Back to godoc.org
aahframe.work / security

Package security

v0.12.5
Latest Go to latest

The latest major version is .

Published: Mar 4, 2020 | License: MIT | Module: aahframe.work

Overview

Package security houses all the application security implementation Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.

Index

Variables

var (
	// ErrAuthSchemeIsNil returned when given auth scheme instance is nil.
	ErrAuthSchemeIsNil = errors.New("security: auth scheme is nil")

	// Bcrypt password algorithm instance for Password generate and compare.
	// By default it is enabled.
	Bcrypt acrypto.PasswordEncoder

	// Scrypt password algorithm instance for Password generate and compare.
	// Enable `scrypt` algorithm in `security.conf` otherwise it might be nil.
	Scrypt acrypto.PasswordEncoder

	// Pbkdf2 password algorithm instance for Password generate and compare.
	// Enable `pbkdf2` algorithm in `security.conf` otherwise it might be nil.
	Pbkdf2 acrypto.PasswordEncoder
)

func ReleaseSubject

func ReleaseSubject(s *Subject)

ReleaseSubject method puts authenticatio info, authorization info and subject back to pool.

type Manager

type Manager struct {
	IsSSLEnabled   bool
	SessionManager *session.Manager
	SecureHeaders  *SecureHeaders
	AntiCSRF       *anticsrf.AntiCSRF
	// contains filtered or unexported fields
}

Manager holds aah security management and its implementation.

func New

func New() *Manager

New method creates the security manager initial values and returns it.

func (*Manager) AddAuthScheme

func (m *Manager) AddAuthScheme(name string, authScheme scheme.Schemer) error

AddAuthScheme method adds the given name and auth scheme to view schemes.

func (*Manager) AuthScheme

func (m *Manager) AuthScheme(name string) scheme.Schemer

AuthScheme method returns the auth scheme instance for given name otherwise nil.

func (*Manager) AuthSchemes

func (m *Manager) AuthSchemes() map[string]scheme.Schemer

AuthSchemes method returns all configured auth schemes from `security.conf` under `security.auth_schemes { ... }`.

func (*Manager) Init

func (m *Manager) Init(appCfg *config.Config) error

Init method initialize the application security configuration `security { ... }`. Which is mainly Session, CSRF, Security Headers, etc.

type SecureHeaders

type SecureHeaders struct {
	CSPReportOnly bool
	PKPReportOnly bool
	STS           string
	PKP           string
	XSSFilter     string
	CSP           string

	Common map[string]string
}

SecureHeaders holds the composed values of HTTP security headers based on config `security.http_header.*` from `security.conf`.

type Subject

type Subject struct {
	AuthenticationInfo *authc.AuthenticationInfo
	AuthorizationInfo  *authz.AuthorizationInfo
	Session            *session.Session
}

Subject instance represents state and security operations for a single application user. These operations include authentication info (principal), authorization (access control), and session access. It is aah framework's primary mechanism for single-user security functionality.

Acquiring a Subject

To acquire the currently-executing Subject, use `ctx.Subject()`. Almost all security operations should be performed with the Subject returned from this method.

Permission methods

Subject instance provides a convenience wrapper method for all authentication (primary principal, is-authenticated, logout) and authorization (hasrole, hasanyrole, hasallroles, ispermitted, ispermittedall) purpose.

func AcquireSubject

func AcquireSubject() *Subject

AcquireSubject method gets the subject from pool.

func (*Subject) AllPrincipals

func (s *Subject) AllPrincipals() []*authc.Principal

AllPrincipals method is convenience wrapper.

func (*Subject) HasAllRoles

func (s *Subject) HasAllRoles(roles ...string) bool

HasAllRoles method is convenience wrapper. See `AuthorizationInfo.HasAllRoles`.

func (*Subject) HasAnyRole

func (s *Subject) HasAnyRole(roles ...string) bool

HasAnyRole method is convenience wrapper. See `AuthorizationInfo.HasAnyRole`.

func (*Subject) HasRole

func (s *Subject) HasRole(role string) bool

HasRole method is convenience wrapper. See `AuthorizationInfo.HasRole`.

func (*Subject) IsAuthenticated

func (s *Subject) IsAuthenticated() bool

IsAuthenticated method is convenience wrapper. See `Session.IsAuthenticated`.

func (*Subject) IsPermitted

func (s *Subject) IsPermitted(permission string) bool

IsPermitted method is convenience wrapper. See `AuthorizationInfo.IsPermitted`.

func (*Subject) IsPermittedAll

func (s *Subject) IsPermittedAll(permissions ...string) bool

IsPermittedAll method is convenience wrapper. See `AuthorizationInfo.IsPermittedAll`.

func (*Subject) Logout

func (s *Subject) Logout()

Logout method is convenience wrapper. See `Session.Clear`.

func (*Subject) PrimaryPrincipal

func (s *Subject) PrimaryPrincipal() *authc.Principal

PrimaryPrincipal method is convenience wrapper. See `AuthenticationInfo.PrimaryPrincipal`.

func (*Subject) Principal

func (s *Subject) Principal(claim string) *authc.Principal

Principal method returns the principal value for given Claim. See `AuthenticationInfo.Principal`.

func (*Subject) Reset

func (s *Subject) Reset()

Reset method clear the instance for reuse.

func (Subject) String

func (s Subject) String() string

String method is stringer interface implementation.

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier