authplugins

Documentation

Index

• Variables
• func GetBody(r *http.Request) ([]byte, error)
• func Logger() *slog.Logger
• func ParseParams[T any](m map[string]interface{}) (*T, error)
• func RegisterIncoming(p IncomingAuthPlugin)
• func RegisterOutgoing(p OutgoingAuthPlugin)
• func SetBody(r *http.Request, b []byte) error
• func SetLogger(l *slog.Logger) *slog.Logger
• type AuthStripper
• type Identifier
• type IncomingAuthPlugin
  • func GetIncoming(name string) IncomingAuthPlugin
• type OutgoingAuthPlugin
  • func GetOutgoing(name string) OutgoingAuthPlugin

Variables

var ErrBodyTooLarge = errors.New("body too large")

ErrBodyTooLarge is returned when a request body exceeds MaxBodySize.

var MaxBodySize int64 = 10 << 20 // 10MB

MaxBodySize limits how many bytes GetBody will read. Applications may override this value to enforce a custom limit. A value of zero or negative disables the limit entirely.

Functions

func GetBody

func GetBody(r *http.Request) ([]byte, error)

func Logger

func Logger() *slog.Logger

Logger returns the logger used by auth plugins.

func ParseParams

func ParseParams[T any](m map[string]interface{}) (*T, error)

ParseParams decodes the map into the provided struct type while disallowing unknown fields. The returned struct pointer will contain the parsed configuration.

func RegisterIncoming

func RegisterIncoming(p IncomingAuthPlugin)

RegisterIncoming registers an incoming auth plugin.

func RegisterOutgoing

func RegisterOutgoing(p OutgoingAuthPlugin)

RegisterOutgoing registers an outgoing auth plugin.

func SetBody

func SetBody(r *http.Request, b []byte) error

SetBody replaces the request body and updates the cached body bytes used by GetBody.

func SetLogger

func SetLogger(l *slog.Logger) *slog.Logger

SetLogger sets the logger used by auth plugins and returns the previous one.

Types

type AuthStripper

type AuthStripper interface {
	StripAuth(r *http.Request, params interface{})
}

AuthStripper is optionally implemented by incoming auth plugins that wish to remove authentication data from the request after it has been verified. The proxy calls this after calling Identify.

type Identifier

type Identifier interface {
	Identify(r *http.Request, params interface{}) (string, bool)
}

Identifier is implemented by incoming auth plugins that can derive a caller identifier from the request. The identifier is used by allowlist checks.

type IncomingAuthPlugin

type IncomingAuthPlugin interface {
	Name() string
	ParseParams(map[string]interface{}) (interface{}, error)
	Authenticate(ctx context.Context, r *http.Request, params interface{}) bool
	RequiredParams() []string
	OptionalParams() []string
}

IncomingAuthPlugin processes authentication from incoming callers. ParseParams should validate and convert the raw parameter map into a plugin-specific configuration struct.

func GetIncoming

func GetIncoming(name string) IncomingAuthPlugin

GetIncoming retrieves an incoming auth plugin by name.

type OutgoingAuthPlugin

type OutgoingAuthPlugin interface {
	Name() string
	ParseParams(map[string]interface{}) (interface{}, error)
	AddAuth(ctx context.Context, r *http.Request, params interface{}) error
	RequiredParams() []string
	OptionalParams() []string
}

OutgoingAuthPlugin applies authentication to outbound requests.

func GetOutgoing

func GetOutgoing(name string) OutgoingAuthPlugin

GetOutgoing retrieves an outgoing auth plugin by name.