Documentation ¶
Index ¶
- Variables
- func AssetOverrideMiddleware(root string, strip int, next fasthttp.RequestHandler) fasthttp.RequestHandler
- func LogRequestMiddleware(next fasthttp.RequestHandler) fasthttp.RequestHandler
- func NewRequestLogger(ctx *AutheliaCtx) *logrus.Entry
- func StripPathMiddleware(path string, next fasthttp.RequestHandler) fasthttp.RequestHandler
- type AutheliaCtx
- func (ctx AutheliaCtx) AcceptsMIME(mime string) (acceptsMime bool)
- func (ctx *AutheliaCtx) AvailableSecondFactorMethods() (methods []string)
- func (ctx *AutheliaCtx) BasePath() (base string)
- func (ctx *AutheliaCtx) Error(err error, message string)
- func (ctx *AutheliaCtx) ExternalRootURL() (string, error)
- func (ctx *AutheliaCtx) GetOriginalURL() (*url.URL, error)
- func (ctx *AutheliaCtx) GetSession() session.UserSession
- func (ctx AutheliaCtx) IsXHR() (xhr bool)
- func (ctx *AutheliaCtx) ParseBody(value interface{}) error
- func (ctx *AutheliaCtx) RemoteIP() net.IP
- func (ctx *AutheliaCtx) ReplyBadRequest()
- func (ctx *AutheliaCtx) ReplyError(err error, message string)
- func (ctx *AutheliaCtx) ReplyForbidden()
- func (ctx *AutheliaCtx) ReplyOK()
- func (ctx *AutheliaCtx) ReplyUnauthorized()
- func (ctx *AutheliaCtx) SaveSession(userSession session.UserSession) error
- func (ctx *AutheliaCtx) SetJSONBody(value interface{}) error
- func (ctx *AutheliaCtx) SetJSONError(message string)
- func (ctx *AutheliaCtx) SpecialRedirect(uri string, statusCode int)
- func (ctx *AutheliaCtx) XForwardedHost() (host []byte)
- func (ctx *AutheliaCtx) XForwardedMethod() (method []byte)
- func (ctx *AutheliaCtx) XForwardedProto() (proto []byte)
- func (ctx *AutheliaCtx) XForwardedURI() (uri []byte)
- func (ctx *AutheliaCtx) XOriginalURL() []byte
- type AutheliaHandlerFunc
- type CORSPolicy
- type CORSPolicyBuilder
- func (b *CORSPolicyBuilder) Build() (policy *CORSPolicy)
- func (b *CORSPolicyBuilder) WithAllowCredentials(allow bool) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithAllowedHeaders(headers ...string) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithAllowedMethods(methods ...string) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithAllowedOrigins(origins ...string) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithEnabled(enabled bool) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithMaxAge(age int) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithVary(headers ...string) (policy *CORSPolicyBuilder)
- func (b *CORSPolicyBuilder) WithVaryOnly(varyOnly bool) (policy *CORSPolicyBuilder)
- type ErrorResponse
- type IdentityVerificationFinishArgs
- type IdentityVerificationFinishBody
- type IdentityVerificationStartArgs
- type Middleware
- type OKResponse
- type PasswordPolicyProvider
- type Providers
- type RequestHandler
- func IdentityVerificationFinish(args IdentityVerificationFinishArgs, ...) RequestHandler
- func IdentityVerificationStart(args IdentityVerificationStartArgs, delayFunc TimingAttackDelayFunc) RequestHandler
- func NewHTTPToAutheliaHandlerAdaptor(h AutheliaHandlerFunc) RequestHandler
- func Require1FA(next RequestHandler) RequestHandler
- type RequestHandlerBridge
- type StandardPasswordPolicyProvider
- type TimingAttackDelayFunc
- type ZXCVBNPasswordPolicyProvider
Constants ¶
This section is empty.
Variables ¶
var ( // UserValueKeyBaseURL is the User Value key where we store the Base URL. UserValueKeyBaseURL = []byte("base_url") )
Functions ¶
func AssetOverrideMiddleware ¶ added in v4.33.0
func AssetOverrideMiddleware(root string, strip int, next fasthttp.RequestHandler) fasthttp.RequestHandler
AssetOverrideMiddleware allows overriding and serving of specific embedded assets from disk.
func LogRequestMiddleware ¶
func LogRequestMiddleware(next fasthttp.RequestHandler) fasthttp.RequestHandler
LogRequestMiddleware logs the query that is being treated.
func NewRequestLogger ¶
func NewRequestLogger(ctx *AutheliaCtx) *logrus.Entry
NewRequestLogger create a new request logger for the given request.
func StripPathMiddleware ¶
func StripPathMiddleware(path string, next fasthttp.RequestHandler) fasthttp.RequestHandler
StripPathMiddleware strips the first level of a path.
Types ¶
type AutheliaCtx ¶
type AutheliaCtx struct { *fasthttp.RequestCtx Logger *logrus.Entry Providers Providers Configuration schema.Configuration Clock utils.Clock }
AutheliaCtx contains all server variables related to Authelia.
func NewAutheliaCtx ¶
func NewAutheliaCtx(ctx *fasthttp.RequestCtx, configuration schema.Configuration, providers Providers) (*AutheliaCtx, error)
NewAutheliaCtx instantiate an AutheliaCtx out of a RequestCtx.
func (AutheliaCtx) AcceptsMIME ¶
func (ctx AutheliaCtx) AcceptsMIME(mime string) (acceptsMime bool)
AcceptsMIME takes a mime type and returns true if the request accepts that type or the wildcard type.
func (*AutheliaCtx) AvailableSecondFactorMethods ¶ added in v4.34.6
func (ctx *AutheliaCtx) AvailableSecondFactorMethods() (methods []string)
AvailableSecondFactorMethods returns the available 2FA methods.
func (*AutheliaCtx) BasePath ¶
func (ctx *AutheliaCtx) BasePath() (base string)
BasePath returns the base_url as per the path visited by the client.
func (*AutheliaCtx) Error ¶
func (ctx *AutheliaCtx) Error(err error, message string)
Error reply with an error and display the stack trace in the logs.
func (*AutheliaCtx) ExternalRootURL ¶
func (ctx *AutheliaCtx) ExternalRootURL() (string, error)
ExternalRootURL gets the X-Forwarded-Proto, X-Forwarded-Host headers and the BasePath and forms them into a URL.
func (*AutheliaCtx) GetOriginalURL ¶
func (ctx *AutheliaCtx) GetOriginalURL() (*url.URL, error)
GetOriginalURL extract the URL from the request headers (X-Original-URL or X-Forwarded-* headers).
func (*AutheliaCtx) GetSession ¶
func (ctx *AutheliaCtx) GetSession() session.UserSession
GetSession return the user session. Any update will be saved in cache.
func (AutheliaCtx) IsXHR ¶
func (ctx AutheliaCtx) IsXHR() (xhr bool)
IsXHR returns true if the request is a XMLHttpRequest.
func (*AutheliaCtx) ParseBody ¶
func (ctx *AutheliaCtx) ParseBody(value interface{}) error
ParseBody parse the request body into the type of value.
func (*AutheliaCtx) RemoteIP ¶
func (ctx *AutheliaCtx) RemoteIP() net.IP
RemoteIP return the remote IP taking X-Forwarded-For header into account if provided.
func (*AutheliaCtx) ReplyBadRequest ¶
func (ctx *AutheliaCtx) ReplyBadRequest()
ReplyBadRequest response sent when bad request has been sent.
func (*AutheliaCtx) ReplyError ¶
func (ctx *AutheliaCtx) ReplyError(err error, message string)
ReplyError reply with an error but does not display any stack trace in the logs.
func (*AutheliaCtx) ReplyForbidden ¶
func (ctx *AutheliaCtx) ReplyForbidden()
ReplyForbidden response sent when access is forbidden to user.
func (*AutheliaCtx) ReplyOK ¶
func (ctx *AutheliaCtx) ReplyOK()
ReplyOK is a helper method to reply ok.
func (*AutheliaCtx) ReplyUnauthorized ¶
func (ctx *AutheliaCtx) ReplyUnauthorized()
ReplyUnauthorized response sent when user is unauthorized.
func (*AutheliaCtx) SaveSession ¶
func (ctx *AutheliaCtx) SaveSession(userSession session.UserSession) error
SaveSession save the content of the session.
func (*AutheliaCtx) SetJSONBody ¶
func (ctx *AutheliaCtx) SetJSONBody(value interface{}) error
SetJSONBody Set json body.
func (*AutheliaCtx) SetJSONError ¶ added in v4.33.0
func (ctx *AutheliaCtx) SetJSONError(message string)
SetJSONError sets the body of the response to an JSON error KO message.
func (*AutheliaCtx) SpecialRedirect ¶
func (ctx *AutheliaCtx) SpecialRedirect(uri string, statusCode int)
SpecialRedirect performs a redirect similar to fasthttp.RequestCtx except it allows statusCode 401 and includes body content in the form of a link to the location.
func (*AutheliaCtx) XForwardedHost ¶
func (ctx *AutheliaCtx) XForwardedHost() (host []byte)
XForwardedHost return the content of the X-Forwarded-Host header.
func (*AutheliaCtx) XForwardedMethod ¶
func (ctx *AutheliaCtx) XForwardedMethod() (method []byte)
XForwardedMethod return the content of the X-Forwarded-Method header.
func (*AutheliaCtx) XForwardedProto ¶
func (ctx *AutheliaCtx) XForwardedProto() (proto []byte)
XForwardedProto return the content of the X-Forwarded-Proto header.
func (*AutheliaCtx) XForwardedURI ¶
func (ctx *AutheliaCtx) XForwardedURI() (uri []byte)
XForwardedURI return the content of the X-Forwarded-URI header.
func (*AutheliaCtx) XOriginalURL ¶
func (ctx *AutheliaCtx) XOriginalURL() []byte
XOriginalURL return the content of the X-Original-URL header.
type AutheliaHandlerFunc ¶
type AutheliaHandlerFunc func(ctx *AutheliaCtx, rw http.ResponseWriter, r *http.Request)
AutheliaHandlerFunc is used with the NewHTTPToAutheliaHandlerAdaptor to encapsulate a func.
type CORSPolicy ¶ added in v4.35.0
type CORSPolicy struct {
// contains filtered or unexported fields
}
CORSPolicy is a middleware that handles adding CORS headers.
func (CORSPolicy) HandleOPTIONS ¶ added in v4.35.0
func (p CORSPolicy) HandleOPTIONS(ctx *fasthttp.RequestCtx)
HandleOPTIONS is an OPTIONS handler that just adds CORS headers, the Allow header, and sets the status code to 204 without a body. This handler should generally not be used without using WithAllowedMethods.
func (CORSPolicy) HandleOnlyOPTIONS ¶ added in v4.35.0
func (p CORSPolicy) HandleOnlyOPTIONS(ctx *fasthttp.RequestCtx)
HandleOnlyOPTIONS is an OPTIONS handler that just handles the Allow header, and sets the status code to 204 without a body. This handler should generally not be used without using WithAllowedMethods.
func (CORSPolicy) Middleware ¶ added in v4.35.0
func (p CORSPolicy) Middleware(next fasthttp.RequestHandler) (handler fasthttp.RequestHandler)
Middleware provides a middleware that adds the appropriate CORS headers for this CORSPolicyBuilder.
type CORSPolicyBuilder ¶ added in v4.35.0
type CORSPolicyBuilder struct {
// contains filtered or unexported fields
}
CORSPolicyBuilder is a special middleware which provides CORS headers via handlers and middleware methods which can be configured. It aims to simplify CORS configurations.
func NewCORSPolicyBuilder ¶ added in v4.35.0
func NewCORSPolicyBuilder() (policy *CORSPolicyBuilder)
NewCORSPolicyBuilder returns a new CORSPolicyBuilder which is used to build a CORSPolicy which adds the Vary header with a value reflecting that the Origin header will Vary this response, then if the Origin header has a https scheme it makes the following additional adjustments: copies the Origin header to the Access-Control-Allow-Origin header effectively allowing all origins, sets the Access-Control-Allow-Credentials header to false which disallows CORS requests from sending cookies etc, sets the Access-Control-Allow-Headers header to the value specified by Access-Control-Request-Headers in the request excluding the Cookie/Authorization/Proxy-Authorization and special * values, sets Access-Control-Allow-Methods to the value specified by the Access-Control-Request-Method header, sets the Access-Control-Max-Age header to 100.
