README
¶
IC Auth Filter
This package enables filtering using IC service in go-restful apps.
Usage
Importing
import "github.com/AccelByte/go-restful-plugins/v4/pkg/auth/ic"
Create filter
This filter depends on IC client passed through the constructor.
Create Filter:
filter := ic.NewFilter(icClient)
Constructing filter
The default Auth() filter only validates if the JWT access token is valid.
ws := new(restful.WebService)
ws.Filter(filter.Auth())
However, it can be expanded through FilterOption parameters. There are several built-in expansions in this package ready for use.
ws.Filter(service.AuthFilter.Auth(
auth.WithValidUser(),
auth.WithPermission(&ic.Permission{
Resource: "ADMIN:ORG:{organizationId}:PROJ:{projectId}:Info",
Action: ic.ActionUpdate,
})),
).
Reading JWT Claims
Auth() filter will inject the parsed IC SDK's JWT claims to restful.Request.attribute. To retrieve it, use:
claims := ic.RetrieveJWTClaims(request)
Note
Retrieved claims can be nil if the request not filtered using Auth()
Filter all endpoints
ws := new(restful.WebService)
ws.Filter(filter.Auth())
Filter specific endpoint
ws := new(restful.WebService)
ws.Route(ws.GET("/user/{id}").
Filter(filter.Auth()).
To(func(request *restful.Request, response *restful.Response) {
}))
Documentation
¶
Index ¶
Constants ¶
const ( // Global Error Codes InternalServerError = 20000 ForbiddenAccess = 20002 TokenIsExpired = 20003 InsufficientPermissions = 20004 InsufficientScope = 20005 TokenIsNotUserToken = 20006 )
const (
// ClaimsAttribute is the key for JWT claims stored in the request
ClaimsAttribute = "ICJWTClaims"
)
Variables ¶
var DevStackTraceable bool
var ErrorCodeMapping = map[int]string{ InternalServerError: "internal server error", UnauthorizedAccess: "unauthorized access", ForbiddenAccess: "forbidden access", InsufficientPermissions: "insufficient permissions", InsufficientScope: "insufficient scope", TokenIsNotUserToken: "token is not user token", TokenIsExpired: "token is expired", }
Functions ¶
func ActionConverter ¶
ActionConverter convert IC action bit to human-readable
func RetrieveJWTClaims ¶
func RetrieveJWTClaims(request *restful.Request) *ic.JWTClaims
RetrieveJWTClaims is a convenience function to retrieve JWT claims from restful.Request. Warning: the claims can be nil if the request wasn't filtered through Auth()
Types ¶
type ErrorResponse ¶
type ErrorResponse struct {
ErrorCode int `json:"errorCode"`
ErrorMessage string `json:"errorMessage"`
}
ErrorResponse is the generic structure for communicating errors from a REST endpoint.
type Filter ¶
type Filter struct {
// contains filtered or unexported fields
}
Filter handles auth using filter
func (*Filter) Auth ¶
func (filter *Filter) Auth(opts ...FilterOption) restful.FilterFunction
Auth returns a filter that filters request with valid access token in auth header or cookie The token's claims will be passed in the request.attributes["ICJWTClaims"] = *ic.JWTClaims{} This filter is expandable through FilterOption parameter Example: ic.Auth(
WithValidUser(),
WithPermission("ADMIN"),
)
func (*Filter) PublicAuth ¶
func (filter *Filter) PublicAuth(opts ...FilterOption) restful.FilterFunction
PublicAuth returns a filter that allow unauthenticated request and request with valid access token in auth header or cookie If request has access token, the token's claims will be passed in the request.attributes["ICJWTClaims"] = *ic.JWTClaims{} If request has invalid access token, then request treated as public access without claims This filter is expandable through FilterOption parameter Example: ic.PublicAuth(
WithValidUser(),
WithPermission("ADMIN"),
)
type FilterInitializationOptions ¶
type FilterInitializationOptions struct {
}
FilterInitializationOptions hold options for Filter during initialization
type FilterOption ¶
type FilterOption func(req *restful.Request, icClient ic.Client, claims *ic.JWTClaims) error
FilterOption extends the basic auth filter functionality
func WithPermission ¶
func WithPermission(permission *ic.Permission) FilterOption
WithPermission filters request with valid permission only
func WithValidUser ¶
func WithValidUser() FilterOption
WithValidUser filters request with valid user only
Source Files