middleware

package

v0.0.0-...-277766b Latest Latest Go to latest Published: Aug 18, 2023 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

code.crute.us/mcrute/cloud-identity-broker

Links

Open Source Insights

Documentation ¶

Index ¶

func GetAuthorizedPrincipal(c echo.Context) (*models.User, error)
func RequireAdminPrivileges(next echo.HandlerFunc) echo.HandlerFunc
type AuthenticationMiddleware

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetAuthorizedPrincipal ¶

func GetAuthorizedPrincipal(c echo.Context) (*models.User, error)

GetAuthorizedPrincipal returns the user principal object from the request context and casts it correctly. Will return error if there is no principal or if the principal is of the incorrect type.

Note that use of this function implies that AuthenticationMiddleware is used somewhere in the stack before the handler calling this function is dispatched.

func RequireAdminPrivileges ¶

func RequireAdminPrivileges(next echo.HandlerFunc) echo.HandlerFunc

Types ¶

type AuthenticationMiddleware ¶

type AuthenticationMiddleware struct {
	Store          models.UserStore
	JWTManager     *auth.JWTManager
	GitHub         *github.GitHubAuthenticator
	CookieDuration time.Duration
}

func (*AuthenticationMiddleware) HandleCompleteLogin ¶

func (m *AuthenticationMiddleware) HandleCompleteLogin(c echo.Context) error

HandleCompleteLogin handles the Oauth 2 code flow. It receives the auth code and uses that to retrieve the auth token. This sets the user's auth cookie to a authenticated JWT.

This is redirected-to by the Oauth authorization server and should never be hit directly by a user or script.

func (*AuthenticationMiddleware) Middleware ¶

func (m *AuthenticationMiddleware) Middleware(next echo.HandlerFunc) echo.HandlerFunc

Middleware does user authentication based on either an X-API-Key header, Authorization header, or GitHub cookie depending on how the request is phrased.

If the request has either an X-API-Key or an Authorization Bearer header then that must pass validation with the downstream validation logic. Failures through this path are hard failures and the only way to re-try them is to authenticate with a new token. The underlying assumption is that only programmatic access goes through this path so redirecting to interactive authentication is pointless.

In the absence of those headers it's assumed that the user is interactive and their auth cookie will be read and validated (by the exact same logic that an API key is validated, they're the same format) but the failure case here will redirect the user to GitHub for interactive auth.

X-API-Key should be considered deprecated and the Authorization header with a type of Bearer should be used instead. This is more in-line with Oauth 2 style authentication. However, for now this middleware continues to support X-API-Key for to not break legacy API clients.

func (*AuthenticationMiddleware) RegisterUrls ¶

func (m *AuthenticationMiddleware) RegisterUrls(e glecho.URLRouter)

RegisterUrls registers the URLs required by this middleware and handler with an echo instance.

This is here instead of in the web main because these paths are encoded in the configuration for the GitHub application so changing them requires addition changes to that configuration.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL