stdcrpcaccess

package

v0.0.94 Latest Latest Go to latest Published: Mar 9, 2025 License: MIT Imports: 15 Imported by: 0

Details

Package stdcrpcaccess implements access control for our RPC.

This section is empty.

This section is empty.

func FixedKeyServer() *httptest.Server

FixedKeyServer starts a server for testing that serves the key set.

func SignToken(tok openid.Token) (string, error)

SignToken signs a valid JWT against a well-known private key for testing.

func WithFixedAuthBackend() fx.Option

WithFixedAuthBackend injects dependencies for allowing tests to sign and validate access tokens.

func WithSignedToken(base connect.HTTPClient, createToken func(r *http.Request) openid.Token) connect.HTTPClient

WithSignedToken is a http client middleware that always adds a valid (self signed) token for testing.

type AccessControl[T Claims] struct {
	// contains filtered or unexported fields
}

AccessControl implements a simple access control scheme.

func New[T Claims](jwkEndpoint string) *AccessControl[T]

New inits the access control.

func (ac *AccessControl[T]) Close(context.Context) error

Close cancels the lifecycle context.

func (ac *AccessControl[T]) Wrap(next http.Handler) http.Handler

type AuthBackend interface {
	JWKSEndpoint() string
}

AuthBackend represents what is required of an auth backend.

type Claims interface {
	ProcedurePermissions() []string
	DecorateContext(ctx context.Context) context.Context
}

Claims constrains the type that will hold authentication claims.

type FixedAuthBackend struct {
	// contains filtered or unexported fields
}

FixedAuthBackend is an auth backend that is run locally and we control the signing process for.

func (ap FixedAuthBackend) JWKSEndpoint() string

type RealAuthBackend string

RealAuthBackend is used when actually deploying.

func (ap RealAuthBackend) JWKSEndpoint() string