Documentation
¶
Index ¶
- Variables
- func ContextWithJWTMetadata(ctx context.Context, jwt string) context.Context
- func HandlerGrants(grants []string, next http.HandlerFunc) http.HandlerFunc
- func HandlerValidateJWT(brk auth.RSAPublicKeyCopierRenewer, next http.HandlerFunc) http.HandlerFunc
- func InterceptServerJWT(ctx context.Context, brk auth.RSAPublicKeyCopierRenewer) (auth.Consumer, error)
- func StreamClientInterceptor(jwt string) ...
- func StreamServerInterceptor(brk auth.RSAPublicKeyCopierRenewer) ...
- func UnaryClientInterceptor(jwt string) func(ctx context.Context, method string, req, reply interface{}, ...) error
- func UnaryServerInterceptor(brk auth.RSAPublicKeyCopierRenewer) ...
Examples ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrMetadataMissing happens when there is no metadata with the request ErrMetadataMissing = status.Error(codes.InvalidArgument, "metadata missing") // ErrAuthTokenMissing happens when there is no auth token in the metadata ErrAuthTokenMissing = status.Error(codes.InvalidArgument, "metadata missing: auth-token") )
Functions ¶
func ContextWithJWTMetadata ¶
ContextWithJWTMetadata will add a JWT to the client outgoing context metadata
func HandlerGrants ¶
func HandlerGrants(grants []string, next http.HandlerFunc) http.HandlerFunc
HandlerGrants is an HTTP handler to check that the consumer in the request context has the required grants.
func HandlerValidateJWT ¶
func HandlerValidateJWT(brk auth.RSAPublicKeyCopierRenewer, next http.HandlerFunc) http.HandlerFunc
HandlerValidateJWT takes a JWT from the request headers, attempts validation and returns a http handler.
Example ¶
package main
import (
"crypto/rsa"
"net/http"
"github.com/LUSHDigital/core/auth"
"github.com/LUSHDigital/core/middleware/authmw"
)
var broker auth.RSAPublicKeyCopierRenewer
func main() {
http.Handle("/users", authmw.HandlerValidateJWT(broker, func(w http.ResponseWriter, r *http.Request) {
consumer := auth.ConsumerFromContext(r.Context())
if !consumer.HasAnyGrant("users.read") {
http.Error(w, "access denied", http.StatusUnauthorized)
}
}))
}
func InterceptServerJWT ¶
func InterceptServerJWT(ctx context.Context, brk auth.RSAPublicKeyCopierRenewer) (auth.Consumer, error)
InterceptServerJWT will check the context metadata for a JWT
func StreamClientInterceptor ¶
func StreamClientInterceptor(jwt string) func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error)
StreamClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Streaming RPCs.
func StreamServerInterceptor ¶
func StreamServerInterceptor(brk auth.RSAPublicKeyCopierRenewer) func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error
StreamServerInterceptor is a gRPC server-side interceptor that checks that JWT provided is valid for streaming procedures
Example ¶
package main
import (
"crypto/rsa"
"log"
"net"
"github.com/LUSHDigital/core/auth"
"github.com/LUSHDigital/core/middleware/authmw"
"google.golang.org/grpc"
)
var broker auth.RSAPublicKeyCopierRenewer
func main() {
srv := grpc.NewServer(
grpc.StreamInterceptor(authmw.StreamServerInterceptor(broker)),
)
l, err := net.Listen("tpc", ":50051")
if err != nil {
log.Fatalln(err)
}
log.Fatalln(srv.Serve(l))
}
func UnaryClientInterceptor ¶
func UnaryClientInterceptor(jwt string) func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error
UnaryClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Unary RPCs.
func UnaryServerInterceptor ¶
func UnaryServerInterceptor(brk auth.RSAPublicKeyCopierRenewer) func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
UnaryServerInterceptor is a gRPC server-side interceptor that checks that JWT provided is valid for unary procedures
Example ¶
package main
import (
"crypto/rsa"
"log"
"net"
"github.com/LUSHDigital/core/auth"
"github.com/LUSHDigital/core/middleware/authmw"
"google.golang.org/grpc"
)
var broker auth.RSAPublicKeyCopierRenewer
func main() {
srv := grpc.NewServer(
grpc.UnaryInterceptor(authmw.UnaryServerInterceptor(broker)),
)
l, err := net.Listen("tpc", ":50051")
if err != nil {
log.Fatalln(err)
}
log.Fatalln(srv.Serve(l))
}
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.