Documentation ¶
Index ¶
- Constants
- Variables
- func AssetOverride(root string, strip int, next fasthttp.RequestHandler) fasthttp.RequestHandler
- func LogRequest(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func MultiWrap(next fasthttp.RequestHandler, middlewares ...Basic) (handler fasthttp.RequestHandler)
- func NewRequestLogger(ctx *fasthttp.RequestCtx) (entry *logrus.Entry)
- func RecoverPanic(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func RequestCtxRemoteIP(ctx *fasthttp.RequestCtx) net.IP
- func SecurityHeaders(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func SecurityHeadersBase(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func SecurityHeadersCSPNone(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func SecurityHeadersCSPNoneOpenIDConnect(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func SecurityHeadersCSPSelf(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func SecurityHeadersNoStore(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func SecurityHeadersRelaxed(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func SetBaseSecurityHeaders(ctx *fasthttp.RequestCtx)
- func SetContentTypeApplicationJSON(ctx *fasthttp.RequestCtx)
- func SetContentTypeTextPlain(ctx *fasthttp.RequestCtx)
- func SetRelaxedSecurityHeaders(ctx *fasthttp.RequestCtx)
- func SetSecurityHeadersCSPNone(ctx *fasthttp.RequestCtx)
- func SetStandardSecurityHeaders(ctx *fasthttp.RequestCtx)
- func Wrap(middleware Basic, next fasthttp.RequestHandler) (handler fasthttp.RequestHandler)
- type AutheliaCtx
- func (ctx *AutheliaCtx) AcceptsMIME(mime string) (acceptsMime bool)
- func (ctx *AutheliaCtx) AuthzPath() (uri []byte)
- func (ctx *AutheliaCtx) AvailableSecondFactorMethods() (methods []string)
- func (ctx *AutheliaCtx) BasePath() string
- func (ctx *AutheliaCtx) BasePathSlash() string
- func (ctx *AutheliaCtx) DestroySession() error
- func (ctx *AutheliaCtx) Error(err error, message string)
- func (ctx *AutheliaCtx) GetClock() (clock clock.Provider)
- func (ctx *AutheliaCtx) GetConfiguration() (config schema.Configuration)
- func (ctx *AutheliaCtx) GetCookieDomain() (domain string, err error)
- func (ctx *AutheliaCtx) GetCookieDomainFromTargetURI(targetURI *url.URL) string
- func (ctx *AutheliaCtx) GetCookieDomainSessionProvider(domain string) (provider *session.Session, err error)
- func (ctx *AutheliaCtx) GetDefaultRedirectionURL() *url.URL
- func (ctx *AutheliaCtx) GetJWTWithTimeFuncOption() (option jwt.ParserOption)
- func (ctx *AutheliaCtx) GetOrigin() (origin *url.URL, err error)
- func (ctx *AutheliaCtx) GetRandom() (random random.Provider)
- func (ctx *AutheliaCtx) GetSession() (userSession session.UserSession, err error)
- func (ctx *AutheliaCtx) GetSessionProvider() (provider *session.Session, err error)
- func (ctx *AutheliaCtx) GetSessionProviderByTargetURI(targetURL *url.URL) (provider *session.Session, err error)
- func (ctx *AutheliaCtx) GetXForwardedHost() (host []byte)
- func (ctx *AutheliaCtx) GetXForwardedURI() (uri []byte)
- func (ctx *AutheliaCtx) GetXForwardedURL() (requestURI *url.URL, err error)
- func (ctx *AutheliaCtx) GetXOriginalURL() (requestURI *url.URL, err error)
- func (ctx *AutheliaCtx) GetXOriginalURLOrXForwardedURL() (requestURI *url.URL, err error)
- func (ctx *AutheliaCtx) IsSafeRedirectionTargetURI(targetURI *url.URL) bool
- func (ctx *AutheliaCtx) IsXHR() (xhr bool)
- func (ctx *AutheliaCtx) IssuerURL() (issuerURL *url.URL, err error)
- func (ctx *AutheliaCtx) ParseBody(value any) error
- func (ctx *AutheliaCtx) QueryArgAutheliaURL() []byte
- func (ctx *AutheliaCtx) QueryArgRedirect() []byte
- func (ctx *AutheliaCtx) RecordAuthn(success, regulated bool, method string)
- func (ctx *AutheliaCtx) RegenerateSession() error
- func (ctx *AutheliaCtx) RemoteIP() net.IP
- func (ctx *AutheliaCtx) ReplyBadRequest()
- func (ctx *AutheliaCtx) ReplyError(err error, message string)
- func (ctx *AutheliaCtx) ReplyForbidden()
- func (ctx *AutheliaCtx) ReplyJSON(data any, statusCode int) (err error)
- func (ctx *AutheliaCtx) ReplyOK()
- func (ctx *AutheliaCtx) ReplyStatusCode(statusCode int)
- func (ctx *AutheliaCtx) ReplyUnauthorized()
- func (ctx *AutheliaCtx) RootURL() (issuerURL *url.URL)
- func (ctx *AutheliaCtx) RootURLSlash() (issuerURL *url.URL)
- func (ctx *AutheliaCtx) SaveSession(userSession session.UserSession) error
- func (ctx *AutheliaCtx) SetAuthenticationErrorJSON(status int, message string, authentication, elevation bool)
- func (ctx *AutheliaCtx) SetContentSecurityPolicy(value string)
- func (ctx *AutheliaCtx) SetContentSecurityPolicyBytes(value []byte)
- func (ctx *AutheliaCtx) SetContentTypeApplicationJSON()
- func (ctx *AutheliaCtx) SetContentTypeApplicationYAML()
- func (ctx *AutheliaCtx) SetContentTypeTextHTML()
- func (ctx *AutheliaCtx) SetContentTypeTextPlain()
- func (ctx *AutheliaCtx) SetJSONBody(value any) error
- func (ctx *AutheliaCtx) SetJSONError(message string)
- func (ctx *AutheliaCtx) SpecialRedirect(uri string, statusCode int)
- func (ctx *AutheliaCtx) SpecialRedirectNoBody(uri string, statusCode int)
- func (ctx *AutheliaCtx) Value(key any) any
- func (ctx *AutheliaCtx) XAutheliaURL() []byte
- func (ctx *AutheliaCtx) XForwardedHost() (host []byte)
- func (ctx *AutheliaCtx) XForwardedMethod() (method []byte)
- func (ctx *AutheliaCtx) XForwardedProto() (proto []byte)
- func (ctx *AutheliaCtx) XForwardedURI() (host []byte)
- func (ctx *AutheliaCtx) XOriginalMethod() []byte
- func (ctx *AutheliaCtx) XOriginalURL() []byte
- type AutheliaHandlerFunc
- type AutheliaMiddleware
- type AuthenticationErrorResponse
- type Basic
- type Bridge
- type BridgeBuilder
- func (b *BridgeBuilder) Build() Bridge
- func (b *BridgeBuilder) WithConfig(config schema.Configuration) *BridgeBuilder
- func (b *BridgeBuilder) WithPostMiddlewares(middlewares ...AutheliaMiddleware) *BridgeBuilder
- func (b *BridgeBuilder) WithPreMiddlewares(middlewares ...Middleware) *BridgeBuilder
- func (b *BridgeBuilder) WithProviders(providers Providers) *BridgeBuilder
- type CORSPolicy
- type CORSPolicyBuilder
- func (b *CORSPolicyBuilder) Build() (policy *CORSPolicy)
- func (b *CORSPolicyBuilder) WithAllowCredentials(allow bool) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithAllowedHeaders(headers ...string) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithAllowedMethods(methods ...string) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithAllowedOrigins(origins ...string) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithEnabled(enabled bool) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithMaxAge(age int) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithVary(headers ...string) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithVaryOnly(varyOnly bool) (policy *CORSPolicyBuilder)
- type ElevatedForbiddenResponse
- type ErrorResponse
- type IdentityVerificationFinishArgs
- type IdentityVerificationFinishBody
- type IdentityVerificationStartArgs
- type Middleware
- type OKResponse
- type PasswordPolicyProvider
- type Providers
- type RequestHandler
- func IdentityVerificationFinish(args IdentityVerificationFinishArgs, ...) RequestHandler
- func IdentityVerificationStart(args IdentityVerificationStartArgs, delayFunc TimingAttackDelayFunc) RequestHandler
- func NewHTTPToAutheliaHandlerAdaptor(h AutheliaHandlerFunc) RequestHandler
- func Require1FA(next RequestHandler) RequestHandler
- func RequireElevated(next RequestHandler) RequestHandler
- type StandardPasswordPolicyProvider
- type TimingAttackDelayFunc
- type ZXCVBNPasswordPolicyProvider
Constants ¶
const ( UserValueKeyBaseURL int8 = iota UserValueKeyOpenIDConnectResponseModeFormPost UserValueKeyRawURI )
const (
UserValueRouterKeyExtAuthzPath = "extauthz"
)
Variables ¶
var ( // ErrMissingXForwardedProto is returned on methods which require an X-Forwarded-Proto header. ErrMissingXForwardedProto = errors.New("missing required X-Forwarded-Proto header") // ErrMissingXForwardedHost is returned on methods which require an X-Forwarded-Host header. ErrMissingXForwardedHost = errors.New("missing required X-Forwarded-Host header") // ErrMissingHeaderHost is returned on methods which require an Host header. ErrMissingHeaderHost = errors.New("missing required Host header") // ErrMissingXOriginalURL is returned on methods which require an X-Original-URL header. ErrMissingXOriginalURL = errors.New("missing required X-Original-URL header") )
Functions ¶
func AssetOverride ¶ added in v4.35.2
func AssetOverride(root string, strip int, next fasthttp.RequestHandler) fasthttp.RequestHandler
AssetOverride allows overriding and serving of specific embedded assets from disk.
func LogRequest ¶ added in v4.35.2
func LogRequest(next fasthttp.RequestHandler) fasthttp.RequestHandler
LogRequest provides trace logging for all requests.
func MultiWrap ¶ added in v4.38.0
func MultiWrap(next fasthttp.RequestHandler, middlewares ...Basic) (handler fasthttp.RequestHandler)
MultiWrap allows wrapping a handler with additional middlewares if they are not nil.
func NewRequestLogger ¶
func NewRequestLogger(ctx *fasthttp.RequestCtx) (entry *logrus.Entry)
NewRequestLogger create a new request logger for the given request.
func RecoverPanic ¶ added in v4.38.0
func RecoverPanic(next fasthttp.RequestHandler) fasthttp.RequestHandler
RecoverPanic recovers from panics and logs the error.
func RequestCtxRemoteIP ¶ added in v4.38.0
func RequestCtxRemoteIP(ctx *fasthttp.RequestCtx) net.IP
func SecurityHeaders ¶ added in v4.35.2
func SecurityHeaders(next fasthttp.RequestHandler) fasthttp.RequestHandler
The SecurityHeaders middleware adds several modern recommended security headers with safe values.
func SecurityHeadersBase ¶ added in v4.38.4
func SecurityHeadersBase(next fasthttp.RequestHandler) fasthttp.RequestHandler
The SecurityHeadersBase middleware adds several modern recommended security headers with relaxed values.
func SecurityHeadersCSPNone ¶ added in v4.35.2
func SecurityHeadersCSPNone(next fasthttp.RequestHandler) fasthttp.RequestHandler
SecurityHeadersCSPNone middleware adds the Content-Security-Policy header with the value "default-src 'none';".
func SecurityHeadersCSPNoneOpenIDConnect ¶ added in v4.38.0
func SecurityHeadersCSPNoneOpenIDConnect(next fasthttp.RequestHandler) fasthttp.RequestHandler
SecurityHeadersCSPNoneOpenIDConnect middleware adds the Content-Security-Policy header with the value "default-src 'none'" except in special circumstances.
func SecurityHeadersCSPSelf ¶ added in v4.38.16
func SecurityHeadersCSPSelf(next fasthttp.RequestHandler) fasthttp.RequestHandler
SecurityHeadersCSPSelf middleware adds the Content-Security-Policy header with the value "default-src 'self';".
func SecurityHeadersNoStore ¶ added in v4.35.2
func SecurityHeadersNoStore(next fasthttp.RequestHandler) fasthttp.RequestHandler
SecurityHeadersNoStore middleware adds the Pragma no-cache and Cache-Control no-store headers.
func SecurityHeadersRelaxed ¶ added in v4.38.0
func SecurityHeadersRelaxed(next fasthttp.RequestHandler) fasthttp.RequestHandler
The SecurityHeadersRelaxed middleware adds several modern recommended security headers with relaxed values.
func SetBaseSecurityHeaders ¶ added in v4.38.0
func SetBaseSecurityHeaders(ctx *fasthttp.RequestCtx)
func SetContentTypeApplicationJSON ¶ added in v4.36.3
func SetContentTypeApplicationJSON(ctx *fasthttp.RequestCtx)
SetContentTypeApplicationJSON sets the Content-Type header to `application/json; charset=utf-8`.
func SetContentTypeTextPlain ¶ added in v4.36.3
func SetContentTypeTextPlain(ctx *fasthttp.RequestCtx)
SetContentTypeTextPlain sets the Content-Type header to `text/plain; charset=utf-8`.
func SetRelaxedSecurityHeaders ¶ added in v4.38.0
func SetRelaxedSecurityHeaders(ctx *fasthttp.RequestCtx)
The SetRelaxedSecurityHeaders function adds several modern recommended security headers with relaxed values.
func SetSecurityHeadersCSPNone ¶ added in v4.38.16
func SetSecurityHeadersCSPNone(ctx *fasthttp.RequestCtx)
SetSecurityHeadersCSPNone function adds the Content-Security-Policy header with the value "default-src 'none';".
func SetStandardSecurityHeaders ¶ added in v4.38.0
func SetStandardSecurityHeaders(ctx *fasthttp.RequestCtx)
The SetStandardSecurityHeaders function adds several modern recommended security headers with safe values.
func Wrap ¶ added in v4.36.0
func Wrap(middleware Basic, next fasthttp.RequestHandler) (handler fasthttp.RequestHandler)
Wrap a handler with another middleware if it isn't nil.
Types ¶
type AutheliaCtx ¶
type AutheliaCtx struct { *fasthttp.RequestCtx Logger *logrus.Entry Providers Providers Configuration schema.Configuration Clock clock.Provider // contains filtered or unexported fields }
AutheliaCtx contains all server variables related to Authelia.
func NewAutheliaCtx ¶
func NewAutheliaCtx(requestCTX *fasthttp.RequestCtx, configuration schema.Configuration, providers Providers) (ctx *AutheliaCtx)
NewAutheliaCtx instantiate an AutheliaCtx out of a RequestCtx.
func (*AutheliaCtx) AcceptsMIME ¶
func (ctx *AutheliaCtx) AcceptsMIME(mime string) (acceptsMime bool)
AcceptsMIME takes a mime type and returns true if the request accepts that type or the wildcard type.
func (*AutheliaCtx) AuthzPath ¶ added in v4.38.0
func (ctx *AutheliaCtx) AuthzPath() (uri []byte)
AuthzPath returns the 'authz_path' value.
func (*AutheliaCtx) AvailableSecondFactorMethods ¶ added in v4.34.6
func (ctx *AutheliaCtx) AvailableSecondFactorMethods() (methods []string)
AvailableSecondFactorMethods returns the available 2FA methods.
