jwtauth

package
v2.4.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2019 License: MIT Imports: 23 Imported by: 6

Documentation

Index

Constants

View Source 
const StatusTokenExpired = 498

StatusTokenExpired is the HTTP status code that's returned when an expired token is used.

Variables

This section is empty.

Functions

func CloseKeyStore 

func CloseKeyStore()

CloseKeyStore stops any background download process.

func FromContext 

func FromContext(ctx context.Context) (*jwt.Token, bool)

FromContext returns the Token value stored in ctx, if any.

func GetBearerToken 

func GetBearerToken(r *http.Request, logger *logrus.Entry) string

GetBearerToken obtains the bearer token from the HTTP request, if there is any.

func GoDownloadLoop 

func GoDownloadLoop()

GoDownloadLoop starts the background download loop for new keys. Use CloseKeyStore() after calling this.

func LoadKeyStore 

func LoadKeyStore(config Config, keyDirectory string)

LoadKeyStore loads all keys from a directory and stores them in the global key store.

func NewContext 

func NewContext(ctx context.Context, token *jwt.Token) context.Context

NewContext returns a copy of the context with a JWT token included.

func ParseECPublicKeyFromPEM 

func ParseECPublicKeyFromPEM(key []byte) (pkey *ecdsa.PublicKey, rest []byte, err error)

ParseECPublicKeyFromPEM parses PEM encoded PKCS1 or PKCS8 public key This function is copied from jwt.ParseECPublicKeyFromPEM() and modified to support multiple keys in the same file. See https://github.com/dgrijalva/jwt-go/issues/317

func ReadAllPublicKeys 

func ReadAllPublicKeys(keyDirectory string, mayLoadTestKeys bool) []*ecdsa.PublicKey

ReadAllPublicKeys reads all *-public*.pem files in the root path as ECDSA public keys.

func ReadPrivateKey 

func ReadPrivateKey(filePath string) *ecdsa.PrivateKey

ReadPrivateKey reads a PEM file as ECDSA private key.

func ReadPublicKey 

func ReadPublicKey(filePath string) []*ecdsa.PublicKey

ReadPublicKey reads a PEM file as ECDSA public key.

func ReloadKeyStore 

func ReloadKeyStore()

ReloadKeyStore reloads the global keystore from disk. The keystore is locked while the reload happens.

func RequestLogFields 

func RequestLogFields(r *http.Request) logrus.Fields

RequestLogFields returns request-specific fields.

func RequestLogger 

func RequestLogger(r *http.Request) *logrus.Entry

RequestLogger returns a logger with request-specific fields.

func SubjectFromContext 

func SubjectFromContext(ctx context.Context) (string, bool)

SubjectFromContext returns the UserID stored in the token's subject field, if any.

Types

type AlwaysAllow 

type AlwaysAllow struct{}

AlwaysAllow is an always-allowing Authenticator.

func (AlwaysAllow) GenerateToken 

func (f AlwaysAllow) GenerateToken() (string, error)

GenerateToken always returns an error and never generates a token.

func (AlwaysAllow) Wrap 

func (f AlwaysAllow) Wrap(handler http.Handler) http.Handler

Wrap does nothing and allows all requests.

func (AlwaysAllow) WrapFunc 

func (f AlwaysAllow) WrapFunc(handlerFunc func(w http.ResponseWriter, r *http.Request)) http.Handler

WrapFunc does nothing and allows all requests.

type AlwaysDeny 

type AlwaysDeny struct{}

AlwaysDeny is an always-denying Authenticator.

func (AlwaysDeny) GenerateToken 

func (f AlwaysDeny) GenerateToken() (string, error)

GenerateToken always returns an error and never generates a token.

func (AlwaysDeny) Wrap 

func (f AlwaysDeny) Wrap(handler http.Handler) http.Handler

Wrap makes the wrapped handler uncallable because everything is rejected.

func (AlwaysDeny) WrapFunc 

func (f AlwaysDeny) WrapFunc(handlerFunc func(w http.ResponseWriter, r *http.Request)) http.Handler

WrapFunc makes the wrapped handlerFunc uncallable because everything is rejected.

type Authenticator 

type Authenticator interface {
	Wrap(handler http.Handler) http.Handler
	WrapFunc(handlerFunc func(w http.ResponseWriter, r *http.Request)) http.Handler
	GenerateToken() (string, error)
}

Authenticator is an interface for authenting HTTP wrappers.

func Load 

func Load(conf Config) Authenticator

Load JWT authentication keys from ./jwtkeys and create a new JWT authenticator.

type Config 

type Config struct {
	// Used only for unit tests, so that they know where the temporary
	// directory created for this test is located.
	TestTempDir string `yaml:"-"`

	DisableSecurity      bool          `yaml:"disableSecurity"`
	PublicKeysURL        string        `yaml:"-"`
	DownloadKeysInterval time.Duration `yaml:"publicKeysDownloadInterval"`
}

Config contains the package configuration.

func CreateTestConfig 

func CreateTestConfig() (conf Config, cleanup func())

CreateTestConfig creates a configuration + cleanup function.

type JWT 

type JWT struct {
	// contains filtered or unexported fields
}

JWT is a HTTP handler that authenticates JWT bearer tokens.

func NewJWT 

func NewJWT(friendly bool) *JWT

NewJWT returns an authentication wrapper for HTTP handlers.

func (*JWT) GenerateToken 

func (j *JWT) GenerateToken() (string, error)

GenerateToken generates a new JWT token.

func (*JWT) Wrap 

func (j *JWT) Wrap(handler http.Handler) http.Handler

Wrap a HTTP handler to provide Bearer token authentication.

func (*JWT) WrapFunc 

func (j *JWT) WrapFunc(handlerFunc func(w http.ResponseWriter, r *http.Request)) http.Handler

WrapFunc wraps a HTTP handler function to provide Bearer token authentication.

type KeyStore 

type KeyStore struct {

	// Private key used for generating JWTs. May be nil when no private key is loaded.
	MyPrivateKey *ecdsa.PrivateKey

	// Any key in this array is trusted as authoritative for received JWTs.
	TrustedPublicKeys []*ecdsa.PublicKey
	// contains filtered or unexported fields
}

KeyStore contains a private and public keys.

func GetKeyStore 

func GetKeyStore() *KeyStore

GetKeyStore returns a shallow copy of the global KeyStore. This allows the global keystore to be modified while it is in use. The returned KeyStore should be used immediately, no references/copies kept.

func (*KeyStore) Close 

func (ks *KeyStore) Close()

Close stops the key download loop.

func (*KeyStore) Go 

func (ks *KeyStore) Go()

Go starts the public key download loop in a background goroutine.

type Redirector 

type Redirector struct {
	// contains filtered or unexported fields
}

Redirector redirects a HTTP client to the URL on Flamenco Server to get a JWT token.

func NewRedirector 

func NewRedirector(managerID, managerSecret string, flamencoServer *url.URL) *Redirector

NewRedirector creates a new Redirector instance.

func (*Redirector) AddRoutes 

func (red *Redirector) AddRoutes(router *mux.Router)

AddRoutes adds HTTP routes to the muxer.

type RedirectorResponse 

type RedirectorResponse struct {
	// Where to get the token.
	TokenURL string `json:"tokenURL"`
	// Where to send the browser if the Token URL sends a 403 Forbidden.
	LoginURL string `json:"loginURL"`
}

RedirectorResponse is sent to the browser when it asks for a token.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.