Documentation
¶
Index ¶
- Constants
- type AccessToken
- type AccessTokenMiddlewareOpts
- type ErrorResponse
- type Server
- func (s *Server) AccessTokenMiddleware(opts AccessTokenMiddlewareOpts) func(c *gin.Context)
- func (s *Server) AllowIpMiddleware() (gin.HandlerFunc, error)
- func (s *Server) LoggerMaskMiddleware(exp *regexp.Regexp, replace string) gin.HandlerFunc
- func (s *Server) LoggerMiddleware(parentLog *zerolog.Logger) func(c *gin.Context)
- func (s *Server) RequestIdMiddleware(c *gin.Context)
- func (s *Server) RequestKeyMiddleware() gin.HandlerFunc
- func (s *Server) RouteApiConfirmPost(c *gin.Context)
- func (s *Server) RouteApiListGet(c *gin.Context)
- func (s *Server) RouteAuthConfirm(c *gin.Context)
- func (s *Server) RouteAuthSignin(c *gin.Context)
- func (s *Server) RouteHealthzHandler(w http.ResponseWriter, r *http.Request)
- func (s *Server) RouteRequestOperations(op requestOperation) gin.HandlerFunc
- func (s *Server) RouteRequestResult(c *gin.Context)
- func (s *Server) Run(ctx context.Context) error
Constants ¶
const ( OperationEncrypt requestOperation = iota OperationDecrypt OperationSign OperationVerify OperationWrapKey OperationUnwrapKey )
const ( // Request is pending StatusPending requestStatus = iota // Request is completed and was successful StatusComplete // Request is completed and was canceled StatusCanceled // Request has been removed // This is only used in the public response StatusRemoved )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessToken ¶
type AccessToken struct {
TokenType string `json:"token_type"`
Resource string `json:"resource"`
Scope string `json:"scope"`
ExpiresIn int `json:"expires_in"`
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
Error string `json:"error"`
ErrorDescription string `json:"error_description"`
}
AccessToken contains the details of the access token
type AccessTokenMiddlewareOpts ¶
type AccessTokenMiddlewareOpts struct {
// If true, the request fails if the token is not present
Required bool
// If true, allows reading an access token directly from the Authorization header, as a Bearer token
// This is an access token with permissions on Azure Key Vault directly
AllowAccessTokenInHeader bool
}
type ErrorResponse ¶
type ErrorResponse string
ErrorResponse is used to send JSON responses with an error
const InternalServerError ErrorResponse = "An internal error occurred"
InternalServerError is an ErrorResponse for Internal Server Error messages
func (ErrorResponse) MarshalJSON ¶
func (e ErrorResponse) MarshalJSON() ([]byte, error)
MarshalJSON implements a JSON marshaller that returns an object with the error key
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the server based on Gin
func (*Server) AccessTokenMiddleware ¶
func (s *Server) AccessTokenMiddleware(opts AccessTokenMiddlewareOpts) func(c *gin.Context)
AccessTokenMiddleware is a middleware that requires the user to be authenticated and present a cookie with the access token for Azure Key Vault Note that this middleware doesn't validate the access token in any way (not even making sure it's a valid JWT), it just ensures the token is present; it's Azure Key Vault's responsibility to validate the token This injects the token in the request's context if it exists and it's valid
func (*Server) AllowIpMiddleware ¶
func (s *Server) AllowIpMiddleware() (gin.HandlerFunc, error)
AllowIpMiddleware is a middleware that allows requests from certain IPs only
func (*Server) LoggerMaskMiddleware ¶ added in v1.2.2
LoggerMaskMiddleware returns a Gin middleware that adds the "log-mask" to mask the path using a regular expression
func (*Server) LoggerMiddleware ¶ added in v1.2.2
LoggerMiddleware is a Gin middleware that uses zerlog for logging
func (*Server) RequestIdMiddleware ¶
RequestIdMiddleware is a middleware that generates a unique request ID for each request
func (*Server) RequestKeyMiddleware ¶ added in v1.1.0
func (s *Server) RequestKeyMiddleware() gin.HandlerFunc
RequestKeyMiddleware is a middleware that asserts that the Authorization header contains the shared requestKey
func (*Server) RouteApiConfirmPost ¶
RouteApiConfirmPost is the handler for the POST /api/confirm request This receives the results of the confirm/reject action
func (*Server) RouteApiListGet ¶
RouteApiListGet is the handler for the GET /api/list request This returns the list of all pending requests If the Accept header is `application/x-ndjson`, then this sends a stream of records, updated as soon as they come in, using the NDJSON format (https://github.com/ndjson/ndjson-spec)
func (*Server) RouteAuthConfirm ¶
RouteAuthConfirm is the handler for the GET /auth/confirm request This exchanges an authorization code for an access token
func (*Server) RouteAuthSignin ¶
RouteAuthSignin is the handler for the GET /auth/signin request This redirects the user to the page where they can sign in
func (*Server) RouteHealthzHandler ¶
func (s *Server) RouteHealthzHandler(w http.ResponseWriter, r *http.Request)
RouteHealthzHandler is the handler for the GET /healthz request as a http.Handler. It can be used to ping the server and ensure everything is working.
func (*Server) RouteRequestOperations ¶
func (s *Server) RouteRequestOperations(op requestOperation) gin.HandlerFunc
RouteRequestOperations is the handler for the routes that perform operations: - POST /request/encrypt - POST /request/decrypt - POST /request/sign - POST /request/verify - POST /request/wrapkey - POST /request/unwrapkey
func (*Server) RouteRequestResult ¶
RouteRequestResult is the handler for the GET /request/result/:state request This can be invoked by the app to periodically poll for the result
Source Files
¶
- middleware-authtoken.go
- middleware-ip-allow.go
- middleware-logger.go
- middleware-request-id.go
- middleware-request-key.go
- route-api-confirm.go
- route-api-list.go
- route-auth.go
- route-healthz.go
- route-request-operations.go
- route-request-result.go
- server.go
- static.go
- tls-certs.go
- util-errorresponse.go
- util-requeststate.go
- util-securecookies.go