func (*AutheliaCtx) BasePath ¶
func (ctx *AutheliaCtx) BasePath() string
BasePath returns the base_url as per the path visited by the client.
func (*AutheliaCtx) BasePathSlash ¶ added in v4.37.4
func (ctx *AutheliaCtx) BasePathSlash() string
BasePathSlash is the same as BasePath but returns a final slash as well.
func (*AutheliaCtx) DestroySession ¶ added in v4.38.0
func (ctx *AutheliaCtx) DestroySession() error
DestroySession destroys a user session.
func (*AutheliaCtx) Error ¶
func (ctx *AutheliaCtx) Error(err error, message string)
Error reply with an error and display the stack trace in the logs.
func (*AutheliaCtx) GetClock ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetClock() (clock clock.Provider)
GetClock returns the clock. For use with interface fulfillment.
func (*AutheliaCtx) GetConfiguration ¶ added in v4.38.3
func (ctx *AutheliaCtx) GetConfiguration() (config schema.Configuration)
GetConfiguration returns the current configuration.
func (*AutheliaCtx) GetCookieDomain ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetCookieDomain() (domain string, err error)
GetCookieDomain returns the cookie domain for the current request.
func (*AutheliaCtx) GetCookieDomainFromTargetURI ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetCookieDomainFromTargetURI(targetURI *url.URL) string
GetCookieDomainFromTargetURI returns the session provider for the targetURI domain.
func (*AutheliaCtx) GetCookieDomainSessionProvider ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetCookieDomainSessionProvider(domain string) (provider *session.Session, err error)
GetCookieDomainSessionProvider returns the session provider for the provided domain.
func (*AutheliaCtx) GetDefaultRedirectionURL ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetDefaultRedirectionURL() *url.URL
GetDefaultRedirectionURL retrieves the default redirection URL for the request.
func (*AutheliaCtx) GetJWTWithTimeFuncOption ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetJWTWithTimeFuncOption() (option jwt.ParserOption)
GetJWTWithTimeFuncOption returns the WithTimeFunc jwt.ParserOption. For use with interface fulfillment.
func (*AutheliaCtx) GetOrigin ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetOrigin() (origin *url.URL, err error)
GetOrigin returns the expected origin for requests from this endpoint.
func (*AutheliaCtx) GetRandom ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetRandom() (random random.Provider)
GetRandom returns the random provider. For use with interface fulfillment.
func (*AutheliaCtx) GetSession ¶
func (ctx *AutheliaCtx) GetSession() (userSession session.UserSession, err error)
GetSession returns the user session provided the cookie provider could be discovered. It is recommended to get the provider itself if you also need to update or destroy sessions.
func (*AutheliaCtx) GetSessionProvider ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetSessionProvider() (provider *session.Session, err error)
GetSessionProvider returns the session provider for the Request's domain.
func (*AutheliaCtx) GetSessionProviderByTargetURI ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetSessionProviderByTargetURI(targetURL *url.URL) (provider *session.Session, err error)
GetSessionProviderByTargetURI returns the session provider for the Request's domain.
func (*AutheliaCtx) GetXForwardedHost ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetXForwardedHost() (host []byte)
GetXForwardedHost returns the content of the X-Forwarded-Host header falling back to the Host header.
func (*AutheliaCtx) GetXForwardedURI ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetXForwardedURI() (uri []byte)
GetXForwardedURI returns the content of the X-Forwarded-URI header, falling back to the start-line request path.
func (*AutheliaCtx) GetXForwardedURL ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetXForwardedURL() (requestURI *url.URL, err error)
GetXForwardedURL returns the parsed X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-URI request header as a *url.URL.
func (*AutheliaCtx) GetXOriginalURL ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetXOriginalURL() (requestURI *url.URL, err error)
GetXOriginalURL returns the parsed X-OriginalURL request header as a *url.URL.
func (*AutheliaCtx) GetXOriginalURLOrXForwardedURL ¶ added in v4.38.0
func (ctx *AutheliaCtx) GetXOriginalURLOrXForwardedURL() (requestURI *url.URL, err error)
GetXOriginalURLOrXForwardedURL returns the parsed X-Original-URL request header if it's available or the parsed X-Forwarded request headers if not.
func (*AutheliaCtx) IsSafeRedirectionTargetURI ¶ added in v4.38.0
func (ctx *AutheliaCtx) IsSafeRedirectionTargetURI(targetURI *url.URL) bool
IsSafeRedirectionTargetURI returns true if the targetURI is within the scope of a cookie domain and secure.
func (*AutheliaCtx) IsXHR ¶
func (ctx *AutheliaCtx) IsXHR() (xhr bool)
IsXHR returns true if the request is a XMLHttpRequest.
func (*AutheliaCtx) IssuerURL ¶ added in v4.37.0
func (ctx *AutheliaCtx) IssuerURL() (issuerURL *url.URL, err error)
IssuerURL returns the expected Issuer.
func (*AutheliaCtx) ParseBody ¶
func (ctx *AutheliaCtx) ParseBody(value any) error
ParseBody parse the request body into the type of value.
func (*AutheliaCtx) QueryArgAutheliaURL ¶ added in v4.38.0
func (ctx *AutheliaCtx) QueryArgAutheliaURL() []byte
QueryArgAutheliaURL returns the content of the 'authelia_url' query argument.
func (*AutheliaCtx) QueryArgRedirect ¶ added in v4.37.0
func (ctx *AutheliaCtx) QueryArgRedirect() []byte
QueryArgRedirect returns the content of the 'rd' query argument.
func (*AutheliaCtx) RecordAuthn ¶ added in v4.38.0
func (ctx *AutheliaCtx) RecordAuthn(success, regulated bool, method string)
RecordAuthn records authentication metrics.
func (*AutheliaCtx) RegenerateSession ¶ added in v4.38.0
func (ctx *AutheliaCtx) RegenerateSession() error
RegenerateSession regenerates a user session.
func (*AutheliaCtx) RemoteIP ¶
func (ctx *AutheliaCtx) RemoteIP() net.IP
RemoteIP return the remote IP taking X-Forwarded-For header into account if provided.
func (*AutheliaCtx) ReplyBadRequest ¶
func (ctx *AutheliaCtx) ReplyBadRequest()
ReplyBadRequest response sent when bad request has been sent.
func (*AutheliaCtx) ReplyError ¶
func (ctx *AutheliaCtx) ReplyError(err error, message string)
ReplyError reply with an error but does not display any stack trace in the logs.
func (*AutheliaCtx) ReplyForbidden ¶
func (ctx *AutheliaCtx) ReplyForbidden()
ReplyForbidden response sent when access is forbidden to user.
func (*AutheliaCtx) ReplyJSON ¶ added in v4.36.3
func (ctx *AutheliaCtx) ReplyJSON(data any, statusCode int) (err error)
ReplyJSON writes a JSON response.
func (*AutheliaCtx) ReplyOK ¶
func (ctx *AutheliaCtx) ReplyOK()
ReplyOK is a helper method to reply ok.
func (*AutheliaCtx) ReplyStatusCode ¶ added in v4.36.3
func (ctx *AutheliaCtx) ReplyStatusCode(statusCode int)
ReplyStatusCode resets a response and replies with the given status code and relevant message.
func (*AutheliaCtx) ReplyUnauthorized ¶
func (ctx *AutheliaCtx) ReplyUnauthorized()
ReplyUnauthorized response sent when user is unauthorized.
func (*AutheliaCtx) RootURL ¶ added in v4.37.4
func (ctx *AutheliaCtx) RootURL() (issuerURL *url.URL)
RootURL returns the Root URL.
func (*AutheliaCtx) RootURLSlash ¶ added in v4.37.4
func (ctx *AutheliaCtx) RootURLSlash() (issuerURL *url.URL)
RootURLSlash is the same as RootURL but includes a final slash as well.
func (*AutheliaCtx) SaveSession ¶
func (ctx *AutheliaCtx) SaveSession(userSession session.UserSession) error
SaveSession saves the content of the session.
func (*AutheliaCtx) SetAuthenticationErrorJSON ¶ added in v4.38.0
func (ctx *AutheliaCtx) SetAuthenticationErrorJSON(status int, message string, authentication, elevation bool)
SetAuthenticationErrorJSON sets the body of the response to an JSON error KO message.
func (*AutheliaCtx) SetContentSecurityPolicy ¶ added in v4.38.0
func (ctx *AutheliaCtx) SetContentSecurityPolicy(value string)
SetContentSecurityPolicy sets the Content-Security-Policy header.
func (*AutheliaCtx) SetContentSecurityPolicyBytes ¶ added in v4.38.0
func (ctx *AutheliaCtx) SetContentSecurityPolicyBytes(value []byte)
SetContentSecurityPolicyBytes sets the Content-Security-Policy header.
func (*AutheliaCtx) SetContentTypeApplicationJSON ¶ added in v4.37.4
func (ctx *AutheliaCtx) SetContentTypeApplicationJSON()
SetContentTypeApplicationJSON sets the Content-Type header to 'application/json; charset=utf-8'.
func (*AutheliaCtx) SetContentTypeApplicationYAML ¶ added in v4.38.0
func (ctx *AutheliaCtx) SetContentTypeApplicationYAML()
SetContentTypeApplicationYAML efficiently sets the Content-Type header to 'application/yaml; charset=utf-8'.
func (*AutheliaCtx) SetContentTypeTextHTML ¶ added in v4.37.4
func (ctx *AutheliaCtx) SetContentTypeTextHTML()
SetContentTypeTextHTML efficiently sets the Content-Type header to 'text/html; charset=utf-8'.
func (*AutheliaCtx) SetContentTypeTextPlain ¶ added in v4.37.4
func (ctx *AutheliaCtx) SetContentTypeTextPlain()
SetContentTypeTextPlain efficiently sets the Content-Type header to 'text/plain; charset=utf-8'.
func (*AutheliaCtx) SetJSONBody ¶
func (ctx *AutheliaCtx) SetJSONBody(value any) error
SetJSONBody Set json body.
func (*AutheliaCtx) SetJSONError ¶ added in v4.33.0
func (ctx *AutheliaCtx) SetJSONError(message string)
SetJSONError sets the body of the response to an JSON error KO message.
func (*AutheliaCtx) SpecialRedirect ¶
func (ctx *AutheliaCtx) SpecialRedirect(uri string, statusCode int)
SpecialRedirect performs a redirect similar to fasthttp.RequestCtx except it allows statusCode 401 and includes body content in the form of a link to the location if the request method was not head.
