bouncer

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2021 License: MIT Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CookieName          = "auth_348c070" // random suffix is needed to eliminate probability of names collision
	AuthorizationHeader = "Authorization"
)

Variables

View Source
var (
	//ErrForbidden - requestor does not have sufficient permission to perform request -
	// non of the rules have not returned non nil response
	ErrForbidden = &forbidden{"forbidden"}
	//ErrInvalidToken - token is malformed, expired or not present
	ErrInvalidToken = &notallowed{"invalid token"}
)
View Source
var (
	NewWithClaims      = jwt.NewWithClaims
	SigningMethodES256 = jwt.SigningMethodES256
)

Functions

func AuthedRequest

func AuthedRequest(t *testing.T, claims Claims) *http.Request

func GatewayPassed

func GatewayPassed(r *http.Request) bool

func GenerateKeys

func GenerateKeys(log *logan.Entry, directoryPath string) error

GenerateKeys - generates keys used to sign JWT

Types

type AuthenticationType

type AuthenticationType string

AuthenticationType - defines authentication type of

const (
	//AuthenticationTypeJWT - session ID + jwt token
	AuthenticationTypeJWT AuthenticationType = "jwt"
	//AuthenticationTypeBearer - session ID
	AuthenticationTypeBearer AuthenticationType = "bearer"
)

type Bouncer

type Bouncer interface {
	Check(r *http.Request, rules ...Rule) (*Claims, error)
}

func New

func New(opts Opts) Bouncer

type Bouncerer

type Bouncerer interface {
	Bouncer() Bouncer
}

func NewBouncerer

func NewBouncerer(getter kv.Getter) Bouncerer

type Claims

type Claims struct {
	IdentityID         string `json:"identity_id"`
	jwt.StandardClaims `log:"-"`
}

func ParseClaims

func ParseClaims(r *http.Request) (*Claims, error)

ParseClaims - parses claims without signature verification and token validation. Returns ErrInvalidToken if token is malformed or not present

type Gateway

type Gateway interface {
	// GetAuthHeadersSanitizer returns middleware that sanitizes auth headers based on config provided
	GetAuthHeadersSanitizer() func(http.Handler) http.Handler
	GetCors() func(http.Handler) http.Handler
}

type Gatewayer

type Gatewayer interface {
	Gateway() Gateway
}

func NewGatewayer

func NewGatewayer(getter kv.Getter, storage SessionProvider, log *logan.Entry) Gatewayer

type Identity

type Identity struct {
	ID   *string
	UUID *uuid.UUID
}

Identity allows to check constraints not bound to particular identity type.

func (Identity) IsAuthorized

func (a Identity) IsAuthorized(claims Claims) bool

type Opts

type Opts struct {
	// SkipChecks make any request with valid or missing token pass
	SkipChecks bool
}

type Rule

type Rule interface {
	IsAuthorized(Claims) bool
}

type RuleFunc

type RuleFunc func(Claims) bool

The RuleFunc type is an adapter to allow the use of ordinary functions as Rule

func (RuleFunc) IsAuthorized

func (r RuleFunc) IsAuthorized(claims Claims) bool

type Session

type Session struct {
	ID        uuid.UUID
	Identity  uuid.UUID
	Removed   bool
	ExpiresAt time.Time
	AuthType  AuthenticationType
}

Session - represents auth primitive that could be controlled by identity

type SessionProvider

type SessionProvider interface {
	Get(context.Context, uuid.UUID) (*Session, error)
}

SessionProvider - allows to access stored sessions

type StandardClaims

type StandardClaims = jwt.StandardClaims

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL