stdcrpcaccess

package

v0.0.98 Latest Latest Go to latest Published: Mar 11, 2025 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/advdv/stdgo

Links

Open Source Insights

Documentation ¶

Overview ¶

Package stdcrpcaccess implements access control for our RPC.

Index ¶

func FixedKeyServer() *httptest.Server
func SignToken(tok jwt.Token) (string, error)
func WithFixedAuthBackend() fx.Option
func WithSignedToken(base connect.HTTPClient, createToken func(r *http.Request) jwt.Token) connect.HTTPClient
type AccessControl
- func New[T Claims[T]](jwkEndpoint string) *AccessControl[T]
- func (ac *AccessControl[T]) Close(context.Context) error
- func (ac *AccessControl[T]) Wrap(next http.Handler) http.Handler
type AuthBackend
type Claims
type FixedAuthBackend
- func (ap FixedAuthBackend) JWKSEndpoint() string
type RealAuthBackend
- func (ap RealAuthBackend) JWKSEndpoint() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func FixedKeyServer ¶ added in v0.0.83

func FixedKeyServer() *httptest.Server

FixedKeyServer starts a server for testing that serves the key set.

func SignToken ¶ added in v0.0.83

func SignToken(tok jwt.Token) (string, error)

SignToken signs a valid JWT against a well-known private key for testing.

func WithFixedAuthBackend ¶ added in v0.0.83

func WithFixedAuthBackend() fx.Option

WithFixedAuthBackend injects dependencies for allowing tests to sign and validate access tokens.

func WithSignedToken ¶ added in v0.0.83

func WithSignedToken(base connect.HTTPClient, createToken func(r *http.Request) jwt.Token) connect.HTTPClient

WithSignedToken is a http client middleware that always adds a valid (self signed) token for testing.

Types ¶

type AccessControl ¶

type AccessControl[T Claims[T]] struct {
	// contains filtered or unexported fields
}

AccessControl implements a simple access control scheme.

func New ¶

func New[T Claims[T]](jwkEndpoint string) *AccessControl[T]

New inits the access control.

func (*AccessControl[T]) Close ¶

func (ac *AccessControl[T]) Close(context.Context) error

Close cancels the lifecycle context.

func (*AccessControl[T]) Wrap ¶

func (ac *AccessControl[T]) Wrap(next http.Handler) http.Handler

type AuthBackend ¶

type AuthBackend interface {
	JWKSEndpoint() string
}

AuthBackend represents what is required of an auth backend.

type Claims ¶ added in v0.0.94

type Claims[T any] interface {
	// ProcedurePermissions is implemented to turn the claims into permissions for connect RPC procedure annotation.
	ProcedurePermissions() []string
	// ReadAccessToken allows the implementation to take information from the access token. This is called
	// AFTER custom claims have been read from the access token.
	ReadAccessToken(ctx context.Context, tok jwt.Token) (T, error)
	// DecorateContext implements how auth information is stored in the context for the rest of the application to use.
	DecorateContext(ctx context.Context) context.Context
	// AsAnonymous returns a copy of the info that is usuable to the application for anonymous access. If false is
	// returned anonymous access is not allowed.
	AsAnonymous(ctx context.Context, req *http.Request) (T, bool)
}

Claims constrains the type that will hold authentication claims.

type FixedAuthBackend ¶ added in v0.0.83

type FixedAuthBackend struct {
	// contains filtered or unexported fields
}

FixedAuthBackend is an auth backend that is run locally and we control the signing process for.

func (FixedAuthBackend) JWKSEndpoint ¶ added in v0.0.83

func (ap FixedAuthBackend) JWKSEndpoint() string

type RealAuthBackend ¶

type RealAuthBackend string

RealAuthBackend is used when actually deploying.

func (RealAuthBackend) JWKSEndpoint ¶

func (ap RealAuthBackend) JWKSEndpoint() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL