stdcrpcaccess

package
v0.0.100 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2025 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

Package stdcrpcaccess implements access control for our RPC.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SignTestToken added in v0.0.100 

func SignTestToken(tok jwt.Token) (string, error)

SignTestToken signs a valid JWT against a well-known private key for testing.

func WithSignedTestToken added in v0.0.100 

func WithSignedTestToken(base connect.HTTPClient, createToken func(r *http.Request) jwt.Token) connect.HTTPClient

WithSignedTestToken is a http client middleware that always adds a valid (self signed) token for testing.

func WithTestAuthBackend added in v0.0.100 

func WithTestAuthBackend() fx.Option

WithTestAuthBackend injects dependencies for allowing tests to sign and validate access tokens.

Types

type AccessControl 

type AccessControl[T Claims[T]] struct {
	// contains filtered or unexported fields
}

AccessControl implements a simple access control scheme.

func New 

func New[T Claims[T]](back AuthBackend, signing jwk.Set) *AccessControl[T]

New inits the access control.

func (*AccessControl[T]) Close 

func (ac *AccessControl[T]) Close(context.Context) error

Close cancels the lifecycle context.

func (*AccessControl[T]) Sign added in v0.0.100 

func (ac *AccessControl[T]) Sign(
	ctx context.Context,
	claims T,
	signingKeyID string,
) ([]byte, error)

Sign turns auth information T into an access token that is accepted by auth checks.

func (*AccessControl[T]) Wrap 

func (ac *AccessControl[T]) Wrap(next http.Handler) http.Handler

type AuthBackend 

type AuthBackend interface {
	JWKSEndpoint() string
}

AuthBackend represents and OIDC service that we don't control the signing process of.

type Claims added in v0.0.94 

type Claims[T any] interface {
	// ProcedurePermissions is implemented to turn the claims into permissions for connect RPC procedure annotation.
	ProcedurePermissions() []string
	// ReadAccessToken allows the implementation to take information from the access token. This is called
	// AFTER custom claims have been read from the access token.
	ReadAccessToken(ctx context.Context, tok jwt.Token) (T, error)
	// ToAccessToken describes how an access token is created from the auth information. This is used for the signing
	// procedure.
	ToAccessToken(ctx context.Context) (jwt.Token, error)
	// DecorateContext implements how auth information is stored in the context for the rest of the application to use.
	DecorateContext(ctx context.Context) context.Context
	// AsAnonymous returns a copy of the info that is usuable to the application for anonymous access. If false is
	// returned anonymous access is not allowed.
	AsAnonymous(ctx context.Context, req *http.Request) (T, bool)
}

Claims constrains the type that will hold authentication claims.

type RealAuthBackend 

type RealAuthBackend string

RealAuthBackend is used when actually deploying.

func (RealAuthBackend) JWKSEndpoint 

func (ap RealAuthBackend) JWKSEndpoint() string

type TestAuthBackend added in v0.0.100 

type TestAuthBackend struct {
	// contains filtered or unexported fields
}

TestAuthBackend is an auth backend that is run locally and we control the signing process for.

func NewTestAuthBackend added in v0.0.100 

func NewTestAuthBackend() *TestAuthBackend

NewTestAuthBackend starts a server for testing that serves the key set.

func (TestAuthBackend) JWKSEndpoint added in v0.0.100 

func (ap TestAuthBackend) JWKSEndpoint() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.