlice(key string) ([]int, bool) GetString(key string) (string, bool) GetStringMap(key string) (map[string]interface{}, bool) GetStringSlice(key string) ([]string, bool) GetTime(key string) (time.Time, bool) IsSet(key string) bool FullView() map[string]interface{} }
Attributes is the interface that wraps methods which dictate how to interact with a token's attributes. Getter functions return a boolean as second element which indicates that a value of the requested type exists at the given key path. Key path separators are configurable through AttributeOptions
func NewAttributes ¶ added in v0.8.0
func NewAttributes() Attributes
NewAttributes builds an empty Attributes instance.
func NewAttributesFromMap ¶ added in v0.8.0
func NewAttributesFromMap(m map[string]interface{}) Attributes
NewAttributesFromMap builds an Attributes instance with the given map as datasource. Default AttributeOptions are used.
func NewAttributesWithOptions ¶ added in v0.8.0
func NewAttributesWithOptions(o AttributesOptions) Attributes
NewAttributesWithOptions builds an Attributes instance from the given options. Zero value options are ok.
type AttributesOptions ¶ added in v0.8.0
type AttributesOptions struct { //KeyDelimiter configures the separator for building key paths //for the Attributes getter functions. Defaults to '.' KeyDelimiter string //AttributesMap is used as the initial attributes datasource AttributesMap map[string]interface{} }
AttributesOptions allows customizing Attributes initialization
type Authentication ¶
type Authentication struct { Authorization Authorization Token Token Request Request }
Authentication represents the output of a security pipeline.
func FromContext ¶
func FromContext(ctx context.Context) (Authentication, bool)
FromContext gets the Authentication from the context provided.
type Authorization ¶
type Authorization string
Authorization represents the authorization mechanism performed on the token, e.g. "Basic", "Bearer", etc for HTTP security environments.
type ClaimsWithLeeway ¶
func (*ClaimsWithLeeway) GetMap ¶ added in v0.5.0
func (c *ClaimsWithLeeway) GetMap() (map[string]interface{}, error)
GetMap returns a map of string to interfaces of the values in the ClaimsWithLeeway
func (*ClaimsWithLeeway) UnmarshalJSON ¶ added in v0.5.0
func (c *ClaimsWithLeeway) UnmarshalJSON(data []byte) error
func (*ClaimsWithLeeway) Valid ¶
func (c *ClaimsWithLeeway) Valid() error
Valid implements the jwt.Claims interface, ensuring that the token claism are valid. This implementation checks the time based claims: exp, iat, nbf.
type Errors ¶
type Errors []error
Errors is a Multierror that also acts as an error, so that a log-friendly string can be returned but each error in the list can also be accessed.
type JWTParser ¶
JWTParser parses raw Tokens into JWT objects
var DefaultJWTParser JWTParser = defaultJWTParser{}
DefaultJWTParser is the parser implementation that simply delegates to the jwt-go library's jws.ParseJWT function.
type Leeway ¶
type Leeway struct { EXP int64 `json:"expLeeway"` NBF int64 `json:"nbfLeeway"` IAT int64 `json:"iatLeeway"` }
Leeway is the amount of buffer to include with the time, to allow for clock skew.
type Logger ¶
type Logger interface {
Log(keyvals ...interface{}) error
}
logger we expect for the decorators
func GetDefaultLoggerFunc ¶
GetDefaultLoggerFunc a function that returns the default logger, which doesn't do anything
func NewDefaultLogger ¶
func NewDefaultLogger() Logger
NewDefaultLogger returns the default logger, which doesn't do anything.
type MultiError ¶
type MultiError interface {
Errors() []error
}
MultiError is an interface that provides a list of errors.
type Token ¶
type Token interface { // Type is the custom token type assigned by plugin code Type() string // Principal is the security principal, e.g. the user name or client id Principal() string // Attributes are an arbitrary set of name/value pairs associated with the token. // Typically, these will be filled with information supplied by the user, e.g. the claims of a JWT. Attributes() Attributes }
Token is the behavior supplied by all secure tokens
func NewToken ¶
func NewToken(tokenType, principal string, attributes Attributes) Token
NewToken creates a Token from basic information. Many secure pipelines can use the returned value as their token. Specialized pipelines can create additional interfaces and augment the returned Token as desired. Alternatively, some pipelines can simply create their own Tokens out of whole cloth.
type Validator ¶
Validator is the rule type that determines if a Token is valid. Each rule should do exactly (1) thing, and then be composed by application-layer code. Validators are invoked for both authentication and authorization. We may need to have different rule types for those two things, but for now this works.
type ValidatorFunc ¶
ValidatorFunc is the Check function that a Validator has.
func CreateAllowAllCheck ¶
func CreateAllowAllCheck() ValidatorFunc
CreateAllowAllCheck returns a Validator that never returns an error.
func CreateListAttributeCheck ¶
func CreateListAttributeCheck(key string, checks ...func(context.Context, []interface{}) error) ValidatorFunc
CreateListAttributeCheck returns a Validator that runs checks against the content found in the key given. It runs every check and returns all errors it finds.
func CreateNonEmptyPrincipalCheck ¶
func CreateNonEmptyPrincipalCheck() ValidatorFunc
CreateNonEmptyPrincipalCheck returns a Validator that checks that the token's Principal isn't an empty string.
func CreateNonEmptyTypeCheck ¶
func CreateNonEmptyTypeCheck() ValidatorFunc
CreateNonEmptyTypeCheck returns a Validator that checks that the token's type isn't an empty string.
func CreateValidTypeCheck ¶
func CreateValidTypeCheck(validTypes []string) ValidatorFunc
CreateValidTypeCheck returns a Validator that checks that the token's type is one of the given valid types.
type Validators ¶
type Validators []Validator
Validators are a list of objects that implement the Validator interface.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package acquire is used for getting Auths to pass in http requests.
|
Package acquire is used for getting Auths to pass in http requests. |
package basculehttp contains some basic http middleware (in the form of Alice-style decorators) that can be used to extract and parse a Token from an http header, validate the Token, and allow for the consumer to add additional logs or metrics upon an error or a valid Token.
|
package basculehttp contains some basic http middleware (in the form of Alice-style decorators) that can be used to extract and parse a Token from an http header, validate the Token, and allow for the consumer to add additional logs or metrics upon an error or a valid Token. |
examples
|
|
acquirer
Module
|
|
basculehttp
Module
|
|
Package key provides a simple API for loading public and private keys from resources.
|
Package key provides a simple API for loading public and private keys from resources. |