service

package
v0.0.0-...-b3f3fbb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 2, 2015 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Authentication/authorization

Package service provides functionality to support all services

Index

Constants

View Source 
const (
	// ContextVarAuthKey is the name of the key under which the auth container
	// will be stored in request contexts
	ContextVarAuthKey = "Auth"
)
View Source 
const (
	// MaxMsgSize is the maximum size the (encoded) content of an Authorization container
	// can have
	MaxMsgSize = 4096
)

Variables

View Source 
var (
	ErrDecrypt       = errors.New("error decrypting container")
	ErrMsgSize       = errors.New("message too big")
	ErrInvalidKey    = errors.New("invalid key")
	ErrNoKeys        = errors.New("no keys in keychain")
	ErrNoMatchingKey = errors.New("no matching key for signature")
)
View Source 
var (
	ErrTimedOut = errors.New("http Write: already timed out")
)
View Source 
var ReadOnly = dbRequestReadOnly(true)

ReadOnly is a possible parameter for the ctx.xDB() methods. If this parameter is passed to the methods, they will attempt to return the read-only database connection

Functions

func ClearRequestContext 

func ClearRequestContext(r *http.Request)

ClearRequestContext removes the associated context for the given request

func IsAuthentic 

func IsAuthentic(msg Signed, key []byte) (bool, error)

IsAuthentic returns true if the signed message has a correct signature for the given key

func RequestContext 

func RequestContext(r *http.Request) context.Context

RequestContext returns a request associated with the given request

func RequestContextAuth 

func RequestContextAuth(r *http.Request) map[string]interface{}

RequestAuthUserKey returns a request associated with the given request

func SetRequestContext 

func SetRequestContext(r *http.Request, ctx *Context)

SetRequestContext sets a new context for a request

func SetRequestContextVar 

func SetRequestContextVar(r *http.Request, key, value interface{})

SetRequestContextVar associates a var with a request context

func Sign 

func Sign(msg Signable, key []byte) ([]byte, error)

Sign signs a signable message with the given key and returns the signature

func TimeoutHandler 

func TimeoutHandler(logFunc func(msg string, ctx ...interface{}), d time.Duration, h http.Handler) http.Handler

Types

type Authorization 

type Authorization struct {
	Payload map[string]interface{}
	H       func() hash.Hash
	// contains filtered or unexported fields
}

Authorization is a container which can hold arbitrary authorization data, can be encrypted and signed and safely passed between services. As long as those share the same keychain, they are able to access the encrypted data.

func NewAuthorization 

func NewAuthorization(h func() hash.Hash) *Authorization

NewAuthorization creates a new authorization container with the given Hash function for signing and key derivation

func (*Authorization) Decode 

func (a *Authorization) Decode(key []byte) error

/ Decode decodes a container after it was read using the ReadFrom() method

func (*Authorization) Encode 

func (a *Authorization) Encode(key []byte) error

Encode encodes the message, encrypting its contents and signing it with the given key

Encode() must be called prior to writing it using the WriteTo() method, otherwise secret data might be written to the Writer

func (*Authorization) Expires 

func (a *Authorization) Expires(t time.Time)

Expires sets the expiry time

func (*Authorization) Expiry 

func (a *Authorization) Expiry() time.Time

Expiry returns the expiry time

func (*Authorization) HashFunc 

func (a *Authorization) HashFunc() func() hash.Hash

HashFunc implementing the Signable interface

func (*Authorization) Message 

func (a *Authorization) Message() ([]byte, error)

Message implementing the Signable interface

func (*Authorization) ReadFrom 

func (a *Authorization) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads a serialized authorization container from the given reader

After the container is read, it should be decoded using the Decode() method

func (*Authorization) Serialized 

func (a *Authorization) Serialized() (string, error)

func (*Authorization) Signature 

func (a *Authorization) Signature() ([]byte, error)

Signature implementing the Signed interface

func (*Authorization) WriteTo 

func (a *Authorization) WriteTo(w io.Writer) (int64, error)

WriteTo writes the serialized authorization container to the given writer

Prior to writing the container to a writer, it must be encoded using the Encode() method

type Context 

type Context struct {
	context.Context
	// contains filtered or unexported fields
}

Context is a custom context which is used by the service pkg

func NewContext 

func NewContext(ctx context.Context, cfg config.Config, log log15.Logger) (*Context, error)

NewContext creates a new service context for use in the service pkg

func (*Context) APIKeychain 

func (ctx *Context) APIKeychain() *Keychain

Keychain returns the authorization container keychain associated with the context

func (*Context) Config 

func (ctx *Context) Config() *config.Config

Config returns the config.Config associated with the context

func (*Context) Log 

func (ctx *Context) Log() log15.Logger

Log returns the log15.Logger associated with the context

func (*Context) PaymentDB 

func (ctx *Context) PaymentDB(ros ...dbRequestReadOnly) *sql.DB

PaymentDB returns the *sql.DB for the payment DB If the parameter(s) contain a service.ReadOnly, the read-only connection will be returned if present

func (*Context) PrincipalDB 

func (ctx *Context) PrincipalDB(ros ...dbRequestReadOnly) *sql.DB

PrincipalDB returns the *sql.DB for the principal DB If the parameter(s) contain a service.ReadOnly, the read-only connection will be returned if present

func (*Context) RateLimitHandler 

func (ctx *Context) RateLimitHandler(parent http.Handler) http.Handler

RateLimitHandler wraps the given handler with a context-wide rate limit

The capacity of the ctx.rateLimit buffered channel determines the maximum amount of concurrent requests on this context.

func (*Context) SetPaymentDB 

func (ctx *Context) SetPaymentDB(w, ro *sql.DB)

SetPaymentDB sets the payment DB connection(s) It will panic if the write connection is nil

func (*Context) SetPrincipalDB 

func (ctx *Context) SetPrincipalDB(w, ro *sql.DB)

SetPrincipalDB sets the principal DB connection(s) It will panic if the write connection is nil

func (*Context) Value 

func (ctx *Context) Value(key interface{}) interface{}

Value wraps the Context.Value

func (*Context) WebKeychain 

func (ctx *Context) WebKeychain() *Keychain

func (*Context) WithValue 

func (ctx *Context) WithValue(key, value interface{}) *Context

SetValue creates a new service context with the given value

type Keychain 

type Keychain struct {
	// contains filtered or unexported fields
}

Keychain stores (and rotates) keys for authorization container encryption

func NewKeychain 

func NewKeychain() *Keychain

NewKeychain creates an empty keychain

func (*Keychain) AddBinKey 

func (k *Keychain) AddBinKey(key []byte)

AddBinKey adds a binary key to the keychain

func (*Keychain) AddKey 

func (k *Keychain) AddKey(newKey string) error

AddKey adds a (hex-encoded) key to the keychain

func (*Keychain) BinKey 

func (k *Keychain) BinKey() ([]byte, error)

BinKey returns a binary key from the keychain which can be used to encrypt authorization containers

func (*Keychain) GenerateKey 

func (k *Keychain) GenerateKey() ([]byte, error)

GenerateKey generates a random key, adds it to the keychain and returns the generated key

func (*Keychain) Key 

func (k *Keychain) Key() (string, error)

Key returns a hex-encoded key from the keychain which can be used to encrypt authorization containers

func (*Keychain) KeyCount 

func (k *Keychain) KeyCount() int

KeyCount returns the number of keys in the keychain

func (*Keychain) MatchKey 

func (k *Keychain) MatchKey(s Signed) ([]byte, error)

MatchKey returns the key which was used to sign the Signed If no such key is in the keychain, it will return ErrNoMatchingKey

type Signable 

type Signable interface {
	Message() ([]byte, error)
	HashFunc() func() hash.Hash
}

Signable is a type which can be signed

type Signed 

type Signed interface {
	Signable
	Signature() ([]byte, error)
}

Signed is a type which has been signed The signature can be authenticated using the Signable interface and recreating the signature

Source Files

View all Source files

Directories

Path Synopsis
api
Package api provides the API service It includes the HTTP Handler to serve the paymentd API
 Package api provides the API service It includes the HTTP Handler to serve the paymentd API
v1
Package v1 provides API functionality for the version: 1.x
 Package v1 provides API functionality for the version: 1.x
Package payment provides the payment service This service handles all payment related business logic
 Package payment provides the payment service This service handles all payment related business logic
notification
Package notification provides notification (or callback) related functionality
 Package notification provides notification (or callback) related functionality
notification/v2
Package notification provides the Notification type for notifications in the version: 2.x
 Package notification provides the Notification type for notifications in the version: 2.x
Package provider provides functionality for dealing with Payment Service Providers (PSPs)
 Package provider provides functionality for dealing with Payment Service Providers (PSPs)
fritzpay
Package fritzpay provides the Test-/Demo-Payment Service Provider (PSP) FritzPay This package demonstrates how to add new PSP drivers.
 Package fritzpay provides the Test-/Demo-Payment Service Provider (PSP) FritzPay This package demonstrates how to add new PSP drivers.
paypal_rest
Package paypal_rest provides the PayPal REST-API provider driver Paypal data types
 Package paypal_rest provides the PayPal REST-API provider driver Paypal data types
stripe
Package stripe provides the stripe provider driver
 Package stripe provides the stripe provider driver
Package web provides the web service through which the end user will interact with payments.
 Package web provides the web service through which the end user will interact with payments.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.