func (*AutheliaCtx) SpecialRedirectNoBody ¶ added in v4.38.0
func (ctx *AutheliaCtx) SpecialRedirectNoBody(uri string, statusCode int)
SpecialRedirectNoBody performs a redirect similar to fasthttp.RequestCtx except it allows statusCode 401 and includes no body.
func (*AutheliaCtx) Value ¶ added in v4.38.11
func (ctx *AutheliaCtx) Value(key any) any
Value is a shaded method of context.Context which returns the AutheliaCtx struct if the key is the internal key otherwise it returns the shaded value.
func (*AutheliaCtx) XAutheliaURL ¶ added in v4.37.0
func (ctx *AutheliaCtx) XAutheliaURL() []byte
XAutheliaURL returns the content of the X-Authelia-URL header which is used to communicate the location of the portal when using proxies like Envoy.
func (*AutheliaCtx) XForwardedHost ¶
func (ctx *AutheliaCtx) XForwardedHost() (host []byte)
XForwardedHost returns the content of the X-Forwarded-Host header.
func (*AutheliaCtx) XForwardedMethod ¶
func (ctx *AutheliaCtx) XForwardedMethod() (method []byte)
XForwardedMethod returns the content of the X-Forwarded-Method header.
func (*AutheliaCtx) XForwardedProto ¶
func (ctx *AutheliaCtx) XForwardedProto() (proto []byte)
XForwardedProto returns the content of the X-Forwarded-Proto header.
func (*AutheliaCtx) XForwardedURI ¶
func (ctx *AutheliaCtx) XForwardedURI() (host []byte)
XForwardedURI returns the content of the X-Forwarded-URI header.
func (*AutheliaCtx) XOriginalMethod ¶ added in v4.37.4
func (ctx *AutheliaCtx) XOriginalMethod() []byte
XOriginalMethod returns the content of the X-Original-Method header.
func (*AutheliaCtx) XOriginalURL ¶
func (ctx *AutheliaCtx) XOriginalURL() []byte
XOriginalURL returns the content of the X-Original-URL header.
type AutheliaHandlerFunc ¶
type AutheliaHandlerFunc func(ctx *AutheliaCtx, rw http.ResponseWriter, r *http.Request)
AutheliaHandlerFunc is used with the NewHTTPToAutheliaHandlerAdaptor to encapsulate a func.
type AutheliaMiddleware ¶
type AutheliaMiddleware = func(next RequestHandler) RequestHandler
AutheliaMiddleware represent an Authelia middleware.
type AuthenticationErrorResponse ¶ added in v4.38.0
type AuthenticationErrorResponse struct { Status string `json:"status"` Message string `json:"message"` Authentication bool `json:"authentication"` Elevation bool `json:"elevation"` }
AuthenticationErrorResponse model of an error response.
type Basic ¶ added in v4.36.0
type Basic func(next fasthttp.RequestHandler) (handler fasthttp.RequestHandler)
Basic represents a middleware applied to a fasthttp.RequestHandler.
func ArbitraryDelay ¶ added in v4.38.0
func NewMetricsAuthzRequest ¶ added in v4.38.0
NewMetricsAuthzRequest returns a middleware if provided with a metrics.Recorder, otherwise it returns nil.
func NewMetricsRequest ¶ added in v4.36.0
NewMetricsRequest returns a middleware if provided with a metrics.Recorder, otherwise it returns nil.
type Bridge ¶ added in v4.36.0
type Bridge = func(RequestHandler) fasthttp.RequestHandler
Bridge represents the func signature that returns a fasthttp.RequestHandler given a RequestHandler allowing it to bridge between the two handlers.
type BridgeBuilder ¶ added in v4.36.0
type BridgeBuilder struct {
// contains filtered or unexported fields
}
BridgeBuilder is used to build a Bridge.
func NewBridgeBuilder ¶ added in v4.36.0
func NewBridgeBuilder(config schema.Configuration, providers Providers) *BridgeBuilder
NewBridgeBuilder creates a new BridgeBuilder.
func (*BridgeBuilder) Build ¶ added in v4.36.0
func (b *BridgeBuilder) Build() Bridge
Build and return the Bridge configured by this BridgeBuilder.
func (*BridgeBuilder) WithConfig ¶ added in v4.36.0
func (b *BridgeBuilder) WithConfig(config schema.Configuration) *BridgeBuilder
WithConfig sets the schema.Configuration used with this BridgeBuilder.
func (*BridgeBuilder) WithPostMiddlewares ¶ added in v4.36.0
func (b *BridgeBuilder) WithPostMiddlewares(middlewares ...AutheliaMiddleware) *BridgeBuilder
WithPostMiddlewares sets the AutheliaMiddleware's used with this BridgeBuilder which are applied after the actual Bridge.
func (*BridgeBuilder) WithPreMiddlewares ¶ added in v4.36.0
func (b *BridgeBuilder) WithPreMiddlewares(middlewares ...Middleware) *BridgeBuilder
WithPreMiddlewares sets the Middleware's used with this BridgeBuilder which are applied before the actual Bridge.
func (*BridgeBuilder) WithProviders ¶ added in v4.36.0
func (b *BridgeBuilder) WithProviders(providers Providers) *BridgeBuilder
WithProviders sets the Providers used with this BridgeBuilder.
