Documentation

Overview

    * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io> * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * @author Aeneas Rekkas <aeneas+oss@aeneas.io> * @copyright 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io> * @license Apache-2.0 *

    Index

    Constants

    View Source
    const (
    	OpenIDConnectKeyName = "hydra.openid.id-token"
    	OAuth2JWTKeyName     = "hydra.jwt.access-token"
    )

    Variables

    View Source
    var (
    	ErrNotFound = &fosite.RFC6749Error{
    		CodeField:        http.StatusNotFound,
    		ErrorField:       http.StatusText(http.StatusNotFound),
    		DescriptionField: "Unable to located the requested resource",
    	}
    	ErrConflict = &fosite.RFC6749Error{
    		CodeField:        http.StatusConflict,
    		ErrorField:       http.StatusText(http.StatusConflict),
    		DescriptionField: "Unable to process the requested resource because of conflict in the current state",
    	}
    )

    Functions

    func AddressIsUnixSocket

    func AddressIsUnixSocket(address string) bool

    func BasicAuth

    func BasicAuth(username, password string) string

    func CleanSQL

    func CleanSQL(t *testing.T, db *sqlx.DB)

    func CleanSQLPop

    func CleanSQLPop(t *testing.T, c *pop.Connection)

    func ErrorEnhancer

    func ErrorEnhancer(r *http.Request, err error) interface{}

    func FositeStore

    func FositeStore() *storage.MemoryStore

    func GenerateSecret

    func GenerateSecret(length int) ([]byte, error)

    func HashByteSecret

    func HashByteSecret(secret []byte) []byte

      HashByteSecret hashes the secret for consumption by the AEAD encryption algorithm which expects exactly 32 bytes.

      The system secret is being hashed to always match exactly the 32 bytes required by AEAD, even if the secret is long or shorter.

      func HashStringSecret

      func HashStringSecret(secret string) []byte

        HashStringSecret hashes the secret for consumption by the AEAD encryption algorithm which expects exactly 32 bytes.

        The system secret is being hashed to always match exactly the 32 bytes required by AEAD, even if the secret is long or shorter.

        func IsRedirectURISecure

        func IsRedirectURISecure(rc redirectConfiguration) func(redirectURI *url.URL) bool

        func LogAudit

        func LogAudit(r *http.Request, message interface{}, logger *logrusx.Logger)

        func LogError

        func LogError(r *http.Request, err error, logger *logrusx.Logger)

        func MatchesRange

        func MatchesRange(r *http.Request, ranges []string) error

        func RejectInsecureRequests

        func RejectInsecureRequests(reg tlsRegistry, c tlsConfig) negroni.HandlerFunc

        Types

        type BCrypt

        type BCrypt struct {
        	// contains filtered or unexported fields
        }

          BCrypt implements a BCrypt hasher.

          func NewBCrypt

          func NewBCrypt(c config) *BCrypt

            NewBCrypt returns a new BCrypt instance.

            func (*BCrypt) Compare

            func (b *BCrypt) Compare(ctx context.Context, hash, data []byte) error

            func (*BCrypt) Hash

            func (b *BCrypt) Hash(ctx context.Context, data []byte) ([]byte, error)

            type FositeStorer

            type FositeStorer interface {
            	fosite.Storage
            	oauth2.CoreStorage
            	openid.OpenIDConnectRequestStorage
            	pkce.PKCERequestStorage
            
            	RevokeRefreshToken(ctx context.Context, requestID string) error
            
            	RevokeAccessToken(ctx context.Context, requestID string) error
            
            	FlushInactiveAccessTokens(ctx context.Context, notAfter time.Time) error
            
            	DeleteAccessTokens(ctx context.Context, clientID string) error
            }

            type JSONWebKey

            type JSONWebKey struct {
            	// Use ("public key use") identifies the intended use of
            	// the public key. The "use" parameter is employed to indicate whether
            	// a public key is used for encrypting data or verifying the signature
            	// on data. Values are commonly "sig" (signature) or "enc" (encryption).
            	//
            	// required: true
            	// example: sig
            	Use string `json:"use,omitempty"`
            
            	// The "kty" (key type) parameter identifies the cryptographic algorithm
            	// family used with the key, such as "RSA" or "EC". "kty" values should
            	// either be registered in the IANA "JSON Web Key Types" registry
            	// established by [JWA] or be a value that contains a Collision-
            	// Resistant Name.  The "kty" value is a case-sensitive string.
            	//
            	// required: true
            	// example: RSA
            	Kty string `json:"kty,omitempty"`
            
            	// The "kid" (key ID) parameter is used to match a specific key.  This
            	// is used, for instance, to choose among a set of keys within a JWK Set
            	// during key rollover.  The structure of the "kid" value is
            	// unspecified.  When "kid" values are used within a JWK Set, different
            	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
            	// example in which different keys might use the same "kid" value is if
            	// they have different "kty" (key type) values but are considered to be
            	// equivalent alternatives by the application using them.)  The "kid"
            	// value is a case-sensitive string.
            	//
            	// required: true
            	// example: 1603dfe0af8f4596
            	Kid string `json:"kid,omitempty"`
            
            	//  The "alg" (algorithm) parameter identifies the algorithm intended for
            	// use with the key.  The values used should either be registered in the
            	// IANA "JSON Web Signature and Encryption Algorithms" registry
            	// established by [JWA] or be a value that contains a Collision-
            	// Resistant Name.
            	//
            	// required: true
            	// example: RS256
            	Alg string `json:"alg,omitempty"`
            
            	// The "x5c" (X.509 certificate chain) parameter contains a chain of one
            	// or more PKIX certificates [RFC5280].  The certificate chain is
            	// represented as a JSON array of certificate value strings.  Each
            	// string in the array is a base64-encoded (Section 4 of [RFC4648] --
            	// not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
            	// The PKIX certificate containing the key value MUST be the first
            	// certificate.
            	X5c []string `json:"x5c,omitempty"`
            
            	// example: vTqrxUyQPl_20aqf5kXHwDZrel-KovIp8s7ewJod2EXHl8tWlRB3_Rem34KwBfqlKQGp1nqah-51H4Jzruqe0cFP58hPEIt6WqrvnmJCXxnNuIB53iX_uUUXXHDHBeaPCSRoNJzNysjoJ30TIUsKBiirhBa7f235PXbKiHducLevV6PcKxJ5cY8zO286qJLBWSPm-OIevwqsIsSIH44Qtm9sioFikhkbLwoqwWORGAY0nl6XvVOlhADdLjBSqSAeT1FPuCDCnXwzCDR8N9IFB_IjdStFkC-rVt2K5BYfPd0c3yFp_vHR15eRd0zJ8XQ7woBC8Vnsac6Et1pKS59pX6256DPWu8UDdEOolKAPgcd_g2NpA76cAaF_jcT80j9KrEzw8Tv0nJBGesuCjPNjGs_KzdkWTUXt23Hn9QJsdc1MZuaW0iqXBepHYfYoqNelzVte117t4BwVp0kUM6we0IqyXClaZgOI8S-WDBw2_Ovdm8e5NmhYAblEVoygcX8Y46oH6bKiaCQfKCFDMcRgChme7AoE1yZZYsPbaG_3IjPrC4LBMHQw8rM9dWjJ8ImjicvZ1pAm0dx-KHCP3y5PVKrxBDf1zSOsBRkOSjB8TPODnJMz6-jd5hTtZxpZPwPoIdCanTZ3ZD6uRBpTmDwtpRGm63UQs1m5FWPwb0T2IF0
            	N string `json:"n,omitempty"`
            
            	// example: AQAB
            	E string `json:"e,omitempty"`
            
            	// example: T_N8I-6He3M8a7X1vWt6TGIx4xB_GP3Mb4SsZSA4v-orvJzzRiQhLlRR81naWYxfQAYt5isDI6_C2L9bdWo4FFPjGQFvNoRX-_sBJyBI_rl-TBgsZYoUlAj3J92WmY2inbA-PwyJfsaIIDceYBC-eX-xiCu6qMqkZi3MwQAFL6bMdPEM0z4JBcwFT3VdiWAIRUuACWQwrXMq672x7fMuaIaHi7XDGgt1ith23CLfaREmJku9PQcchbt_uEY-hqrFY6ntTtS4paWWQj86xLL94S-Tf6v6xkL918PfLSOTq6XCzxvlFwzBJqApnAhbwqLjpPhgUG04EDRrqrSBc5Y1BLevn6Ip5h1AhessBp3wLkQgz_roeckt-ybvzKTjESMuagnpqLvOT7Y9veIug2MwPJZI2VjczRc1vzMs25XrFQ8DpUy-bNdp89TmvAXwctUMiJdgHloJw23Cv03gIUAkDnsTqZmkpbIf-crpgNKFmQP_EDKoe8p_PXZZgfbRri3NoEVGP7Mk6yEu8LjJhClhZaBNjuWw2-KlBfOA3g79mhfBnkInee5KO9mGR50qPk1V-MorUYNTFMZIm0kFE6eYVWFBwJHLKYhHU34DoiK1VP-svZpC2uAMFNA_UJEwM9CQ2b8qe4-5e9aywMvwcuArRkAB5mBIfOaOJao3mfukKAE
            	D string `json:"d,omitempty"`
            
            	// example: 6NbkXwDWUhi-eR55Cgbf27FkQDDWIamOaDr0rj1q0f1fFEz1W5A_09YvG09Fiv1AO2-D8Rl8gS1Vkz2i0zCSqnyy8A025XOcRviOMK7nIxE4OH_PEsko8dtIrb3TmE2hUXvCkmzw9EsTF1LQBOGC6iusLTXepIC1x9ukCKFZQvdgtEObQ5kzd9Nhq-cdqmSeMVLoxPLd1blviVT9Vm8-y12CtYpeJHOaIDtVPLlBhJiBoPKWg3vxSm4XxIliNOefqegIlsmTIa3MpS6WWlCK3yHhat0Q-rRxDxdyiVdG_wzJvp0Iw_2wms7pe-PgNPYvUWH9JphWP5K38YqEBiJFXQ
            	P string `json:"p,omitempty"`
            
            	// example: 0A1FmpOWR91_RAWpqreWSavNaZb9nXeKiBo0DQGBz32DbqKqQ8S4aBJmbRhJcctjCLjain-ivut477tAUMmzJwVJDDq2MZFwC9Q-4VYZmFU4HJityQuSzHYe64RjN-E_NQ02TWhG3QGW6roq6c57c99rrUsETwJJiwS8M5p15Miuz53DaOjv-uqqFAFfywN5WkxHbraBcjHtMiQuyQbQqkCFh-oanHkwYNeytsNhTu2mQmwR5DR2roZ2nPiFjC6nsdk-A7E3S3wMzYYFw7jvbWWoYWo9vB40_MY2Y0FYQSqcDzcBIcq_0tnnasf3VW4Fdx6m80RzOb2Fsnln7vKXAQ
            	Q string `json:"q,omitempty"`
            
            	// example: P-256
            	Crv string `json:"crv,omitempty"`
            
            	// example: G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0
            	Dp string `json:"dp,omitempty"`
            
            	// example: s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk
            	Dq string `json:"dq,omitempty"`
            
            	// example: GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU
            	Qi string `json:"qi,omitempty"`
            
            	// example: GawgguFyGrWKav7AX4VKUg
            	K string `json:"k,omitempty"`
            
            	// example: f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU
            	X string `json:"x,omitempty"`
            
            	// example: x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0
            	Y string `json:"y,omitempty"`
            }

              It is important that this model object is named JSONWebKey for "swagger generate spec" to generate only on definition of a JSONWebKey.

              swagger:model JSONWebKey

              type JoseJSONWebKeySet

              type JoseJSONWebKeySet struct {
              	// swagger:ignore
              	*jose.JSONWebKeySet
              }

                swagger:type JSONWebKeySet

                func (*JoseJSONWebKeySet) Scan

                func (n *JoseJSONWebKeySet) Scan(value interface{}) error

                func (*JoseJSONWebKeySet) Value

                func (n *JoseJSONWebKeySet) Value() (driver.Value, error)

                type RegistryCookieStore

                type RegistryCookieStore interface {
                	CookieStore() sessions.Store
                }

                type RegistryLogger

                type RegistryLogger interface {
                	Logger() *logrusx.Logger
                	AuditLogger() *logrusx.Logger
                }

                type RegistryWriter

                type RegistryWriter interface {
                	Writer() herodot.Writer
                }

                type RouterAdmin

                type RouterAdmin struct {
                	*httprouter.Router
                }

                func NewRouterAdmin

                func NewRouterAdmin() *RouterAdmin

                func (*RouterAdmin) RouterPublic

                func (r *RouterAdmin) RouterPublic() *RouterPublic

                type RouterPublic

                type RouterPublic struct {
                	*httprouter.Router
                }

                func NewRouterPublic

                func NewRouterPublic() *RouterPublic

                func (*RouterPublic) RouterAdmin

                func (r *RouterPublic) RouterAdmin() *RouterAdmin

                Directories

                Path Synopsis