Documentation ¶
Overview ¶
Package guard protects application by tokens and basic auth.
Code generated by ./jsonstorage.sh TokenStorage Token Value token_storage.go DO NOT EDIT.
Code generated by ./jsonstorage.sh UserStorage User Name user_storage.go DO NOT EDIT.
Index ¶
- Constants
- Variables
- type ContextKey
- type FileTokenStorage
- type FileUserStorage
- type Guard
- func (g *Guard) Basic(enable bool) *Guard
- func (g *Guard) CreateUserIfNotExists(ctx context.Context, name string, initialPassword string, zones []string) error
- func (g *Guard) Delay(max time.Duration) *Guard
- func (g *Guard) Restrict(handler http.Handler) http.Handler
- func (g *Guard) RestrictNamed(zoneName string, handler http.Handler) http.Handler
- func (g *Guard) Router() *Router
- func (g *Guard) Tokens() TokenStorage
- func (g *Guard) UI() http.Handler
- func (g *Guard) Users() UserStorage
- func (g *Guard) Zones() []string
- type MemoryTokenStorage
- func (mts *MemoryTokenStorage) Delete(_ context.Context, value string) error
- func (mts *MemoryTokenStorage) Get(_ context.Context, value string) (*Token, error)
- func (mts *MemoryTokenStorage) List(_ context.Context) ([]Token, error)
- func (mts *MemoryTokenStorage) Set(_ context.Context, value *Token) error
- type MemoryUserStorage
- type Router
- type Token
- type TokenStorage
- type User
- type UserStorage
Constants ¶
const ( ZoneDefault = "default" ZoneAdmin = "admin" KindToken = "token" KindBasic = "basic" DefaultKind = KindToken AuthQuery = "token" // query parameter for credentials )
const SaltSize = 32 // bytes
const TokenSize = 32 // bytes
const TokenStorageFileSuffix = ".json"
const UserStorageFileSuffix = ".json"
Variables ¶
var ErrTokenInvalid = errors.New("value malformed")
var ErrTokenNotFound = errors.New("not found")
var ErrUserInvalid = errors.New("value malformed")
var ErrUserNotFound = errors.New("not found")
Functions ¶
This section is empty.
Types ¶
type ContextKey ¶
type ContextKey string
const ( KeyToken ContextKey = "token" KeyUser ContextKey = "user" )
type FileTokenStorage ¶
type FileTokenStorage struct { Directory string // contains filtered or unexported fields }
func (*FileTokenStorage) Delete ¶
func (fts *FileTokenStorage) Delete(_ context.Context, value string) error
type FileUserStorage ¶
type FileUserStorage struct { Directory string // contains filtered or unexported fields }
func (*FileUserStorage) Delete ¶
func (fts *FileUserStorage) Delete(_ context.Context, value string) error
type Guard ¶
type Guard struct {
// contains filtered or unexported fields
}
func InMemory ¶
func InMemory() *Guard
InMemory guard with in-memory only storages. All data will be lost after restart.
func New ¶
func New(users UserStorage, tokens TokenStorage) *Guard
func Persistent ¶
Persistent guard with file-based storages.
func (*Guard) Basic ¶
Basic auth request response (ie: www-authenticate) in case of unauthorized (without credentials) request to restricted zone. Useful to show login prompt in browsers. Enabled by default.
func (*Guard) CreateUserIfNotExists ¶
func (g *Guard) CreateUserIfNotExists(ctx context.Context, name string, initialPassword string, zones []string) error
CreateUserIfNotExists creates user if not exists with initial password. Doesn't modify existent user. Thread unsafe.
func (*Guard) Delay ¶
Delay (maximum) for response on invalid login attempt. Will be used random value between 0 and provided duration (exclusive).
func (*Guard) RestrictNamed ¶
RestrictNamed protects handler by requiring authorization for each request.
func (*Guard) Router ¶
Router for requests with named restriction zone. Root requests are not restricted. UI included with restriction to ZoneAdmin on /admin. It's basically wrapper on to of http.ServeMux for convenience.
func (*Guard) Tokens ¶
func (g *Guard) Tokens() TokenStorage
Tokens storage same as defined during creation.
func (*Guard) Users ¶
func (g *Guard) Users() UserStorage
Users storage same as defined during creation.
type MemoryTokenStorage ¶
type MemoryTokenStorage struct {
// contains filtered or unexported fields
}
func (*MemoryTokenStorage) Delete ¶
func (mts *MemoryTokenStorage) Delete(_ context.Context, value string) error
type MemoryUserStorage ¶
type MemoryUserStorage struct {
// contains filtered or unexported fields
}
func (*MemoryUserStorage) Delete ¶
func (mts *MemoryUserStorage) Delete(_ context.Context, value string) error
type Router ¶
func (*Router) Restricted ¶
Restricted is alis to Zone(ZoneDefault).
type Token ¶
type Token struct { Label string `json:"label,omitempty"` // optional human-readable token description. Value string `json:"value"` // unique 256-bit random value for crypto source in HEX. Zones []string `json:"zones,omitempty"` // allowed zones. Empty means that allowed everything. CreatedAt time.Time `json:"created_at"` // creation time ExpiredAt time.Time `json:"expired_at,omitempty"` // optional expiration time }
func TokenFromContext ¶
TokenFromContext returns token saved in the context or nil.
type TokenStorage ¶
type TokenStorage interface { // Get Token by value. Must return ErrTokenNotFound if entity not found. Get(ctx context.Context, value string) (*Token, error) // Set Token indexed by value. Set(ctx context.Context, value *Token) error // List Token. List(ctx context.Context) ([]Token, error) // Delete Token by value. Delete(ctx context.Context, value string) error }
type User ¶
type User struct { Name string `json:"name"` // unique name of user Hash []byte `json:"hash"` // hashed (SHA-512 with salt) password Salt []byte `json:"salt"` // salt from cryptographic random source CreatedAt time.Time `json:"created_at"` // creation time UpdatedAt time.Time `json:"updated_at"` // last modification time Disabled bool `json:"disabled,omitempty"` // disable login Zones []string `json:"zones,omitempty"` // allowed zones. Empty means that allowed everything. }
func UserFromContext ¶
UserFromContext returns user saved in the context or nil.
type UserStorage ¶
type UserStorage interface { // Get User by name. Must return ErrUserNotFound if entity not found. Get(ctx context.Context, name string) (*User, error) // Set User indexed by name. Set(ctx context.Context, value *User) error // List User. List(ctx context.Context) ([]User, error) // Delete User by name. Delete(ctx context.Context, name string) error }