auth

package
v0.19.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 24, 2023 License: MIT Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const BasicMethodName = "basic"

BasicMethodName is the constant name of the basic authentication method

View Source 
const ReverseProxyMethodName = "reverse_proxy"

ReverseProxyMethodName is the constant name of the ReverseProxy authentication method

Variables

This section is empty.

Functions

func APIAuth 

func APIAuth(authMethod Method) func(*context.APIContext)

APIAuth is a middleware to authenticate an api user

func Auth 

func Auth(authMethod Method) func(*context.Context)

Auth is a middleware to authenticate a web user

func CheckOAuthAccessToken 

func CheckOAuthAccessToken(accessToken string) int64

CheckOAuthAccessToken returns uid of user from oauth token

func DeleteSource 

func DeleteSource(source *auth.Source) error

DeleteSource deletes a AuthSource record in DB.

func Init 

func Init()

Init should be called exactly once when the application starts to allow plugins to allocate necessary resources

func SessionUser 

func SessionUser(sess SessionStore) *user_model.User

SessionUser returns the user object corresponding to the "uid" session variable.

func SyncExternalUsers 

func SyncExternalUsers(ctx context.Context, updateExisting bool) error

SyncExternalUsers is used to synchronize users with external authorization source

func UserSignIn 

func UserSignIn(username, password string) (*user_model.User, *auth.Source, error)

UserSignIn validates user name and password.

func VerifyAuthWithOptions 

func VerifyAuthWithOptions(options *VerifyOptions) func(ctx *context.Context)

VerifyAuthWithOptions checks authentication according to options

func VerifyAuthWithOptionsAPI 

func VerifyAuthWithOptionsAPI(options *VerifyOptions) func(ctx *context.APIContext)

VerifyAuthWithOptionsAPI checks authentication according to options

func VerifyCert 

func VerifyCert(r *http.Request) (*asymkey_model.PublicKey, error)

VerifyCert verifies the validity of the ssh certificate and returns the publickey of the signer We verify that the certificate is signed with the correct CA We verify that the http request is signed with the private key (of the public key mentioned in the certificate)

func VerifyPubKey 

func VerifyPubKey(r *http.Request) (*asymkey_model.PublicKey, error)

Types

type Basic 

type Basic struct{}

Basic implements the Auth interface and authenticates requests (API requests only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization" header.

func (*Basic) Name 

func (b *Basic) Name() string

Name represents the name of auth method

func (*Basic) Verify 

func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)

Verify extracts and validates Basic data (username and password/token) from the "Authorization" header of the request and returns the corresponding user object for that name/token on successful validation. Returns nil if header is empty or validation fails.

type DataStore 

type DataStore middleware.ContextDataStore

DataStore represents a data store

type Freeable 

type Freeable interface {
	// Free should be called exactly once before application closes, in order to
	// give chance to the plugin to free any allocated resources
	Free() error
}

Freeable represents a structure that is required to be freed

type Group 

type Group struct {
	// contains filtered or unexported fields
}

Group implements the Auth interface with serval Auth.

func NewGroup 

func NewGroup(methods ...Method) *Group

NewGroup creates a new auth group

func (*Group) Add 

func (b *Group) Add(method Method)

Add adds a new method to group

func (*Group) Free 

func (b *Group) Free() error

Free does nothing as the Basic implementation does not have to release any resources

func (*Group) Init 

func (b *Group) Init(ctx context.Context) error

Init does nothing as the Basic implementation does not need to allocate any resources

func (*Group) Name 

func (b *Group) Name() string

Name returns group's methods name

func (*Group) Verify 

func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)

Verify extracts and validates

type HTTPSign 

type HTTPSign struct{}

HTTPSign implements the Auth interface and authenticates requests (API requests only) by looking for http signature data in the "Signature" header. more information can be found on https://github.com/go-fed/httpsig

func (*HTTPSign) Name 

func (h *HTTPSign) Name() string

Name represents the name of auth method

func (*HTTPSign) Verify 

func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)

Verify extracts and validates HTTPsign from the Signature header of the request and returns the corresponding user object on successful validation. Returns nil if header is empty or validation fails.

type Initializable 

type Initializable interface {
	// Init should be called exactly once before using any of the other methods,
	// in order to allow the plugin to allocate necessary resources
	Init(ctx context.Context) error
}

Initializable represents a structure that requires initialization It usually should only be called once before anything else is called

type LocalTwoFASkipper 

type LocalTwoFASkipper interface {
	IsSkipLocalTwoFA() bool
}

LocalTwoFASkipper represents a source of authentication that can skip local 2fa

type Method 

type Method interface {
	// Verify tries to verify the authentication data contained in the request.
	// If verification is successful returns either an existing user object (with id > 0)
	// or a new user object (with id = 0) populated with the information that was found
	// in the authentication data (username or email).
	// Second argument returns err if verification fails, otherwise
	// First return argument returns nil if no matched verification condition
	Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
}

Method represents an authentication method (plugin) for HTTP requests.

type Named 

type Named interface {
	Name() string
}

Named represents a named thing

type OAuth2 

type OAuth2 struct{}

OAuth2 implements the Auth interface and authenticates requests (API requests only) by looking for an OAuth token in query parameters or the "Authorization" header.

func (*OAuth2) Name 

func (o *OAuth2) Name() string

Name represents the name of auth method

func (*OAuth2) Verify 

func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)

Verify extracts the user ID from the OAuth token in the query parameters or the "Authorization" header and returns the corresponding user object for that ID. If verification is successful returns an existing user object. Returns nil if verification fails.

type PasswordAuthenticator 

type PasswordAuthenticator interface {
	Authenticate(user *user_model.User, login, password string) (*user_model.User, error)
}

PasswordAuthenticator represents a source of authentication

type ReverseProxy 

type ReverseProxy struct{}

ReverseProxy implements the Auth interface, but actually relies on a reverse proxy for authentication of users. On successful authentication the proxy is expected to populate the username in the "setting.ReverseProxyAuthUser" header. Optionally it can also populate the email of the user in the "setting.ReverseProxyAuthEmail" header.

func (*ReverseProxy) Name 

func (r *ReverseProxy) Name() string

Name represents the name of auth method

func (*ReverseProxy) Verify 

func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)

Verify attempts to load a user object based on headers sent by the reverse proxy. First it will attempt to load it based on the username (see docs for getUserFromAuthUser), and failing that it will attempt to load it based on the email (see docs for getUserFromAuthEmail). Returns nil if the headers are empty or the user is not found.

type Session 

type Session struct{}

Session checks if there is a user uid stored in the session and returns the user object for that uid.

func (*Session) Name 

func (s *Session) Name() string

Name represents the name of auth method

func (*Session) Verify 

func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)

Verify checks if there is a user uid stored in the session and returns the user object for that uid. Returns nil if there is no user uid stored in the session.

type SessionStore 

type SessionStore session.Store

SessionStore represents a session store

type SynchronizableSource 

type SynchronizableSource interface {
	Sync(ctx context.Context, updateExisting bool) error
}

SynchronizableSource represents a source that can synchronize users

type VerifyOptions 

type VerifyOptions struct {
	SignInRequired  bool
	SignOutRequired bool
	AdminRequired   bool
	DisableCSRF     bool
}

VerifyOptions contains required or check options

Source Files

View all Source files

Directories

Path Synopsis
db
ldap
oauth2
pam
smtp
sspi

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.