Documentation ¶
Index ¶
- func Asset(name string) ([]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func MustAsset(name string) []byte
- func NewLdapAuth(config *LdapAuthConfig) (*ldapAuth, error)
- func NewStaticUserAuth(users map[string]*Requirements) *staticUsersAuth
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- type Authenticator
- type CodeToTokenResponse
- type GoogleAuth
- type GoogleAuthConfig
- type GoogleAuthRequest
- type GoogleTokenInfo
- type LdapAuthConfig
- type PasswordString
- type ProfileResponse
- type RefreshTokenResponse
- type Requirements
- type TokenDBValue
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/ foo.txt img/ a.png b.png
then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func NewLdapAuth ¶
func NewLdapAuth(config *LdapAuthConfig) (*ldapAuth, error)
func NewStaticUserAuth ¶
func NewStaticUserAuth(users map[string]*Requirements) *staticUsersAuth
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively
Types ¶
type Authenticator ¶
type Authenticator interface { // Given a user name and a password (plain text), responds with nil on success // or with any other error on failure. Authenticate(user string, password PasswordString) error // Finalize resources in preparation for shutdown. // When this call is made there are guaranteed to be no Authenticate requests in flight // and there will be no more calls made to this instance. Stop() }
Authentication plugin interface. Implementations must be goroutine-safe.
type CodeToTokenResponse ¶
type CodeToTokenResponse struct { IDToken string `json:"id_token,omitempty"` AccessToken string `json:"access_token,omitempty"` RefreshToken string `json:"refresh_token,omitempty"` ExpiresIn int64 `json:"expires_in,omitempty"` TokenType string `json:"token_type,omitempty"` // Returned in case of error. Error string `json:"error,omitempty"` ErrorDescription string `json:"error_description,omitempty"` }
CodeToTokenResponse is sent by Google servers in response to the grant_type=authorization_code request.
type GoogleAuth ¶
type GoogleAuth struct {
// contains filtered or unexported fields
}
func NewGoogleAuth ¶
func NewGoogleAuth(c *GoogleAuthConfig) (*GoogleAuth, error)
func (*GoogleAuth) Authenticate ¶
func (ga *GoogleAuth) Authenticate(user string, password PasswordString) error
func (*GoogleAuth) DoGoogleAuth ¶
func (ga *GoogleAuth) DoGoogleAuth(rw http.ResponseWriter, req *http.Request)
func (*GoogleAuth) Stop ¶
func (ga *GoogleAuth) Stop()
type GoogleAuthConfig ¶
type GoogleAuthConfig struct { Domain string `yaml:"domain,omitempty"` ClientId string `yaml:"client_id,omitempty"` ClientSecret string `yaml:"client_secret,omitempty"` ClientSecretFile string `yaml:"client_secret_file,omitempty"` TokenDB string `yaml:"token_db,omitempty"` HTTPTimeout int `yaml:"http_timeout,omitempty"` }
type GoogleAuthRequest ¶
type GoogleTokenInfo ¶
type GoogleTokenInfo struct { // AccessType: The access type granted with this token. It can be // offline or online. AccessType string `json:"access_type,omitempty"` // Audience: Who is the intended audience for this token. In general the // same as issued_to. Audience string `json:"audience,omitempty"` // Email: The email address of the user. Present only if the email scope // is present in the request. Email string `json:"email,omitempty"` // ExpiresIn: The expiry time of the token, as number of seconds left // until expiry. ExpiresIn int64 `json:"expires_in,omitempty"` // IssuedTo: To whom was the token issued to. In general the same as // audience. IssuedTo string `json:"issued_to,omitempty"` // Scope: The space separated list of scopes granted to this token. Scope string `json:"scope,omitempty"` // TokenHandle: The token handle associated with this token. TokenHandle string `json:"token_handle,omitempty"` // UserId: The obfuscated user id. UserId string `json:"user_id,omitempty"` // VerifiedEmail: Boolean flag which is true if the email address is // verified. Present only if the email scope is present in the request. VerifiedEmail bool `json:"verified_email,omitempty"` // Returned in case of error. Error string `json:"error,omitempty"` ErrorDescription string `json:"error_description,omitempty"` }
From github.com/google-api-go-client/oauth2/v2/oauth2-gen.go
type LdapAuthConfig ¶
type PasswordString ¶
type PasswordString string
func (PasswordString) String ¶
func (ps PasswordString) String() string
type ProfileResponse ¶
type ProfileResponse struct { Email string `json:"email,omitempty"` VerifiedEmail bool `json:"verified_email,omitempty"` }
ProfileResponse is sent by the /userinfo/v2/me endpoint. We use it to validate access token and (re)verify the email address associated with it.
type RefreshTokenResponse ¶
type RefreshTokenResponse struct { AccessToken string `json:"access_token,omitempty"` ExpiresIn int64 `json:"expires_in,omitempty"` TokenType string `json:"token_type,omitempty"` // Returned in case of error. Error string `json:"error,omitempty"` ErrorDescription string `json:"error_description,omitempty"` }
CodeToTokenResponse is sent by Google servers in response to the grant_type=refresh_token request.
type Requirements ¶
type Requirements struct {
Password *PasswordString `yaml:"password,omitempty" json:"password,omitempty"`
}
func (Requirements) String ¶
func (r Requirements) String() string
type TokenDBValue ¶
type TokenDBValue struct { TokenType string `json:"token_type,omitempty"` // Usually "Bearer" AccessToken string `json:"access_token,omitempty"` RefreshToken string `json:"refresh_token,omitempty"` ValidUntil time.Time `json:"valid_until,omitempty"` // DockerPassword is the temporary password we use to authenticate Docker users. // Gneerated at the time of token creation, stored here as a BCrypt hash. DockerPassword string `json:"docker_password,omitempty"` }
TokenDBValue is stored in the database, JSON-serialized.