x

package
v0.8.2-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 17, 2021 License: Apache-2.0 Imports: 42 Imported by: 3

Documentation

Overview

Package x provides various helpers that do not have an obvious home elsewhere.

The contract implied here, is that:

  • Package x does not depend on other parts of kratos
  • Packages outside kratos do not depend on x.

Index

Constants

View Source 
const CSRFTokenName = "csrf_token"

Variables

View Source 
var (
	ErrInvalidCSRFToken = herodot.ErrForbidden.
						WithID(text.ErrIDCSRF).
						WithError("the request was rejected to protect you from Cross-Site-Request-Forgery").
						WithDetail("docs", "https://www.ory.sh/kratos/docs/debug/csrf").
						WithReason("The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues.")
	ErrGone = herodot.DefaultError{
		CodeField:    http.StatusGone,
		StatusField:  http.StatusText(http.StatusGone),
		ReasonField:  "",
		DebugField:   "",
		DetailsField: nil,
		ErrorField:   "The requested resource is no longer available because it has expired or is otherwise invalid.",
	}
)
View Source 
var (
	ErrInvalidCSRFTokenAJAX = ErrInvalidCSRFToken.
							WithDetail("hint", "We detected an AJAX call, please ensure that CORS is enabled and configured correctly, and that your AJAX code sends cookies and has credentials enabled. For further debugging, check your Browser's Network Tab to see what cookies are included or excluded.")

	ErrInvalidCSRFTokenAJAXNoCookies     = ErrInvalidCSRFTokenAJAX.WithDetail("reject_reason", noCookie)
	ErrInvalidCSRFTokenAJAXCookieMissing = ErrInvalidCSRFTokenAJAX.WithDetail("reject_reason", cookieMissing)
	ErrInvalidCSRFTokenAJAXTokenNotSent  = ErrInvalidCSRFToken.WithDetail("hint", tokenNotSent)
	ErrInvalidCSRFTokenAJAXTokenMismatch = ErrInvalidCSRFTokenAJAX.WithDetail("reject_reason", tokenMismatch)
)
View Source 
var (
	ErrInvalidCSRFTokenServer = ErrInvalidCSRFToken.
								WithDetail("hint", "We detected a regular browser or server-side call. To debug browser calls check your Browser's Network Tab to see what cookies are included or excluded. If you are calling from a server ensure that the appropriate cookies are being forwarded and that the SDK method is called correctly.")

	ErrInvalidCSRFTokenServerNoCookies     = ErrInvalidCSRFTokenServer.WithDetail("reject_reason", noCookie)
	ErrInvalidCSRFTokenServerCookieMissing = ErrInvalidCSRFTokenServer.WithDetail("reject_reason", cookieMissing)
	ErrInvalidCSRFTokenServerTokenNotSent  = ErrInvalidCSRFToken.WithDetail("hint", tokenNotSent)
	ErrInvalidCSRFTokenServerTokenMismatch = ErrInvalidCSRFTokenAJAX.WithDetail("reject_reason", tokenMismatch)
)
View Source 
var CleanPath negroni.HandlerFunc = func(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	r.URL.Path = httprouter.CleanPath(r.URL.Path)
	next(rw, r)
}
View Source 
var EmptyUUID db.UUID
View Source 
var FakeCSRFToken = base64.StdEncoding.EncodeToString([]byte(randx.MustString(32, randx.AlphaLowerNum)))
View Source 
var PseudoPanic = herodot.DefaultError{
	StatusField: http.StatusText(http.StatusInternalServerError),
	ErrorField:  "Code Bug Detected",
	ReasonField: "The code ended up at a place where it should not have. Please report this as an issue at https://github.com/ory/kratos",
	CodeField:   http.StatusConflict,
}

Functions

func AcceptToRedirectOrJSON 

func AcceptToRedirectOrJSON(
	w http.ResponseWriter, r *http.Request, writer herodot.Writer, out interface{}, redirectTo string,
)

func AcceptsJSON 

func AcceptsJSON(r *http.Request) bool

func AssertEqualTime 

func AssertEqualTime(t *testing.T, expected, actual time.Time)

func CSRFCookieName 

func CSRFCookieName(reg interface {
	config.Provider
}, r *http.Request) string

func CSRFErrorReason 

func CSRFErrorReason(r *http.Request, reg interface {
	config.Provider
}) error

func CSRFFailureHandler 

func CSRFFailureHandler(reg interface {
	config.Provider
	LoggingProvider
	WriterProvider
}) http.HandlerFunc

func CleanUpTestSMTP 

func CleanUpTestSMTP()

func ContentNegotiationRedirection 

func ContentNegotiationRedirection(
	w http.ResponseWriter, r *http.Request, out interface{}, writer herodot.Writer, returnTo string,
)

func DefaultCSRFToken 

func DefaultCSRFToken(r *http.Request) string

func DerefUUID 

func DerefUUID(id *uuid.UUID) uuid.UUID

func EasyCookieJar 

func EasyCookieJar(t *testing.T, o *cookiejar.Options) *cookiejar.Jar

func EasyGet 

func EasyGet(t *testing.T, c *http.Client, url string) (*http.Response, []byte)

func EasyGetBody 

func EasyGetBody(t *testing.T, c *http.Client, url string) []byte

func EasyGetJSON 

func EasyGetJSON(t *testing.T, c *http.Client, url string) (*http.Response, []byte)

func FakeCSRFTokenGenerator 

func FakeCSRFTokenGenerator(r *http.Request) string

func FakeCSRFTokenGeneratorWithToken 

func FakeCSRFTokenGeneratorWithToken(token string) func(r *http.Request) string

func IsBrowserRequest 

func IsBrowserRequest(r *http.Request) bool

func IsJSONRequest 

func IsJSONRequest(r *http.Request) bool

func IsValidNumber 

func IsValidNumber(s string) bool

IsValidNumber reports whether s is a valid JSON number literal.

Taken from encoding/json

func IsZeroUUID 

func IsZeroUUID(id db.UUID) bool

func MaxItemsPerPage 

func MaxItemsPerPage(is int) int

MaxItemsPerPage is used to prevent DoS attacks against large lists by limiting the items per page to 500.

func MustEncodeJSON 

func MustEncodeJSON(t *testing.T, in interface{}) string

func MustReadAll 

func MustReadAll(r io.Reader) []byte

func NewCSRFHandler 

func NewCSRFHandler(
	router http.Handler,
	reg interface {
		config.Provider
		LoggingProvider
		WriterProvider
	}) *nosurf.CSRFHandler

func NewTestCSRFHandler 

func NewTestCSRFHandler(router http.Handler, reg interface {
	WithCSRFHandler(handler nosurf.Handler)
	WithCSRFTokenGenerator(CSRFToken)
	WriterProvider
	LoggingProvider
	config.Provider
}) *nosurf.CSRFHandler

func NewTestHTTPRequest 

func NewTestHTTPRequest(t *testing.T, method, url string, body io.Reader) *http.Request

func NewUUID 

func NewUUID() db.UUID

func NoCache 

func NoCache(w http.ResponseWriter)

NoCache adds `Cache-Control: private, no-cache, no-store, must-revalidate` to the response header.

func NoCacheHandler 

func NoCacheHandler(handle httprouter.Handle) httprouter.Handle

NoCacheHandler wraps httprouter.Handle with `Cache-Control: private, no-cache, no-store, must-revalidate` headers.

func NosurfBaseCookieHandler 

func NosurfBaseCookieHandler(reg interface {
	config.Provider
}) func(w http.ResponseWriter, r *http.Request) http.Cookie

func PaginationHeader 

func PaginationHeader(w http.ResponseWriter, u *url.URL, total int64, page, itemsPerPage int)

func ParsePagination 

func ParsePagination(r *http.Request) (page, itemsPerPage int)

ParsePagination parses limit and page from *http.Request with given limits and defaults.

func ParseUUID 

func ParseUUID(in string) db.UUID

func PointToUUID 

func PointToUUID(id uuid.UUID) *uuid.UUID

func RandomDelay 

func RandomDelay(base, deviation time.Duration) time.Duration

RandomDelay returns a time randomly chosen from a normal distribution with mean of base and max/min of base +- deviation From the docstring for the rand.NormFloat64(): To produce a different normal distribution, callers can adjust the output using: 

sample = NormFloat64() * desiredStdDev + desiredMean

Since 99.73% of values in a normal distribution lie within three standard deviations from the mean (https://en.wikipedia.org/wiki/68%E2%80%9395%E2%80%9399.7_rule), by taking the standard deviation to be deviation/3, we can get a distribution which fits our bounds nicely with minimal clipping when we take max/mins to cut off the tails.

func RecoverStatusCode 

func RecoverStatusCode(err error, fallback int) int

func RedirectToAdminRoute 

func RedirectToAdminRoute(reg config.Provider) httprouter.Handle

func RedirectToPublicRoute 

func RedirectToPublicRoute(reg config.Provider) httprouter.Handle

func RequestURL 

func RequestURL(r *http.Request) *url.URL

func RequireEqualTime 

func RequireEqualTime(t *testing.T, expected, actual time.Time)

func RequireJSONMarshal 

func RequireJSONMarshal(t *testing.T, in interface{}) []byte

func RunTestSMTP 

func RunTestSMTP() (smtp, api string, err error)

func SDKError 

func SDKError(err error) error

func SecureContentNegotiationRedirection 

func SecureContentNegotiationRedirection(
	w http.ResponseWriter, r *http.Request, out interface{},
	requestURL string, writer herodot.Writer, c *config.Config,
	opts ...SecureRedirectOption,
) error

func SecureRedirectTo 

func SecureRedirectTo(r *http.Request, defaultReturnTo *url.URL, opts ...SecureRedirectOption) (returnTo *url.URL, err error)

SecureRedirectTo implements a HTTP redirector who mitigates open redirect vulnerabilities by working with whitelisting.

func SecureRedirectToIsWhiteListedHost 

func SecureRedirectToIsWhiteListedHost(returnTo *url.URL, allowed url.URL) bool

SecureRedirectToIsWhitelisted validates if the redirect_to param is allowed for a given wildcard

func SessionGetString 

func SessionGetString(r *http.Request, s sessions.Store, id string, key interface{}) (string, error)

SessionGetString returns a string for the given id and key or an error if the session is invalid, the key does not exist, or the key value is not a string.

func SessionGetStringOr 

func SessionGetStringOr(r *http.Request, s sessions.Store, id, key, fallback string) string

SessionGetStringOr returns a string for the given id and key or the fallback value if the session is invalid, the key does not exist, or the key value is not a string.

func SessionPersistValues 

func SessionPersistValues(w http.ResponseWriter, r *http.Request, s sessions.Store, id string, values map[string]interface{}) error

SessionPersistValues adds values to the session store and persists the changes.

func SessionUnset 

func SessionUnset(w http.ResponseWriter, r *http.Request, s sessions.Store, id string) error

func SessionUnsetKey 

func SessionUnsetKey(w http.ResponseWriter, r *http.Request, s sessions.Store, id, key string) error

func StructToMap 

func StructToMap(s interface{}) (map[string]interface{}, error)

func TypeMap 

func TypeMap(m map[string]string) (map[string]interface{}, error)

func UntypedMapToJSON 

func UntypedMapToJSON(m map[string]string) (json.RawMessage, error)

Types

type CSRFProvider 

type CSRFProvider interface {
	CSRFHandler() nosurf.Handler
}

type CSRFToken 

type CSRFToken func(r *http.Request) string

type CSRFTokenGeneratorProvider 

type CSRFTokenGeneratorProvider interface {
	GenerateCSRFToken(r *http.Request) string
}

type ConvertibleBoolean 

type ConvertibleBoolean bool

ConvertibleBoolean can unmarshal both booleans and strings.

func (*ConvertibleBoolean) UnmarshalJSON 

func (bit *ConvertibleBoolean) UnmarshalJSON(data []byte) error

type CookieProvider 

type CookieProvider interface {
	CookieManager(ctx context.Context) sessions.Store
	ContinuityCookieManager(ctx context.Context) sessions.Store
}

type FakeCSRFHandler 

type FakeCSRFHandler struct {
	// contains filtered or unexported fields
}

func NewFakeCSRFHandler 

func NewFakeCSRFHandler(name string) *FakeCSRFHandler

func (*FakeCSRFHandler) DisableGlob 

func (f *FakeCSRFHandler) DisableGlob(s string)

func (*FakeCSRFHandler) DisableGlobs 

func (f *FakeCSRFHandler) DisableGlobs(s ...string)

func (*FakeCSRFHandler) DisablePath 

func (f *FakeCSRFHandler) DisablePath(s string)

func (*FakeCSRFHandler) ExemptPath 

func (f *FakeCSRFHandler) ExemptPath(s string)

func (*FakeCSRFHandler) IgnoreGlob 

func (f *FakeCSRFHandler) IgnoreGlob(s string)

func (*FakeCSRFHandler) IgnoreGlobs 

func (f *FakeCSRFHandler) IgnoreGlobs(s ...string)

func (*FakeCSRFHandler) IgnorePath 

func (f *FakeCSRFHandler) IgnorePath(s string)

func (*FakeCSRFHandler) RegenerateToken 

func (f *FakeCSRFHandler) RegenerateToken(w http.ResponseWriter, r *http.Request) string

func (*FakeCSRFHandler) ServeHTTP 

func (f *FakeCSRFHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type Ider 

type Ider interface {
	RequestID() string
}

type LoggingProvider 

type LoggingProvider interface {
	Logger() *logrusx.Logger
	Audit() *logrusx.Logger
}

type RouterAdmin 

type RouterAdmin struct {
	*httprouter.Router
}

func NewRouterAdmin 

func NewRouterAdmin() *RouterAdmin

type RouterPublic 

type RouterPublic struct {
	*httprouter.Router
}

func NewRouterPublic 

func NewRouterPublic() *RouterPublic

func (*RouterPublic) DELETE 

func (r *RouterPublic) DELETE(path string, handle httprouter.Handle)

DELETE is a shortcut for router.Handle("DELETE", path, handle)

func (*RouterPublic) GET 

func (r *RouterPublic) GET(path string, handle httprouter.Handle)

GET is a shortcut for router.Handle("GET", path, handle)

func (*RouterPublic) HEAD 

func (r *RouterPublic) HEAD(path string, handle httprouter.Handle)

HEAD is a shortcut for router.Handle("HEAD", path, handle)

func (*RouterPublic) PATCH 

func (r *RouterPublic) PATCH(path string, handle httprouter.Handle)

PATCH is a shortcut for router.Handle("PATCH", path, handle)

func (*RouterPublic) POST 

func (r *RouterPublic) POST(path string, handle httprouter.Handle)

POST is a shortcut for router.Handle("POST", path, handle)

func (*RouterPublic) PUT 

func (r *RouterPublic) PUT(path string, handle httprouter.Handle)

PUT is a shortcut for router.Handle("PUT", path, handle)

type SecureRedirectOption 

type SecureRedirectOption func(*secureRedirectOptions)

func SecureRedirectAllowSelfServiceURLs 

func SecureRedirectAllowSelfServiceURLs(publicURL *url.URL) SecureRedirectOption

SecureRedirectAllowSelfServiceURLs allows the caller to define `?return_to=` values which contain the server's URL and `/self-service` path prefix. Useful for redirecting to the login endpoint, for example.

func SecureRedirectAllowURLs 

func SecureRedirectAllowURLs(urls []url.URL) SecureRedirectOption

SecureRedirectAllowURLs whitelists the given URLs for redirects.

func SecureRedirectOverrideDefaultReturnTo 

func SecureRedirectOverrideDefaultReturnTo(defaultReturnTo *url.URL) SecureRedirectOption

SecureRedirectOverrideDefaultReturnTo overrides the defaultReturnTo address specified as the second arg.

func SecureRedirectUseSourceURL 

func SecureRedirectUseSourceURL(source string) SecureRedirectOption

SecureRedirectUseSourceURL uses the given source URL (checks the `?return_to` value) instead of r.URL.

type SimpleLogger 

type SimpleLogger struct {
	L *logrusx.Logger
}

func (*SimpleLogger) Audit 

func (s *SimpleLogger) Audit() *logrusx.Logger

func (*SimpleLogger) Logger 

func (s *SimpleLogger) Logger() *logrusx.Logger

type StatusCodeCarrier 

type StatusCodeCarrier interface {
	StatusCode() int
}

type TracingProvider 

type TracingProvider interface {
	Tracer(ctx context.Context) *tracing.Tracer
}

type TransportWithHeader 

type TransportWithHeader struct {
	http.RoundTripper
	// contains filtered or unexported fields
}

func NewTransportWithHeader 

func NewTransportWithHeader(h http.Header) *TransportWithHeader

func (*TransportWithHeader) RoundTrip 

func (ct *TransportWithHeader) RoundTrip(req *http.Request) (*http.Response, error)

type TransportWithHost 

type TransportWithHost struct {
	http.RoundTripper
	// contains filtered or unexported fields
}

func NewTransportWithHost 

func NewTransportWithHost(host string) *TransportWithHost

func (*TransportWithHost) RoundTrip 

func (ct *TransportWithHost) RoundTrip(req *http.Request) (*http.Response, error)

type WriterProvider 

type WriterProvider interface {
	Writer() herodot.Writer
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