Documentation ¶
Overview ¶
Package blocklist manages inspecting tokens and interacting with the cache
Includes JWT parsing, validation, and verification. Also includes cache management and lookup functions.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( SuccessTokenBlocked = "Token blocked" SuccessTokenUnblocked = "Token unblocked" SuccessTokenExists = "Token already blocked" SuccessTokenNotExists = "Token is not blocked" SuccessTokenIsAllowed = "JWT is allowed" SuccessTokenIsBlocked = "JWT is blocked" ErrMisconfiguredCache = errors.New("server cache configuration error") ErrNoExpForTTL = errors.New("token has no set expiration") )
Functions ¶
Types ¶
type BlockResult ¶
type BlockResult struct { Message string `json:"message"` // message summarizing the result. TTL int `json:"block_ttl_sec"` // remaining time-to-live of the token in the blocklist. TTLString string `json:"block_ttl_str"` // human readable remaining time-to-live. IsNew bool `json:"is_new"` // whether or not the token is newly added to the blocklist. IsError bool `json:"error"` // whether or not the result was an error. }
A BlockResult contains the result of trying to block a token.
func Block ¶
func Block(redisDB *redis.Client, tokenString string) (*BlockResult, error)
Block adds a token to the blocklist without an explicit TTL, and returns whether the added value is new or not..
func BlockWithTTL ¶
func BlockWithTTL(redisDB *redis.Client, tokenString string, explicitTTLSeconds int) (*BlockResult, error)
Block adds a token to the blocklist with an explicit TTL, and returns whether the added value is new or not.
explicitTTLSeconds behavior:
<0: Default TTL. 0: Infinite TTL. >0: Expiring TTL.
type CheckResult ¶
type CheckResult struct { Message string `json:"message"` // message summarizing the result. IsBlocked bool `json:"blocked"` // whether or not the token is blocked (present in the blocklist). TTL int `json:"block_ttl_sec"` // remaining time-to-live of the token in the blocklist. TTLString string `json:"block_ttl_str"` // human readable remaining time-to-live. IsError bool `json:"error"` // whether or not the result was an error. }
A CheckResult contains the result of checking for a token in the blocklist.
func CheckByJwt ¶
func CheckByJwt(redisDB *redis.Client, tokenString string) (CheckResult, error)
CheckByJwt checks if a token's hash value is in the blocklist.
The passed tokenString will be hashed and looked up.
func CheckBySha256 ¶
func CheckBySha256(redisDB *redis.Client, sha256 string) (CheckResult, error)
CheckBySha256 checks if the hash value of a token is in the blocklist.
type FlushResult ¶
type FlushResult struct { Message string `json:"message"` // message summarizing the result. Count int64 `json:"count"` // number of records flushed from the blocklist. IsError bool `json:"error"` // whether or not the result was an error. }
A FlushResult contains the result of checking for a token in the blocklist.
func Flush ¶
func Flush(redisDB *redis.Client) (*FlushResult, error)
Flush empties the blocklist cache of all tokens, so none are blocked.
type ListResult ¶
type ListResult struct { TokenHashes []string `json:"token_hashes"` // hashes of blocked tokens. Size int64 `json:"size"` // the number of blocked tokens. IsError bool `json:"error"` // whether or not the result was an error. }
A ListResult contains the result of listing token hashes in the blocklist.
func List ¶
func List(redisDB *redis.Client) (*ListResult, error)
List will dump all token hashes in the cache.
type UnblockResult ¶
type UnblockResult struct { Message string `json:"message"` // message summarizing the result. IsUnblocked bool `json:"unblocked"` // whether or not the token was unblocked (removed from the blocklist). IsError bool `json:"error"` // whether or not the result was an error. }
A UnblockResult contains the result of unblocking a token in the blocklist.
func UnblockByJwt ¶
func UnblockByJwt(redisDB *redis.Client, tokenString string) (*UnblockResult, error)
UnblockByJwt removes a token's hash from the blocklist by first hashing the passed token.
func UnblockBySha256 ¶
func UnblockBySha256(redisDB *redis.Client, sha256 string) (*UnblockResult, error)
UnblockBySha256 removes the passed token hash from the blocklist.