security

package
Version: v0.12.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 4, 2020 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package security houses all the application security implementation Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrAuthSchemeIsNil returned when given auth scheme instance is nil.
	ErrAuthSchemeIsNil = errors.New("security: auth scheme is nil")

	// Bcrypt password algorithm instance for Password generate and compare.
	// By default it is enabled.
	Bcrypt acrypto.PasswordEncoder

	// Scrypt password algorithm instance for Password generate and compare.
	// Enable `scrypt` algorithm in `security.conf` otherwise it might be nil.
	Scrypt acrypto.PasswordEncoder

	// Pbkdf2 password algorithm instance for Password generate and compare.
	// Enable `pbkdf2` algorithm in `security.conf` otherwise it might be nil.
	Pbkdf2 acrypto.PasswordEncoder
)

Functions

func ReleaseSubject

func ReleaseSubject(s *Subject)

ReleaseSubject method puts authenticatio info, authorization info and subject back to pool.

Types

type Manager

type Manager struct {
	IsSSLEnabled   bool
	SessionManager *session.Manager
	SecureHeaders  *SecureHeaders
	AntiCSRF       *anticsrf.AntiCSRF
	// contains filtered or unexported fields
}

Manager holds aah security management and its implementation.

func New

func New() *Manager

New method creates the security manager initial values and returns it.

func (*Manager) AddAuthScheme

func (m *Manager) AddAuthScheme(name string, authScheme scheme.Schemer) error

AddAuthScheme method adds the given name and auth scheme to view schemes.

func (*Manager) AuthScheme

func (m *Manager) AuthScheme(name string) scheme.Schemer

AuthScheme method returns the auth scheme instance for given name otherwise nil.

func (*Manager) AuthSchemes

func (m *Manager) AuthSchemes() map[string]scheme.Schemer

AuthSchemes method returns all configured auth schemes from `security.conf` under `security.auth_schemes { ... }`.

func (*Manager) Init

func (m *Manager) Init(appCfg *config.Config) error

Init method initialize the application security configuration `security { ... }`. Which is mainly Session, CSRF, Security Headers, etc.

type SecureHeaders

type SecureHeaders struct {
	CSPReportOnly bool
	PKPReportOnly bool
	STS           string
	PKP           string
	XSSFilter     string
	CSP           string

	Common map[string]string
}

SecureHeaders holds the composed values of HTTP security headers based on config `security.http_header.*` from `security.conf`.

type Subject

type Subject struct {
	AuthenticationInfo *authc.AuthenticationInfo
	AuthorizationInfo  *authz.AuthorizationInfo
	Session            *session.Session
}

Subject instance represents state and security operations for a single application user. These operations include authentication info (principal), authorization (access control), and session access. It is aah framework's primary mechanism for single-user security functionality.

Acquiring a Subject

To acquire the currently-executing Subject, use `ctx.Subject()`. Almost all security operations should be performed with the Subject returned from this method.

Permission methods

Subject instance provides a convenience wrapper method for all authentication (primary principal, is-authenticated, logout) and authorization (hasrole, hasanyrole, hasallroles, ispermitted, ispermittedall) purpose.

func AcquireSubject

func AcquireSubject() *Subject

AcquireSubject method gets the subject from pool.

func (*Subject) AllPrincipals

func (s *Subject) AllPrincipals() []*authc.Principal

AllPrincipals method is convenience wrapper.

func (*Subject) HasAllRoles

func (s *Subject) HasAllRoles(roles ...string) bool

HasAllRoles method is convenience wrapper. See `AuthorizationInfo.HasAllRoles`.

func (*Subject) HasAnyRole

func (s *Subject) HasAnyRole(roles ...string) bool

HasAnyRole method is convenience wrapper. See `AuthorizationInfo.HasAnyRole`.

func (*Subject) HasRole

func (s *Subject) HasRole(role string) bool

HasRole method is convenience wrapper. See `AuthorizationInfo.HasRole`.

func (*Subject) IsAuthenticated

func (s *Subject) IsAuthenticated() bool

IsAuthenticated method is convenience wrapper. See `Session.IsAuthenticated`.

func (*Subject) IsPermitted

func (s *Subject) IsPermitted(permission string) bool

IsPermitted method is convenience wrapper. See `AuthorizationInfo.IsPermitted`.

func (*Subject) IsPermittedAll

func (s *Subject) IsPermittedAll(permissions ...string) bool

IsPermittedAll method is convenience wrapper. See `AuthorizationInfo.IsPermittedAll`.

func (*Subject) Logout

func (s *Subject) Logout()

Logout method is convenience wrapper. See `Session.Clear`.

func (*Subject) PrimaryPrincipal

func (s *Subject) PrimaryPrincipal() *authc.Principal

PrimaryPrincipal method is convenience wrapper. See `AuthenticationInfo.PrimaryPrincipal`.

func (*Subject) Principal

func (s *Subject) Principal(claim string) *authc.Principal

Principal method returns the principal value for given Claim. See `AuthenticationInfo.Principal`.

func (*Subject) Reset

func (s *Subject) Reset()

Reset method clear the instance for reuse.

func (Subject) String

func (s Subject) String() string

String method is stringer interface implementation.

Directories

Path Synopsis
Package session provides HTTP state management library for aah framework.
Package session provides HTTP state management library for aah framework.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL