secure_backend

package module
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 17, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

README

go-secure-backend

Enable API

IAM settings.

You need attach roles to your service account.

  • for Firebase Auth token verify.
    • Firebase Admin SDK Administrator Service Agent
    • Service Account Token Creator
  • for API Key verify.
    • Service Controller

Firebase Auth token verifier

var securityContext SecurityContext

func HandleHttp(w http.ResponseWriter, r *http.Request) {
    authToken := // get Firebase Token from request.

    parsedToken, err := securityContext.NewFirebaseAuthVerifier().Verify(apiKey)
    if err != nil {
        panic("Invalid Firebase Token!!")
    }
    
    // do something...
}

func main() {
    configs := &secure_backend.SecurityContextConfigs{}
    if ctx, err := secure_backend.NewSecurityContext(configs); err != nil {
        panic(err)
    } else {
        securityContext = ctx
    }
}

Google Cloud Platform API Key validator

Validation your API Key, created by Google Cloud Platform.


var securityContext SecurityContext

func HandleHttp(w http.ResponseWriter, r *http.Request) {
    apiKey := // get Google API Key from reqeust.
    if !securityContext.NewGoogleApiKeyVerifier().Verify(apiKey) {
        panic("Invalid Google API Key!!")
    }
    
    // do something.
}

func main() {
    configs := &secure_backend.SecurityContextConfigs{}
    if ctx, err := secure_backend.NewSecurityContext(configs); err != nil {
        panic(err)
    } else {
        securityContext = ctx
    }
}

Step1. Enable ServiceControl API.

You need ServiceControl API to enable.

Step2. Deploy Swagger file to Cloud Endpoint.

Deploy your API spec to Cloud Endpoint.

If you not use OpenAPI Based API, then you can deploy mock file to Endpoint.

# Init your GCP project.
gcloud init

# deploy
cd path/to/go-secure-backend
./scripts/enable-cloud-endpoint.sh "your-gcp-project-name.appspot.com"

(Option) Step3. API Key security.

You can enable 'restrict key' mode to your API Key on GCP Console.

Go to "GCP Console > APIs & Services > Credentials > (API Key) > API restrictions > Your serviceName" e.g.) "your-gcp-project.appspot.com" API.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FirebaseAuthVerifier 

type FirebaseAuthVerifier interface {
	// Set custom logger.
	SetLogger(logger *Logger)

	// Support Original JWT Token.
	// sub = your GCP Project
	// default = deny.
	AcceptOriginalToken()

	// Verify Firebase Auth token.
	// supported)
	// 	- JWT: Firebase Custom Token source
	// 	- JWT: Firebase Auth Token
	// 		see) https://firebase.google.com/docs/auth/android/custom-auth?hl=en
	Verify(ctx context.Context, token string) (*VerifiedFirebaseAuthToken, error)
}

Verifier for Firebase Auth token.

type FirebaseUser 

type FirebaseUser struct {
	/*
		Firebase user id.
	*/
	Id string
}

func (*FirebaseUser) String 

func (it *FirebaseUser) String() string

type GoogleApiKeyVerifier 

type GoogleApiKeyVerifier interface {
	// Set custom logger.
	SetLogger(logger *Logger)

	// Set custom service name for 'Service Control' check API.
	// Default is 'your-gcp-name.appspot.com'
	// https://cloud.google.com/service-infrastructure/docs/service-control/getting-started?hl=en
	SetServiceName(serviceName string)

	// Verify your API Key.
	Verify(ctx context.Context, apiKey string) error
}

Google Cloud Platform API Key verify.

type Logger 

type Logger struct {
	Info  func(message string)
	Error func(message string)
}

type SecurityContext 

type SecurityContext interface {
	// Returns Firebase auth based JWT verifier.
	//
	// see)
	// 	- https://firebase.google.com/docs/auth?hl=en
	// 	- https://github.com/firebase/firebase-admin-go/tree/master/auth
	NewFirebaseAuthVerifier() FirebaseAuthVerifier

	// Returns Google API Key verifier.
	// see)
	// 	- https://cloud.google.com/docs/authentication/api-keys?hl=en
	NewGoogleApiKeyVerifier() GoogleApiKeyVerifier
}

func NewSecurityContext 

func NewSecurityContext(ctx context.Context, configs *SecurityContextConfigs) (SecurityContext, error)

New instance.

type SecurityContextConfigs 

type SecurityContextConfigs struct {
	/*
		Custom logger.
	*/
	Logger *Logger

	/*
		Custom GCP service account's json file.
		If this value is nil, then load from 'GOOGLE_APPLICATION_CREDENTIALS'.

		see) https://cloud.google.com/docs/authentication/getting-started?hl=en
	*/
	GoogleServiceAccountJson []byte
}

logger function

type VerifiedFirebaseAuthToken 

type VerifiedFirebaseAuthToken struct {
	/*
		Authorize user.
	*/
	User *FirebaseUser

	/*
		Token expire time.
	*/
	ExpireAt time.Time

	/*
		JWT Claims.
	*/
	Claims map[string]interface{}
}

Verified JWT Data.

func (*VerifiedFirebaseAuthToken) GetFloatClaim 

func (it *VerifiedFirebaseAuthToken) GetFloatClaim(key string) (float64, error)

func (*VerifiedFirebaseAuthToken) GetIntClaim 

func (it *VerifiedFirebaseAuthToken) GetIntClaim(key string) (int64, error)

func (*VerifiedFirebaseAuthToken) GetStringClaim 

func (it *VerifiedFirebaseAuthToken) GetStringClaim(key string) (string, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.