These behaviours can be overridden by the With methods on the returned policy.
func (*CORSPolicyBuilder) Build ¶ added in v4.35.0
func (b *CORSPolicyBuilder) Build() (policy *CORSPolicy)
Build reads the CORSPolicyBuilder configuration and generates a CORSPolicy.
func (*CORSPolicyBuilder) WithAllowCredentials ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithAllowCredentials(allow bool) (policy *CORSPolicyBuilder)
WithAllowCredentials takes bool and alters the default Access-Control-Allow-Credentials header.
func (*CORSPolicyBuilder) WithAllowedHeaders ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithAllowedHeaders(headers ...string) (policy *CORSPolicyBuilder)
WithAllowedHeaders takes a list of header strings and alters the default Access-Control-Allow-Headers header.
func (*CORSPolicyBuilder) WithAllowedMethods ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithAllowedMethods(methods ...string) (policy *CORSPolicyBuilder)
WithAllowedMethods takes a list or HTTP methods and adjusts the Access-Control-Allow-Methods header to respond with that value.
func (*CORSPolicyBuilder) WithAllowedOrigins ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithAllowedOrigins(origins ...string) (policy *CORSPolicyBuilder)
WithAllowedOrigins takes a list of origin strings and only applies the CORS policy if the origin matches one of these.
func (*CORSPolicyBuilder) WithEnabled ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithEnabled(enabled bool) (policy *CORSPolicyBuilder)
WithEnabled changes the enabled state of the middleware. If the middleware is initialized with NewCORSPolicyBuilder this value will be true but this function can override the value. Setting it to false prevents the middleware from adding any CORS headers. The only effect this middleware has after disabling this is the HandleOPTIONS and HandleOnlyOPTIONS handlers still function to return a HTTP 204 No Content, with the Allow header communicating the available HTTP method verbs. The main benefit of this option is that you don't have to implement complex logic to add/remove the middleware, you can just add it with the Middleware method, and adjust it using the WithEnabled method.
func (*CORSPolicyBuilder) WithMaxAge ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithMaxAge(age int) (policy *CORSPolicyBuilder)
WithMaxAge takes an integer and alters the default Access-Control-Max-Age header.
func (*CORSPolicyBuilder) WithVary ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithVary(headers ...string) (policy *CORSPolicyBuilder)
WithVary takes a list of header strings and alters the default Vary header.
func (*CORSPolicyBuilder) WithVaryOnly ¶ added in v4.35.0
func (b *CORSPolicyBuilder) WithVaryOnly(varyOnly bool) (policy *CORSPolicyBuilder)
WithVaryOnly just adds the Vary header.
type ErrorResponse ¶
ErrorResponse model of an error response.
type IdentityVerificationFinishArgs ¶
type IdentityVerificationFinishArgs struct { // The action claim that should be in the token to consider the action legitimate. ActionClaim string // The function for checking the user in the token is valid for the current action. IsTokenUserValidFunc func(ctx *AutheliaCtx, username string) bool }
IdentityVerificationFinishArgs represent the arguments used to customize the finishing phase of the identity verification process.
type IdentityVerificationFinishBody ¶
type IdentityVerificationFinishBody struct {
Token string `json:"token"`
}
IdentityVerificationFinishBody type of the body received by the finish endpoint.
type IdentityVerificationStartArgs ¶
type IdentityVerificationStartArgs struct { // Email template needs a subject, a title and the content of the button. MailTitle string MailButtonContent string // The target endpoint where to redirect the user when verification process // is completed successfully. TargetEndpoint string // The action claim that will be stored in the JWT token. ActionClaim string // The function retrieving the identity to who the email will be sent. IdentityRetrieverFunc func(ctx *AutheliaCtx) (*session.Identity, error) // The function for checking the user in the token is valid for the current action. IsTokenUserValidFunc func(ctx *AutheliaCtx, username string) bool }
IdentityVerificationStartArgs represent the arguments used to customize the starting phase of the identity verification process.
type Middleware ¶
type Middleware = func(RequestHandler) RequestHandler
Middleware represent an Authelia middleware.
type OKResponse ¶
type OKResponse struct { Status string `json:"status"` Data interface{} `json:"data,omitempty"` }
OKResponse model of a status OK response.
type PasswordPolicyProvider ¶ added in v4.35.0
PasswordPolicyProvider represents an implementation of a password policy provider.
func NewPasswordPolicyProvider ¶ added in v4.35.0
func NewPasswordPolicyProvider(config schema.PasswordPolicyConfiguration) (provider PasswordPolicyProvider)
NewPasswordPolicyProvider returns a new password policy provider.
type Providers ¶
type Providers struct { Authorizer *authorization.Authorizer SessionProvider *session.Provider Regulator *regulation.Regulator OpenIDConnect oidc.OpenIDConnectProvider NTP *ntp.Provider UserProvider authentication.UserProvider StorageProvider storage.Provider Notifier notification.Notifier TOTP totp.Provider PasswordPolicy PasswordPolicyProvider }
Providers contain all provider provided to Authelia.
type RequestHandler ¶
type RequestHandler = func(*AutheliaCtx)
RequestHandler represents an Authelia request handler.
func IdentityVerificationFinish ¶
func IdentityVerificationFinish(args IdentityVerificationFinishArgs, next func(ctx *AutheliaCtx, username string)) RequestHandler
IdentityVerificationFinish the middleware for finishing the identity validation process.
func IdentityVerificationStart ¶
func IdentityVerificationStart(args IdentityVerificationStartArgs, delayFunc TimingAttackDelayFunc) RequestHandler
IdentityVerificationStart the handler for initiating the identity validation process.
func NewHTTPToAutheliaHandlerAdaptor ¶
func NewHTTPToAutheliaHandlerAdaptor(h AutheliaHandlerFunc) RequestHandler
NewHTTPToAutheliaHandlerAdaptor creates a new adaptor given the AutheliaHandlerFunc.
func Require1FA ¶ added in v4.35.0
func Require1FA(next RequestHandler) RequestHandler
Require1FA check if user has enough permissions to execute the next handler.
type RequestHandlerBridge ¶
type RequestHandlerBridge = func(RequestHandler) fasthttp.RequestHandler
RequestHandlerBridge bridge a AutheliaCtx handle to a RequestHandler handler.
func AutheliaMiddleware ¶
func AutheliaMiddleware(configuration schema.Configuration, providers Providers) RequestHandlerBridge
AutheliaMiddleware is wrapping the RequestCtx into an AutheliaCtx providing Authelia related objects.
type StandardPasswordPolicyProvider ¶ added in v4.35.0
type StandardPasswordPolicyProvider struct {
// contains filtered or unexported fields
}
StandardPasswordPolicyProvider handles standard password policy checking.
func (StandardPasswordPolicyProvider) Check ¶ added in v4.35.0
func (p StandardPasswordPolicyProvider) Check(password string) (err error)
Check checks the password against the policy.
type TimingAttackDelayFunc ¶ added in v4.33.2
TimingAttackDelayFunc describes a function for preventing timing attacks via a delay.
func TimingAttackDelay ¶ added in v4.33.2
func TimingAttackDelay(history int, minDelayMs float64, maxRandomMs int64, initialDelay time.Duration) TimingAttackDelayFunc
TimingAttackDelay creates a new standard timing delay func.
type ZXCVBNPasswordPolicyProvider ¶ added in v4.35.0
type ZXCVBNPasswordPolicyProvider struct {
// contains filtered or unexported fields
}
ZXCVBNPasswordPolicyProvider handles zxcvbn password policy checking.
func (ZXCVBNPasswordPolicyProvider) Check ¶ added in v4.35.0
func (p ZXCVBNPasswordPolicyProvider) Check(password string) (err error)
Check checks the password against the policy.