zalando

package
v1.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 24, 2019 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package zalando contains Zalando specific definitions for authorization.

Index

Constants

This section is empty.

Variables

View Source 
var AccessTuples []AccessTuple

AccessTuples has to be set by the client to grant access.

View Source 
var OAuth2Endpoint = oauth2.Endpoint{
	AuthURL:  "https://identity.zalando.com/oauth2/token",
	TokenURL: "https://info.services.auth.zalando.com/oauth2/tokeninfo",
}

OAuth2Endpoint is similar to the definitions in golang.org/x/oauth2

View Source 
var TeamAPI string = "https://teams.auth.zalando.com/api/teams"

TeamAPI is a custom API

Functions

func GroupCheck 

func GroupCheck(at []AccessTuple) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

GroupCheck is an authorization function that checks, if the Token was issued for an employee of a specified team. The given TokenContainer must be valid. As side effect it sets "uid" and "team" in the gin.Context to the "official" team.

func NoAuthorization 

func NoAuthorization() func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

NoAuthorization sets "team" and "uid" in the context without checking if the user/team is authorized.

func RequestTeamInfo 

func RequestTeamInfo(tc *ginoauth2.TokenContainer, uri string) ([]byte, error)

RequestTeamInfo is a function that returns team information for a given token.

func ScopeAndCheck 

func ScopeAndCheck(name string, scopes ...string) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

ScopeAndCheck does an AND check of scopes given from token of the request to all provided scopes. Only if all of provided scopes are found in the Scopes of the token it grants access to the resource.

func ScopeCheck 

func ScopeCheck(name string, scopes ...string) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

ScopeCheck does an OR check of scopes given from token of the request to all provided scopes. If one of provided scopes is in the Scopes of the token it grants access to the resource.

func UidCheck 

func UidCheck(at []AccessTuple) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

UidCheck is an authorization function that checks UID scope TokenContainer must be Valid. As side effect it sets "uid" and "cn" in the gin.Context to the authorized uid and cn (Realname).

Types

type AccessTuple 

type AccessTuple struct {
	Realm string `yaml:"realm,omitempty"` // p.e. "employees", "services"
	Uid   string `yaml:"uid,omitempty"`   // UnixName
	Cn    string `yaml:"cn,omitempty"`    // RealName
}

AccessTuple is the type defined for use in AccessTuples.

type TeamInfo 

type TeamInfo struct {
	Id      string
	Id_name string
	Team_id string
	Type    string
	Name    string
	Mail    []string
}

TeamInfo is defined like in TeamAPI json.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.