shared

package
v0.0.0-...-0a1b35b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 2, 2021 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ErrInvalidParameters = iota
	ErrInvalidCredentials
	ErrMissingToken
	ErrInvalidToken
	ErrDecryptionToken
	ErrInsufficientRights
	ErrRegistrationError
	ErrCreatingToken
	ErrAccountNotFound
	ErrQueryAccount
	ErrVerifyPassword
	ErrRequestUnauthenticated
	ErrVerificationTokenMismatch
	ErrAccountDisabled
)
View Source 
const (
	ContextKeyClaims = ContextKey("auth-claims")
	HeaderAuthorize  = "authorization"
)

Variables

View Source 
var (
	DefaultAccessExpiration  = 10 * time.Minute    // 10 minutes access token
	DefaultRefreshExpiration = 14 * 24 * time.Hour // two weeks
)

Functions

func AllowOrgAdmin 

func AllowOrgAdmin(curAcc *pkg.Account, accountOrgId string) (bool, error)

func AllowOrgMember 

func AllowOrgMember(curAcc *pkg.Account, accountOrgId string) (bool, error)

func AllowProjectAdmin 

func AllowProjectAdmin(curAcc *pkg.Account, accountOrgId, accountProjectId string) (bool, error)

func AllowProjectMember 

func AllowProjectMember(curAcc *pkg.Account, accountProjectId string) (bool, error)

func AllowSelf 

func AllowSelf(curAcc *pkg.Account, accountId string) bool

func FromMetadata 

func FromMetadata(ctx context.Context) (authMeta string, err error)

func IsAdmin 

func IsAdmin(in []*pkg.UserRoles) (bool, *int)

func IsDisabled 

func IsDisabled(in *pkg.Account) bool

func IsSuperadmin 

func IsSuperadmin(in []*pkg.UserRoles) bool

func IsVerified 

func IsVerified(in *pkg.Account) bool

func ServerInterceptor 

func ServerInterceptor(itc ServerAuthzInterceptor) func(context.Context) (context.Context, error)

Types

type Claimant 

type Claimant interface {
	GetId() string
	GetEmail() string
	GetRole() []*pkg.UserRoles
}

Claimants are ones who are able to get token claims

type ContextKey 

type ContextKey string

func (ContextKey) String 

func (c ContextKey) String() string

type Error 

type Error struct {
	Reason ErrorReason
	Err    error
}

AuthError containing error reason and golang's err

func (Error) Error 

func (err Error) Error() string

type ErrorReason 

type ErrorReason int

type PermChecker 

type PermChecker interface {
	IsAllowed(t *TokenClaims) (bool, error)
}

PermChecker interface allows or disallows current claimant to access / perform the task he/she wants.

type ServerAuthzInterceptor 

type ServerAuthzInterceptor interface {
	GetUnauthenticatedRoutes() []string
	GetAuthenticatedRoutes() map[string]func(claims TokenClaims) error // for bus
	GetTokenConfig() *TokenConfig
	GetLogger() logging.Logger
}

type TokenClaims 

type TokenClaims struct {
	UserId    string           `json:"userId"`
	Role      []*pkg.UserRoles `json:"role"`
	UserEmail string           `json:"userEmail"`
	jwt.StandardClaims
}

TokenClaims is the representation of JWT auth claims

func ClaimsFromMetadata 

func ClaimsFromMetadata(ctx context.Context, isAccess bool, itc ServerAuthzInterceptor) (claims TokenClaims, err error)

func NewTokenClaims 

func NewTokenClaims(exp time.Duration, c Claimant) *TokenClaims

create token claims for refresh / access token

func ObtainClaimsFromContext 

func ObtainClaimsFromContext(ctx context.Context) TokenClaims

ObtainClaimsFromContext obtains token claims from given context with value.

type TokenConfig 

type TokenConfig struct {
	AccessSecret      []byte
	RefreshSecret     []byte
	AccessExpiration  time.Duration
	RefreshExpiration time.Duration
}

func NewTokenConfig 

func NewTokenConfig(accessSecret, refreshSecret []byte) *TokenConfig

func (*TokenConfig) NewTokenPairs 

func (tc *TokenConfig) NewTokenPairs(claimant Claimant) (*TokenPairDetails, error)

NewTokenPairs returns new TokenPairDetails for given Claimant

func (*TokenConfig) ParseTokenStringToClaim 

func (tc *TokenConfig) ParseTokenStringToClaim(authenticate string, isAccess bool) (TokenClaims, error)

ParseTokenStringToClaim parses given token (access or refresh) and returns token claims with embedded JWT claims if token is indeed valid

func (*TokenConfig) RenewAccessToken 

func (tc *TokenConfig) RenewAccessToken(tcl *TokenClaims) (string, error)

RenewAccessToken given a refresh token

type TokenPairDetails 

type TokenPairDetails struct {
	AccessToken  string
	RefreshToken string
	ATExpiry     int64  // unix epoch or nano (TODO @WinWisely268: specify be it in millis or in nanos, for now use milli)
	RTExpiry     int64  // same as above
	ATId         string // access token id, for storing to the database alongside refresh token id below
	RTId         string // this way we can update and delete token (somewhat) easily.
}

TokenPairDetails contain both AccessToken and RefreshToken of the user This in turn will be saved to the Genji / Badger DB as `session data`

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.