Documentation ¶
Index ¶
- Constants
- Variables
- func AllowOrgAdmin(curAcc *pkg.Account, accountOrgId string) (bool, error)
- func AllowOrgMember(curAcc *pkg.Account, accountOrgId string) (bool, error)
- func AllowProjectAdmin(curAcc *pkg.Account, accountOrgId, accountProjectId string) (bool, error)
- func AllowProjectMember(curAcc *pkg.Account, accountProjectId string) (bool, error)
- func AllowSelf(curAcc *pkg.Account, accountId string) bool
- func FromMetadata(ctx context.Context) (authMeta string, err error)
- func IsAdmin(in []*pkg.UserRoles) (bool, *int)
- func IsDisabled(in *pkg.Account) bool
- func IsSuperadmin(in []*pkg.UserRoles) bool
- func IsVerified(in *pkg.Account) bool
- func ServerInterceptor(itc ServerAuthzInterceptor) func(context.Context) (context.Context, error)
- type Claimant
- type ContextKey
- type Error
- type ErrorReason
- type PermChecker
- type ServerAuthzInterceptor
- type TokenClaims
- type TokenConfig
- type TokenPairDetails
Constants ¶
const ( ErrInvalidParameters = iota ErrInvalidCredentials ErrMissingToken ErrInvalidToken ErrDecryptionToken ErrInsufficientRights ErrRegistrationError ErrCreatingToken ErrAccountNotFound ErrQueryAccount ErrVerifyPassword ErrRequestUnauthenticated ErrVerificationTokenMismatch ErrAccountDisabled )
const ( ContextKeyClaims = ContextKey("auth-claims") HeaderAuthorize = "authorization" )
Variables ¶
var ( DefaultAccessExpiration = 10 * time.Minute // 10 minutes access token DefaultRefreshExpiration = 14 * 24 * time.Hour // two weeks )
Functions ¶
func AllowProjectAdmin ¶
func AllowProjectMember ¶
func IsDisabled ¶
func IsSuperadmin ¶
func IsVerified ¶
func ServerInterceptor ¶
Types ¶
type ContextKey ¶
type ContextKey string
func (ContextKey) String ¶
func (c ContextKey) String() string
type Error ¶
type Error struct { Reason ErrorReason Err error }
AuthError containing error reason and golang's err
type ErrorReason ¶
type ErrorReason int
type PermChecker ¶
type PermChecker interface {
IsAllowed(t *TokenClaims) (bool, error)
}
PermChecker interface allows or disallows current claimant to access / perform the task he/she wants.
type ServerAuthzInterceptor ¶
type ServerAuthzInterceptor interface { GetUnauthenticatedRoutes() []string GetAuthenticatedRoutes() map[string]func(claims TokenClaims) error // for bus GetTokenConfig() *TokenConfig GetLogger() logging.Logger }
type TokenClaims ¶
type TokenClaims struct { UserId string `json:"userId"` Role []*pkg.UserRoles `json:"role"` UserEmail string `json:"userEmail"` jwt.StandardClaims }
TokenClaims is the representation of JWT auth claims
func ClaimsFromMetadata ¶
func ClaimsFromMetadata(ctx context.Context, isAccess bool, itc ServerAuthzInterceptor) (claims TokenClaims, err error)
func NewTokenClaims ¶
func NewTokenClaims(exp time.Duration, c Claimant) *TokenClaims
create token claims for refresh / access token
func ObtainClaimsFromContext ¶
func ObtainClaimsFromContext(ctx context.Context) TokenClaims
ObtainClaimsFromContext obtains token claims from given context with value.
type TokenConfig ¶
type TokenConfig struct { AccessSecret []byte RefreshSecret []byte AccessExpiration time.Duration RefreshExpiration time.Duration }
func NewTokenConfig ¶
func NewTokenConfig(accessSecret, refreshSecret []byte) *TokenConfig
func (*TokenConfig) NewTokenPairs ¶
func (tc *TokenConfig) NewTokenPairs(claimant Claimant) (*TokenPairDetails, error)
NewTokenPairs returns new TokenPairDetails for given Claimant
func (*TokenConfig) ParseTokenStringToClaim ¶
func (tc *TokenConfig) ParseTokenStringToClaim(authenticate string, isAccess bool) (TokenClaims, error)
ParseTokenStringToClaim parses given token (access or refresh) and returns token claims with embedded JWT claims if token is indeed valid
func (*TokenConfig) RenewAccessToken ¶
func (tc *TokenConfig) RenewAccessToken(tcl *TokenClaims) (string, error)
RenewAccessToken given a refresh token
type TokenPairDetails ¶
type TokenPairDetails struct { AccessToken string RefreshToken string ATExpiry int64 // unix epoch or nano (TODO @WinWisely268: specify be it in millis or in nanos, for now use milli) RTExpiry int64 // same as above ATId string // access token id, for storing to the database alongside refresh token id below RTId string // this way we can update and delete token (somewhat) easily. }
TokenPairDetails contain both AccessToken and RefreshToken of the user This in turn will be saved to the Genji / Badger DB as `session data`