Documentation
¶
Index ¶
Constants ¶
const ( // DefaultContextKey declares default key which is used to store principal // in the echo.Context. DefaultContextKey = "user-context" // DefaultAuthHeaderName declares default header name used to update // access token on client web app. DefaultAuthHeaderName = "X-App-Auth" )
Variables ¶
This section is empty.
Functions ¶
func AccessToken ¶
func AccessToken( privateProviderID string, us authkit.MiddlewareUserService, tv authkit.TokenValidator) echo.MiddlewareFunc
AccessToken used to create middleware with mostly default configuration.
func AccessTokenWithConfig ¶
func AccessTokenWithConfig(config AccessTokenConfig) echo.MiddlewareFunc
AccessTokenWithConfig used to create middleware with provided configuration.
Types ¶
type AccessTokenConfig ¶
type AccessTokenConfig struct {
// OAuth2 provider ID used to store and retrieve token from UserService.
// Required.
PrivateProviderID string
// Context key to store user info into context.
// Optional. Default value is "user-context".
ContextKey string
// Optional. Default value is DefaultPermissionMapper
PermissionMapper authkit.PermissionMapper
// Required.
TokenValidator authkit.TokenValidator
// Required.
UserService authkit.MiddlewareUserService
// OAuth2Config used to refresh OAuth2 token.
// Optional. Default value is nil, which disables token refresh.
OAuth2Config authkit.OAuth2Config
// ContextCreator used to obtain context to store and refresh OAuth2 token.
// Optional. Default value is nil, which disables token refresh.
ContextCreator authkit.ContextCreator
// AuthHeaderName is a name of header to be used to update auth token on
// the client.
AuthHeaderName string
// RefreshAllowedInterval is an interval since access token expiration
// during which it is allowed to refresh expired access token.
// It is not quite similar to traditional HTTP session timeout, but
// used for the same purpose.
RefreshAllowedInterval time.Duration
}
AccessTokenConfig is a configuration for AccessTokenWithConfig middleware.
type DefaultPermission ¶
DefaultPermission is a permission descriptor for Hydra-backed TokenValidator. Fields of this struct should be passed along with token to Hydra (or similar) API.
type DefaultPermissionMapper ¶
type DefaultPermissionMapper struct {
// DefaultScopes added to calculated scope.
DefaultScopes []string
// ScopePrefix prefixes calculated scope name.
ScopePrefix string
// RootResName used for root path ("/").
RootResName string
// DefaultScopes, ScopePrefix and RootResName are ignored when explicit
// mapping exists for route.
Mapping map[Route]DefaultPermission
}
DefaultPermissionMapper maps method and path of request to DefaultPermission. See unit tests for additional info.
func (DefaultPermissionMapper) RequiredPermissioin ¶
func (m DefaultPermissionMapper) RequiredPermissioin(method, path string) (interface{}, error)
RequiredPermissioin maps method and path to Resource, Action and Scopes according to following rules. Resource is created from path with "rn:" prefix and slashes replaced to colons. Root resource replaced with "rn:root" or with "rn:" + RootResName. Scopes added to slice of DefaultScopes. Scope names created from path with slashes replaced with dots. Every created scope name is prefixed with ScopePrefix and postfixed with lower-cased http method name. Action is a lower-cased method name. See tests for examples.
Source Files