security

package

v0.1.9 Latest Latest Go to latest Published: Feb 7, 2019 License: Apache-2.0, BSD-3-Clause, MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ablease/service-manager

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Decrypt(ciphertext []byte, key []byte) ([]byte, error)
func Encrypt(plaintext []byte, key []byte) ([]byte, error)
func ForbiddenHTTPError(description string) error
func UnauthorizedHTTPError(description string) error
type Authenticator
type Authorizer
type Decision
- func (a Decision) String() string
type Encrypter
type KeyFetcher
type KeySetter
type TokenData
type TokenVerifier
type TwoLayerEncrypter
- func (e *TwoLayerEncrypter) Decrypt(ctx context.Context, ciphertext []byte) ([]byte, error)
- func (e *TwoLayerEncrypter) Encrypt(ctx context.Context, plaintext []byte) ([]byte, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrUserNotFound = errors.New("user identity must be provided when allowing authentication")

ErrUserNotFound error when authentication passed but no user found

Functions ¶

func Decrypt ¶

func Decrypt(ciphertext []byte, key []byte) ([]byte, error)

Decrypt decrypts the cipher text with the provided key using AES

func Encrypt ¶

func Encrypt(plaintext []byte, key []byte) ([]byte, error)

Encrypt encrypts the plaintext with the provided key using AES

func ForbiddenHTTPError ¶

func ForbiddenHTTPError(description string) error

ForbiddenHTTPError returns HTTPError 403 with some description

func UnauthorizedHTTPError ¶

func UnauthorizedHTTPError(description string) error

UnauthorizedHTTPError returns HTTPError 401 with some description

Types ¶

type Authenticator ¶

type Authenticator interface {
	// Authenticate returns information about the user if security is successful, a bool specifying
	// whether the authenticator ran or not and an error if one occurs
	Authenticate(req *http.Request) (*web.UserContext, Decision, error)
}

Authenticator extracts the authenticator information from the request and returns information about the current user or an error if security was not successful

type Authorizer ¶

type Authorizer interface {
	// Authorize returns decision specifying
	// whether the authorizer ran or not and an error if one occurs
	Authorize(req *http.Request) (Decision, error)
}

Authorizer extracts the information from the authenticated user and returns a decision if the authorization passed

type Decision ¶

type Decision int

Decision represents a decision to allow or deny further processing or to abstain from taking a decision

const (
	// Abstain represents a decision to abstain from deciding - let another component decide
	Abstain Decision = iota

	// Allow represents decision to allow to proceed
	Allow

	// Deny represents decision to deny to proceed
	Deny
)

func (Decision) String ¶

func (a Decision) String() string

String implements Stringer and converts the decision to human-readable value

type Encrypter ¶

type Encrypter interface {
	Encrypt(ctx context.Context, plaintext []byte) ([]byte, error)
	Decrypt(ctx context.Context, ciphertext []byte) ([]byte, error)
}

Encrypter provides functionality to encrypt and decrypt data

type KeyFetcher ¶

type KeyFetcher interface {
	GetEncryptionKey(ctx context.Context) ([]byte, error)
}

KeyFetcher provides functionality to get encryption key from a remote location

type KeySetter ¶

type KeySetter interface {
	SetEncryptionKey(ctx context.Context, key []byte) error
}

KeySetter provides functionality to set encryption key in a remote location

type TokenData ¶ added in v0.1.6

type TokenData interface {
	// Claims reads the claims from the token into the specified struct
	Claims(v interface{}) error
}

TokenData represents the authentication token

type TokenVerifier ¶

type TokenVerifier interface {
	// Verify verifies that the token is valid and returns a token if so, otherwise returns an error
	Verify(ctx context.Context, token string) (TokenData, error)
}

TokenVerifier attempts to verify a token and returns it or an error if the verification was not successful

type TwoLayerEncrypter ¶

type TwoLayerEncrypter struct {
	Fetcher KeyFetcher
}

TwoLayerEncrypter is an encrypter that fetches the encryption key from a remote location

func (*TwoLayerEncrypter) Decrypt ¶

func (e *TwoLayerEncrypter) Decrypt(ctx context.Context, ciphertext []byte) ([]byte, error)

Decrypt decrypts the cipher text with a key obtained from a remote location

func (*TwoLayerEncrypter) Encrypt ¶

func (e *TwoLayerEncrypter) Encrypt(ctx context.Context, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with a key obtained from a remote location

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authenticators Package authenticators contains logic for setting up an Open ID Connect authenticator	Package authenticators contains logic for setting up an Open ID Connect authenticator
filters
middlewares
securityfakes Code generated by counterfeiter.	Code generated by counterfeiter.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL