auth

package
v0.0.0-...-0cd811d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 6, 2026 License: CC0-1.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SSAS = "ssas"
)

Variables

View Source 
var (
	TokenContextKey    = &contextKey{"token"}
	AuthDataContextKey = &contextKey{"ad"}
)

Functions

func CheckBlacklist 

func CheckBlacklist(next http.Handler) http.Handler

CheckBlacklist checks the auth data is associated with a blacklisted entity

func GetProviderName 

func GetProviderName() string

func GetRespWriter 

func GetRespWriter(path string) fhirResponseWriter

func NewAuthRouter 

func NewAuthRouter(provider Provider, middlewares ...func(http.Handler) http.Handler) http.Handler

func RequireTokenAuth 

func RequireTokenAuth(next http.Handler) http.Handler

Verify that a token was verified and stored in the request context. This depends on ParseToken being called beforehand in the routing middleware.

Types

type AuthData 

type AuthData struct {
	ACOID       string
	TokenID     string
	ClientID    string
	SystemID    string
	CMSID       string
	Blacklisted bool
}

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

func NewAuthMiddleware 

func NewAuthMiddleware(provider Provider) AuthMiddleware

func (AuthMiddleware) AuthorizeAccess 

func (m AuthMiddleware) AuthorizeAccess(ctx context.Context, tokenString string) (*jwt.Token, AuthData, error)

AuthorizeAccess asserts that a base64 encoded token string is valid for accessing the BCDA API.

func (AuthMiddleware) ParseToken 

func (m AuthMiddleware) ParseToken(next http.Handler) http.Handler

ParseToken puts the decoded token and AuthData value into the request context. Decoded values come from tokens verified by our provider as correct and unexpired. Tokens may be presented in requests to unauthenticated endpoints (mostly swagger?). We still want to extract the token data for logging purposes, even when we don't use it for authorization. Authorization for protected endpoints occurs in RequireTokenAuth(). Only auth code should look at the token claims; API code should rely on the values in AuthData. We use AuthData to insulate API code from the differences among Provider tokens.

func (AuthMiddleware) RequireTokenJobMatch 

func (m AuthMiddleware) RequireTokenJobMatch(db *sql.DB) func(next http.Handler) http.Handler

type BaseApi 

type BaseApi struct {
	// contains filtered or unexported fields
}

func NewBaseApi 

func NewBaseApi(provider Provider) BaseApi

func (BaseApi) GetAuthToken 

func (a BaseApi) GetAuthToken(w http.ResponseWriter, r *http.Request)

func (BaseApi) Welcome 

func (a BaseApi) Welcome(w http.ResponseWriter, r *http.Request)

swagger:route GET /auth/welcome auth welcome

Test authentication

If a valid token is presented, show a welcome message.

Produces: - application/json

Schemes: http, https

Security: 

bearer_token:

Responses: 

200: welcome
401: invalidCredentials

type CommonClaims 

type CommonClaims struct {
	ClientID string   `json:"cid,omitempty"`
	SystemID string   `json:"sys,omitempty"`
	Data     string   `json:"dat,omitempty"`
	Scopes   []string `json:"scp,omitempty"`
	ACOID    string   `json:"aco,omitempty"`
	UUID     string   `json:"id,omitempty"`
	jwt.RegisteredClaims
}

type Credentials 

type Credentials struct {
	ClientID     string    `json:"client_id"`
	ClientSecret string    `json:"client_secret"` // #nosec G117
	ClientName   string    `json:"client_name"`
	SystemID     string    `json:"system_id"`
	Token        string    `json:"token"`
	ExpiresAt    time.Time `json:"expires_at"`
}

type MockProvider 

type MockProvider struct {
	mock.Mock
}

MockProvider is an autogenerated mock type for the Provider type

func NewMockProvider 

func NewMockProvider(t interface {
	mock.TestingT
	Cleanup(func())
}) *MockProvider

NewMockProvider creates a new instance of MockProvider. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. The first argument is typically a *testing.T value.

func (*MockProvider) EXPECT 

func (_m *MockProvider) EXPECT() *MockProvider_Expecter

func (*MockProvider) FindAndCreateACOCredentials 

func (_mock *MockProvider) FindAndCreateACOCredentials(ACOID string, IPs []string) (string, error)

FindAndCreateACOCredentials provides a mock function for the type MockProvider

func (*MockProvider) GetVersion 

func (_mock *MockProvider) GetVersion() (string, error)

GetVersion provides a mock function for the type MockProvider

func (*MockProvider) MakeAccessToken 

func (_mock *MockProvider) MakeAccessToken(credentials Credentials, r *http.Request) (string, error)

MakeAccessToken provides a mock function for the type MockProvider

func (*MockProvider) RegisterSystem 

func (_mock *MockProvider) RegisterSystem(localID string, publicKey string, groupID string, ips ...string) (Credentials, error)

RegisterSystem provides a mock function for the type MockProvider

func (*MockProvider) ResetSecret 

func (_mock *MockProvider) ResetSecret(clientID string) (Credentials, error)

ResetSecret provides a mock function for the type MockProvider

func (*MockProvider) RevokeAccessToken 

func (_mock *MockProvider) RevokeAccessToken(tokenString string) error

RevokeAccessToken provides a mock function for the type MockProvider

func (*MockProvider) RevokeSystemCredentials 

func (_mock *MockProvider) RevokeSystemCredentials(clientID string) error

RevokeSystemCredentials provides a mock function for the type MockProvider

func (*MockProvider) VerifyToken 

func (_mock *MockProvider) VerifyToken(ctx context.Context, tokenString string) (*jwt.Token, error)

VerifyToken provides a mock function for the type MockProvider

type MockProvider_Expecter 

type MockProvider_Expecter struct {
	// contains filtered or unexported fields
}

func (*MockProvider_Expecter) FindAndCreateACOCredentials 

func (_e *MockProvider_Expecter) FindAndCreateACOCredentials(ACOID interface{}, IPs interface{}) *MockProvider_FindAndCreateACOCredentials_Call

FindAndCreateACOCredentials is a helper method to define mock.On call

  • ACOID string
  • IPs []string

func (*MockProvider_Expecter) GetVersion 

func (_e *MockProvider_Expecter) GetVersion() *MockProvider_GetVersion_Call

GetVersion is a helper method to define mock.On call

func (*MockProvider_Expecter) MakeAccessToken 

func (_e *MockProvider_Expecter) MakeAccessToken(credentials interface{}, r interface{}) *MockProvider_MakeAccessToken_Call

MakeAccessToken is a helper method to define mock.On call

  • credentials Credentials
  • r *http.Request

func (*MockProvider_Expecter) RegisterSystem 

func (_e *MockProvider_Expecter) RegisterSystem(localID interface{}, publicKey interface{}, groupID interface{}, ips ...interface{}) *MockProvider_RegisterSystem_Call

RegisterSystem is a helper method to define mock.On call

  • localID string
  • publicKey string
  • groupID string
  • ips ...string

func (*MockProvider_Expecter) ResetSecret 

func (_e *MockProvider_Expecter) ResetSecret(clientID interface{}) *MockProvider_ResetSecret_Call

ResetSecret is a helper method to define mock.On call

  • clientID string

func (*MockProvider_Expecter) RevokeAccessToken 

func (_e *MockProvider_Expecter) RevokeAccessToken(tokenString interface{}) *MockProvider_RevokeAccessToken_Call

RevokeAccessToken is a helper method to define mock.On call

  • tokenString string

func (*MockProvider_Expecter) RevokeSystemCredentials 

func (_e *MockProvider_Expecter) RevokeSystemCredentials(clientID interface{}) *MockProvider_RevokeSystemCredentials_Call

RevokeSystemCredentials is a helper method to define mock.On call

  • clientID string

func (*MockProvider_Expecter) VerifyToken 

func (_e *MockProvider_Expecter) VerifyToken(ctx interface{}, tokenString interface{}) *MockProvider_VerifyToken_Call

VerifyToken is a helper method to define mock.On call

  • ctx context.Context
  • tokenString string

type MockProvider_FindAndCreateACOCredentials_Call 

type MockProvider_FindAndCreateACOCredentials_Call struct {
	*mock.Call
}

MockProvider_FindAndCreateACOCredentials_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'FindAndCreateACOCredentials'

func (*MockProvider_FindAndCreateACOCredentials_Call) Return 

func (_c *MockProvider_FindAndCreateACOCredentials_Call) Return(s string, err error) *MockProvider_FindAndCreateACOCredentials_Call

func (*MockProvider_FindAndCreateACOCredentials_Call) Run 

func (_c *MockProvider_FindAndCreateACOCredentials_Call) Run(run func(ACOID string, IPs []string)) *MockProvider_FindAndCreateACOCredentials_Call

func (*MockProvider_FindAndCreateACOCredentials_Call) RunAndReturn 

func (_c *MockProvider_FindAndCreateACOCredentials_Call) RunAndReturn(run func(ACOID string, IPs []string) (string, error)) *MockProvider_FindAndCreateACOCredentials_Call

type MockProvider_GetVersion_Call 

type MockProvider_GetVersion_Call struct {
	*mock.Call
}

MockProvider_GetVersion_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetVersion'

func (*MockProvider_GetVersion_Call) Return 

func (_c *MockProvider_GetVersion_Call) Return(s string, err error) *MockProvider_GetVersion_Call

func (*MockProvider_GetVersion_Call) Run 

func (_c *MockProvider_GetVersion_Call) Run(run func()) *MockProvider_GetVersion_Call

func (*MockProvider_GetVersion_Call) RunAndReturn 

func (_c *MockProvider_GetVersion_Call) RunAndReturn(run func() (string, error)) *MockProvider_GetVersion_Call

type MockProvider_MakeAccessToken_Call 

type MockProvider_MakeAccessToken_Call struct {
	*mock.Call
}

MockProvider_MakeAccessToken_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'MakeAccessToken'

func (*MockProvider_MakeAccessToken_Call) Return 

func (_c *MockProvider_MakeAccessToken_Call) Return(s string, err error) *MockProvider_MakeAccessToken_Call

func (*MockProvider_MakeAccessToken_Call) Run 

func (_c *MockProvider_MakeAccessToken_Call) Run(run func(credentials Credentials, r *http.Request)) *MockProvider_MakeAccessToken_Call

func (*MockProvider_MakeAccessToken_Call) RunAndReturn 

func (_c *MockProvider_MakeAccessToken_Call) RunAndReturn(run func(credentials Credentials, r *http.Request) (string, error)) *MockProvider_MakeAccessToken_Call

type MockProvider_RegisterSystem_Call 

type MockProvider_RegisterSystem_Call struct {
	*mock.Call
}

MockProvider_RegisterSystem_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RegisterSystem'

func (*MockProvider_RegisterSystem_Call) Return 

func (_c *MockProvider_RegisterSystem_Call) Return(credentials Credentials, err error) *MockProvider_RegisterSystem_Call

func (*MockProvider_RegisterSystem_Call) Run 

func (_c *MockProvider_RegisterSystem_Call) Run(run func(localID string, publicKey string, groupID string, ips ...string)) *MockProvider_RegisterSystem_Call

func (*MockProvider_RegisterSystem_Call) RunAndReturn 

func (_c *MockProvider_RegisterSystem_Call) RunAndReturn(run func(localID string, publicKey string, groupID string, ips ...string) (Credentials, error)) *MockProvider_RegisterSystem_Call

type MockProvider_ResetSecret_Call 

type MockProvider_ResetSecret_Call struct {
	*mock.Call
}

MockProvider_ResetSecret_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ResetSecret'

func (*MockProvider_ResetSecret_Call) Return 

func (_c *MockProvider_ResetSecret_Call) Return(credentials Credentials, err error) *MockProvider_ResetSecret_Call

func (*MockProvider_ResetSecret_Call) Run 

func (_c *MockProvider_ResetSecret_Call) Run(run func(clientID string)) *MockProvider_ResetSecret_Call

func (*MockProvider_ResetSecret_Call) RunAndReturn 

func (_c *MockProvider_ResetSecret_Call) RunAndReturn(run func(clientID string) (Credentials, error)) *MockProvider_ResetSecret_Call

type MockProvider_RevokeAccessToken_Call 

type MockProvider_RevokeAccessToken_Call struct {
	*mock.Call
}

MockProvider_RevokeAccessToken_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RevokeAccessToken'

func (*MockProvider_RevokeAccessToken_Call) Return 

func (_c *MockProvider_RevokeAccessToken_Call) Return(err error) *MockProvider_RevokeAccessToken_Call

func (*MockProvider_RevokeAccessToken_Call) Run 

func (_c *MockProvider_RevokeAccessToken_Call) Run(run func(tokenString string)) *MockProvider_RevokeAccessToken_Call

func (*MockProvider_RevokeAccessToken_Call) RunAndReturn 

func (_c *MockProvider_RevokeAccessToken_Call) RunAndReturn(run func(tokenString string) error) *MockProvider_RevokeAccessToken_Call

type MockProvider_RevokeSystemCredentials_Call 

type MockProvider_RevokeSystemCredentials_Call struct {
	*mock.Call
}

MockProvider_RevokeSystemCredentials_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RevokeSystemCredentials'

func (*MockProvider_RevokeSystemCredentials_Call) Return 

func (_c *MockProvider_RevokeSystemCredentials_Call) Return(err error) *MockProvider_RevokeSystemCredentials_Call

func (*MockProvider_RevokeSystemCredentials_Call) Run 

func (_c *MockProvider_RevokeSystemCredentials_Call) Run(run func(clientID string)) *MockProvider_RevokeSystemCredentials_Call

func (*MockProvider_RevokeSystemCredentials_Call) RunAndReturn 

func (_c *MockProvider_RevokeSystemCredentials_Call) RunAndReturn(run func(clientID string) error) *MockProvider_RevokeSystemCredentials_Call

type MockProvider_VerifyToken_Call 

type MockProvider_VerifyToken_Call struct {
	*mock.Call
}

MockProvider_VerifyToken_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'VerifyToken'

func (*MockProvider_VerifyToken_Call) Return 

func (_c *MockProvider_VerifyToken_Call) Return(token *jwt.Token, err error) *MockProvider_VerifyToken_Call

func (*MockProvider_VerifyToken_Call) Run 

func (_c *MockProvider_VerifyToken_Call) Run(run func(ctx context.Context, tokenString string)) *MockProvider_VerifyToken_Call

func (*MockProvider_VerifyToken_Call) RunAndReturn 

func (_c *MockProvider_VerifyToken_Call) RunAndReturn(run func(ctx context.Context, tokenString string) (*jwt.Token, error)) *MockProvider_VerifyToken_Call

type MockProvider_getAuthDataFromClaims_Call 

type MockProvider_getAuthDataFromClaims_Call struct {
	*mock.Call
}

MockProvider_getAuthDataFromClaims_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'getAuthDataFromClaims'

func (*MockProvider_getAuthDataFromClaims_Call) Return 

func (_c *MockProvider_getAuthDataFromClaims_Call) Return(authData AuthData, err error) *MockProvider_getAuthDataFromClaims_Call

func (*MockProvider_getAuthDataFromClaims_Call) Run 

func (_c *MockProvider_getAuthDataFromClaims_Call) Run(run func(commonClaims *CommonClaims)) *MockProvider_getAuthDataFromClaims_Call

func (*MockProvider_getAuthDataFromClaims_Call) RunAndReturn 

func (_c *MockProvider_getAuthDataFromClaims_Call) RunAndReturn(run func(commonClaims *CommonClaims) (AuthData, error)) *MockProvider_getAuthDataFromClaims_Call

type Provider 

type Provider interface {
	// FindAndCreateACOCredentials takes an ACO ID and calls RegisterSystem, then formats the results
	FindAndCreateACOCredentials(ACOID string, IPs []string) (string, error)

	// RegisterSystem adds a software client for the ACO identified by localID.
	RegisterSystem(localID, publicKey, groupID string, ips ...string) (Credentials, error)

	// ResetSecret new or replace existing Credentials for the given clientID
	ResetSecret(clientID string) (Credentials, error)

	// RevokeSystemCredentials any existing Credentials for the given clientID
	RevokeSystemCredentials(clientID string) error

	// MakeAccessToken mints an access token for the given credentials
	MakeAccessToken(credentials Credentials, r *http.Request) (string, error)

	// RevokeAccessToken a specific access token identified in a base64 encoded token string
	RevokeAccessToken(tokenString string) error

	// VerifyToken decodes a base64 encoded token string into a structured token
	VerifyToken(ctx context.Context, tokenString string) (*jwt.Token, error)

	// GetVersion gets the version of the provider
	GetVersion() (string, error)
	// contains filtered or unexported methods
}

Provider defines operations performed through an authentication provider.

func NewProvider 

func NewProvider(db *sql.DB) Provider

type SSASPlugin 

type SSASPlugin struct {
	// contains filtered or unexported fields
}

SSASPlugin is an implementation of Provider that uses the SSAS API.

func (SSASPlugin) FindAndCreateACOCredentials 

func (s SSASPlugin) FindAndCreateACOCredentials(ACOID string, ips []string) (string, error)

func (SSASPlugin) GetVersion 

func (s SSASPlugin) GetVersion() (string, error)

GetVersion gets the version of the SSAS client

func (SSASPlugin) MakeAccessToken 

func (s SSASPlugin) MakeAccessToken(credentials Credentials, r *http.Request) (string, error)

MakeAccessToken mints an access token for the given credentials.

func (SSASPlugin) RegisterSystem 

func (s SSASPlugin) RegisterSystem(localID, publicKey, groupID string, ips ...string) (Credentials, error)

RegisterSystemWithIPs adds a software client for the ACO identified by localID.

func (SSASPlugin) ResetSecret 

func (s SSASPlugin) ResetSecret(clientID string) (Credentials, error)

ResetSecret creates new or replaces existing credentials for the given ssasID.

func (SSASPlugin) RevokeAccessToken 

func (s SSASPlugin) RevokeAccessToken(tokenString string) error

RevokeAccessToken revokes a specific access token identified in a base64-encoded token string.

func (SSASPlugin) RevokeSystemCredentials 

func (s SSASPlugin) RevokeSystemCredentials(ssasID string) error

RevokeSystemCredentials revokes any existing credentials for the given clientID.

func (SSASPlugin) VerifyToken 

func (sSASPlugin SSASPlugin) VerifyToken(ctx context.Context, tokenString string) (*jwt.Token, error)

VerifyToken decodes a base64-encoded token string into a structured token, verifies token with SSAS and calls check for token expiration.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.