Documentation
¶
Index ¶
Constants ¶
View Source
const ( // HS256 represents a public cryptography key generated by a 256 bit HMAC algorithm. HS256 = "HS256" // HS384 represents a public cryptography key generated by a 384 bit HMAC algorithm. HS384 = "HS384" // HS512 represents a public cryptography key generated by a 512 bit HMAC algorithm. HS512 = "HS512" // ES256 represents a public cryptography key generated by a 256 bit ECDSA algorithm. ES256 = "ES256" // ES384 represents a public cryptography key generated by a 384 bit ECDSA algorithm. ES384 = "ES384" // ES512 represents a public cryptography key generated by a 512 bit ECDSA algorithm. ES512 = "ES512" // P256 represents a cryptographic elliptical curve type. P256 = "P-256" // P384 represents a cryptographic elliptical curve type. P384 = "P-384" // P521 represents a cryptographic elliptical curve type. P521 = "P-521" // RS256 represents a public cryptography key generated by a 256 bit RSA algorithm. RS256 = "RS256" // RS384 represents a public cryptography key generated by a 384 bit RSA algorithm. RS384 = "RS384" // RS512 represents a public cryptography key generated by a 512 bit RSA algorithm. RS512 = "RS512" // PS256 represents a public cryptography key generated by a 256 bit RSA algorithm. PS256 = "PS256" // PS384 represents a public cryptography key generated by a 384 bit RSA algorithm. PS384 = "PS384" // PS512 represents a public cryptography key generated by a 512 bit RSA algorithm. PS512 = "PS512" )
Variables ¶
View Source
var (
JWT_SECRET_KEY = []byte(os.Getenv("KEY_JWT"))
)
helper variable
Functions ¶
Types ¶
type Config ¶
type Config struct {
// Filter defines a function to skip middleware.
// Optional. Default: nil
Filter func(*fiber.Ctx) bool
// SuccessHandler defines a function which is executed for a valid token.
// Optional. Default: nil
SuccessHandler fiber.Handler
// ErrorHandler defines a function which is executed for an invalid token.
// It may be used to define a custom JWT error.
// Optional. Default: 401 Invalid or expired JWT
ErrorHandler fiber.ErrorHandler
// Signing key to validate token. Used as fallback if SigningKeys has length 0.
// Required. This, SigningKeys or KeySetUrl.
SigningKey interface{}
// Map of signing keys to validate token with kid field usage.
// Required. This, SigningKey or KeySetUrl(deprecated) or KeySetUrls.
SigningKeys map[string]interface{}
// URL where set of private keys could be downloaded.
// Required. This, SigningKey or SigningKeys or KeySetURLs
// Deprecated, use KeySetURLs
KeySetURL string
// URLs where set of private keys could be downloaded.
// Required. This, SigningKey or SigningKeys or KeySetURL(deprecated)
// duplicate key entries are overwritten as encountered across urls
KeySetURLs []string
// KeyRefreshSuccessHandler defines a function which is executed on successful refresh of key set.
// Optional. Default: nil
KeyRefreshSuccessHandler KeyRefreshSuccessHandler
// KeyRefreshErrorHandler defines a function which is executed for refresh key set failure.
// Optional. Default: nil
KeyRefreshErrorHandler KeyRefreshErrorHandler
// KeyRefreshInterval is the duration to refresh the JWKs in the background via a new HTTP request. If this is not nil,
// then a background refresh will be requested in a separate goroutine at this interval until the JWKs method
// EndBackground is called.
// Optional. If set, the value will be used only if `KeySetUrl`(deprecated) or `KeySetUrls` is also present
KeyRefreshInterval *time.Duration
// KeyRefreshRateLimit limits the rate at which refresh requests are granted. Only one refresh request can be queued
// at a time any refresh requests received while there is already a queue are ignored. It does not make sense to
// have RefreshInterval's value shorter than this.
// Optional. If set, the value will be used only if `KeySetUrl`(deprecated) or `KeySetUrls` is also present
KeyRefreshRateLimit *time.Duration
// KeyRefreshTimeout is the duration for the context used to create the HTTP request for a refresh of the JWKs. This
// defaults to one minute. This is only effectual if RefreshInterval is not nil.
// Optional. If set, the value will be used only if `KeySetUrl`(deprecated) or `KeySetUrls` is also present
KeyRefreshTimeout *time.Duration
// KeyRefreshUnknownKID indicates that the JWKs refresh request will occur every time a kid that isn't cached is seen.
// Without specifying a RefreshInterval a malicious client could self-sign X JWTs, send them to this service,
// then cause potentially high network usage proportional to X.
// Optional. If set, the value will be used only if `KeySetUrl`(deprecated) or `KeySetUrls` is also present
KeyRefreshUnknownKID *bool
// Signing method, used to check token signing method.
// Optional. Default: "HS256".
// Possible values: "HS256", "HS384", "HS512", "ES256", "ES384", "ES512", "RS256", "RS384", "RS512"
SigningMethod string
// Context key to store user information from the token into context.
// Optional. Default: "user".
ContextKey string
// Claims are extendable claims data defining token content.
// Optional. Default value jwt.MapClaims
Claims jwt.Claims
// TokenLookup is a string in the form of "<source>:<name>" that is used
// to extract token from the request.
// Optional. Default value "header:Authorization".
// Possible values:
// - "header:<name>"
// - "query:<name>"
// - "param:<name>"
// - "cookie:<name>"
TokenLookup string
// AuthScheme to be used in the Authorization header.
// Optional. Default: "Bearer".
AuthScheme string
// KeyFunc defines a user-defined function that supplies the public key for a token validation.
// The function shall take care of verifying the signing algorithm and selecting the proper key.
// A user-defined KeyFunc can be useful if tokens are issued by an external party.
//
// When a user-defined KeyFunc is provided, SigningKey, SigningKeys, and SigningMethod are ignored.
// This is one of the three options to provide a token validation key.
// The order of precedence is a user-defined KeyFunc, SigningKeys and SigningKey.
// Required if neither SigningKeys nor SigningKey is provided.
// Default to an internal implementation verifying the signing algorithm and selecting the proper key.
KeyFunc jwt.Keyfunc
}
Config defines the config for JWT middleware
type KeyRefreshErrorHandler ¶
KeyRefreshErrorHandler is a function signature that consumes a set of signing key set and an error. Presence of original signing key set allows to update configuration or stop background refresh.
type KeyRefreshSuccessHandler ¶
type KeyRefreshSuccessHandler func(j *KeySet)
KeyRefreshSuccessHandler is a function signature that consumes a set of signing key set. Presence of original signing key set allows to update configuration or stop background refresh.
type KeySet ¶
type KeySet struct {
Keys map[string]*rawJWK
Config *Config
// contains filtered or unexported fields
}
KeySet represents a JSON Web Key Set.
func (*KeySet) StopRefreshing ¶
func (j *KeySet) StopRefreshing()
StopRefreshing ends the background goroutine to update the JWKs. It can only happen once and is only effective if the JWKs has a background goroutine refreshing the JWKs keys.
Source Files
Click to show internal directories.
Click to hide internal directories.