Documentation ¶
Index ¶
- Constants
- Variables
- func DefaultHTTPPasswdChangeHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerCreateSSHUserCertHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerDeleteGroupHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerDeleteUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerGetCertsForUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerGetGroupHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerGetUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerHomeHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerPostGroupHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerPostUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerPutGroupHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerPutUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerPutUserHandlerNonAdmin(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerSearchGroupsHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func DefaultHTTPServerSearchUsersHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
- func GenerateSignatureHeader_v1(r *http.Request, creds ApiKeyCreds, headersToSign []string) (*string, error)
- func ValidateSignature_v1(r *http.Request, creds []*ApiKeyCreds, authSansVersion string, ...) (bool, *string, error)
- type ApiKeyCreds
- type AuthnzResult
- type AuthorizationHandler
- type DefaultAuthnzResult
- type DefaultHTTPServer
- func (c *DefaultHTTPServer) AuthorizationHandler(w http.ResponseWriter, r *http.Request) (authzResult AuthnzResult, requestFulfilled bool, err error)
- func (c *DefaultHTTPServer) CreateSSHUserCertHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) DeleteGroupHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) DeleteUserHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) GetCertsForUserHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) GetGroupHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) GetUserHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) HomeHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) PasswdChangeHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) PostGroupHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) PostUserHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) PutGroupHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) PutUserHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) PutUserHandlerNonAdmin(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) SearchGroupsHandler(w http.ResponseWriter, r *http.Request)
- func (c *DefaultHTTPServer) SearchUsersHandler(w http.ResponseWriter, r *http.Request)
- type DefaultHTTPServerAuthHandler
- type GetCertsForUserHandler
- type GroupsHandler
- type HTTPServer
- type IDTokenInterface
- type IDTokenVerifier
- type IDTokenVerifierInterface
- type OAuthClientInterface
- type OIDCProvider
- type OIDCProviderInterface
- type OauthClient
- func (c *OauthClient) GetAuthCodeURL(state string) string
- func (c *OauthClient) GetEntitlementsFieldForClaims() string
- func (c *OauthClient) GetOauthRedirectPath() string
- func (c *OauthClient) GetOpenIDCProvider() OIDCProviderInterface
- func (c *OauthClient) OAuthConfig() OauthConfigInterface
- func (c *OauthClient) OAuthStateParamName() string
- func (c *OauthClient) SetOauthRedirectURL(baseHost, scheme string)
- type OauthConfig
- type OauthConfigInterface
- type OauthTokenInterface
- type SSHCertHandler
- type SearchGroupsHandler
- type SearchUsersHandler
- type UsersHandler
Constants ¶
const ( APIAuthHeaderVer1Prefix = "v1-hmac-sha256" APIAuthHeaderVer1CredentialPrefix = "Credential=" APIAuthHeaderVer1SignedHeadersPrefix = "SignedHeaders=" APIAuthHeaderVer1SignatureValuePrefix = "Signature=" )
Variables ¶
var ( GetCertsForUserByPrimaryNameAdminPrefixPath = "/swoossh/admin/Cert/User/Name/" GetCertsForUserByPrimaryNameAdminSuffixPath = "/list" CreateCertForUserAdminPrefixPath = "/swoossh/admin/Cert/User/Name/" CreateCertForUserAdminSuffixPath = "/NewCert" GetCertsSizeQueryParamName = "size" GetCertsTokenQueryParamName = "token" GetCertsOrderQueryParamName = "order" MAXCERTPAYLOADBODYSIZE = 1048576 GetCertsDefaultResultSize = 20 GetCertsOrderValueEnumForward = "forw" GetCertsOrderValueEnumPrevious = "prev" )
var ( GetGroupByIDPrefixPath = "/swoossh/admin/Group/ID/" GetGroupByPrimaryNamePrefixPath = "/swoossh/admin/Group/Name/" PutGroupByIDPrefixPath = "/swoossh/admin/Group/ID/" PutGroupByPrimaryNamePrefixPath = "/swoossh/admin/Group/Name/" DeleteGroupByNamePrefixPath = "/swoossh/admin/Group/Name/" SearchGroupsByNameQueryParamName = "name" SearchGroupsTokenQueryParamName = "token" SearchGroupsSizeQueryParamName = "size" SearchGroupsOrderQueryParamName = "order" MAXGROUPPAYLOADBODYSIZE = 1048576 SearchGroupsDefaultResultSize = 20 SearchGroupsOrderValueEnumForward = "forw" SearchGroupsOrderValueEnumPrevious = "prev" )
var ( GetUserByIDPrefixPath = "/swoossh/admin/User/ID/" GetUserByPrimaryNamePrefixPath = "/swoossh/admin/User/Name/" PutUserByIDPrefixPath = "/swoossh/admin/User/ID/" PutUserByPrimaryNamePrefixPath = "/swoossh/admin/User/Name/" PutUserByIDPrefixPathNonAdmin = "/swoossh/User/ID/" DeleteUserByPrincipalNamePrefixPath = "/swoossh/admin/User/Name/" POSTNewUserpath = "/swoossh/admin/User" SearchUsersByPrimaryNameQueryParamName = "name" SearchUsersSizeQueryParamName = "size" SearchUsersTokenQueryParamName = "token" SearchUsersOrderQueryParamName = "order" MAXUSERPAYLOADBODYSIZE = 1048576 SearchUsersDefaultResultSize = 20 SearchUsersOrderValueEnumForward = "forw" SearchUsersOrderValueEnumPrevious = "prev" )
Functions ¶
func DefaultHTTPPasswdChangeHandler ¶
func DefaultHTTPPasswdChangeHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for POST /swoossh/changePasswd
func DefaultHTTPServerCreateSSHUserCertHandler ¶
func DefaultHTTPServerCreateSSHUserCertHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests GET /swoossh/myNewCert for requests GET /swoossh/admin/Cert/User/Name/:xxx/NewCert creates and returns a new certificate
func DefaultHTTPServerDeleteGroupHandler ¶
func DefaultHTTPServerDeleteGroupHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests DELETE /swoossh/admin/Group/Name/:groupName deletes an existing group
func DefaultHTTPServerDeleteUserHandler ¶
func DefaultHTTPServerDeleteUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests DELETE /swoossh/admim/User/Name/:principalName deletes an existing user
func DefaultHTTPServerGetCertsForUserHandler ¶
func DefaultHTTPServerGetCertsForUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests GET /swoossh/admin/Cert/User/Name/:xxx/list?size=yy&token=zz&order=prev fetches user certs for requests GET /swoossh/myCerts?size=yy&token=zz&order=prev fetches user certs
func DefaultHTTPServerGetGroupHandler ¶
func DefaultHTTPServerGetGroupHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests GET /swoossh/admin/Group/ID/:uuid or /swoossh/admin/Group/Name/:groupname
func DefaultHTTPServerGetUserHandler ¶
func DefaultHTTPServerGetUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests GET /swoossh/admin/User/ID/:uuid or /swoossh/admin/User/Name/:principalName
func DefaultHTTPServerHomeHandler ¶
func DefaultHTTPServerHomeHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for GET /swoossh/ or /swoossh/home
func DefaultHTTPServerPostGroupHandler ¶
func DefaultHTTPServerPostGroupHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests POST /swoossh/admin/Group creates a new group
func DefaultHTTPServerPostUserHandler ¶
func DefaultHTTPServerPostUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests POST "/swoossh/admin/User"
func DefaultHTTPServerPutGroupHandler ¶
func DefaultHTTPServerPutGroupHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests PUT /swoossh/admin/Group/Name/:groupName creates a new group for requests PUT /swoossh/admin/Group/ID/:uuid attempts to update an existing group
func DefaultHTTPServerPutUserHandler ¶
func DefaultHTTPServerPutUserHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests PUT /swoossh/admin/User/Name/:principalName creates a new user for requests PUT /swoossh/admin/User/ID/:uuid attempts to update an existing user
func DefaultHTTPServerPutUserHandlerNonAdmin ¶
func DefaultHTTPServerPutUserHandlerNonAdmin(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests PUT /swoossh/User/ID/:uuid attempts to update an existing user currently only supports updating the publickey and latestPasswdHash of the user
func DefaultHTTPServerSearchGroupsHandler ¶
func DefaultHTTPServerSearchGroupsHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests GET /swoossh/admin/Groups?name=xxx&size=yy&token=zz&order=prev searches for groups
func DefaultHTTPServerSearchUsersHandler ¶
func DefaultHTTPServerSearchUsersHandler(w http.ResponseWriter, r *http.Request, srv *DefaultHTTPServer)
for requests GET /swoossh/admin/Users?name=xxx&size=yy&token=zz&order=prev searches for users
Types ¶
type ApiKeyCreds ¶
type AuthnzResult ¶
type AuthorizationHandler ¶
type AuthorizationHandler interface {
AuthorizationHandler(w http.ResponseWriter, r *http.Request, store storage.Store) (authnzResult AuthnzResult, requestFulfilled bool, err error)
}
type DefaultAuthnzResult ¶
type DefaultAuthnzResult struct {
// contains filtered or unexported fields
}
func (*DefaultAuthnzResult) AuthenticatedPrincipal ¶
func (c *DefaultAuthnzResult) AuthenticatedPrincipal() (user.User, error)
func (*DefaultAuthnzResult) AuthorizationResult ¶
func (c *DefaultAuthnzResult) AuthorizationResult() (*bool, error)
func (*DefaultAuthnzResult) IsAdmin ¶
func (c *DefaultAuthnzResult) IsAdmin() *bool
type DefaultHTTPServer ¶
type DefaultHTTPServer struct { Store storage.Store CA ca.CA AuthHandler AuthorizationHandler TemplateFS fs.FS AdminHomeTmplName *string HomeTmplName *string }
func (*DefaultHTTPServer) AuthorizationHandler ¶
func (c *DefaultHTTPServer) AuthorizationHandler(w http.ResponseWriter, r *http.Request) (authzResult AuthnzResult, requestFulfilled bool, err error)
func (*DefaultHTTPServer) CreateSSHUserCertHandler ¶
func (c *DefaultHTTPServer) CreateSSHUserCertHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) DeleteGroupHandler ¶
func (c *DefaultHTTPServer) DeleteGroupHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) DeleteUserHandler ¶
func (c *DefaultHTTPServer) DeleteUserHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) GetCertsForUserHandler ¶
func (c *DefaultHTTPServer) GetCertsForUserHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) GetGroupHandler ¶
func (c *DefaultHTTPServer) GetGroupHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) GetUserHandler ¶
func (c *DefaultHTTPServer) GetUserHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) HomeHandler ¶
func (c *DefaultHTTPServer) HomeHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) PasswdChangeHandler ¶
func (c *DefaultHTTPServer) PasswdChangeHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) PostGroupHandler ¶
func (c *DefaultHTTPServer) PostGroupHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) PostUserHandler ¶
func (c *DefaultHTTPServer) PostUserHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) PutGroupHandler ¶
func (c *DefaultHTTPServer) PutGroupHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) PutUserHandler ¶
func (c *DefaultHTTPServer) PutUserHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) PutUserHandlerNonAdmin ¶
func (c *DefaultHTTPServer) PutUserHandlerNonAdmin(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) SearchGroupsHandler ¶
func (c *DefaultHTTPServer) SearchGroupsHandler(w http.ResponseWriter, r *http.Request)
func (*DefaultHTTPServer) SearchUsersHandler ¶
func (c *DefaultHTTPServer) SearchUsersHandler(w http.ResponseWriter, r *http.Request)
type DefaultHTTPServerAuthHandler ¶
type DefaultHTTPServerAuthHandler struct { AuthzCreds []*ApiKeyCreds ApiKeySignatureValidityInSecs *int64 ApiKeyAuthzReqHeader *string OAuthClient OAuthClientInterface CookieKey *string Siv siv.SIV AdminUserClaimsMatches []string }
func (*DefaultHTTPServerAuthHandler) AuthorizationHandler ¶
func (c *DefaultHTTPServerAuthHandler) AuthorizationHandler(w http.ResponseWriter, r *http.Request, store storage.Store) (AuthnzResult, bool, error)
type GetCertsForUserHandler ¶
type GetCertsForUserHandler interface {
GetCertsForUserHandler(w http.ResponseWriter, r *http.Request)
}
type GroupsHandler ¶
type GroupsHandler interface { GetGroupHandler(w http.ResponseWriter, r *http.Request) PutGroupHandler(w http.ResponseWriter, r *http.Request) PostGroupHandler(w http.ResponseWriter, r *http.Request) DeleteGroupHandler(w http.ResponseWriter, r *http.Request) }
type HTTPServer ¶
type HTTPServer interface { UsersHandler GroupsHandler SSHCertHandler AuthorizationHandler }
type IDTokenInterface ¶
type IDTokenInterface interface {
Claims(v interface{}) error
}
type IDTokenVerifier ¶
type IDTokenVerifier struct {
*oidc.IDTokenVerifier
}
func (*IDTokenVerifier) Verify ¶
func (c *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (IDTokenInterface, error)
type IDTokenVerifierInterface ¶
type IDTokenVerifierInterface interface {
Verify(ctx context.Context, rawIDToken string) (IDTokenInterface, error)
}
type OAuthClientInterface ¶
type OAuthClientInterface interface { SetOauthRedirectURL(baseHost, scheme string) GetOauthRedirectPath() string GetAuthCodeURL(state string) string OAuthStateParamName() string //OAuthConfig() *oauth2.Config OAuthConfig() OauthConfigInterface //GetOpenIDCProvider() *oidc.Provider GetOpenIDCProvider() OIDCProviderInterface GetEntitlementsFieldForClaims() string }
type OIDCProvider ¶
type OIDCProvider struct {
*oidc.Provider
}
func (*OIDCProvider) Verifier ¶
func (c *OIDCProvider) Verifier(config *oidc.Config) IDTokenVerifierInterface
type OIDCProviderInterface ¶
type OIDCProviderInterface interface {
Verifier(config *oidc.Config) IDTokenVerifierInterface
}
type OauthClient ¶
type OauthClient struct { OauthConfig OauthConfig OpenIDCProvider OIDCProvider OauthCallBackHandlerPath *string OauthStateParamName *string EntitlementsFieldForClaims *string }
func (*OauthClient) GetAuthCodeURL ¶
func (c *OauthClient) GetAuthCodeURL(state string) string
func (*OauthClient) GetEntitlementsFieldForClaims ¶
func (c *OauthClient) GetEntitlementsFieldForClaims() string
func (*OauthClient) GetOauthRedirectPath ¶
func (c *OauthClient) GetOauthRedirectPath() string
func (*OauthClient) GetOpenIDCProvider ¶
func (c *OauthClient) GetOpenIDCProvider() OIDCProviderInterface
func (*OauthClient) OAuthConfig ¶
func (c *OauthClient) OAuthConfig() OauthConfigInterface
func (*OauthClient) OAuthStateParamName ¶
func (c *OauthClient) OAuthStateParamName() string
func (*OauthClient) SetOauthRedirectURL ¶
func (c *OauthClient) SetOauthRedirectURL(baseHost, scheme string)
type OauthConfig ¶
func (*OauthConfig) ClientID ¶
func (c *OauthConfig) ClientID() string
func (*OauthConfig) Exchange ¶
func (c *OauthConfig) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (OauthTokenInterface, error)
type OauthConfigInterface ¶
type OauthConfigInterface interface { Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (OauthTokenInterface, error) ClientID() string }
type OauthTokenInterface ¶
type OauthTokenInterface interface {
Extra(key string) interface{}
}
type SSHCertHandler ¶
type SSHCertHandler interface {
CreateSSHUserCertHandler(w http.ResponseWriter, r *http.Request)
}
type SearchGroupsHandler ¶
type SearchGroupsHandler interface {
SearchGroupsHandler(w http.ResponseWriter, r *http.Request)
}
type SearchUsersHandler ¶
type SearchUsersHandler interface {
SearchUsersHandler(w http.ResponseWriter, r *http.Request)
}
type UsersHandler ¶
type UsersHandler interface { GetUserHandler(w http.ResponseWriter, r *http.Request) PutUserHandler(w http.ResponseWriter, r *http.Request) PostUserHandler(w http.ResponseWriter, r *http.Request) DeleteUserHandler(w http.ResponseWriter, r *http.Request) }