auth

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 6, 2026 License: MIT Imports: 29 Imported by: 0

Documentation

Overview

Package auth implements various authentication methods

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Init 

func Init(authCfg *json.RawMessage)

Types

type AuthConfig added in v1.5.0 

type AuthConfig struct {
	LdapConfig   *LdapConfig    `json:"ldap"`
	JwtConfig    *JWTAuthConfig `json:"jwts"`
	OpenIDConfig *OpenIDConfig  `json:"oidc"`
}

AuthConfig contains configuration for all authentication methods 

var Keys AuthConfig

Keys holds the global authentication configuration

type Authentication 

type Authentication struct {
	LdapAuth  *LdapAuthenticator
	JwtAuth   *JWTAuthenticator
	LocalAuth *LocalAuthenticator

	SessionMaxAge time.Duration
	// contains filtered or unexported fields
}

Authentication manages all authentication methods and session handling

func GetAuthInstance added in v1.4.0 

func GetAuthInstance() *Authentication

func (*Authentication) Auth 

func (auth *Authentication) Auth(
	onsuccess http.Handler,
	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error),
) http.Handler

func (*Authentication) AuthAPI added in v1.5.0 

func (auth *Authentication) AuthAPI(
	onsuccess http.Handler,
	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error),
) http.Handler

func (*Authentication) AuthConfigAPI added in v1.5.0 

func (auth *Authentication) AuthConfigAPI(
	onsuccess http.Handler,
	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error),
) http.Handler

func (*Authentication) AuthFrontendAPI added in v1.5.0 

func (auth *Authentication) AuthFrontendAPI(
	onsuccess http.Handler,
	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error),
) http.Handler

func (*Authentication) AuthMetricStoreAPI added in v1.5.0 

func (auth *Authentication) AuthMetricStoreAPI(
	onsuccess http.Handler,
	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error),
) http.Handler

func (*Authentication) AuthUserAPI added in v1.5.0 

func (auth *Authentication) AuthUserAPI(
	onsuccess http.Handler,
	onfailure func(rw http.ResponseWriter, r *http.Request, authErr error),
) http.Handler

func (*Authentication) AuthViaSession 

func (auth *Authentication) AuthViaSession(
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, error)

func (*Authentication) Login 

func (auth *Authentication) Login(
	onfailure func(rw http.ResponseWriter, r *http.Request, loginErr error),
) http.Handler

func (*Authentication) Logout 

func (auth *Authentication) Logout(onsuccess http.Handler) http.Handler

func (*Authentication) SaveSession added in v1.3.0 

func (auth *Authentication) SaveSession(rw http.ResponseWriter, r *http.Request, user *schema.User) error

type Authenticator 

type Authenticator interface {
	// CanLogin determines if this authenticator can handle the login request.
	// It returns the user object if available and a boolean indicating if this
	// authenticator should attempt the login. This method should not perform
	// expensive operations or actual authentication.
	CanLogin(user *schema.User, username string, rw http.ResponseWriter, r *http.Request) (*schema.User, bool)

	// Login performs the actually authentication for the user.
	// It returns the authenticated user or an error if authentication fails.
	// The user parameter may be nil if the user doesn't exist in the database yet.
	Login(user *schema.User, rw http.ResponseWriter, r *http.Request) (*schema.User, error)
}

Authenticator is the interface for all authentication methods. Each authenticator determines if it can handle a login request (CanLogin) and performs the actual authentication (Login).

type JWTAuthConfig added in v1.5.0 

type JWTAuthConfig struct {
	// Specifies for how long a JWT token shall be valid
	// as a string parsable by time.ParseDuration().
	MaxAge string `json:"max-age"`

	// Specifies which cookie should be checked for a JWT token (if no authorization header is present)
	CookieName string `json:"cookie-name"`

	// Deny login for users not in database (but defined in JWT).
	// Ignore user roles defined in JWTs ('roles' claim), get them from db.
	ValidateUser bool `json:"validate-user"`

	// Specifies which issuer should be accepted when validating external JWTs ('iss' claim)
	TrustedIssuer string `json:"trusted-issuer"`

	// Should an non-existent user be added to the DB based on the information in the token
	SyncUserOnLogin bool `json:"sync-user-on-login"`

	// Should an existent user be updated in the DB based on the information in the token
	UpdateUserOnLogin bool `json:"update-user-on-login"`
}

type JWTAuthenticator 

type JWTAuthenticator struct {
	// contains filtered or unexported fields
}

func (*JWTAuthenticator) AuthViaJWT added in v1.2.0 

func (ja *JWTAuthenticator) AuthViaJWT(
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, error)

func (*JWTAuthenticator) Init 

func (ja *JWTAuthenticator) Init() error

func (*JWTAuthenticator) ProvideJWT 

func (ja *JWTAuthenticator) ProvideJWT(user *schema.User) (string, error)

ProvideJWT generates a new JWT that can be used for authentication

type JWTCookieSessionAuthenticator added in v1.2.0 

type JWTCookieSessionAuthenticator struct {
	// contains filtered or unexported fields
}

func (*JWTCookieSessionAuthenticator) CanLogin added in v1.2.0 

func (ja *JWTCookieSessionAuthenticator) CanLogin(
	user *schema.User,
	username string,
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, bool)

func (*JWTCookieSessionAuthenticator) Init added in v1.2.0 

func (ja *JWTCookieSessionAuthenticator) Init() error

func (*JWTCookieSessionAuthenticator) Login added in v1.2.0 

func (ja *JWTCookieSessionAuthenticator) Login(
	user *schema.User,
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, error)

type JWTSessionAuthenticator added in v1.2.0 

type JWTSessionAuthenticator struct {
	// contains filtered or unexported fields
}

func (*JWTSessionAuthenticator) CanLogin added in v1.2.0 

func (ja *JWTSessionAuthenticator) CanLogin(
	user *schema.User,
	username string,
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, bool)

func (*JWTSessionAuthenticator) Init added in v1.2.0 

func (ja *JWTSessionAuthenticator) Init() error

func (*JWTSessionAuthenticator) Login added in v1.2.0 

func (ja *JWTSessionAuthenticator) Login(
	user *schema.User,
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, error)

type LdapAuthenticator 

type LdapAuthenticator struct {
	UserAttr string
	UIDAttr  string
	// contains filtered or unexported fields
}

func (*LdapAuthenticator) CanLogin 

func (la *LdapAuthenticator) CanLogin(
	user *schema.User,
	username string,
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, bool)

func (*LdapAuthenticator) Init 

func (la *LdapAuthenticator) Init() error

func (*LdapAuthenticator) Login 

func (la *LdapAuthenticator) Login(
	user *schema.User,
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, error)

func (*LdapAuthenticator) Sync 

func (la *LdapAuthenticator) Sync() error

type LdapConfig added in v1.5.0 

type LdapConfig struct {
	URL             string `json:"url"`
	UserBase        string `json:"user-base"`
	SearchDN        string `json:"search-dn"`
	UserBind        string `json:"user-bind"`
	UserFilter      string `json:"user-filter"`
	UserAttr        string `json:"username-attr"`
	UIDAttr         string `json:"uid-attr"`
	SyncInterval    string `json:"sync-interval"` // Parsed using time.ParseDuration.
	SyncDelOldUsers bool   `json:"sync-del-old-users"`

	// Should a non-existent user be added to the DB if user exists in ldap directory
	SyncUserOnLogin   bool `json:"sync-user-on-login"`
	UpdateUserOnLogin bool `json:"update-user-on-login"`
}

type LocalAuthenticator 

type LocalAuthenticator struct {
	// contains filtered or unexported fields
}

func (*LocalAuthenticator) CanLogin 

func (la *LocalAuthenticator) CanLogin(
	user *schema.User,
	username string,
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, bool)

func (*LocalAuthenticator) Init 

func (la *LocalAuthenticator) Init() error

func (*LocalAuthenticator) Login 

func (la *LocalAuthenticator) Login(
	user *schema.User,
	rw http.ResponseWriter,
	r *http.Request,
) (*schema.User, error)

type OIDC added in v1.3.0 

type OIDC struct {
	// contains filtered or unexported fields
}

func NewOIDC added in v1.3.0 

func NewOIDC(a *Authentication) *OIDC

NewOIDC creates a new OIDC authenticator with the configured provider

func (*OIDC) OAuth2Callback added in v1.3.0 

func (oa *OIDC) OAuth2Callback(rw http.ResponseWriter, r *http.Request)

func (*OIDC) OAuth2Login added in v1.3.0 

func (oa *OIDC) OAuth2Login(rw http.ResponseWriter, r *http.Request)

func (*OIDC) RegisterEndpoints added in v1.3.0 

func (oa *OIDC) RegisterEndpoints(r chi.Router)

type OpenIDConfig added in v1.5.0 

type OpenIDConfig struct {
	Provider          string `json:"provider"`
	SyncUserOnLogin   bool   `json:"sync-user-on-login"`
	UpdateUserOnLogin bool   `json:"update-user-on-login"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.