api

package
v0.0.0-...-1c52440 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2024 License: MIT Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const ContentTypeJrdJSON = "application/jrd+json"
View Source 
const OIDC_CALLBACK_ENDPOINT = "callback"
View Source 
const OIDC_START_ENDPOINT = "start"

Variables

This section is empty.

Functions

func AuthenticatedUI 

func AuthenticatedUI(c *gin.Context)

func ChangePassword 

func ChangePassword(c *gin.Context)

func ChangePasswordUI 

func ChangePasswordUI(c *gin.Context)

func Confirm 

func Confirm(c *gin.Context)

func ConfirmResetPassword 

func ConfirmResetPassword(c *gin.Context)

func CreateClient 

func CreateClient(c *gin.Context)

CreateClient adds a client 

@Summary		Adds a client
@Description	Adds a OAuth client
@Tags			clients
@Accept			json
@Produce		json
@Param			body	body	api.ClientCreateRequest	true	"Client details"
@Router			/clients/ [post]

func CreateClientScope 

func CreateClientScope(c *gin.Context)

func CreateOIDCClient 

func CreateOIDCClient(c *gin.Context)

func CreateScope 

func CreateScope(c *gin.Context)

func DeleteClientScope 

func DeleteClientScope(c *gin.Context)

func DeleteOIDCClient 

func DeleteOIDCClient(c *gin.Context)

func DeleteScope 

func DeleteScope(c *gin.Context)

func GetAuthorizationRequestHandler 

func GetAuthorizationRequestHandler(srv *server.Server) func(w http.ResponseWriter, r *http.Request)

GetAuthorizationRequestHandler Authorizes and redirects to the redirect_uri 

@summary	Authorize and redirect to the redirect_uri
@Tags		OAuth
@Accept		x-www-form-urlencoded
@Produce	json
@Param		response_type	query	string	true	"Response type (e.g. code)"
@Param		client_id		query	string	true	"Client ID"
@Param		redirect_uri	query	string	true	"Redirect URI"
@Router		/authorize [get]

func GetJSONWebKeySetHandler 

func GetJSONWebKeySetHandler(privateKey *ecdsa.PrivateKey) func(c *gin.Context)

GetJSONWebKeySetHandler JSON web key set endpoint 

@summary	JSON web key set endpoint
@Tags		OpenID
@Produce	application/json
@Router		/.well-known/openid-configuration/jwks [get]

func GetOpenIDConfiguration 

func GetOpenIDConfiguration(c *gin.Context)

GetOpenIDConfiguration OpenID configuration endpoint 

@summary	OpenID configuration endpoint
@Tags		OpenID
@Produce	application/json
@Router		/.well-known/openid-configuration [get]

func GetSeedUsers 

func GetSeedUsers(pathToImportFile string) ([]db.User, []db.Role, error)

func GetTokenRequestHandler 

func GetTokenRequestHandler(srv *server.Server) func(w http.ResponseWriter, r *http.Request)

GetTokenRequestHandler Issues a token 

@summary	Issues a token
@Tags		OAuth
@Accept		x-www-form-urlencoded
@Produce	json
@Param		body	formData	TokenRequest	true	"Token request"
@Router		/token [post]

func GetUserIdInAuthorizationRequest 

func GetUserIdInAuthorizationRequest(w http.ResponseWriter, r *http.Request) (userID string, err error)

func GetWebFingerConfiguration 

func GetWebFingerConfiguration(c *gin.Context)

GetWebFingerConfiguration WebFinger endpoint 

@summary	WebFinger endpoint
@Tags		OpenID
@Produce	application/jrd+json
@Router		/.well-known/webfinger [get]

func HandleClientInfoInTokenRequest 

func HandleClientInfoInTokenRequest(r *http.Request) (string, string, error)

func HandleErrorResponse 

func HandleErrorResponse(re *errors.Response)

func HandleInternalError 

func HandleInternalError(err error) (re *errors.Response)

func HasEmailInSession 

func HasEmailInSession(c *gin.Context)

func ListClientScopes 

func ListClientScopes(c *gin.Context)

func ListClients 

func ListClients(c *gin.Context)

ListClients lists clients 

@Summary	Lists clients
@Tags		clients
@Produce	json
@Router		/clients/ [get]

func ListOIDCCLients 

func ListOIDCCLients(c *gin.Context)

func ListUsers 

func ListUsers(c *gin.Context)

func NewPassword 

func NewPassword(c *gin.Context)

func OIDCCallback 

func OIDCCallback(c *gin.Context)

func RedirectToChangePasswordUI 

func RedirectToChangePasswordUI(c *gin.Context)

func RedirectToOIDCEndpoint 

func RedirectToOIDCEndpoint(c *gin.Context)

func RequiredAdminAccess 

func RequiredAdminAccess() gin.HandlerFunc

func RequiredAuthenticated 

func RequiredAuthenticated() gin.HandlerFunc

func ResetPassword 

func ResetPassword(c *gin.Context)

func SignIn 

func SignIn(c *gin.Context)

SignIn starts a sign in session with a user 

@Summary	Starts a sign in session with a user
@Tags		user
@Accept		x-www-form-urlencoded
@Produce	json
@Param		body	formData	UserSignInRequest	true	"Sign in request"
@Router		/signin [post]

func SignInChallengeUI 

func SignInChallengeUI(c *gin.Context)

func SignInPasswordChallenge 

func SignInPasswordChallenge(c *gin.Context)

SignInPasswordChallenge signs in a user with a password 

@Summary	Signs in a user with a password
@Tags		user
@Accept		x-www-form-urlencoded
@Produce	json
@Param		body	formData	UserSignInWithPasswordRequest	true	"Sign in request"
@Router		/signin/challenge [post]

func SignInUI 

func SignInUI(c *gin.Context)

func SignOut 

func SignOut(c *gin.Context)

SignOut signs out a user 

@Summary		Signs out a user
@Description	Signs out a user and deletes its email from session. Note that the session cookie would not be deleted.
@Tags			user
@Produce		json
@Router			/signout [post]

func SignUp 

func SignUp(c *gin.Context)

SignUp creates a new user 

@Summary		Creates a new user
@Description	Creates a new user but it does not verify the email address yet
@Tags			user
@Accept			json
@Produce		json
@Param			body	body	UserSignUpRequest	true	"User sign up request"
@Router			/signup [post]

func UpdateClient 

func UpdateClient(c *gin.Context)

UpdateClient patches a client 

@Summary		Patches a client
@Description	Patches a OAuth client (not implemented yet)
@Tags			clients
@Accept			json
@Produce		json
@Router			/clients/ [patch]

func UpdateOIDCClient 

func UpdateOIDCClient(c *gin.Context)

func WithDatabaseConnection 

func WithDatabaseConnection(dialector gorm.Dialector) gin.HandlerFunc

func WithDomain 

func WithDomain(domain string) gin.HandlerFunc

func WithExpirationPeriod 

func WithExpirationPeriod(expirationPeriod int64) gin.HandlerFunc

func WithMail 

func WithMail(resendAPIKey, mailFrom, mailFromName, confirmationMailSubject string, passwordChangedMailSubject string, resetPasswordMailSubject string) gin.HandlerFunc

func WithOIDC 

func WithOIDC(enable bool) gin.HandlerFunc

Types

type AttestationObject 

type AttestationObject struct {
	AuthData     AuthenticatorData
	RawAuthData  []byte                 `json:"authData"`
	Format       string                 `json:"fmt"`
	AttStatement map[string]interface{} `json:"attStmt,omitempty"`
}

type AttestedCredentialData 

type AttestedCredentialData struct {
	AAGUID              []byte `json:"aaguid"`
	CredentialID        []byte `json:"credential_id"`
	CredentialPublicKey []byte `json:"public_key"`
}

type AuthenticatorAssertionResponse 

type AuthenticatorAssertionResponse struct {
	AuthenticatorResponse
	AuthenticatorData URLEncodedBase64 `json:"authenticatorData"`
	Signature         URLEncodedBase64 `json:"signature"`
	UserHandle        URLEncodedBase64 `json:"userHandle,omitempty"`
}

type AuthenticatorAttestationResponse 

type AuthenticatorAttestationResponse struct {
	AuthenticatorResponse
	AttestationObject URLEncodedBase64 `json:"attestationObject"`
	Transports        []string         `json:"transports,omitempty"`
}

type AuthenticatorData 

type AuthenticatorData struct {
	RPIDHash []byte                 `json:"rpid"`
	Flags    AuthenticatorFlags     `json:"flags"`
	Counter  uint32                 `json:"sign_count"`
	AttData  AttestedCredentialData `json:"att_data"`
	ExtData  []byte                 `json:"ext_data"`
}

type AuthenticatorFlags 

type AuthenticatorFlags byte

type AuthenticatorResponse 

type AuthenticatorResponse struct {
	ClientDataJSON URLEncodedBase64 `json:"clientDataJSON"`
}

type AuthenticatorTransport 

type AuthenticatorTransport string

type CeremonyType 

type CeremonyType string

type ClientCreateRequest 

type ClientCreateRequest struct {
	ClientID     string `json:"client_id" binding:"required" example:"cli"`
	ClientSecret string `json:"client_secret" binding:"required" example:"P@ssw0rd"`
	RedirectUri  string `json:"redirect_uri" binding:"required" example:"http://localhost:8080/callback"`
	UserEmail    string `json:"user_email" binding:"required" example:"alex@test.com"`
}

type ClientResponse 

type ClientResponse struct {
	ClientID    string `json:"client_id"`
	RedirectUri string `json:"redirect_uri"`
	UserEmail   string `json:"user_email"`
}

func ToClientResponse 

func ToClientResponse(c db.Client) *ClientResponse

type ClientUpdateRequest 

type ClientUpdateRequest struct {
	ClientSecret *string `json:"client_secret,omitempty" example:"P@ssw0rd"`
	RedirectUri  *string `json:"redirect_uri,omitempty" example:"http://localhost:8080/callback"`
	UserEmail    *string `json:"user_email,omitempty" example:"alex@test.com"`
}

type CollectedClientData 

type CollectedClientData struct {
	Type         CeremonyType  `json:"type"`
	Challenge    string        `json:"challenge"`
	Origin       string        `json:"origin"`
	TokenBinding *TokenBinding `json:"tokenBinding,omitempty"`
	Hint         string        `json:"new_keys_may_be_added_here,omitempty"`
}

type Credential 

type Credential struct {
	ID   string `json:"id"`
	Type string `json:"type"`
}

type CredentialAssertionResponse 

type CredentialAssertionResponse struct {
	PublicKeyCredential
	AssertionResponse AuthenticatorAssertionResponse `json:"response"`
}

type CredentialCreationResponse 

type CredentialCreationResponse struct {
	PublicKeyCredential
	AttestationResponse AuthenticatorAttestationResponse `json:"response"`
	Transports          []string                         `json:"transports,omitempty"`
}

type CredentialInfo 

type CredentialInfo struct {
	ID   []byte `json:"id"`
	Name string `json:"name"`
}

type CredentialNameRequest 

type CredentialNameRequest struct {
	Name string `json:"name" binding:"required" example:"My FIDO key"`
}

type DummyAuthenticationExtensionsClientOutputs 

type DummyAuthenticationExtensionsClientOutputs map[string]interface{}

type DummyAuthenticatorAttachment 

type DummyAuthenticatorAttachment string

type DummyCredential 

type DummyCredential struct {
	ID   string `cbor:"id"`
	Type string `cbor:"type"`
}

type DummyCredentialAssertionData 

type DummyCredentialAssertionData struct {
	DummyPublicKeyCredential
	Response ParsedAssertionResponse
	Raw      CredentialAssertionResponse
}

type DummyCredentialCreationData 

type DummyCredentialCreationData struct {
	DummyPublicKeyCredential
	Response DummyParsedAttestationResponse
	Raw      CredentialCreationResponse
}

type DummyParsedAttestationResponse 

type DummyParsedAttestationResponse struct {
	CollectedClientData CollectedClientData
	AttestationObject   AttestationObject
	Transports          []AuthenticatorTransport
}

type DummyPublicKeyCredential 

type DummyPublicKeyCredential struct {
	DummyCredential
	RawID                   []byte                                     `json:"rawId"`
	ClientExtensionResults  DummyAuthenticationExtensionsClientOutputs `json:"clientExtensionResults,omitempty"`
	AuthenticatorAttachment DummyAuthenticatorAttachment               `json:"authenticatorAttachment,omitempty"`
}

type FidoService 

type FidoService struct {
	W *webauthn.WebAuthn
}

func NewFidoService 

func NewFidoService(w *webauthn.WebAuthn) *FidoService

func (*FidoService) DeleteCredential 

func (s *FidoService) DeleteCredential(c *gin.Context)

func (*FidoService) GetCredentials 

func (s *FidoService) GetCredentials(c *gin.Context)

func (*FidoService) Login 

func (s *FidoService) Login(c *gin.Context)

Login verifies user credential and sign in 

@Summary		Verifies user credential and sign in
@Description	This completes the dance for sign in
@Tags			user
@Accept			json
@Produce		json
@Param			body	body	DummyCredentialAssertionData	true	"Credential assertion request"
@Router			/fido/signin [post]

func (*FidoService) LoginChallenge 

func (s *FidoService) LoginChallenge(c *gin.Context)

LoginChallenge serves a challenge for starting a login dance 

@Summary		Serves a challenge for starting a login dance
@Description	This starts the dance for sign in
@Tags			user
@Produce		json
@Router			/fido/signin/challenge [post]

func (*FidoService) Register 

func (s *FidoService) Register(c *gin.Context)

Register verifies and creates a new credential 

@Summary		Verifies and creates a new credential
@Description	This completes the dance for registering a new credential
@Tags			user
@Accept			json
@Produce		json
@Param			body	body	DummyCredentialCreationData	true	"Credential creation request"
@Router			/fido/register [post]

func (*FidoService) RegisterChallenge 

func (s *FidoService) RegisterChallenge(c *gin.Context)

RegisterChallenge serves a challenge for registering a new credential 

@Summary		Serves a challenge for registering a new credential
@Description	This starts the dance for registering a new credential
@Tags			user
@Produce		json
@Router			/fido/register/challenge [post]

func (*FidoService) UpdateCredential 

func (s *FidoService) UpdateCredential(c *gin.Context)

type ImportUser 

type ImportUser struct {
	Email       string   `json:"email"`
	Password    string   `json:"password"`
	DisplayName string   `json:"display_name"`
	Roles       []string `json:"roles"`
}

type JSONWebKey 

type JSONWebKey struct {
	Kty     string   `json:"kty"`
	Use     string   `json:"use,omitempty"`
	KeyOps  []string `json:"key_ops,omitempty"`
	Alg     string   `json:"alg,omitempty"`
	Kid     string   `json:"kid,omitempty"`
	X5u     string   `json:"x5u,omitempty"`
	X5c     []string `json:"x5c,omitempty"`
	X5t     string   `json:"x5t,omitempty"`
	X5tS256 string   `json:"x5t#S256,omitempty"`
	N       string   `json:"n,omitempty"`
	E       string   `json:"e,omitempty"`
	Crv     string   `json:"crv,omitempty"`
	X       string   `json:"x,omitempty"`
	Y       string   `json:"y,omitempty"`
}

type JSONWebKeySet 

type JSONWebKeySet struct {
	Keys []JSONWebKey `json:"keys"`
}

type NewPasswordRequest 

type NewPasswordRequest struct {
	NewPassword string `form:"new_password" binding:"required" example:"P@ssw0rd"`
	OTP         string `form:"otp" binding:"required" example:"123456"`
}

type OIDCClientCreateRequest 

type OIDCClientCreateRequest struct {
	Name         string `json:"name" binding:"required" example:"My OIDC client"`
	ClientID     string `json:"client_id" binding:"required" example:"cli"`
	ClientSecret string `json:"client_secret" binding:"required" example:"P@ssw0rd"`
	RedirectURI  string `json:"redirect_uri" binding:"required" example:"http://localhost:8080/callback"`
	ButtonName   string `json:"button_name" binding:"required" example:"Login with My OIDC client"`
}

type OIDCClientResponse 

type OIDCClientResponse struct {
	Name        string `json:"name"`
	ClientID    string `json:"client_id"`
	RedirectURI string `json:"redirect_uri"`
	ButtonName  string `json:"button_name"`
}

type OIDCClientUpdateRequest 

type OIDCClientUpdateRequest struct {
	ClientID     string `json:"client_id" binding:"required" example:"cli"`
	ClientSecret string `json:"client_secret" binding:"required" example:"P@ssw0rd"`
	RedirectURI  string `json:"redirect_uri" binding:"required" example:"http://localhost:8080/callback"`
	ButtonName   string `json:"button_name" binding:"required" example:"Login with My OIDC client"`
}

type OIDCProvider 

type OIDCProvider string
const (
	Google    OIDCProvider = "google"
	Facebook  OIDCProvider = "facebook"
	Microsoft OIDCProvider = "microsoft"
)

type OpenIDConfiguration 

type OpenIDConfiguration struct {
	Issuer                                             string   `json:"issuer,omitempty"`
	AuthorizationEndpoint                              string   `json:"authorization_endpoint,omitempty"`
	TokenEndpoint                                      string   `json:"token_endpoint,omitempty"`
	JwksUri                                            string   `json:"jwks_uri,omitempty"`
	RegistrationEndpoint                               string   `json:"registration_endpoint,omitempty"`
	ScopesSupported                                    []string `json:"scopes_supported,omitempty"`
	ResponseTypesSupported                             []string `json:"response_types_supported,omitempty"`
	ResponseModesSupported                             []string `json:"response_modes_supported,omitempty"`
	GrantTypesSupported                                []string `json:"grant_types_supported,omitempty"`
	TokenEndpointAuthMethodsSupported                  []string `json:"token_endpoint_auth_methods_supported,omitempty"`
	TokenEndpointAuthSigningAlgValuesSupported         []string `json:"token_endpoint_auth_signing_alg_values_supported,omitempty"`
	ServiceDocumentation                               string   `json:"service_documentation,omitempty"`
	UILocalesSupported                                 []string `json:"ui_locales_supported,omitempty"`
	OpPolicyUri                                        string   `json:"op_policy_uri,omitempty"`
	OpTosUri                                           string   `json:"op_tos_uri,omitempty"`
	RevocationEndpoint                                 string   `json:"revocation_endpoint,omitempty"`
	RevocationEndpointAuthMethodsSupported             []string `json:"revocation_endpoint_auth_methods_supported,omitempty"`
	RevocationEndpointAuthSigningAlgValuesSupported    []string `json:"revocation_endpoint_auth_signing_alg_values_supported,omitempty"`
	IntrospectionEndpoint                              string   `json:"introspection_endpoint,omitempty"`
	IntrospectionEndpointAuthMethodsSupported          []string `json:"introspection_endpoint_auth_methods_supported,omitempty"`
	IntrospectionEndpointAuthSigningAlgValuesSupported []string `json:"introspection_endpoint_auth_signing_alg_values_supported,omitempty"`
	CodeChallengeMethodsSupported                      []string `json:"code_challenge_methods_supported,omitempty"`
}

type ParsedAssertionResponse 

type ParsedAssertionResponse struct {
	CollectedClientData CollectedClientData
	AuthenticatorData   AuthenticatorData
	Signature           []byte
	UserHandle          []byte
}

type PasswordChangeRequest 

type PasswordChangeRequest struct {
	OldPassword string `form:"current_password" binding:"required" example:"P@ssw0rd"`
	NewPassword string `form:"new_password" binding:"required" example:"NewP@ssw0rd"`
}

type PasswordResetRequest 

type PasswordResetRequest struct {
	Email string `form:"email" binding:"required,email" example:"alex@test.com"`
}

type PublicKeyCredential 

type PublicKeyCredential struct {
	Credential
	RawID                   URLEncodedBase64                           `json:"rawId"`
	ClientExtensionResults  DummyAuthenticationExtensionsClientOutputs `json:"clientExtensionResults,omitempty"`
	AuthenticatorAttachment string                                     `json:"authenticatorAttachment,omitempty"`
}

type ScopeCreationRequest 

type ScopeCreationRequest struct {
	Name string `json:"name" binding:"required" example:"read"`
}

type TokenBinding 

type TokenBinding struct {
	Status TokenBindingStatus `json:"status"`
	ID     string             `json:"id,omitempty"`
}

type TokenBindingStatus 

type TokenBindingStatus string

type TokenRequest 

type TokenRequest struct {
	GrantType    string `form:"grant_type" binding:"required" example:"authorization_code"`
	Code         string `form:"code" binding:"required" example:"code"`
	RedirectUri  string `form:"redirect_uri" binding:"required" example:"http://localhost:8088"`
	ClientID     string `form:"client_id" binding:"required" example:"cli"`
	ClientSecret string `form:"client_secret" binding:"required" example:"P@ssw0rd"`
}

type URLEncodedBase64 

type URLEncodedBase64 []byte

type UserResponse 

type UserResponse struct {
	Email       string           `json:"email"`
	DisplayName string           `json:"display_name"`
	Roles       []string         `json:"roles"`
	Credentials []CredentialInfo `json:"credentials"`
	IsEnabled   bool             `json:"is_enabled"`
}

type UserSignInRequest 

type UserSignInRequest struct {
	Email string `form:"email" binding:"required,email" example:"alex@test.com"`
}

type UserSignInWithPasswordRequest 

type UserSignInWithPasswordRequest struct {
	Password string `form:"password" binding:"required" example:"P@ssw0rd"`
}

type UserSignUpRequest 

type UserSignUpRequest struct {
	Email    string `form:"email" binding:"required,email" example:"alex@test.com"`
	Password string `form:"password" binding:"required" example:"P@ssw0rd"`
}

func (*UserSignUpRequest) ToUser 

func (req *UserSignUpRequest) ToUser() *db.User

type WebFingerConfiguration 

type WebFingerConfiguration struct {
	Subject string           `json:"subject"`
	Links   []WebFingerLinks `json:"links"`
}
type WebFingerLinks struct {
	Rel  string `json:"rel,omitempty"`
	Type string `json:"type,omitempty"`
	Href string `json:"href"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.