type CORSPolicy ¶ added in v4.35.0
type CORSPolicy struct {
// contains filtered or unexported fields
}
CORSPolicy is a middleware that handles adding CORS headers.
func (*CORSPolicy) HandleOPTIONS ¶ added in v4.35.0
func (p *CORSPolicy) HandleOPTIONS(ctx *fasthttp.RequestCtx)
HandleOPTIONS is an OPTIONS handler that just adds CORS headers, the Allow header, and sets the status code to 200 without a body. This handler should generally not be used without using WithAllowedMethods.
func (*CORSPolicy) HandleOnlyOPTIONS ¶ added in v4.35.0
func (p *CORSPolicy) HandleOnlyOPTIONS(ctx *fasthttp.RequestCtx)
HandleOnlyOPTIONS is an OPTIONS handler that just handles the Allow header, and sets the status code to 200 without a body. This handler should generally not be used without using WithAllowedMethods.
func (*CORSPolicy) Middleware ¶ added in v4.35.0
func (p *CORSPolicy) Middleware(next fasthttp.RequestHandler) (handler fasthttp.RequestHandler)
Middleware provides a middleware that adds the appropriate CORS headers for this CORSPolicyBuilder.
type CORSPolicyBuilder ¶ added in v4.35.0
type CORSPolicyBuilder struct {
// contains filtered or unexported fields
}
CORSPolicyBuilder is a special middleware which provides CORS headers via handlers and middleware methods which can be configured. It aims to simplify CORS configurations.
func NewCORSPolicyBuilder ¶ added in v4.35.0
func NewCORSPolicyBuilder() (policy *CORSPolicyBuilder)
NewCORSPolicyBuilder returns a new CORSPolicyBuilder which is used to build a CORSPolicy which adds the Vary header with a value reflecting that the Origin header will Vary this response, then if the Origin header has a https scheme it makes the following additional adjustments: copies the Origin header to the Access-Control-Allow-Origin header effectively allowing all origins, sets the Access-Control-Allow-Credentials header to false which disallows CORS requests from sending cookies etc, sets the Access-Control-Allow-Headers header to the value specified by Access-Control-Request-Headers in the request excluding the Cookie/Authorization/Proxy-Authorization and special * values, sets Access-Control-Allow-Methods to the value specified by the Access-Control-Request-Method header, sets the Access-Control-Max-Age header to 100.
These behaviours can be overridden by the With methods on the returned policy.
func (*CORSPolicyBuilder) Build ¶ added in v4.35.0
func (b *CORSPolicyBuilder) Build() (policy *CORSPolicy)
Build reads the CORSPolicyBuilder configuration and generates a CORSPolicy.
func (*CORSPolicyBuilder) WithAllowCredentials ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithAllowCredentials(allow bool) (policy *CORSPolicyBuilder)
WithAllowCredentials takes bool and alters the default Access-Control-Allow-Credentials header.
func (*CORSPolicyBuilder) WithAllowedHeaders ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithAllowedHeaders(headers ...string) (policy *CORSPolicyBuilder)
WithAllowedHeaders takes a list of header strings and alters the default Access-Control-Allow-Headers header.
func (*CORSPolicyBuilder) WithAllowedMethods ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithAllowedMethods(methods ...string) (policy *CORSPolicyBuilder)
WithAllowedMethods takes a list or HTTP methods and adjusts the Access-Control-Allow-Methods header to respond with that value.
func (*CORSPolicyBuilder) WithAllowedOrigins ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithAllowedOrigins(origins ...string) (policy *CORSPolicyBuilder)
WithAllowedOrigins takes a list of origin strings and only applies the CORS policy if the origin matches one of these.
func (*CORSPolicyBuilder) WithEnabled ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithEnabled(enabled bool) (policy *CORSPolicyBuilder)
WithEnabled changes the enabled state of the middleware. If the middleware is initialized with NewCORSPolicyBuilder this value will be true but this function can override the value. Setting it to false prevents the middleware from adding any CORS headers. The only effect this middleware has after disabling this is the HandleOPTIONS and HandleOnlyOPTIONS handlers still function to return a HTTP 204 No Content, with the Allow header communicating the available HTTP method verbs. The main benefit of this option is that you don't have to implement complex logic to add/remove the middleware, you can just add it with the Middleware method, and adjust it using the WithEnabled method.
func (*CORSPolicyBuilder) WithMaxAge ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithMaxAge(age int) (policy *CORSPolicyBuilder)
WithMaxAge takes an integer and alters the default Access-Control-Max-Age header.
func (*CORSPolicyBuilder) WithVary ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithVary(headers ...string) (policy *CORSPolicyBuilder)
WithVary takes a list of header strings and alters the default Vary header.
func (*CORSPolicyBuilder) WithVaryOnly ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithVaryOnly(varyOnly bool) (policy *CORSPolicyBuilder)
WithVaryOnly just adds the Vary header.
type ElevatedForbiddenResponse ¶ added in v4.38.0
type ElevatedForbiddenResponse struct { Elevation bool `json:"elevation"` FirstFactor bool `json:"first_factor"` SecondFactor bool `json:"second_factor"` }
ElevatedForbiddenResponse is a response for RequireElevated.
type ErrorResponse ¶
ErrorResponse model of an error response.
type IdentityVerificationFinishArgs ¶
type IdentityVerificationFinishArgs struct { // The action claim that should be in the token to consider the action legitimate. ActionClaim string // The function for checking the user in the token is valid for the current action. IsTokenUserValidFunc func(ctx *AutheliaCtx, username string) bool }
IdentityVerificationFinishArgs represent the arguments used to customize the finishing phase of the identity verification process.
type IdentityVerificationFinishBody ¶
type IdentityVerificationFinishBody struct {
Token string `json:"token"`
}
IdentityVerificationFinishBody type of the body received by the finish endpoint.
type IdentityVerificationStartArgs ¶
type IdentityVerificationStartArgs struct { // Email template needs a subject, a title and the content of the button. MailTitle string MailButtonContent string MailButtonRevokeContent string // The target endpoint where to redirect the user when verification process // is completed successfully. TargetEndpoint string RevokeEndpoint string // The action claim that will be stored in the JWT token. ActionClaim string // The function retrieving the identity to who the email will be sent. IdentityRetrieverFunc func(ctx *AutheliaCtx) (*session.Identity, error) // The function for checking the user in the token is valid for the current action. IsTokenUserValidFunc func(ctx *AutheliaCtx, username string) bool }
IdentityVerificationStartArgs represent the arguments used to customize the starting phase of the identity verification process.
type Middleware ¶
type Middleware = func(next fasthttp.RequestHandler) (handler fasthttp.RequestHandler)
Middleware represents a fasthttp middleware.
func StripPath ¶ added in v4.35.2
func StripPath(path string) (middleware Middleware)
StripPath strips the first level of a path.
type OKResponse ¶
OKResponse model of a status OK response.
type PasswordPolicyProvider ¶ added in v4.35.0
PasswordPolicyProvider represents an implementation of a password policy provider.
func NewPasswordPolicyProvider ¶ added in v4.35.0
func NewPasswordPolicyProvider(config schema.PasswordPolicy) (provider PasswordPolicyProvider)
NewPasswordPolicyProvider returns a new password policy provider.
type Providers ¶
type Providers struct { Authorizer *authorization.Authorizer SessionProvider *session.Provider Regulator *regulation.Regulator OpenIDConnect *oidc.OpenIDConnectProvider Metrics metrics.Provider NTP *ntp.Provider UserProvider authentication.UserProvider StorageProvider storage.Provider Notifier notification.Notifier Templates *templates.Provider TOTP totp.Provider PasswordPolicy PasswordPolicyProvider Random random.Provider }
Providers contain all provider provided to Authelia.
type RequestHandler ¶
type RequestHandler = func(*AutheliaCtx)
RequestHandler represents an Authelia request handler.
func IdentityVerificationFinish ¶
func IdentityVerificationFinish(args IdentityVerificationFinishArgs, next func(ctx *AutheliaCtx, username string)) RequestHandler
IdentityVerificationFinish the middleware for finishing the identity validation process.
func IdentityVerificationStart ¶
func IdentityVerificationStart(args IdentityVerificationStartArgs, delayFunc TimingAttackDelayFunc) RequestHandler
IdentityVerificationStart the handler for initiating the identity validation process.
func NewHTTPToAutheliaHandlerAdaptor ¶
func NewHTTPToAutheliaHandlerAdaptor(h AutheliaHandlerFunc) RequestHandler
NewHTTPToAutheliaHandlerAdaptor creates a new adaptor given the AutheliaHandlerFunc.
func Require1FA ¶ added in v4.35.0
func Require1FA(next RequestHandler) RequestHandler
Require1FA check if user has enough permissions to execute the next handler.
func RequireElevated ¶ added in v4.38.0
func RequireElevated(next RequestHandler) RequestHandler
RequireElevated requires various elevation criteria.
type StandardPasswordPolicyProvider ¶ added in v4.35.0
type StandardPasswordPolicyProvider struct {
// contains filtered or unexported fields
}
StandardPasswordPolicyProvider handles standard password policy checking.
func (StandardPasswordPolicyProvider) Check ¶ added in v4.35.0
func (p StandardPasswordPolicyProvider) Check(password string) (err error)
Check checks the password against the policy.
type TimingAttackDelayFunc ¶ added in v4.33.2
type TimingAttackDelayFunc func(ctx *AutheliaCtx, requestTime time.Time, successful *bool)
TimingAttackDelayFunc describes a function for preventing timing attacks via a delay.
func TimingAttackDelay ¶ added in v4.33.2
func TimingAttackDelay(history int, minDelayMs float64, maxRandomMs int64, initialDelay time.Duration, record bool) TimingAttackDelayFunc
TimingAttackDelay creates a new standard timing delay func.
type ZXCVBNPasswordPolicyProvider ¶ added in v4.35.0
type ZXCVBNPasswordPolicyProvider struct {
// contains filtered or unexported fields
}
ZXCVBNPasswordPolicyProvider handles zxcvbn password policy checking.
func (ZXCVBNPasswordPolicyProvider) Check ¶ added in v4.35.0
func (p ZXCVBNPasswordPolicyProvider) Check(password string) (err error)
Check checks the password against the policy.