internal

package
v0.0.0-...-a70aae3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 14, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// SessionCookieName is the name of the session cookie.
	SessionCookieName = "LUCISID"

	// UnlimitedCookiePath is a path to set the cookie on by default.
	UnlimitedCookiePath = "/"

	// LimitedCookiePath is a path to set the cookie on when limiting exposure.
	LimitedCookiePath = "/auth/openid/"
)

Variables

This section is empty.

Functions

func DecryptPrivate 

func DecryptPrivate(aead tink.AEAD, enc []byte) (*sessionpb.Private, error)

DecryptPrivate decrypts and deserializes sessionpb.Private proto.

func DecryptSessionCookie 

func DecryptSessionCookie(aead tink.AEAD, c *http.Cookie) (*encryptedcookiespb.SessionCookie, error)

DecryptSessionCookie decrypts the encrypted session cookie.

func DecryptStateB64 

func DecryptStateB64(aead tink.AEAD, enc string) (*encryptedcookiespb.OpenIDState, error)

DecryptStateB64 decrypts and deserializes `state` used in OpneID protocol.

func DeriveCodeChallenge 

func DeriveCodeChallenge(codeVerifier string) string

DeriveCodeChallenge derives code_challenge from the code_verifier.

func EncryptPrivate 

func EncryptPrivate(aead tink.AEAD, private *sessionpb.Private) ([]byte, error)

EncryptPrivate serializes and encrypts sessionpb.Private proto.

func EncryptSessionCookie 

func EncryptSessionCookie(aead tink.AEAD, pb *encryptedcookiespb.SessionCookie) (*http.Cookie, error)

EncryptSessionCookie produces the session cookie with prepopulated fields.

The caller still needs to fill in at least `Path` field.

func EncryptStateB64 

func EncryptStateB64(aead tink.AEAD, state *encryptedcookiespb.OpenIDState) (string, error)

EncryptStateB64 serializes and encrypts `state` used in OpenID protocol.

func GenerateCodeVerifier 

func GenerateCodeVerifier() string

GenerateCodeVerifier generates a random string used as a code_verifier in the PKCE protocol.

See https://tools.ietf.org/html/rfc7636.

func GenerateNonce 

func GenerateNonce() []byte

GenerateNonce generates a new random string.

func HitRevocationEndpoint 

func HitRevocationEndpoint(ctx context.Context, doc *openid.DiscoveryDoc, params map[string]string) error

HitRevocationEndpoint sends a request to the OpenID provider's revocation endpoint.

Returns nil if the token was successfully revoked or it is already invalid.

func HitTokenEndpoint 

func HitTokenEndpoint(ctx context.Context, doc *openid.DiscoveryDoc, params map[string]string) (*sessionpb.Private, time.Time, error)

HitTokenEndpoint sends a request to the OpenID provider's token endpoint.

Returns the produced tokens and their expiry time. Tags errors as transient if necessary.

func MakeRedirectURL 

func MakeRedirectURL(base, dest string) (string, error)

MakeRedirectURL is used to generate login and logout URLs.

func NewSessionCookie 

func NewSessionCookie(id session.ID) (*encryptedcookiespb.SessionCookie, tink.AEAD)

NewSessionCookie generates a new session cookie (in a clear text form).

Generates the per-session encryption key and puts it into the produced cookie. Returns the AEAD primitive that can be used to encrypt things using the new per-session key.

func NormalizeURL 

func NormalizeURL(dest string) (string, error)

NormalizeURL verifies URL is parsable and that it is relative.

func RegisterStoreImpl 

func RegisterStoreImpl(impl StoreImpl)

RegisterStoreImpl registers an available store implementation.

Called during init() time by packages that implements stores.

func RemoveCookie 

func RemoveCookie(rw http.ResponseWriter, r *http.Request, cookie, path string)

RemoveCookie sets a cookie to a past expiration date so that the browser can remove it.

It also replaces the value with junk, in unlikely case the browser decides to ignore the expiration time.

func ShouldRefreshSession 

func ShouldRefreshSession(ctx context.Context, ttl time.Duration) bool

ShouldRefreshSession returns true if we should refresh the session now.

The decision in based on `ttl`, which is a duration till the hard session staleness deadline. We attempt to refresh the session sooner.

func UnsealPrivate 

func UnsealPrivate(c *encryptedcookiespb.SessionCookie, s *sessionpb.Session) (*sessionpb.Private, tink.AEAD, error)

UnsealPrivate decrypts the private part of the session using the key from the cookie.

Returns the instantiated per-session AEAD primitive.

Types

type EndpointError 

type EndpointError struct {
	Code        string `json:"error"`             // e.g. invalid_grant
	Description string `json:"error_description"` // human readable text
}

EndpointError is returned on recognized error responses.

If the provider replies with some gibberish, some generic error will be returned instead.

func (*EndpointError) Error 

func (ee *EndpointError) Error() string

Error makes EndpointError implement `error` interface.

type StoreImpl 

type StoreImpl struct {
	ID      string
	Factory func(ctx context.Context, namespace string) (session.Store, error)
	Deps    []module.Dependency
}

StoreImpl represents a factory for producing session.Store.

func StoreImpls 

func StoreImpls() []StoreImpl

StoreImpls returns registered store implementations.

Source Files

View all Source files

Directories

Path Synopsis
Package fakecookies implements a cookie-based fake authentication method.
 Package fakecookies implements a cookie-based fake authentication method.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.