auth

package

v0.0.0-...-5c8b849 Latest Latest Go to latest Published: Jan 3, 2019 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/motki/motki-server

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth manages authentication for the motki application.

Index ¶

Constants
func CSRFTokenFromSession(s *session.Session) (string, bool)
type Authenticator
- func NewFormLoginAuthenticator(m *model.Manager, logger log.Logger, loginURL string) Authenticator
type Authorizer
- func NewEveAPIAuthorizer(m *model.Manager, api *eveapi.EveAPI, logger log.Logger) Authorizer
type EveAPIAuthorizer
type FormLoginAuthenticator
type Manager
- func NewManager(authenticator Authenticator, authorizer Authorizer, sessions session.Manager) Manager
type Session
- func (s *Session) User() User
type User

Constants ¶

View Source

const AuthenticatedUserSessionKey = "__motki_user_id"

Once a user is authenticated, this key will be populated in the user's session. It will contain the current user ID.

Variables ¶

This section is empty.

Functions ¶

func CSRFTokenFromSession ¶

func CSRFTokenFromSession(s *session.Session) (string, bool)

CSRFTokenFromSession attempts to retrieve the generated form login CSRF token from the user's session storage.

Types ¶

type Authenticator ¶

type Authenticator interface {
	// BeginAuthentication begins the authentication process.
	BeginAuthentication(s *session.Session, w http.ResponseWriter, r *http.Request)

	// FinishAuthentication completes the authentication process, returning an authenticated session.
	FinishAuthentication(s *session.Session, r *http.Request) (*Session, error)

	// VerifyAuthentication authenticates the session using stored details.
	VerifyAuthentication(s *session.Session) (*Session, bool)
}

An Authenticator implements an authentication mechanism using a user's session.

Generally, an HTTP handler requiring authentication should be wrapped using the package level auth.Handle or auth.HandleFunc methods. If the handler does not require authorized access to any resources, the role model.RoleAnon can be used to skip any further authorization.

func NewFormLoginAuthenticator ¶

func NewFormLoginAuthenticator(m *model.Manager, logger log.Logger, loginURL string) Authenticator

NewFormLoginAuthenticator creates a new authenticator for use with form logins.

type Authorizer ¶

type Authorizer interface {
	// BeginAuthorization begins the authorization process for the given role.
	BeginAuthorization(s *Session, r model.Role, w http.ResponseWriter, req *http.Request)

	// FinishAuthorization completes the authorization process, returning an error if it fails.
	FinishAuthorization(s *Session, req *http.Request) error

	// InvalidateAuthorizations removes any associated data for the given role from the session.
	InvalidateAuthorization(s *Session, r model.Role) error

	// AuthorizedContext returns a Context with authorization information inside.
	AuthorizedContext(s *Session, r model.Role) (context.Context, error)
}

An Authorizer implements an authorization mechanism using a user's session.

Functionality in the Authorizer requires previously authenticated user Sessions.

The general pattern is to use the package level auth.Handle or auth.HandleFunc to wrap your HTTP handler in a middleware that will ensure the user is authorized for the role specified.

Once authorization is complete, the package level function auth.AuthorizedContext can be used inside HTTP handlers to retrieve a Context with necessary token information to access a given resource.

func NewEveAPIAuthorizer ¶

func NewEveAPIAuthorizer(m *model.Manager, api *eveapi.EveAPI, logger log.Logger) Authorizer

NewEveAPIAuthorizer creates a new authenticator using the given API client.

type EveAPIAuthorizer ¶

type EveAPIAuthorizer struct {
	// contains filtered or unexported fields
}

EveAPIAuthorizer is an authentication authenticator using the EVE SSO.

func (*EveAPIAuthorizer) AuthorizedContext ¶

func (p *EveAPIAuthorizer) AuthorizedContext(s *Session, r model.Role) (context.Context, error)

AuthorizedContext creates a context with the authorized token information stored in an authenticated session.

This method will attempt to load the necessary EVE API token for the given role from the user's authenticated session. If that fails, it will fall-back to loading the token from the database.

Once loaded, the EVE API token is refreshed, updated in the database, and a context containing the token information is returned.

func (*EveAPIAuthorizer) BeginAuthorization ¶

func (p *EveAPIAuthorizer) BeginAuthorization(s *Session, r model.Role, w http.ResponseWriter, req *http.Request)

BeginAuthorization starts the authorization process.

The state is a nonce that is stored on the session and verified in the successful authentication request. This method redirects to the OAuth2 endpoint on the EVE SSO site. Once the user logs in, they will be directed to the configured "return_url" which should call FinishAuth.

func (*EveAPIAuthorizer) FinishAuthorization ¶

func (p *EveAPIAuthorizer) FinishAuthorization(s *Session, req *http.Request) error

FinishAuthorization completes the authorization process.

The state is loaded from the session and checked against the request. Once the user logs into EVE SSO, they should be directed to a handler that calls this method.

The access token and refresh token, along with the character ID and name are stored on the session.

func (*EveAPIAuthorizer) InvalidateAuthorization ¶

func (p *EveAPIAuthorizer) InvalidateAuthorization(s *Session, r model.Role) error

type FormLoginAuthenticator ¶

type FormLoginAuthenticator struct {
	// contains filtered or unexported fields
}

FormLoginAuthenticator is an authenticator using database-backed users and form logins.

func (*FormLoginAuthenticator) BeginAuthentication ¶

func (p *FormLoginAuthenticator) BeginAuthentication(s *session.Session, w http.ResponseWriter, req *http.Request)

BeginAuthentication starts the authentication process.

This function generates a CSRF token and redirects the user to the login form.

func (*FormLoginAuthenticator) FinishAuthentication ¶

func (p *FormLoginAuthenticator) FinishAuthentication(s *session.Session, req *http.Request) (*Session, error)

FinishAuthentication completes the authentication process.

This function verifies the submitted information against what is stored in the database. If the verification passes, an authenticated user session is started.

func (*FormLoginAuthenticator) VerifyAuthentication ¶

func (p *FormLoginAuthenticator) VerifyAuthentication(s *session.Session) (*Session, bool)

VerifyAuthentication checks for an existing authentication in the current session.

This function checks the given session for authentication information and a valid user session. If the user session is valid, an authenticated user session is continued.

type Manager ¶

type Manager struct {
	Authenticator
	Authorizer

	Sessions session.Manager
}

A Manager is a wrapper around an Authenticator, Authorizer, and session manager.

func NewManager ¶

func NewManager(authenticator Authenticator, authorizer Authorizer, sessions session.Manager) Manager

NewManager creates a new Manager, ready for use.

type Session ¶

type Session struct {
	*session.Session
	// contains filtered or unexported fields
}

A Session is an authenticated session.

func (*Session) User ¶

func (s *Session) User() User

User returns a normalized, authenticated user for the session.

type User ¶

type User struct {
	*model.User

	CharacterID int // May be 0 indicating character not yet selected.
}

A user is a normalized, authenticated user.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL