Documentation ¶
Index ¶
- Constants
- Variables
- func AuthDisabledMiddleware(handler http.Handler) http.HandlerFunc
- func ContextFromIdentity(ctx context.Context, id Identity) context.Context
- func ContextFromSessionToken(ctx context.Context, graph *ent.Client, token string) (context.Context, error)
- func IsActivatedContext(ctx context.Context) bool
- func IsAdminContext(ctx context.Context) bool
- func IsAuthenticatedContext(ctx context.Context) bool
- func Middleware(handler http.Handler, graph *ent.Client) http.HandlerFunc
- func NewOAuthAuthorizationHandler(cfg oauth2.Config, pubKey ed25519.PublicKey, graph *ent.Client, ...) http.Handler
- func NewOAuthLoginHandler(cfg oauth2.Config, privKey ed25519.PrivateKey) http.Handler
- type Identity
Constants ¶
const ( OAuthCookieName = "oauth-state" SessionCookieName = "auth-session" )
Variables ¶
var ( ErrOAuthNoStatePresented = fmt.Errorf("no OAuth state presented") ErrOAuthNoCookieFound = fmt.Errorf("no OAuth cookie found") ErrOAuthInvalidCookie = fmt.Errorf("invalid OAuth cookie provided") ErrOAuthInvalidState = fmt.Errorf("presented OAuth state is invalid") ErrOAuthExchangeFailed = fmt.Errorf("failed to exchange authorization code for an access token from identity provider") ErrOAuthFailedToObtainProfileInfo = fmt.Errorf("failed to obtain profile information from identity provider") ErrOAuthFailedToParseProfileInfo = fmt.Errorf("failed to parse profile information returned by identity provider") ErrOAuthInvalidProfileInfo = fmt.Errorf("failed to parse profile information returned by identity provider") ErrOAuthFailedUserLookup = fmt.Errorf("failed to lookup user account") )
var ( // ErrPermissionDenied indicates the identity did not have sufficient permissions to perform an action. ErrPermissionDenied = fmt.Errorf("permission denied") )
Functions ¶
func AuthDisabledMiddleware ¶
func AuthDisabledMiddleware(handler http.Handler) http.HandlerFunc
AuthDisabledMiddleware should only be used when authentication has been disabled.
func ContextFromIdentity ¶
ContextFromIdentity returns a copy of parent context with the given Identity associated with it.
func ContextFromSessionToken ¶
func ContextFromSessionToken(ctx context.Context, graph *ent.Client, token string) (context.Context, error)
ContextFromSessionToken returns a copy of parent context with a user Identity associated with it (if it exists).
func IsActivatedContext ¶
IsActivatedContext returns true if the context is associated with an activated identity, false otherwise.
func IsAdminContext ¶
IsAdminContext returns true if the context is associated with an admin identity, false otherwise.
func IsAuthenticatedContext ¶
IsAuthenticatedContext returns true if the context is associated with an authenticated identity, false otherwise.
func Middleware ¶
Middleware that associates the requestor identity with the request context.
func NewOAuthAuthorizationHandler ¶
func NewOAuthAuthorizationHandler(cfg oauth2.Config, pubKey ed25519.PublicKey, graph *ent.Client, profileURL string) http.Handler
NewOAuthAuthorizationHandler returns an http endpoint that validates the request was redirected from the identity provider after a consent flow and initializes a user session
func NewOAuthLoginHandler ¶
NewOAuthLoginHandler returns an http endpoint that redirects the user to the configured OAuth consent flow It will set a JWT in a cookie that will later be used to verify the OAuth state
Types ¶
type Identity ¶
type Identity interface { // String representation of the identity, used for logging String() string // IsAuthenticated should only return true if the identity has been authenticated. IsAuthenticated() bool // IsActivated should only return true if the identity is allowed to make sensitive API requests. IsActivated() bool // IsAdmin should only return true if the identity represents an administrator. IsAdmin() bool }
An Identity making a request.
func IdentityFromContext ¶
IdentityFromContext returns the identity associated with the provided context, or nil if no identity is associated.