Documentation
¶
Index ¶
- Constants
- func APIKeyFingerprint(ctx context.Context) ([]byte, bool)
- func FromContext(ctx context.Context) *stdauthnfxv1.Access
- func New(deps struct{ ... }) (res struct{ ... }, err error)
- func Provide() fx.Option
- func WithAPIKeyFingerprint(ctx context.Context, hash hash.Hash, data []byte) context.Context
- func WithAccess(ctx context.Context, val protovalidate.Validator, access *stdauthnfxv1.Access) context.Context
- func WithAnonymousAccess(ctx context.Context, val protovalidate.Validator) context.Context
- func WithWebUserAccess(ctx context.Context, val protovalidate.Validator, ...) context.Context
- type AccessControl
- func (ac *AccessControl) Authenticate(ctx context.Context, authzHeader string) (context.Context, error)
- func (ac *AccessControl) BuildAndSignAPIKey(acc *stdauthnfxv1.Access) (string, error)
- func (ac *AccessControl) CRPCInterceptor() connect.Interceptor
- func (ac *AccessControl) GRPCInterceptor() grpc.UnaryServerInterceptor
- type Config
Constants ¶
View Source
const (
// prefix to recognize our API keys.
APIKeyPrefix = "bwak_"
)
Variables ¶
This section is empty.
Functions ¶
func APIKeyFingerprint ¶ added in v0.0.192
func FromContext ¶ added in v0.0.191
func FromContext(ctx context.Context) *stdauthnfxv1.Access
func WithAPIKeyFingerprint ¶ added in v0.0.192
func WithAccess ¶ added in v0.0.191
func WithAccess(ctx context.Context, val protovalidate.Validator, access *stdauthnfxv1.Access) context.Context
func WithAnonymousAccess ¶ added in v0.0.191
func WithWebUserAccess ¶ added in v0.0.191
func WithWebUserAccess( ctx context.Context, val protovalidate.Validator, info *stdauthnfxv1.AccessIdentity, ) context.Context
Types ¶
type AccessControl ¶ added in v0.0.191
type AccessControl struct {
// contains filtered or unexported fields
}
func (*AccessControl) Authenticate ¶ added in v0.0.191
func (ac *AccessControl) Authenticate(ctx context.Context, authzHeader string) (context.Context, error)
Authenticate a HTTP authorization header value. If an empty string is passed, it is considered as not set and the "anonymous" access behavior is triggered.
func (*AccessControl) BuildAndSignAPIKey ¶ added in v0.0.191
func (ac *AccessControl) BuildAndSignAPIKey(acc *stdauthnfxv1.Access) (string, error)
BuildAndSignAPIKey takes an access and signs it as our API keys.
func (*AccessControl) CRPCInterceptor ¶ added in v0.0.191
func (ac *AccessControl) CRPCInterceptor() connect.Interceptor
func (*AccessControl) GRPCInterceptor ¶ added in v0.0.191
func (ac *AccessControl) GRPCInterceptor() grpc.UnaryServerInterceptor
type Config ¶
type Config struct {
// The base64-encoded key information for signing.
SigningKeySetBase64 string `env:"SIGNING_KEY_SET_BASE64,required"`
// SigningKeyID is the id we use for signing
SigningKeyID string `env:"SIGNING_KEY_ID,required"`
// Access Token validation JWKS endpoint
TokenValidationJWKSEndpoint string `env:"TOKEN_VALIDATION_JWKS_ENDPOINT,required"`
// Access Token issuer to be checked.
TokenIssuer string `env:"TOKEN_ISSUER,required"`
// Access Token audience to be checked.
TokenAudience string `env:"TOKEN_AUDIENCE,required"`
// Configure a fixed wall-clock time as far as token validation is concerned. Only useful in testing.
FixedWallClockTimestamp int64 `env:"FIXED_WALL_CLOCK_TIMESTAMP"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.