auth

package

v0.0.0-...-5b6efc0 Latest Latest Go to latest Published: Apr 16, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/equinor/flowify-workflows-server

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type AccessLevel
type Action
type AuthConfig
type AuthenticationClient
- func NewAuthClientFromConfig(config AuthConfig) (AuthenticationClient, error)
- func NewAzureTokenAuthenticator(KeyFunc AzureKeyFunc, Audience string, Issuer string, ...) AuthenticationClient
type Authorization
- func GetAuthorization(ctx context.Context) *Authorization
type AuthorizationClient
type AzureConfig
type AzureKeyFunc
type AzureTokenAuthenticator
- func (a AzureTokenAuthenticator) Authenticate(r *http.Request) (user.User, error)
type AzureTokenAuthenticatorOptions
type AzureTokenUser
- func NewAzureTokenUser(audience string, issuer string) AzureTokenUser
- func (t AzureTokenUser) GetEmail() string
- func (t AzureTokenUser) GetName() string
- func (t AzureTokenUser) GetRoles() []user.Role
- func (t AzureTokenUser) GetUid() string
- func (t *AzureTokenUser) Parse(tokenString string, keyFunc AzureKeyFunc, disableVerification bool) error
- func (t AzureTokenUser) Valid() error
type ContextKey
type MockAuthenticator
- func (m MockAuthenticator) Authenticate(r *http.Request) (user.User, error)
type RoleAuthorizer
- func (ra RoleAuthorizer) Authorize(subject Subject, action Action, user user.User, object any) (bool, error)
- func (ra RoleAuthorizer) GetPermissions(subject Subject, action Action, usr user.User, data any) (bool, error)
- func (ra RoleAuthorizer) GetSecretPermissions(usr user.User, data any) (map[Action]bool, error)
- func (ra RoleAuthorizer) GetVolumePermissions(usr user.User, data any) (map[Action]bool, error)
- func (ra RoleAuthorizer) GetWorkspacePermissions(wsp string, usr user.User) (AccessLevel, error)
type Subject

Constants ¶

This section is empty.

Variables ¶

View Source

var TimeFunc = time.Now

The time to use when validating token life-time, defaults to time.Now which is UTC, https://tools.ietf.org/html/rfc7519#section-4.1.4 can be temporarily overridden when testing

Functions ¶

This section is empty.

Types ¶

type AccessLevel ¶

type AccessLevel struct {
	User  bool
	Admin bool
}

type Action ¶

type Action string

const (
	Read   Action = "read"
	Write  Action = "write"
	Delete Action = "delete"
	List   Action = "list"
)

type AuthConfig ¶

type AuthConfig struct {
	Handler string `mapstructure:"handler"`
	// the config is polymorphic based on the handler string
	Config map[string]interface{} `mapstructure:"config"`
}

type AuthenticationClient ¶

type AuthenticationClient interface {
	Authenticate(r *http.Request) (user.User, error)
}

an authclient either gives an error or an authenticated user

func NewAuthClientFromConfig ¶

func NewAuthClientFromConfig(config AuthConfig) (AuthenticationClient, error)

func NewAzureTokenAuthenticator ¶

func NewAzureTokenAuthenticator(KeyFunc AzureKeyFunc,
	Audience string,
	Issuer string,
	Options AzureTokenAuthenticatorOptions) AuthenticationClient

type Authorization ¶

type Authorization struct {
	Action     string
	Authorized bool
}

func GetAuthorization ¶

func GetAuthorization(ctx context.Context) *Authorization

type AuthorizationClient ¶

type AuthorizationClient interface {
	Authorize(subject Subject, action Action, user user.User, object any) (bool, error)
}

type AzureConfig ¶

type AzureConfig struct {
	Issuer   string
	Audience string
	KeysUrl  string
}

type AzureKeyFunc ¶

type AzureKeyFunc = func(claim *jwt.Token) (interface{}, error)

the same as the jwt KeyFunc

type AzureTokenAuthenticator ¶

type AzureTokenAuthenticator struct {
	KeyFunc AzureKeyFunc
	// the intended audience to be verified with the token `aud` claim
	Audience string
	// the issuer id to be verified with the token `iss` claim
	Issuer string

	// Use only in safe environments
	Options AzureTokenAuthenticatorOptions
}

func (AzureTokenAuthenticator) Authenticate ¶

func (a AzureTokenAuthenticator) Authenticate(r *http.Request) (user.User, error)

type AzureTokenAuthenticatorOptions ¶

type AzureTokenAuthenticatorOptions struct {
	// Disable verification of the signature of the tokens, (claims are still validated)
	DisableVerification bool
}

type AzureTokenUser ¶

type AzureTokenUser struct {
	Name  string      `json:"name"`
	Email string      `json:"email"`
	Oid   string      `json:"oid"`
	Roles []user.Role `json:"roles"`
	jwt.RegisteredClaims
	// contains filtered or unexported fields
}

implements user.User

func NewAzureTokenUser ¶

func NewAzureTokenUser(audience string, issuer string) AzureTokenUser

func (AzureTokenUser) GetEmail ¶

func (t AzureTokenUser) GetEmail() string

func (AzureTokenUser) GetName ¶

func (t AzureTokenUser) GetName() string

func (AzureTokenUser) GetRoles ¶

func (t AzureTokenUser) GetRoles() []user.Role

func (AzureTokenUser) GetUid ¶

func (t AzureTokenUser) GetUid() string

func (*AzureTokenUser) Parse ¶

func (t *AzureTokenUser) Parse(tokenString string, keyFunc AzureKeyFunc, disableVerification bool) error

func (AzureTokenUser) Valid ¶

func (t AzureTokenUser) Valid() error

called from the jwt-parser code to ensure the token is valid wrt also called explicitly from the no-verification path of Parse

type ContextKey ¶

type ContextKey = int

const (
	AuthorizationKey ContextKey = iota
)

type MockAuthenticator ¶

type MockAuthenticator struct {
	User user.MockUser
}

the mock authenticator can be used for testing

func (MockAuthenticator) Authenticate ¶

func (m MockAuthenticator) Authenticate(r *http.Request) (user.User, error)

type RoleAuthorizer ¶

type RoleAuthorizer struct {
	// map subject -> action -> required permssion
	Workspaces workspace.WorkspaceClient
}

func (RoleAuthorizer) Authorize ¶

func (ra RoleAuthorizer) Authorize(subject Subject, action Action, user user.User, object any) (bool, error)

func (RoleAuthorizer) GetPermissions ¶

func (ra RoleAuthorizer) GetPermissions(subject Subject, action Action, usr user.User, data any) (bool, error)

func (RoleAuthorizer) GetSecretPermissions ¶

func (ra RoleAuthorizer) GetSecretPermissions(usr user.User, data any) (map[Action]bool, error)

func (RoleAuthorizer) GetVolumePermissions ¶

func (ra RoleAuthorizer) GetVolumePermissions(usr user.User, data any) (map[Action]bool, error)

func (RoleAuthorizer) GetWorkspacePermissions ¶

func (ra RoleAuthorizer) GetWorkspacePermissions(wsp string, usr user.User) (AccessLevel, error)

type Subject ¶

type Subject string

const (
	Secrets Subject = "secrets"
	Volumes Subject = "volumes"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL