proxy

package
v1.0.0-beta.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2018 License: Apache-2.0 Imports: 27 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrAuthenticatorBypassed = errors.New("Authenticator is disabled")
View Source 
var ErrAuthenticatorNotResponsible = errors.New("Authenticator not responsible")

Functions

func NewSimpleResponseWriter 

func NewSimpleResponseWriter() *simpleResponseWriter

Types

type AuthenticationSession 

type AuthenticationSession struct {
	Subject string
	Extra   map[string]interface{}
}

type Authenticator 

type Authenticator interface {
	Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)
	GetID() string
}

type AuthenticatorAnonymous 

type AuthenticatorAnonymous struct {
	AnonymousIdentifier string
}

func NewAuthenticatorAnonymous 

func NewAuthenticatorAnonymous(anonymousIdentifier string) *AuthenticatorAnonymous

func (*AuthenticatorAnonymous) Authenticate 

func (a *AuthenticatorAnonymous) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorAnonymous) GetID 

func (a *AuthenticatorAnonymous) GetID() string

type AuthenticatorBroken 

type AuthenticatorBroken struct{}

func NewAuthenticatorBroken 

func NewAuthenticatorBroken() *AuthenticatorBroken

func (*AuthenticatorBroken) Authenticate 

func (a *AuthenticatorBroken) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorBroken) GetID 

func (a *AuthenticatorBroken) GetID() string

type AuthenticatorNoOp 

type AuthenticatorNoOp struct{}

func NewAuthenticatorNoOp 

func NewAuthenticatorNoOp() *AuthenticatorNoOp

func (*AuthenticatorNoOp) Authenticate 

func (a *AuthenticatorNoOp) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorNoOp) GetID 

func (a *AuthenticatorNoOp) GetID() string

type AuthenticatorOAuth2ClientCredentials 

type AuthenticatorOAuth2ClientCredentials struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorOAuth2ClientCredentials 

func NewAuthenticatorOAuth2ClientCredentials(tokenURL string) *AuthenticatorOAuth2ClientCredentials

func (*AuthenticatorOAuth2ClientCredentials) Authenticate 

func (a *AuthenticatorOAuth2ClientCredentials) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorOAuth2ClientCredentials) GetID 

func (a *AuthenticatorOAuth2ClientCredentials) GetID() string

type AuthenticatorOAuth2Configuration 

type AuthenticatorOAuth2Configuration struct {
	// Scopes is an array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this rule.
	// If the token used in the Authorization header did not request that specific scope, the request is denied.
	Scopes []string `json:"required_scope"`
}

type AuthenticatorOAuth2Introspection 

type AuthenticatorOAuth2Introspection struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorOAuth2Introspection 

func NewAuthenticatorOAuth2Introspection(clientID, clientSecret, tokenURL, introspectionURL string, scopes []string, strategy fosite.ScopeStrategy) *AuthenticatorOAuth2Introspection

func (*AuthenticatorOAuth2Introspection) Authenticate 

func (a *AuthenticatorOAuth2Introspection) Authenticate(r *http.Request, config json.RawMessage, rl *rule.Rule) (*AuthenticationSession, error)

func (*AuthenticatorOAuth2Introspection) GetID 

func (a *AuthenticatorOAuth2Introspection) GetID() string

type AuthenticatorOAuth2IntrospectionConfiguration 

type AuthenticatorOAuth2IntrospectionConfiguration struct {
	// An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.
	// If the token used in the Authorization header did not request that specific scope, the request is denied.
	Scopes []string `json:"required_scope"`

	// An array of audiences that are required when accessing an endpoint protected by this handler.
	// If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.
	Audience []string `json:"target_audience"`

	// The token must have been issued by one of the issuers listed in this array.
	Issuers []string `json:"trusted_issuers"`
}

type Authorizer 

type Authorizer interface {
	Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
	GetID() string
}

type AuthorizerAllow 

type AuthorizerAllow struct{}

func NewAuthorizerAllow 

func NewAuthorizerAllow() *AuthorizerAllow

func (*AuthorizerAllow) Authorize 

func (a *AuthorizerAllow) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

func (*AuthorizerAllow) GetID 

func (a *AuthorizerAllow) GetID() string

type AuthorizerDeny 

type AuthorizerDeny struct{}

func NewAuthorizerDeny 

func NewAuthorizerDeny() *AuthorizerDeny

func (*AuthorizerDeny) Authorize 

func (a *AuthorizerDeny) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

func (*AuthorizerDeny) GetID 

func (a *AuthorizerDeny) GetID() string

type AuthorizerKetoWarden 

type AuthorizerKetoWarden struct {
	K keto.WardenSDK
	// contains filtered or unexported fields
}

func NewAuthorizerKetoWarden 

func NewAuthorizerKetoWarden(k keto.WardenSDK) *AuthorizerKetoWarden

func (*AuthorizerKetoWarden) Authorize 

func (a *AuthorizerKetoWarden) Authorize(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

func (*AuthorizerKetoWarden) GetID 

func (a *AuthorizerKetoWarden) GetID() string

type AuthorizerKetoWardenConfiguration 

type AuthorizerKetoWardenConfiguration struct {
	RequiredAction   string `json:"required_action" valid:",required"`
	RequiredResource string `json:"required_resource" valid:",required"`
}

type Claims 

type Claims struct {
	Audience  []string `json:"aud,omitempty"`
	ExpiresAt int64    `json:"exp,omitempty"`
	Id        string   `json:"jti,omitempty"`
	IssuedAt  int64    `json:"iat,omitempty"`
	Issuer    string   `json:"iss,omitempty"`
	NotBefore int64    `json:"nbf,omitempty"`
	Subject   string   `json:"sub,omitempty"`
}

func (*Claims) Valid 

func (c *Claims) Valid() error

type CredentialsIDToken 

type CredentialsIDToken struct {
	// contains filtered or unexported fields
}

func NewCredentialsIssuerIDToken 

func NewCredentialsIssuerIDToken(
	k rsakey.Manager,
	l logrus.FieldLogger,
	lifetime time.Duration,
	issuer string,
) *CredentialsIDToken

func (*CredentialsIDToken) GetID 

func (a *CredentialsIDToken) GetID() string

func (*CredentialsIDToken) Issue 

func (a *CredentialsIDToken) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

type CredentialsIDTokenConfig 

type CredentialsIDTokenConfig struct {
	Audience []string `json:"aud"`
}

type CredentialsIssuer 

type CredentialsIssuer interface {
	Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error
	GetID() string
}

type CredentialsIssuerBroken 

type CredentialsIssuerBroken struct{}

func NewCredentialsIssuerBroken 

func NewCredentialsIssuerBroken() *CredentialsIssuerBroken

func (*CredentialsIssuerBroken) GetID 

func (a *CredentialsIssuerBroken) GetID() string

func (*CredentialsIssuerBroken) Issue 

func (a *CredentialsIssuerBroken) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

type CredentialsIssuerNoOp 

type CredentialsIssuerNoOp struct{}

func NewCredentialsIssuerNoOp 

func NewCredentialsIssuerNoOp() *CredentialsIssuerNoOp

func (*CredentialsIssuerNoOp) GetID 

func (a *CredentialsIssuerNoOp) GetID() string

func (*CredentialsIssuerNoOp) Issue 

func (a *CredentialsIssuerNoOp) Issue(r *http.Request, session *AuthenticationSession, config json.RawMessage, rl *rule.Rule) error

type MockWardenSDK 

type MockWardenSDK struct {
	// contains filtered or unexported fields
}

Mock of WardenSDK interface

func NewMockWardenSDK 

func NewMockWardenSDK(ctrl *gomock.Controller) *MockWardenSDK

func (*MockWardenSDK) EXPECT 

func (_m *MockWardenSDK) EXPECT() *_MockWardenSDKRecorder

func (*MockWardenSDK) IsOAuth2AccessTokenAuthorized 

func (_m *MockWardenSDK) IsOAuth2AccessTokenAuthorized(body swagger.WardenOAuth2AccessTokenAuthorizationRequest) (*swagger.WardenOAuth2AccessTokenAuthorizationResponse, *swagger.APIResponse, error)

func (*MockWardenSDK) IsOAuth2ClientAuthorized 

func (_m *MockWardenSDK) IsOAuth2ClientAuthorized(body swagger.WardenOAuth2ClientAuthorizationRequest) (*swagger.WardenOAuth2ClientAuthorizationResponse, *swagger.APIResponse, error)

func (*MockWardenSDK) IsSubjectAuthorized 

func (_m *MockWardenSDK) IsSubjectAuthorized(body swagger.WardenSubjectAuthorizationRequest) (*swagger.WardenSubjectAuthorizationResponse, *swagger.APIResponse, error)

type MockauthenticatorOAuth2IntrospectionHelper 

type MockauthenticatorOAuth2IntrospectionHelper struct {
	// contains filtered or unexported fields
}

Mock of authenticatorOAuth2IntrospectionHelper interface

func NewMockauthenticatorOAuth2IntrospectionHelper 

func NewMockauthenticatorOAuth2IntrospectionHelper(ctrl *gomock.Controller) *MockauthenticatorOAuth2IntrospectionHelper

func (*MockauthenticatorOAuth2IntrospectionHelper) EXPECT 

func (_m *MockauthenticatorOAuth2IntrospectionHelper) EXPECT() *_MockauthenticatorOAuth2IntrospectionHelperRecorder

func (*MockauthenticatorOAuth2IntrospectionHelper) Introspect 

func (_m *MockauthenticatorOAuth2IntrospectionHelper) Introspect(token string, scopes []string, strategy fosite.ScopeStrategy) (*authentication.IntrospectionResponse, error)

type Proxy 

type Proxy struct {
	Logger         logrus.FieldLogger
	RequestHandler *RequestHandler
	KeyManager     rsakey.Manager
	Matcher        rule.Matcher
	H              herodot.Writer
}

func NewProxy 

func NewProxy(handler *RequestHandler, logger logrus.FieldLogger, matcher rule.Matcher) *Proxy

func (*Proxy) Director 

func (d *Proxy) Director(r *http.Request)

func (*Proxy) RoundTrip 

func (d *Proxy) RoundTrip(r *http.Request) (*http.Response, error)

type RequestHandler 

type RequestHandler struct {
	Logger                 logrus.FieldLogger
	AuthorizationHandlers  map[string]Authorizer
	AuthenticationHandlers map[string]Authenticator
	CredentialIssuers      map[string]CredentialsIssuer
	Issuer                 string
}

func NewRequestHandler 

func NewRequestHandler(
	l logrus.FieldLogger,
	authenticationHandlers []Authenticator,
	authorizationHandlers []Authorizer,
	credentialIssuers []CredentialsIssuer,
) *RequestHandler

func (*RequestHandler) HandleRequest 

func (d *RequestHandler) HandleRequest(r *http.Request, rl *rule.Rule) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.