jwt

package
v0.0.0-...-1703ca6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2025 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClaimString 

func ClaimString(s string) jwt.ClaimStrings

ClaimString converts a singular string into a claims string.

func HashID 

func HashID(h hash.Hash, val string) string

HashID tries to hash val with hash.Hash and fallback to crc if needed

func IsTokenExpiredError 

func IsTokenExpiredError(err error) bool

func SetActorInContext 

func SetActorInContext(ctx context2.Context, actor *Actor) context2.Context

SetActorInContext sets the actor on the context. This is just an alias for the context.With method.

Types

type Actor 

type Actor struct {
	// set by service
	ID         string `json:"id"`
	Admin      bool   `json:"admin,omitempty"`
	SuperAdmin bool   `json:"super_admin,omitempty"`
	// set by client
	IP         string                 `json:"ip,omitempty"`
	Email      string                 `json:"email,omitempty"`
	Attributes map[string]interface{} `json:"attrs,omitempty"`
	Role       string                 `json:"role,omitempty"`
}

Actor is the information that identifies who is making a request. This can be a actor in the calling system, an admin from the calling system, a devops admin from the cli, etc.

func GetActorFromContext 

func GetActorFromContext(ctx context2.Context) *Actor

GetActorFromContext gets an actor from the context, or returns nil if one is not present

func MustGetActorFromContext 

func MustGetActorFromContext(ctx context2.Context) Actor

MustGetActorFromContext always returns an actor, or panics if an actor is not present on the context.

func (*Actor) BoolAttr 

func (a *Actor) BoolAttr(key string) bool

BoolAttr gets boolean attribute

func (*Actor) ContextWith 

func (a *Actor) ContextWith(ctx context.Context) context.Context

ContextWith sets actor in the context

func (*Actor) GetRole 

func (a *Actor) GetRole() string

GetRole gets actor role

func (*Actor) IsAdmin 

func (a *Actor) IsAdmin() bool

IsAdmin is a helper to wrap the Admin attribute

func (*Actor) IsNormalActor 

func (a *Actor) IsNormalActor() bool

IsNormalActor indicates that an actor is not an admin or superadmin

func (*Actor) IsSuperAdmin 

func (a *Actor) IsSuperAdmin() bool

IsSuperAdmin is a helper to wrap the SuperAdmin attribute

func (*Actor) SetBoolAttr 

func (a *Actor) SetBoolAttr(key string, val bool)

SetBoolAttr sets boolean attribute

func (*Actor) SetRole 

func (a *Actor) SetRole(role string)

SetRole sets actor role for RBAC

func (*Actor) SetSliceAttr 

func (a *Actor) SetSliceAttr(key string, val []string)

SetSliceAttr sets slice attribute for given key

func (*Actor) SetStrAttr 

func (a *Actor) SetStrAttr(key, val string)

SetStrAttr sets string attribute

func (*Actor) SliceAttr 

func (a *Actor) SliceAttr(key string) []string

SliceAttr gets slice attribute

func (*Actor) StrAttr 

func (a *Actor) StrAttr(key string) string

StrAttr gets string attribute

type AuthProxyClaims 

type AuthProxyClaims struct {
	jwt.RegisteredClaims

	// Actor is the entity taking the action. Specifying the full actor here (versus just the ID in the subject)
	// implies that the actor should be upserted into the system as specified versus only working against a previous
	// actor configured in the system.
	Actor *Actor `json:"actor,omitempty"`

	// SessionOnly implies this token is only valid within the context of an existing session.
	SessionOnly bool `json:"sess_only,omitempty"`

	// SelfSigned indicates this token is signed with the GlobalAESKey. This mean that that AuthProxy has signed
	// this token to itself for auth transfer between services, a token used in session, etc.
	SelfSigned bool `json:"self_signed,omitempty"`

	// Nonce is a one-time-use value. Adding a nonce to the JWT make it a one-time-use for auth purposes. If you use
	// a nonce, the JWT must also have an expiry so that tracking of the nonce values do not need to be kept forever.
	Nonce *uuid.UUID `json:"nonce,omitempty"`
}

AuthProxyClaims is the struct that defines a JWT for the auth service. It contains information about the actor (user or system taking the action) as well as standard JWT information.

func (*AuthProxyClaims) AdminUsername 

func (tc *AuthProxyClaims) AdminUsername() (string, error)

AdminUsername retrieves the username of an admin actor. Admin actors must have their id and token subject formatted in the form admin/username. If token subject and actor id do not match, or they are not correctly formatted, this method will return an error.

func (*AuthProxyClaims) IsAdmin 

func (tc *AuthProxyClaims) IsAdmin() bool

IsAdmin checks if the actor represented by these claims is an admin

func (*AuthProxyClaims) IsExpired 

func (tc *AuthProxyClaims) IsExpired(ctx context.Context) bool

IsExpired returns true if claims expired

func (*AuthProxyClaims) IsNormalActor 

func (tc *AuthProxyClaims) IsNormalActor() bool

IsNormalActor checks if the actor represented by these claims is not an admin or superadmin

func (*AuthProxyClaims) IsSuperAdmin 

func (tc *AuthProxyClaims) IsSuperAdmin() bool

IsSuperAdmin checks if the actor represented by these claims is an admin

func (*AuthProxyClaims) String 

func (tc *AuthProxyClaims) String() string

type ClaimsBuilder 

type ClaimsBuilder interface {
	WithIssuer(issuer string) ClaimsBuilder
	WithAudience(audience string) ClaimsBuilder    // Specifies the audience of the claims; normally a service id
	WithAudiences(audience []string) ClaimsBuilder // Specifies the service that is intended to consume the claims. Communicated as aud.
	WithServiceId(serviceId config.ServiceId) ClaimsBuilder
	WithServiceIds(serviceIds []config.ServiceId) ClaimsBuilder
	WithExpiration(expiration time.Time) ClaimsBuilder
	WithExpiresIn(expiresIn time.Duration) ClaimsBuilder
	WithExpiresInCtx(ctx context.Context, expiresIn time.Duration) ClaimsBuilder
	WithSuperAdmin() ClaimsBuilder
	WithAdmin() ClaimsBuilder
	WithSelfSigned() ClaimsBuilder
	WithActorEmail(email string) ClaimsBuilder
	WithActorId(id string) ClaimsBuilder
	WithActor(actor *Actor) ClaimsBuilder
	WithSessionOnly() ClaimsBuilder
	WithNonce() ClaimsBuilder
	BuildCtx(context.Context) (*AuthProxyClaims, error)
	Build() (*AuthProxyClaims, error)
	MustBuild() AuthProxyClaims
	MustBuildCtx(context.Context) AuthProxyClaims
}

ClaimsBuilder is an object to build Jwts to properly construct claims as expected with the actor/subject etc properly constructed.

func NewClaimsBuilder 

func NewClaimsBuilder() ClaimsBuilder

type KeySelector 

type KeySelector func(ctx context.Context, unverified *AuthProxyClaims) (kd config.KeyData, isShared bool, err error)

KeySelector is a function that takes a claims object and loads a key dynamically used to verify the JWT. This selector can mean that different actors can be verified with different keys.

Parameters: * ctx: Context used to load the key data * unverified: The claims that have been loaded from the JWT that have not yet had their signature verified

Returns: * kd: the key data to use * isShared: if the key data is a shared (aka secret) key. If false, will assume public key. * err: An error from loading key data. If specified, other return values are ignored.

type ParserBuilder 

type ParserBuilder interface {

	// WithKeySelector specifies a key selector function to dynamically load a key based on the unverified, parsed
	// JWT. This is useful for cases where the key used can vary based on the token issued.
	WithKeySelector(KeySelector) ParserBuilder

	// WithConfigKey specifies the key to be used for parsing as a config value. Key can be either secret or public.
	WithConfigKey(ctx context.Context, cfgKey config.Key) ParserBuilder

	// WithPublicKeyPath specifies the public key as a file path.
	WithPublicKeyPath(string) ParserBuilder

	// WithPublicKeyString specifies the public key as an explicit string value.
	WithPublicKeyString(string) ParserBuilder

	// WithPublicKey sets the public key using the provided byte slice.
	WithPublicKey([]byte) ParserBuilder

	// WithSharedKeyPath sets the shared (aka secret) key using the file path provided.
	WithSharedKeyPath(string) ParserBuilder

	// WithSharedKeyString sets the shared (aka secret) key for the parser using a string.
	WithSharedKeyString(string) ParserBuilder

	// WithSharedKey sets the shared (aka secret) key for the JWT parser using the provided byte slice.
	WithSharedKey([]byte) ParserBuilder

	ParseCtx(context.Context, string) (*AuthProxyClaims, error)
	Parse(string) (*AuthProxyClaims, error)
	MustParseCtx(context.Context, string) AuthProxyClaims
	MustParse(string) AuthProxyClaims
}

ParserBuilder is a builder that can parse a JWT

func NewJwtTokenParserBuilder 

func NewJwtTokenParserBuilder() ParserBuilder

type Signer 

type Signer interface {
	SignAuthHeader(req *http.Request)
	SignRestyRequest(req *resty.Request) *resty.Request
}

func NewSigner 

func NewSigner(token string) Signer

type TokenBuilder 

type TokenBuilder interface {
	// WithClaims allows the claims to be specified explicitly instead of built progressively
	WithClaims(c *AuthProxyClaims) TokenBuilder

	WithIssuer(issuer string) TokenBuilder
	WithAudience(audience string) TokenBuilder             // Specifies the audience of the claims; normally a service id
	WithServiceId(serviceId config.ServiceId) TokenBuilder // Specifies the service that is intended to consume the claims. Communicated as aud.
	WithServiceIds(serviceId []config.ServiceId) TokenBuilder
	WithExpiration(expiration time.Time) TokenBuilder
	WithExpiresIn(expiresIn time.Duration) TokenBuilder
	WithExpiresInCtx(ctx context.Context, expiresIn time.Duration) TokenBuilder
	WithSuperAdmin() TokenBuilder
	WithAdmin() TokenBuilder
	WithSelfSigned() TokenBuilder
	WithActorEmail(email string) TokenBuilder
	WithActorId(id string) TokenBuilder
	WithActor(actor *Actor) TokenBuilder
	WithSessionOnly() TokenBuilder
	WithNonce() TokenBuilder

	WithConfigKey(ctx context.Context, cfgKey config.Key) (TokenBuilder, error)
	WithSecretConfigKeyData(ctx context.Context, cfgKeyData config.KeyData) (TokenBuilder, error)
	WithPrivateKeyPath(string) TokenBuilder
	WithPrivateKeyString(string) TokenBuilder
	WithPrivateKey([]byte) TokenBuilder
	WithSecretKeyPath(string) TokenBuilder
	WithSecretKeyString(string) TokenBuilder
	WithSecretKey([]byte) TokenBuilder

	TokenCtx(context.Context) (string, error)
	Token() (string, error)
	MustTokenCtx(context.Context) string
	MustToken() string

	Signer() (Signer, error)
	SignerCtx(context.Context) (Signer, error)
	MustSigner() Signer
	MustSignerCtx(context.Context) Signer
}

TokenBuilder extends from ClaimsBuilder to provide options to sign tokens

func NewJwtTokenBuilder 

func NewJwtTokenBuilder() TokenBuilder

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