security

package
v0.12.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2019 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package security houses all the application security implementation Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrAuthSchemeIsNil returned when given auth scheme instance is nil.
	ErrAuthSchemeIsNil = errors.New("security: auth scheme is nil")

	// Bcrypt password algorithm instance for Password generate and compare.
	// By default it is enabled.
	Bcrypt acrypto.PasswordEncoder

	// Scrypt password algorithm instance for Password generate and compare.
	// Enable `scrypt` algorithm in `security.conf` otherwise it might be nil.
	Scrypt acrypto.PasswordEncoder

	// Pbkdf2 password algorithm instance for Password generate and compare.
	// Enable `pbkdf2` algorithm in `security.conf` otherwise it might be nil.
	Pbkdf2 acrypto.PasswordEncoder
)

Functions

func ReleaseSubject 

func ReleaseSubject(s *Subject)

ReleaseSubject method puts authenticatio info, authorization info and subject back to pool.

Types

type Manager 

type Manager struct {
	IsSSLEnabled   bool
	SessionManager *session.Manager
	SecureHeaders  *SecureHeaders
	AntiCSRF       *anticsrf.AntiCSRF
	// contains filtered or unexported fields
}

Manager holds aah security management and its implementation.

func New 

func New() *Manager

New method creates the security manager initial values and returns it.

func (*Manager) AddAuthScheme 

func (m *Manager) AddAuthScheme(name string, authScheme scheme.Schemer) error

AddAuthScheme method adds the given name and auth scheme to view schemes.

func (*Manager) AuthScheme 

func (m *Manager) AuthScheme(name string) scheme.Schemer

AuthScheme method returns the auth scheme instance for given name otherwise nil.

func (*Manager) AuthSchemes 

func (m *Manager) AuthSchemes() map[string]scheme.Schemer

AuthSchemes method returns all configured auth schemes from `security.conf` under `security.auth_schemes { ... }`.

func (*Manager) Init 

func (m *Manager) Init(appCfg *config.Config) error

Init method initialize the application security configuration `security { ... }`. Which is mainly Session, CSRF, Security Headers, etc.

type SecureHeaders 

type SecureHeaders struct {
	CSPReportOnly bool
	PKPReportOnly bool
	STS           string
	PKP           string
	XSSFilter     string
	CSP           string

	Common map[string]string
}

SecureHeaders holds the composed values of HTTP security headers based on config `security.http_header.*` from `security.conf`.

type Subject 

type Subject struct {
	AuthenticationInfo *authc.AuthenticationInfo
	AuthorizationInfo  *authz.AuthorizationInfo
	Session            *session.Session
}

Subject instance represents state and security operations for a single application user. These operations include authentication info (principal), authorization (access control), and session access. It is aah framework's primary mechanism for single-user security functionality.

Acquiring a Subject

To acquire the currently-executing Subject, use `ctx.Subject()`. Almost all security operations should be performed with the Subject returned from this method.

Permission methods

Subject instance provides a convenience wrapper method for all authentication (primary principal, is-authenticated, logout) and authorization (hasrole, hasanyrole, hasallroles, ispermitted, ispermittedall) purpose.

func AcquireSubject 

func AcquireSubject() *Subject

AcquireSubject method gets the subject from pool.

func (*Subject) AllPrincipals 

func (s *Subject) AllPrincipals() []*authc.Principal

AllPrincipals method is convenience wrapper.

func (*Subject) HasAllRoles 

func (s *Subject) HasAllRoles(roles ...string) bool

HasAllRoles method is convenience wrapper. See `AuthorizationInfo.HasAllRoles`.

func (*Subject) HasAnyRole 

func (s *Subject) HasAnyRole(roles ...string) bool

HasAnyRole method is convenience wrapper. See `AuthorizationInfo.HasAnyRole`.

func (*Subject) HasRole 

func (s *Subject) HasRole(role string) bool

HasRole method is convenience wrapper. See `AuthorizationInfo.HasRole`.

func (*Subject) IsAuthenticated 

func (s *Subject) IsAuthenticated() bool

IsAuthenticated method is convenience wrapper. See `Session.IsAuthenticated`.

func (*Subject) IsPermitted 

func (s *Subject) IsPermitted(permission string) bool

IsPermitted method is convenience wrapper. See `AuthorizationInfo.IsPermitted`.

func (*Subject) IsPermittedAll 

func (s *Subject) IsPermittedAll(permissions ...string) bool

IsPermittedAll method is convenience wrapper. See `AuthorizationInfo.IsPermittedAll`.

func (*Subject) Logout 

func (s *Subject) Logout()

Logout method is convenience wrapper. See `Session.Clear`.

func (*Subject) PrimaryPrincipal 

func (s *Subject) PrimaryPrincipal() *authc.Principal

PrimaryPrincipal method is convenience wrapper. See `AuthenticationInfo.PrimaryPrincipal`.

func (*Subject) Principal 

func (s *Subject) Principal(claim string) *authc.Principal

Principal method returns the principal value for given Claim. See `AuthenticationInfo.Principal`.

func (*Subject) Reset 

func (s *Subject) Reset()

Reset method clear the instance for reuse.

func (Subject) String 

func (s Subject) String() string

String method is stringer interface implementation.

Source Files

View all Source files

Directories

Path Synopsis
Package session provides HTTP state management library for aah framework.
 Package session provides HTTP state management library for aah framework.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.