Documentation ¶
Overview ¶
Package ginoauth2 implements an OAuth2 based authorization middleware for the Gin https://github.com/gin-gonic/gin webframework.
Example:
package main import ( "flag" "time" "github.com/gin-gonic/gin" "github.com/golang/glog" "github.com/szuecs/gin-glog" "github.com/zalando/gin-oauth2" "golang.org/x/oauth2" ) var OAuth2Endpoint = oauth2.Endpoint{ AuthURL: "https://token.oauth2.corp.com/access_token", TokenURL: "https://oauth2.corp.com/corp/oauth2/tokeninfo", } func UidCheck(tc *TokenContainer, ctx *gin.Context) bool { uid := tc.Scopes["uid"].(string) if uid != "sszuecs" { return false } ctx.Set("uid", uid) return true } func main() { flag.Parse() router := gin.New() router.Use(ginglog.Logger(3 * time.Second)) router.Use(gin.Recovery()) ginoauth2.VarianceTimer = 300 * time.Millisecond // defaults to 30s public := router.Group("/api") public.GET("/", func(c *gin.Context) { c.JSON(200, gin.H{"message": "Hello to public world"}) }) private := router.Group("/api/private") private.Use(ginoauth2.Auth(UidCheck, OAuth2Endpoint)) private.GET("/", func(c *gin.Context) { c.JSON(200, gin.H{"message": "Hello from private"}) }) glog.Info("bootstrapped application") router.Run(":8081")
Index ¶
- Variables
- func Auth(accessCheckFunction AccessCheckFunction, endpoints oauth2.Endpoint) gin.HandlerFunc
- func AuthChain(endpoint oauth2.Endpoint, accessCheckFunctions ...AccessCheckFunction) gin.HandlerFunc
- func AuthChainOptions(o Options, accessCheckFunctions ...AccessCheckFunction) gin.HandlerFunc
- func RequestAuthInfo(t *oauth2.Token) ([]byte, error)
- func RequestLogger(keys []string, contentKey string) gin.HandlerFunc
- type AccessCheckFunction
- type Options
- type TokenContainer
Constants ¶
This section is empty.
Variables ¶
var AuthInfoURL string
AuthInfoURL is the URL to get information of your token
var Transport = http.Transport{}
Transport to use for client http connections to AuthInfoURL
var VarianceTimer time.Duration = 30000 * time.Millisecond
VarianceTimer controls the max runtime of Auth() and AuthChain() middleware
Functions ¶
func Auth ¶
func Auth(accessCheckFunction AccessCheckFunction, endpoints oauth2.Endpoint) gin.HandlerFunc
Router middleware that can be used to get an authenticated and authorized service for the whole router group. Example:
var endpoints oauth2.Endpoint = oauth2.Endpoint{ AuthURL: "https://token.oauth2.corp.com/access_token", TokenURL: "https://oauth2.corp.com/corp/oauth2/tokeninfo", } var acl []ginoauth2.AccessTuple = []ginoauth2.AccessTuple{{"employee", 1070, "sszuecs"}, {"employee", 1114, "njuettner"}} router := gin.Default() private := router.Group("") private.Use(ginoauth2.Auth(ginoauth2.UidCheck, ginoauth2.endpoints)) private.GET("/api/private", func(c *gin.Context) { c.JSON(200, gin.H{"message": "Hello from private"}) })
func AuthChain ¶
func AuthChain(endpoint oauth2.Endpoint, accessCheckFunctions ...AccessCheckFunction) gin.HandlerFunc
AuthChain is a router middleware that can be used to get an authenticated and authorized service for the whole router group. Similar to Auth, but takes a chain of AccessCheckFunctions and only fails if all of them fails. Example:
var endpoints oauth2.Endpoint = oauth2.Endpoint{ AuthURL: "https://token.oauth2.corp.com/access_token", TokenURL: "https://oauth2.corp.com/corp/oauth2/tokeninfo", } var acl []ginoauth2.AccessTuple = []ginoauth2.AccessTuple{{"employee", 1070, "sszuecs"}, {"employee", 1114, "njuettner"}} router := gin.Default() private := router.Group("") checkChain := []AccessCheckFunction{ ginoauth2.UidCheck, ginoauth2.GroupCheck, } private.Use(ginoauth2.AuthChain(checkChain, ginoauth2.endpoints)) private.GET("/api/private", func(c *gin.Context) { c.JSON(200, gin.H{"message": "Hello from private"}) })
func AuthChainOptions ¶ added in v1.5.3
func AuthChainOptions(o Options, accessCheckFunctions ...AccessCheckFunction) gin.HandlerFunc
func RequestLogger ¶
func RequestLogger(keys []string, contentKey string) gin.HandlerFunc
RequestLogger is a middleware that logs all the request and prints relevant information. This can be used for logging all the requests that contain important information and are authorized. The assumption is that the request to log has a content and an Id identifiying who made the request uIdKey string to use as key to get the uid from the context contentKey string to use as key to get the content to be logged from the context.
Example:
var endpoints oauth2.Endpoint = oauth2.Endpoint{ AuthURL: "https://token.oauth2.corp.com/access_token", TokenURL: "https://oauth2.corp.com/corp/oauth2/tokeninfo", } var acl []ginoauth2.AccessTuple = []ginoauth2.AccessTuple{{"employee", 1070, "sszuecs"}, {"employee", 1114, "njuettner"}} router := gin.Default() router.Use(ginoauth2.RequestLogger([]string{"uid"}, "data"))
Types ¶
type AccessCheckFunction ¶
type AccessCheckFunction func(tc *TokenContainer, ctx *gin.Context) bool
AccessCheckFunction is a function that checks if a given token grants access.
type TokenContainer ¶
type TokenContainer struct { Token *oauth2.Token Scopes map[string]interface{} // LDAP record vom Benutzer (cn, .. GrantType string // password, ?? Realm string // services, employees }
TokenContainer stores all relevant token information
func GetTokenContainer ¶
func GetTokenContainer(token *oauth2.Token) (*TokenContainer, error)
func ParseTokenContainer ¶
func ParseTokenContainer(t *oauth2.Token, data map[string]interface{}) (*TokenContainer, error)
func (*TokenContainer) Valid ¶
func (t *TokenContainer) Valid() bool
TokenContainer
Validates that the AccessToken within TokenContainer is not expired and not empty.
Directories ¶
Path | Synopsis |
---|---|
example
|
|
zalando
Zalando specific example.
|
Zalando specific example. |
Package github provides you access to Github's OAuth2 infrastructure.
|
Package github provides you access to Github's OAuth2 infrastructure. |
Package google provides you access to Google's OAuth2 infrastructure.
|
Package google provides you access to Google's OAuth2 infrastructure. |
Package zalando contains Zalando specific definitions for authorization.
|
Package zalando contains Zalando specific definitions for authorization. |