security

package
v0.0.0-...-c32710b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 29, 2020 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package security implements authentication / authorization by means of JWT tokens

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Authorize 

func Authorize(required Claim, claims []string) (roles []string, err error)

Authorize validates the given claims and verifies if they match the required claim a claim entry is in the form "name|url|role"

func CreateToken 

func CreateToken(issuer string, key []byte, expiry int, c Claims) (string, error)

CreateToken uses the configuration and supplied parameter to create a new token

func NewContext 

func NewContext(ctx context.Context, u *User) context.Context

NewContext returns a new Context that carries value u.

Types

type Claim 

type Claim struct {
	// Name of the application
	Name string
	// URL of the application
	URL string
	// Roles possible roles
	Roles []string
}

Claim defines the authorization requirements

type Claims 

type Claims struct {
	Type        string   `json:"Type"`
	DisplayName string   `json:"DisplayName"`
	Email       string   `json:"Email"`
	UserID      string   `json:"UserId"`
	UserName    string   `json:"UserName"`
	GivenName   string   `json:"GivenName"`
	Surname     string   `json:"Surname"`
	Claims      []string `json:"Claims"`
}

Claims defines custom JWT claims for the token

type JWTAuthorization 

type JWTAuthorization struct {
	Options JwtOptions
	Cache   *MemoryCache
}

JWTAuthorization handles authorizaton of supplied JWT tokens

func NewJWTAuthorization 

func NewJWTAuthorization(options JwtOptions, useCache bool) *JWTAuthorization

NewJWTAuthorization creates a new JWTAuthorization instance to speed up processing a cache in the form of a MemoryCache can be initilized

func (*JWTAuthorization) EvaluateToken 

func (j *JWTAuthorization) EvaluateToken(token string) (*User, error)

EvaluateToken parses the supplied JWT token and extracts a User object

type JwtMiddleware 

type JwtMiddleware struct {
	// contains filtered or unexported fields
}

JwtMiddleware is used to authenticate a user based on a token the token is either retrieved by the well known Authorization header or fetched from a cookie

func NewJwtMiddleware 

func NewJwtMiddleware(options JwtOptions, settings cookies.Settings, logger logging.Logger) *JwtMiddleware

NewJwtMiddleware creates a new instance using the provided options

func (*JwtMiddleware) JwtContext 

func (j *JwtMiddleware) JwtContext(next http.Handler) http.Handler

JwtContext performs the middleware action

type JwtOptions 

type JwtOptions struct {
	// JwtSecret is the jwt signing key
	JwtSecret string
	// JwtIssuer specifies identifies the principal that issued the token
	JwtIssuer string
	// CookieName specifies the HTTP cookie holding the token
	CookieName string
	// RequiredClaim to access the application
	RequiredClaim Claim
	// RedirectURL forwards the request to an external authentication service
	RedirectURL string
	// CacheDuration defines the duration to cache the JWT token result
	CacheDuration string
	// ErrorPath is used if html errors are returned to the client
	ErrorPath string
}

JwtOptions defines presets for the Authentication handler by the default the JWT token is fetched from the Authentication header as a fallback it is possible to fetch the token from a specific cookie

type JwtTokenPayload 

type JwtTokenPayload struct {
	Type        string
	UserName    string
	Email       string
	Claims      []string
	UserID      string `json:"UserId"`
	DisplayName string
	Surname     string
	GivenName   string
	StandardClaims
}

JwtTokenPayload is the parsed contents of the given token

func ParseJwtToken 

func ParseJwtToken(token, tokenSecret, issuer string) (JwtTokenPayload, error)

ParseJwtToken parses, validates and extracts data from a jwt token

type MemoryCache 

type MemoryCache struct {
	sync.Mutex
	// contains filtered or unexported fields
}

MemoryCache implements a simple cache

func NewMemCache 

func NewMemCache(duration time.Duration) *MemoryCache

NewMemCache create a cache with the given TTL

func (*MemoryCache) Get 

func (s *MemoryCache) Get(key string) *User

Get returns an Userobject by the given key

func (*MemoryCache) Set 

func (s *MemoryCache) Set(key string, user *User)

Set puts an Userobject into the cache

type StandardClaims 

type StandardClaims struct {
	Audience  string
	ExpiresAt int64
	ID        string
	IssuedAt  int64
	Issuer    string
	NotBefore int64
	Subject   string
}

StandardClaims are "reserved" elements of the JWT specification

type User 

type User struct {
	Username      string
	Roles         []string
	Email         string
	UserID        string
	DisplayName   string
	Authenticated bool
	Token         string
}

User is the authenticated principal extracted from the JWT token

func UserFromContext 

func UserFromContext(ctx context.Context) (*User, bool)

UserFromContext returns the User value stored in ctx, if any.

func (User) String 

func (u User) String() string

String represents the User struct as a string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.