auth2

package module

v0.5.7 Latest Latest Go to latest Published: Sep 26, 2022 License: Apache-2.0 Imports: 9 Imported by: 7

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

git.jochum.dev/jo-micro/auth2

Links

Open Source Insights

README ¶

auth2

An auth provider for go-micro, it get's users from a postgres database, in the future maybe from other SQL Databases supported by bun as well.

It registers itself with router, if you use it in your stack.

THIS IS WORK IN PROGRESS

Everything in here may change without backward compatiblity until we reach v1.0.0. You also might except bugs or half-implemented stuff.

JWT Token Auth

Generate keys

task keys

Developers corner

Build podman/docker image

Prerequesits

podman
Task

Build

task

Remove everything

task rm

Authors

René Jochum - rene@jochum.dev

License

Its dual licensed:

Apache-2.0
GPL-2.0-or-later

Documentation ¶

Index ¶

Constants
Variables
func HasRole(user *User, role string) bool
func IntersectsRoles(user *User, roles ...string) bool
func RegHasClientAuth(cReg *components.Registry) error
type AuthRegistry
type ClientPlugin
type ContextUserKey
type RouterPlugin
type User
type VerifierPlugin

Constants ¶

View Source

const ClientAuthName = "clientauth"

View Source

const ROLE_ADMIN = "admin"

View Source

const ROLE_ANONYMOUS = "anonymous"

View Source

const ROLE_SERVICE = "service"

View Source

const ROLE_SUPERADMIN = "superadmin"

View Source

const ROLE_USER = "user"

View Source

const RouterAuthName = "routerauth"

Variables ¶

View Source

var AnonUser = &User{
	Id:     "00000000-0000-0000-0000-000000000000",
	Type:   "user",
	Issuer: "nobody",
	Metadata: map[string]string{
		"Subject": "service",
	},
	Scopes: []string{},
	Roles:  []string{ROLE_ANONYMOUS},
}

AnonUser will be used when theres no user

View Source

var RolesAdmin = []string{ROLE_ADMIN, ROLE_SUPERADMIN}

View Source

var RolesAllAndAnon = []string{ROLE_SERVICE, ROLE_SUPERADMIN, ROLE_ADMIN, ROLE_USER, ROLE_ANONYMOUS}

View Source

var RolesServiceAndAdmin = []string{ROLE_SERVICE, ROLE_ADMIN, ROLE_SUPERADMIN}

View Source

var RolesServiceAndSuperadmin = []string{ROLE_SERVICE, ROLE_SUPERADMIN}

View Source

var RolesServiceAndUsersAndAdmin = []string{ROLE_SERVICE, ROLE_USER, ROLE_ADMIN, ROLE_SUPERADMIN}

View Source

var RolesUsersAndAdmin = []string{ROLE_USER, ROLE_ADMIN, ROLE_SUPERADMIN}

View Source

var ServiceUser = &User{
	Id:     "00000000-0000-0000-0000-000000000001",
	Type:   "service",
	Issuer: "",
	Scopes: []string{},
	Roles:  []string{ROLE_SERVICE},
}

Functions ¶

func HasRole ¶ added in v0.0.2

func HasRole(user *User, role string) bool

func IntersectsRoles ¶ added in v0.0.2

func IntersectsRoles(user *User, roles ...string) bool

func RegHasClientAuth ¶ added in v0.5.4

func RegHasClientAuth(cReg *components.Registry) error

Types ¶

type AuthRegistry ¶

type AuthRegistry[T any] struct {
	// contains filtered or unexported fields
}

func ClientAuthComponent ¶ added in v0.4.0

func ClientAuthComponent() *AuthRegistry[ClientPlugin]

func ClientAuthMustReg ¶ added in v0.4.0

func ClientAuthMustReg(cReg *components.Registry) *AuthRegistry[ClientPlugin]

func RouterAuthComponent ¶ added in v0.4.0

func RouterAuthComponent() *AuthRegistry[RouterPlugin]

func RouterAuthMustReg ¶ added in v0.4.0

func RouterAuthMustReg(cReg *components.Registry) *AuthRegistry[RouterPlugin]

func (*AuthRegistry[T]) Flags ¶

func (r *AuthRegistry[T]) Flags(c *components.Registry) []cli.Flag

Flags returns a list of cli.Flag's for micro.Service

func (*AuthRegistry[T]) ForcePlugin ¶ added in v0.0.2

func (r *AuthRegistry[T]) ForcePlugin(pName string) error

func (*AuthRegistry[T]) Health ¶

func (r *AuthRegistry[T]) Health(ctx context.Context) error

Health returns the health of the plugin

func (*AuthRegistry[T]) Init ¶

func (r *AuthRegistry[T]) Init(c *components.Registry, cli *cli.Context) error

Init should be executed in micro.Init

func (*AuthRegistry[T]) Initialized ¶ added in v0.4.0

func (r *AuthRegistry[T]) Initialized() bool

func (*AuthRegistry[T]) Name ¶ added in v0.4.0

func (r *AuthRegistry[T]) Name() string

func (*AuthRegistry[T]) Plugin ¶

func (r *AuthRegistry[T]) Plugin() T

Plugin returns the current active Plugin

func (*AuthRegistry[T]) Priority ¶ added in v0.4.0

func (r *AuthRegistry[T]) Priority() int

func (*AuthRegistry[T]) Register ¶

func (r *AuthRegistry[T]) Register(plugin T)

Register registers a plugin within AuthRegistry

func (*AuthRegistry[T]) Stop ¶

func (r *AuthRegistry[T]) Stop() error

Stop should be executed after service.Run()

func (*AuthRegistry[T]) WrapHandler ¶ added in v0.4.1

func (r *AuthRegistry[T]) WrapHandler() server.HandlerWrapper

WrapHandler returns a server.HandleWrapper, this works only for ClientPlugin

type ClientPlugin ¶

type ClientPlugin interface {

	// Set the Verifier for this Client
	AddVerifier(v VerifierPlugin)

	// ServiceContext adds the ServiceUser to the context (when using JWT's it will overwrite the Authorization Header)
	ServiceContext(ctx context.Context) (context.Context, error)

	// Inspect a context
	Inspect(ctx context.Context) (*User, error)

	// WrapHandlerFunc runs the authentication
	WrapHandlerFunc(ctx context.Context, req server.Request, rsp interface{}) error
	// contains filtered or unexported methods
}

ClientPlugin is for services that act as client's behind GinRouter

type ContextUserKey ¶ added in v0.0.2

type ContextUserKey struct{}

ContextUserKey is the key in the context for the User value.

type RouterPlugin ¶

type RouterPlugin interface {

	// Inspect a http.Request
	Inspect(r *http.Request) (*User, error)

	// ForwardContext should forward all required informations from http.Request to the resulting context.
	ForwardContext(u *User, r *http.Request, ctx context.Context) (context.Context, error)
	// contains filtered or unexported methods
}

RouterPlugin is for routers that forward the token or do other stuff required by ClientPlugin

type User ¶

type User struct {
	Id       string            `json:"id,omitempty"`
	Type     string            `json:"type,omitempty"`
	Issuer   string            `json:"issuer,omitempty"`
	Metadata map[string]string `json:"metadata,omitempty"`
	Scopes   []string          `json:"scopes,omitempty"`
	Roles    []string          `json:"roles,omitempty"`
}

type VerifierPlugin ¶ added in v0.0.2

type VerifierPlugin interface {
	// Verify verifies that the user is allowed to access the request, it MUST handle AnonUser
	// @return
	// 		error 	nil if its allowed, else an error
	//		bool	if the error given is a default error
	Verify(ctx context.Context, u *User, req server.Request) (error, bool)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
microauth2sqld
microauth2sqld/config
microauth2sqld/db
microauth2sqld/handler
internal
argon2
proto/authpb
util
plugins
client/jwt
router/jwt
verifier/endpointroles
shared
sjwt
sutil

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL