token

package
v1.23.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2024 License: MIT Imports: 12 Imported by: 54

Documentation

Overview

Package token wraps jwt-go library and provides higher level abstraction to work with JWT.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HashID 

func HashID(h hash.Hash, val string) string

HashID tries to hash val with hash.Hash and fallback to crc if needed

func SetUserInfo 

func SetUserInfo(r *http.Request, user User) *http.Request

SetUserInfo sets user into request context

Types

type Audience added in v0.3.0 

type Audience interface {
	Get() ([]string, error)
}

Audience defines interface returning list of allowed audiences

type AudienceFunc added in v0.3.0 

type AudienceFunc func() ([]string, error)

AudienceFunc type is an adapter to allow the use of ordinary functions as Audience.

func (AudienceFunc) Get added in v0.3.0 

func (f AudienceFunc) Get() ([]string, error)

Get calls f()

type Claims 

type Claims struct {
	jwt.StandardClaims
	User        *User      `json:"user,omitempty"` // user info
	SessionOnly bool       `json:"sess_only,omitempty"`
	Handshake   *Handshake `json:"handshake,omitempty"` // used for oauth handshake
	NoAva       bool       `json:"no-ava,omitempty"`    // disable avatar, always use identicon
}

Claims stores user info for token and state & from from login

func (Claims) String added in v0.2.0 

func (c Claims) String() string

type ClaimsUpdFunc 

type ClaimsUpdFunc func(claims Claims) Claims

ClaimsUpdFunc type is an adapter to allow the use of ordinary functions as ClaimsUpdater. If f is a function with the appropriate signature, ClaimsUpdFunc(f) is a Handler that calls f.

func (ClaimsUpdFunc) Update 

func (f ClaimsUpdFunc) Update(claims Claims) Claims

Update calls f(id)

type ClaimsUpdater 

type ClaimsUpdater interface {
	Update(claims Claims) Claims
}

ClaimsUpdater defines interface adding extras to claims

type Handshake 

type Handshake struct {
	State string `json:"state,omitempty"`
	From  string `json:"from,omitempty"`
	ID    string `json:"id,omitempty"`
}

Handshake used for oauth handshake

type Opts 

type Opts struct {
	SecretReader   Secret
	ClaimsUpd      ClaimsUpdater
	SecureCookies  bool
	TokenDuration  time.Duration
	CookieDuration time.Duration
	DisableXSRF    bool
	DisableIAT     bool // disable IssuedAt claim
	// optional (custom) names for cookies and headers
	JWTCookieName   string
	JWTCookieDomain string
	JWTHeaderKey    string
	XSRFCookieName  string
	XSRFHeaderKey   string
	JWTQuery        string
	AudienceReader  Audience      // allowed aud values
	Issuer          string        // optional value for iss claim, usually application name
	AudSecrets      bool          // uses different secret for differed auds. important: adds pre-parsing of unverified token
	SendJWTHeader   bool          // if enabled send JWT as a header instead of cookie
	SameSite        http.SameSite // define a cookie attribute making it impossible for the browser to send this cookie cross-site
}

Opts holds constructor params

type Secret 

type Secret interface {
	Get(aud string) (string, error) // aud matching is optional. Implementation may decide if supported or ignored
}

Secret defines interface returning secret key for given id (aud)

type SecretFunc 

type SecretFunc func(aud string) (string, error)

SecretFunc type is an adapter to allow the use of ordinary functions as Secret. If f is a function with the appropriate signature, SecretFunc(f) is a Handler that calls f.

func (SecretFunc) Get 

func (f SecretFunc) Get(aud string) (string, error)

Get calls f()

type Service 

type Service struct {
	Opts
}

Service wraps jwt operations supports both header and cookie tokens

func NewService 

func NewService(opts Opts) *Service

NewService makes JWT service

func (*Service) Get 

func (j *Service) Get(r *http.Request) (Claims, string, error)

Get token from url, header or cookie if cookie used, verify xsrf token to match

func (*Service) IsExpired 

func (j *Service) IsExpired(claims Claims) bool

IsExpired returns true if claims expired

func (*Service) Parse 

func (j *Service) Parse(tokenString string) (Claims, error)

Parse token string and verify. Not checking for expiration

func (*Service) Reset 

func (j *Service) Reset(w http.ResponseWriter)

Reset token's cookies

func (*Service) Set 

func (j *Service) Set(w http.ResponseWriter, claims Claims) (Claims, error)

Set creates token cookie with xsrf cookie and put it to ResponseWriter accepts claims and sets expiration if none defined. permanent flag means long-living cookie, false makes it session only.

func (*Service) Token 

func (j *Service) Token(claims Claims) (string, error)

Token makes token with claims

type User 

type User struct {
	// set by service
	Name     string `json:"name"`
	ID       string `json:"id"`
	Picture  string `json:"picture"`
	Audience string `json:"aud,omitempty"`

	// set by client
	IP         string                 `json:"ip,omitempty"`
	Email      string                 `json:"email,omitempty"`
	Attributes map[string]interface{} `json:"attrs,omitempty"`
	Role       string                 `json:"role,omitempty"`
}

User is the basic part of oauth data provided by service

func GetUserInfo 

func GetUserInfo(r *http.Request) (user User, err error)

GetUserInfo returns user info from request context

func MustGetUserInfo 

func MustGetUserInfo(r *http.Request) User

MustGetUserInfo gets user info and panics if can't extract it from the request. should be called from authenticated controllers only

func (*User) BoolAttr 

func (u *User) BoolAttr(key string) bool

BoolAttr gets boolean attribute

func (*User) GetRole added in v0.12.0 

func (u *User) GetRole() string

GetRole gets user role

func (*User) IsAdmin 

func (u *User) IsAdmin() bool

IsAdmin is a shortcut to get admin attribute

func (*User) IsPaidSub added in v1.18.0 

func (u *User) IsPaidSub() bool

IsPaidSub is a shortcut to get "paidSubscriberAttr" attribute

func (*User) SetAdmin 

func (u *User) SetAdmin(val bool)

SetAdmin is a shortcut to set "admin" attribute

func (*User) SetBoolAttr 

func (u *User) SetBoolAttr(key string, val bool)

SetBoolAttr sets boolean attribute

func (*User) SetPaidSub added in v1.18.0 

func (u *User) SetPaidSub(val bool)

SetPaidSub is a shortcut to set "paidSubscriberAttr" attribute

func (*User) SetRole added in v0.12.0 

func (u *User) SetRole(role string)

SetRole sets user role for RBAC

func (*User) SetSliceAttr added in v0.4.1 

func (u *User) SetSliceAttr(key string, val []string)

SetSliceAttr sets slice attribute for given key

func (*User) SetStrAttr 

func (u *User) SetStrAttr(key, val string)

SetStrAttr sets string attribute

func (*User) SliceAttr added in v0.4.1 

func (u *User) SliceAttr(key string) []string

SliceAttr gets slice attribute

func (*User) StrAttr 

func (u *User) StrAttr(key string) string

StrAttr gets string attribute

type Validator 

type Validator interface {
	Validate(token string, claims Claims) bool
}

Validator defines interface to accept o reject claims with consumer defined logic It works with valid token and allows to reject some, based on token match or user's fields

type ValidatorFunc 

type ValidatorFunc func(token string, claims Claims) bool

ValidatorFunc type is an adapter to allow the use of ordinary functions as Validator. If f is a function with the appropriate signature, ValidatorFunc(f) is a Validator that calls f.

func (ValidatorFunc) Validate 

func (f ValidatorFunc) Validate(token string, claims Claims) bool

Validate calls f(id)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.