auth

package

v0.2.1 Latest Latest Go to latest Published: Mar 15, 2024 License: BSD-3-Clause Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

gitlab.com/DerEnderKeks/yafus

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ContextHasScope(ctx context.Context, scope Scope) error
func ContextHasScopeOrIsUserIDAndHasScope(ctx context.Context, scope Scope, id *uuid.UUID, userScope Scope) error
func ContextIsUserIDAndHasScope(ctx context.Context, id uuid.UUID, scope Scope) error
type OIDCConfig
- func (c *OIDCConfig) Discover() (*OIDCDiscovery, error)
type OIDCDiscovery
type RequestAuth
- func ForContext(ctx context.Context) *RequestAuth
- func (ra *RequestAuth) TokenClaims() *TokenClaims
type Scope
type Scopes
- func (s Scopes) HasAny(scopes Scopes) bool
type TokenClaims

Constants ¶

View Source

const (
	ScopeAdminRead   = Scope("admin.read")
	ScopeAdminWrite  = Scope("admin.write")
	ScopeAdminDelete = Scope("admin.delete")
	ScopeSelfRead    = Scope("self.read")
	ScopeSelfWrite   = Scope("self.write")
	ScopeSelfDelete  = Scope("self.delete")
)

TODO rework, split up

Variables ¶

View Source

var AuthCtxKey = &contextKey{"auth"}

Functions ¶

func ContextHasScope ¶

func ContextHasScope(ctx context.Context, scope Scope) error

ContextHasScope checks if a user is authenticated and has the scope By guarding a request with this, accessing the RequestAuth.User is always safe

func ContextHasScopeOrIsUserIDAndHasScope ¶

func ContextHasScopeOrIsUserIDAndHasScope(ctx context.Context, scope Scope, id *uuid.UUID, userScope Scope) error

ContextHasScopeOrIsUserIDAndHasScope checks if a user is authenticated and has the scope OR has the id and the userScope By guarding a request with this, accessing the RequestAuth.User is always safe

func ContextIsUserIDAndHasScope ¶

func ContextIsUserIDAndHasScope(ctx context.Context, id uuid.UUID, scope Scope) error

ContextIsUserIDAndHasScope checks if a user is authenticated, has the id and the scope By guarding a request with this, accessing the RequestAuth.User is always safe

Types ¶

type OIDCConfig ¶

type OIDCConfig struct {
	Provider    string `json:"provider"`
	ClientID    string `json:"client_id"`
	ScopePrefix string `json:"scope_prefix"`
}

func (*OIDCConfig) Discover ¶

func (c *OIDCConfig) Discover() (*OIDCDiscovery, error)

type OIDCDiscovery ¶

type OIDCDiscovery struct {
	JWKSURI               string `json:"jwks_uri"`
	UserinfoEndpoint      string `json:"userinfo_endpoint"`
	AuthorizationEndpoint string `json:"authorization_endpoint"`
	TokenEndpoint         string `json:"token_endpoint"`
}

type RequestAuth ¶

type RequestAuth struct {
	User  *model.User
	Token *jwt.Token

	// Scopes is a filtered list of scopes with the configured prefix removed
	Scopes *Scopes
}

RequestAuth contains information about the authenticated user It always contains validated data, but fields may be nil

func ForContext ¶

func ForContext(ctx context.Context) *RequestAuth

ForContext gets the auth data from the context. Middleware.Middleware must have run to set the data. Can be nil.

func (*RequestAuth) TokenClaims ¶

func (ra *RequestAuth) TokenClaims() *TokenClaims

TokenClaims returns the Claims of the Token as TokenClaims or nil, when no Token is set This will intentionally panic if the Claims are the wrong type

type Scope ¶

type Scope string

type Scopes ¶

type Scopes []Scope

func (Scopes) HasAny ¶

func (s Scopes) HasAny(scopes Scopes) bool

type TokenClaims ¶

type TokenClaims jwt.MapClaims

func (TokenClaims) Scopes ¶

func (c TokenClaims) Scopes() Scopes

Scopes returns all scopes from the scope claim

func (TokenClaims) Sub ¶

func (c TokenClaims) Sub() *string

Sub returns the sub claim or nil if missing

func (TokenClaims) Valid ¶

func (c TokenClaims) Valid() error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
middleware

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL