Documentation
¶
Overview ¶
Package message contains gRPC & HTTP-related auth functionality.
Index ¶
Constants ¶
const ( // SignatureHeaderKey is the header name for the signature. SignatureHeaderKey = "x-sidero-signature" // TimestampHeaderKey is the header name for the timestamp. TimestampHeaderKey = "x-sidero-timestamp" // PayloadHeaderKey is the header name for the signed payload. PayloadHeaderKey = "x-sidero-payload" // AuthorizationHeaderKey is Authorization: header name. AuthorizationHeaderKey = "authorization" // BearerPrefix is the prefix for the Authorization: header value. BearerPrefix = "Bearer " )
const ( NodesHeaderKey = "nodes" SelectorsHeaderKey = "selectors" FieldSelectorsHeaderKey = "fieldSelectors" RuntimeHeaderKey = "runtime" ContextHeaderKey = "context" ClusterHeaderKey = "cluster" NamespaceHeaderKey = "namespace" UIDHeaderKey = "uid" )
Well-known metadata keys which should be verified.
Variables ¶
var ErrInvalidSignature = errors.New("invalid signature")
ErrInvalidSignature is returned when a signature is invalid.
var ErrNotFound = errors.New("not found")
ErrNotFound is returned when a metadata header is not found.
Functions ¶
This section is empty.
Types ¶
type GRPC ¶
GRPC represents a gRPC message.
func (*GRPC) VerifyJWT ¶
VerifyJWT verifies the JWT token on the message and returns the verified claims.
func (*GRPC) VerifySignature ¶
func (m *GRPC) VerifySignature(verifier SignatureVerifier) error
VerifySignature verifies the signature of the message. It includes the verifications for the timestamp and the payload.
type GRPCPayload ¶
type GRPCPayload struct {
Headers map[string][]string `json:"headers,omitempty"`
Method string `json:"method"`
// contains filtered or unexported fields
}
GRPCPayload represents the payload to be signed.
Its JSON representation is added to the GRPC metadata. On signature verification, the signature is verified against the JSON representation of the payload. The payload itself is verified against the actual GRPC message.
func BuildGRPCPayload ¶
func BuildGRPCPayload(md metadata.MD, method string) *GRPCPayload
BuildGRPCPayload builds the payload based on the request metadata.
This method is used in the signing flow.
func ParseGRPCPayload ¶
func ParseGRPCPayload(payloadJSON []byte) (*GRPCPayload, error)
ParseGRPCPayload parses the header value.
This method is used in the verification flow.
func (*GRPCPayload) JSON ¶
func (p *GRPCPayload) JSON() ([]byte, error)
JSON returns the original JSON representation of the payload.
This method is only valid after ParseGRPCPayload.
type HTTP ¶
type HTTP struct {
// contains filtered or unexported fields
}
HTTP represents a gRPC message.
func (*HTTP) VerifySignature ¶
func (m *HTTP) VerifySignature(verifier SignatureVerifier) error
VerifySignature verifies the signature of the message. It includes the verifications for the timestamp and the payload.
type Option ¶ added in v0.3.9
type Option func(*Options)
Option is a function that configures Options.
func WithSignatureRequiredCheck ¶ added in v0.3.9
func WithSignatureRequiredCheck(f SignatureRequiredCheckFunc) Option
WithSignatureRequiredCheck sets the function to check if a signature is required.
type Options ¶ added in v0.3.9
type Options struct {
SignatureRequiredCheck SignatureRequiredCheckFunc
}
Options contains configuration options for message processing.
type SignatureRequiredCheckFunc ¶ added in v0.3.9
SignatureRequiredCheckFunc is a function that checks if a signature is required for the message.
type SignatureVerifier ¶
SignatureVerifier is a verifier of a GRPC request signature, e.g. a PGP public key.
type SignatureVersion ¶
type SignatureVersion string
SignatureVersion represents the version of the signature in GRPC metadata.
const SignatureVersionV1 SignatureVersion = "siderov1"
SignatureVersionV1 is the signature version v1.
Source Files