security

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2020 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const SessionRedirectKey = "redirect"

SessionRedirectKey session key for the redirect URL

View Source 
const SessionUserDataKey = "user"

SessionUserDataKey session key for the user data

Variables

View Source 
var BadRequest = goa.NewErrorClass("bad_request", 400)

BadRequest is a generic bad request error.

View Source 
var Forbidden = goa.NewErrorClass("forbidden", 403)

Forbidden is an HTTP error issued when the authorization does not allow for the client to access the resource.

View Source 
var ServerError = goa.NewErrorClass("server_error", 500)

ServerError is a generic HTTP server error.

View Source 
var Unauthorized = goa.NewErrorClass("unauthorized", 401)

Unauthorized is an HTTP error for unauthorized request (an authorization is required).

Functions

func FormLoginMiddleware 

func FormLoginMiddleware(scheme *FormLoginScheme, userService oauth2.UserService, sessionStore SessionStore) goa.Middleware

FormLoginMiddleware creates new goa.Middleware for security and form-base authentication.

func NewStoreOAuth2ParamsMiddleware 

func NewStoreOAuth2ParamsMiddleware(sessionStore SessionStore, authorizeURL string) goa.Middleware

NewStoreOAuth2ParamsMiddleware creates goa.Middleware that stores the clientID in session.

Types

type AuthorizeClientData 

type AuthorizeClientData struct {
	// The original authorize request URL (Path+Query params) that the client has made.
	// The client will be redirected here after successful confirmation by the user.
	AuthorizeRequest string

	// ClientID is the client identifier.
	ClientID string

	// Confirmed whether the user confirmed that the client can access the data and can be issued an access token.
	Confirmed bool
}

AuthorizeClientData holds the data needed for authorization. Usually kept in the session. It is used to propery redirect back to the "authorize" OAuth2 action.

type FormLoginScheme 

type FormLoginScheme struct {
	// PostURL is the URL to which the user credentials are submitted and checked. For example: "/check_credentials".
	PostURL string

	// LoginURL is the URL on which the user is redirected to log in. A login form is displayed. Example: "/login".
	LoginURL string

	ConfirmURL string

	// EmailField is the name of the input field (and POST parameter) for the email user credential.
	EmailField string

	//  PasswordField is the name of the input field (and POST parameter) for the password user credential.
	PasswordField string

	// IgnoreURLs is a list of URLs that are to be ignored by this authentication middleware and are considered public.
	IgnoreURLs []string
}

FormLoginScheme holds the configuration for a Form-based user login and authentication. This is used for creating new form-login based authentication Middleware.

type SecureSessionStore 

type SecureSessionStore struct {

	// SessionName is the name of the session store.
	SessionName string

	// Store is the actual sessions.Store.
	Store sessions.Store
}

SecureSessionStore holds the values for a secure session implementation using Go's sessions library.

func (*SecureSessionStore) Clear 

func (s *SecureSessionStore) Clear(key string, rw http.ResponseWriter, req *http.Request) error

Clear clears the value associated with this key from the session store.

func (*SecureSessionStore) Get 

func (s *SecureSessionStore) Get(key string, req *http.Request) (*string, error)

Get retrieves a string value from the session.

func (*SecureSessionStore) GetAs 

func (s *SecureSessionStore) GetAs(key string, v interface{}, req *http.Request) error

GetAs retrieves user-defined typed value from the session. The value is retireved as JSON string, then deserialized.

func (*SecureSessionStore) Set 

func (s *SecureSessionStore) Set(key, value string, rw http.ResponseWriter, req *http.Request) error

Set stores a new value associated with the provided key in the session store.

func (*SecureSessionStore) SetValue 

func (s *SecureSessionStore) SetValue(key string, value interface{}, rw http.ResponseWriter, req *http.Request) error

SetValue stores a typed value associated with the provided key in the session store. The value is serialized to JSON, then stored as string.

type SessionStore 

type SessionStore interface {
	// Get retrieves a string value from the user session.
	Get(key string, req *http.Request) (*string, error)

	// GetAs retrieves a value from the user session and decodes it to a generic type.
	GetAs(key string, v interface{}, req *http.Request) error

	// Set stores a string value under the provided key in the user session.
	Set(key, value string, rw http.ResponseWriter, req *http.Request) error

	// SetValue stores a user-defined type value in the session. The value is deserialized and then stored.
	SetValue(key string, value interface{}, rw http.ResponseWriter, req *http.Request) error

	// Clear removes the value associated with the key from the user session.
	Clear(key string, rw http.ResponseWriter, req *http.Request) error
}

SessionStore defines an interface for interacting with the user session. This is an abstraction to allow transparent use od cookies-based session or session persisted by other mechanisms (database, redis store etc).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.