Documentation
¶
Index ¶
- Variables
- func AuthSessionTo(ctx context.Context, session Session) context.Context
- func AuthnMiddleware(authn AuthnProvider) func(ctx huma.Context, next func(huma.Context))
- type AuthnProvider
- type Authorizer
- type AuthzProvider
- type JWTClaims
- type JWTManager
- func (j *JWTManager) Authenticate(ctx context.Context, reqHeaders func(name string) string, query url.Values) (Session, error)
- func (j *JWTManager) Check(ctx context.Context, s Session, verb PermissionAction, resource Resource) error
- func (j *JWTManager) GenerateTokenResponse(_ context.Context, claims JWTClaims) (*TokenResponse, error)
- func (j *JWTManager) HasPermission(resource string, action PermissionAction, permissions []Permission) bool
- func (j *JWTManager) ValidateToken(_ context.Context, tokenString string) (*JWTClaims, error)
- type Method
- type Permission
- type PermissionAction
- type Principal
- type Resource
- type Session
- type TokenResponse
- type User
Constants ¶
This section is empty.
Variables ¶
View Source
var BlockedNamespaces = []string{}
BlockedNamespaces contains a list of namespaces that are not allowed to publish packages. This is used as a denylist mechanism to prevent abuse.
View Source
var (
)
Functions ¶
func AuthnMiddleware ¶
func AuthnMiddleware(authn AuthnProvider) func(ctx huma.Context, next func(huma.Context))
Types ¶
type AuthnProvider ¶
type Authorizer ¶
type Authorizer struct {
Authz AuthzProvider
}
func (*Authorizer) Check ¶
func (a *Authorizer) Check(ctx context.Context, verb PermissionAction, resource Resource) error
type AuthzProvider ¶
type AuthzProvider interface {
Check(ctx context.Context, s Session, verb PermissionAction, resource Resource) error
}
Authz
type JWTClaims ¶
type JWTClaims struct {
jwt.RegisteredClaims
// Authentication method used to obtain this token
AuthMethod Method `json:"auth_method"`
AuthMethodSubject string `json:"auth_method_sub"`
Permissions []Permission `json:"permissions"`
}
JWTClaims represents the claims for the Registry JWT token
type JWTManager ¶
type JWTManager struct {
// contains filtered or unexported fields
}
JWTManager handles JWT token operations
func NewJWTManager ¶
func NewJWTManager(cfg *config.Config) *JWTManager
func (*JWTManager) Authenticate ¶
func (*JWTManager) Check ¶
func (j *JWTManager) Check(ctx context.Context, s Session, verb PermissionAction, resource Resource) error
func (*JWTManager) GenerateTokenResponse ¶
func (j *JWTManager) GenerateTokenResponse(_ context.Context, claims JWTClaims) (*TokenResponse, error)
GenerateToken generates a new Registry JWT token
func (*JWTManager) HasPermission ¶
func (j *JWTManager) HasPermission(resource string, action PermissionAction, permissions []Permission) bool
func (*JWTManager) ValidateToken ¶
ValidateToken validates a Registry JWT token and returns the claims
type Method ¶
type Method string
Method represents the authentication method used
const ( // GitHub OAuth authentication (access token) MethodGitHubAT Method = "github-at" // GitHub Actions OIDC authentication MethodGitHubOIDC Method = "github-oidc" // Generic OIDC authentication MethodOIDC Method = "oidc" // DNS-based public/private key authentication MethodDNS Method = "dns" // HTTP-based public/private key authentication MethodHTTP Method = "http" // No authentication - should only be used for local development and testing MethodNone Method = "none" )
type Permission ¶
type Permission struct {
Action PermissionAction `json:"action"` // The action type (publish or edit)
ResourcePattern string `json:"resource"` // e.g., "io.github.username/*"
}
type PermissionAction ¶
type PermissionAction string
PermissionAction represents the type of action that can be performed
const ( PermissionActionPublish PermissionAction = "publish" // Intended for admins taking moderation actions only, at least for now PermissionActionEdit PermissionAction = "edit" )
type TokenResponse ¶
type User ¶
type User struct {
Permissions []Permission
}
Source Files
Click to show internal directories.
Click to hide internal directories.