Documentation
¶
Overview ¶
Package jwt provides JWT token handling for the auth module. It includes functionality for generating and validating JWT tokens.
Index ¶
- func ExtractTokenFromHeader(authHeader string) (string, error)
- type Claims
- type Config
- type LocalValidator
- type RemoteClient
- type RemoteConfig
- type RemoteValidator
- type Service
- func (s *Service) GenerateToken(ctx context.Context, userID string, roles []string, scopes []string, ...) (string, error)
- func (s *Service) RevokeToken(ctx context.Context, tokenID string, expiresAt time.Time) error
- func (s *Service) RevokeTokenByString(ctx context.Context, tokenString string) error
- func (s *Service) SetRemoteValidatorForTesting(validator TokenValidator)
- func (s *Service) ValidateToken(ctx context.Context, tokenString string) (*Claims, error)
- func (s *Service) WithRemoteValidator(config RemoteConfig) (*Service, error)
- type SigningMethod
- type TokenValidator
- type ValidationRequest
- type ValidationResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractTokenFromHeader ¶
ExtractTokenFromHeader extracts a JWT token from an Authorization header.
Types ¶
type Claims ¶
type Claims struct {
// UserID is the unique identifier of the user (stored in the 'sub' claim)
UserID string `json:"sub"`
// Roles contains the user's assigned roles for authorization
Roles []string `json:"roles"`
// Scopes contains the user's assigned permission scopes
Scopes []string `json:"scopes"`
// Resources contains the resources the user has access to
Resources []string `json:"resources"`
// RegisteredClaims contains the standard JWT claims like expiration time
jwt.RegisteredClaims
}
Claims represents the JWT claims contained in a token.
type Config ¶
type Config struct {
// SecretKey is the key used to sign and verify JWT tokens
SecretKey string
// TokenDuration is the validity period for generated tokens
TokenDuration time.Duration
// Issuer identifies the entity that issued the token
Issuer string
// SigningMethod is the algorithm used to sign JWT tokens
// Default is HS256 if not specified
SigningMethod SigningMethod
// MinSecretKeyLength is the minimum length required for the secret key
// Default is 32 if not specified
MinSecretKeyLength int
}
Config holds the configuration for JWT token handling.
type LocalValidator ¶
type LocalValidator struct {
// contains filtered or unexported fields
}
LocalValidator implements TokenValidator using local validation.
func NewLocalValidator ¶
func NewLocalValidator(config Config, logger *zap.Logger) *LocalValidator
NewLocalValidator creates a new local validator with the provided configuration and logger.
func (*LocalValidator) ValidateToken ¶
ValidateToken validates a JWT token locally and returns the claims if valid.
type RemoteClient ¶
type RemoteClient struct {
// contains filtered or unexported fields
}
RemoteClient handles HTTP communication with the remote validation service.
func NewRemoteClient ¶
func NewRemoteClient(config RemoteConfig, logger *logging.ContextLogger) *RemoteClient
NewRemoteClient creates a new remote client with the provided configuration.
func (*RemoteClient) ValidateToken ¶
ValidateToken sends a validation request to the remote service.
type RemoteConfig ¶
type RemoteConfig struct {
// ValidationURL is the URL of the remote validation endpoint
ValidationURL string
// ClientID is the client ID for the remote validation service
ClientID string
// ClientSecret is the client secret for the remote validation service
ClientSecret string
// Timeout is the timeout for remote validation operations
Timeout time.Duration
}
RemoteConfig holds the configuration for remote JWT token validation.
type RemoteValidator ¶
type RemoteValidator struct {
// contains filtered or unexported fields
}
RemoteValidator implements TokenValidator using remote validation.
func NewRemoteValidator ¶
func NewRemoteValidator(config RemoteConfig, logger *zap.Logger) *RemoteValidator
NewRemoteValidator creates a new remote validator with the provided configuration and logger.
func (*RemoteValidator) ValidateToken ¶
ValidateToken validates a JWT token remotely and returns the claims if valid.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service handles JWT token operations including generation and validation.
func NewService ¶
NewService creates a new JWT service with the provided configuration and logger.
func (*Service) GenerateToken ¶
func (s *Service) GenerateToken(ctx context.Context, userID string, roles []string, scopes []string, resources []string) (string, error)
GenerateToken generates a new JWT token for a user with the specified roles, scopes, and resources.
func (*Service) RevokeToken ¶ added in v1.2.0
RevokeToken revokes a token by its ID.
func (*Service) RevokeTokenByString ¶ added in v1.2.0
RevokeTokenByString revokes a token by its string representation.
func (*Service) SetRemoteValidatorForTesting ¶
func (s *Service) SetRemoteValidatorForTesting(validator TokenValidator)
SetRemoteValidatorForTesting sets the remote validator for testing purposes. This method should only be used in tests.
func (*Service) ValidateToken ¶
ValidateToken validates a JWT token and returns the claims if valid.
func (*Service) WithRemoteValidator ¶
func (s *Service) WithRemoteValidator(config RemoteConfig) (*Service, error)
WithRemoteValidator adds a remote validator to the JWT service.
type SigningMethod ¶ added in v1.2.0
type SigningMethod string
SigningMethod represents the algorithm used to sign JWT tokens
const ( // SigningMethodHS256 represents HMAC using SHA-256 SigningMethodHS256 SigningMethod = "HS256" // SigningMethodHS384 represents HMAC using SHA-384 SigningMethodHS384 SigningMethod = "HS384" // SigningMethodHS512 represents HMAC using SHA-512 SigningMethodHS512 SigningMethod = "HS512" // SigningMethodRS256 represents RSASSA-PKCS1-v1_5 using SHA-256 SigningMethodRS256 SigningMethod = "RS256" // SigningMethodRS384 represents RSASSA-PKCS1-v1_5 using SHA-384 SigningMethodRS384 SigningMethod = "RS384" // SigningMethodRS512 represents RSASSA-PKCS1-v1_5 using SHA-512 SigningMethodRS512 SigningMethod = "RS512" // SigningMethodES256 represents ECDSA using P-256 and SHA-256 SigningMethodES256 SigningMethod = "ES256" // SigningMethodES384 represents ECDSA using P-384 and SHA-384 SigningMethodES384 SigningMethod = "ES384" // SigningMethodES512 represents ECDSA using P-521 and SHA-512 SigningMethodES512 SigningMethod = "ES512" )
type TokenValidator ¶
type TokenValidator interface {
// ValidateToken validates a JWT token and returns the claims if valid.
ValidateToken(ctx context.Context, tokenString string) (*Claims, error)
}
TokenValidator is an interface for validating JWT tokens. It allows for different validation strategies (local, remote, etc.)
type ValidationRequest ¶ added in v1.2.0
type ValidationRequest struct {
Token string `json:"token"`
}
ValidationRequest represents a request to validate a token.
type ValidationResponse ¶ added in v1.2.0
type ValidationResponse struct {
Valid bool `json:"valid"`
UserID string `json:"user_id"`
Roles []string `json:"roles"`
Scopes []string `json:"scopes"`
Error string `json:"error,omitempty"`
}
ValidationResponse represents a response from the validation endpoint.
Source Files