middleware

package
v1.13.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 9, 2023 License: MPL-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RequestContextHeaderName = "x-amzn-request-context"
)
View Source 
const ServiceUnavailableMsg = "guru meditation error"

Variables

This section is empty.

Functions

func CertAuthorizer 

func CertAuthorizer(namespace uuid.UUID) authzFn

CertAuthorizer returns a Lambda Authorizer function that authorizes requests based on the client certificate in the request context. If the certificate is valid, the Authorizer returns an Allow policy. The the certificate namespace does not match the configured namespace, the Authorizer returns a Deny policy.

func TLSIdentifier 

func TLSIdentifier(namespace uuid.UUID) func(http.Handler) http.Handler

TLSIdentifier returns a HTTP Handler middleware function that identifies clients using TLS client certificates. It parses the client certficiate into a RequestContext which is JSON-serialised into the request context header.

Types

type AuthenticatedRequestContext 

type AuthenticatedRequestContext struct {
	events.APIGatewayCustomAuthorizerRequest
	Authentication Authentication `json:"authentication"`
}

type Authentication 

type Authentication struct {
	ClientCert ClientCert `json:"clientCert"`
}

type AuthorizedRequestContext 

type AuthorizedRequestContext struct {
	Identity   Identity   `json:"identity"`
	Authorizer Authorizer `json:"authorizer"`
}

type Authorizer 

type Authorizer struct {
	Namespace uuid.UUID `json:"namespace"`
	PublicKey JWK       `json:"publicKey"`
}

type ClientCert 

type ClientCert struct {
	ClientCertPem string   `json:"clientCertPem"`
	SubjectDN     string   `json:"subjectDN"`
	IssuerDN      string   `json:"issuerDN"`
	SerialNumber  string   `json:"serialNumber"`
	Validity      Validity `json:"validity"`
}

ClientCert contains fields related to TLS Client Certificates.

type Identity 

type Identity struct {
	SourceIp  string `json:"sourceIp"`
	UserAgent string `json:"userAgent"`
}

type JWK 

type JWK struct {
	KeyType string `json:"kty"`
	Curve   string `json:"crv"`
	X       string `json:"x"`
	Y       string `json:"y"`
}

JWK is a JSON Web Key. It is a subset of the JWK spec, containing only the fields we need. See https://tools.ietf.org/html/rfc7517#section-4.1 for the full spec. JWK marshals to and unmarshals from a JSON string.

func JWKFromECDSA 

func JWKFromECDSA(key *ecdsa.PublicKey) JWK

func (*JWK) FromECDSA 

func (j *JWK) FromECDSA(key *ecdsa.PublicKey)

func (JWK) MarshalJSON 

func (j JWK) MarshalJSON() ([]byte, error)

func (JWK) ToECDSA 

func (j JWK) ToECDSA() (*ecdsa.PublicKey, bool)

func (*JWK) UnmarshalJSON 

func (j *JWK) UnmarshalJSON(data []byte) error

type Validity 

type Validity struct {
	NotBefore time.Time `json:"notBefore"`
	NotAfter  time.Time `json:"notAfter"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.