Documentation
¶
Overview ¶
Package casdoor adapts the official Casdoor Go SDK to Kernel authn contracts.
Index ¶
- Constants
- type AdminConfig
- type Client
- func (c *Client) AssignUserToGroup(ctx context.Context, req authn.AssignUserToGroupRequest) error
- func (c *Client) Authenticate(ctx context.Context, credential authn.Credential) (authn.Principal, error)
- func (c *Client) BuildLoginURL(ctx context.Context, req authn.LoginURLRequest) (authn.LoginURL, error)
- func (c *Client) BuildLogoutURL(ctx context.Context, req authn.LogoutURLRequest) (authn.LogoutURL, error)
- func (c *Client) CreateApplication(ctx context.Context, req authn.CreateApplicationRequest) (authn.Application, error)
- func (c *Client) CreateGroup(ctx context.Context, req authn.CreateGroupRequest) (authn.Group, error)
- func (c *Client) CreateOrganization(ctx context.Context, req authn.CreateOrganizationRequest) (authn.Organization, error)
- func (c *Client) CreateUser(ctx context.Context, req authn.CreateUserRequest) (authn.User, error)
- func (c *Client) DeleteApplication(ctx context.Context, req authn.DeleteApplicationRequest) error
- func (c *Client) DeleteGroup(ctx context.Context, req authn.DeleteGroupRequest) error
- func (c *Client) DeleteOrganization(ctx context.Context, req authn.DeleteOrganizationRequest) error
- func (c *Client) DeleteUser(ctx context.Context, req authn.DeleteUserRequest) error
- func (c *Client) DisableUser(ctx context.Context, orgID, userID string) error
- func (c *Client) ExchangeCode(ctx context.Context, req authn.AuthCodeExchangeRequest) (authn.TokenSet, authn.Principal, error)
- func (c *Client) FindUsers(ctx context.Context, filter authn.UserFilter) ([]authn.User, error)
- func (c *Client) GetApplication(ctx context.Context, orgID, appID string) (authn.Application, error)
- func (c *Client) GetGroup(ctx context.Context, orgID, groupID string) (authn.Group, error)
- func (c *Client) GetIdentityProfile(ctx context.Context, req authn.IdentityProfileRequest) (authn.IdentityProfile, error)
- func (c *Client) GetOrganization(ctx context.Context, orgID string) (authn.Organization, error)
- func (c *Client) GetSession(ctx context.Context, orgID, sessionID string) (authn.Session, error)
- func (c *Client) GetUser(ctx context.Context, orgID, userID string) (authn.User, error)
- func (c *Client) HandleCallback(ctx context.Context, req authn.CallbackRequest) (authn.CallbackResult, error)
- func (c *Client) ListGroups(ctx context.Context, filter authn.GroupFilter) ([]authn.Group, error)
- func (c *Client) ListSessions(ctx context.Context, filter authn.SessionFilter) ([]authn.Session, error)
- func (c *Client) RefreshToken(ctx context.Context, req authn.RefreshTokenRequest) (authn.TokenSet, error)
- func (c *Client) RemoveUserFromGroup(ctx context.Context, req authn.AssignUserToGroupRequest) error
- func (c *Client) RevokeToken(ctx context.Context, req authn.RevokeTokenRequest) error
- func (c *Client) SigninURL(redirectURI string) string
- func (c *Client) SignupURL(enablePassword bool, redirectURI string) string
- func (c *Client) SummarizeSessions(ctx context.Context, filter authn.SessionFilter) (authn.SessionSummary, error)
- func (c *Client) UpdateApplication(ctx context.Context, req authn.UpdateApplicationRequest) (authn.Application, error)
- func (c *Client) UpdateGroup(ctx context.Context, req authn.UpdateGroupRequest) (authn.Group, error)
- func (c *Client) UpdateOrganization(ctx context.Context, req authn.UpdateOrganizationRequest) (authn.Organization, error)
- func (c *Client) UpdateUser(ctx context.Context, req authn.UpdateUserRequest) (authn.User, error)
- func (c *Client) UpsertUser(ctx context.Context, user authn.User) (authn.User, error)
- func (c *Client) VerifyToken(ctx context.Context, req authn.VerifyTokenRequest) (authn.Principal, error)
- type Config
Constants ¶
const ProviderName = "casdoor"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AdminConfig ¶
type AdminConfig struct {
Enabled bool `json:"enabled" yaml:"enabled"`
OrganizationName string `json:"organization_name" yaml:"organization_name"`
ApplicationName string `json:"application_name" yaml:"application_name"`
ClientID string `json:"client_id" yaml:"client_id"`
ClientSecret string `json:"client_secret" yaml:"client_secret"`
JWTCertificate string `json:"jwt_certificate" yaml:"jwt_certificate"`
JWTCertificateFile string `json:"jwt_certificate_file" yaml:"jwt_certificate_file"`
// Certificate is kept as a backward-compatible alias for JWTCertificate.
Certificate string `json:"certificate" yaml:"certificate"`
}
AdminConfig is the Casdoor credential set for management APIs. In production this must be a dedicated service application using OAuth2 client_credentials / M2M semantics, for example `iam-service`. It should not use the public browser login application and should never use built-in/admin except for one-time bootstrap or break-glass recovery.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client implements authn.Authenticator, authn.TokenService and authn.IdentityAdmin using Casdoor's official Go SDK.
func (*Client) AssignUserToGroup ¶
func (*Client) Authenticate ¶
func (*Client) BuildLoginURL ¶
func (c *Client) BuildLoginURL(ctx context.Context, req authn.LoginURLRequest) (authn.LoginURL, error)
BuildLoginURL returns a Casdoor hosted login URL through Kernel's provider- neutral LoginService contract. Callers should not import or call the Casdoor SDK directly.
func (*Client) BuildLogoutURL ¶ added in v0.0.7
func (c *Client) BuildLogoutURL(ctx context.Context, req authn.LogoutURLRequest) (authn.LogoutURL, error)
BuildLogoutURL returns a Casdoor hosted logout (end-session) URL through Kernel's provider-neutral LogoutService contract.
The URL is built against the Casdoor /api/logout endpoint with OIDC RP-Initiated Logout parameters (client_id, post_logout_redirect_uri, id_token_hint, state). We construct the URL manually rather than calling the Casdoor SDK's GetSignoutUrl() because that SDK method returns the internal /login/oauth/logout path, while external OAuth applications should use /api/logout per the OIDC end-session endpoint convention.
func (*Client) CreateApplication ¶
func (c *Client) CreateApplication(ctx context.Context, req authn.CreateApplicationRequest) (authn.Application, error)
func (*Client) CreateGroup ¶
func (*Client) CreateOrganization ¶
func (c *Client) CreateOrganization(ctx context.Context, req authn.CreateOrganizationRequest) (authn.Organization, error)
func (*Client) CreateUser ¶ added in v0.2.4
func (*Client) DeleteApplication ¶
func (*Client) DeleteGroup ¶
func (*Client) DeleteOrganization ¶
func (*Client) DeleteUser ¶ added in v0.2.4
func (*Client) DisableUser ¶
func (*Client) ExchangeCode ¶
func (*Client) GetApplication ¶
func (*Client) GetIdentityProfile ¶
func (c *Client) GetIdentityProfile(ctx context.Context, req authn.IdentityProfileRequest) (authn.IdentityProfile, error)
func (*Client) GetOrganization ¶
func (*Client) GetSession ¶ added in v0.2.4
func (*Client) HandleCallback ¶
func (c *Client) HandleCallback(ctx context.Context, req authn.CallbackRequest) (authn.CallbackResult, error)
HandleCallback exchanges the authorization code and verifies the resulting token through Kernel authn contracts. It also validates state when an ExpectedState is provided.
func (*Client) ListGroups ¶
func (*Client) ListSessions ¶ added in v0.2.4
func (*Client) RefreshToken ¶
func (*Client) RemoveUserFromGroup ¶
func (*Client) RevokeToken ¶
func (*Client) SigninURL ¶
SigninURL is kept as a convenience alias for existing integrations. New code should prefer BuildLoginURL via the authn.LoginService interface.
func (*Client) SignupURL ¶
SignupURL returns the Casdoor hosted signup URL for the configured login application. Signup is provider-specific for now and intentionally not part of the core authn.LoginService contract.
func (*Client) SummarizeSessions ¶ added in v0.2.4
func (c *Client) SummarizeSessions(ctx context.Context, filter authn.SessionFilter) (authn.SessionSummary, error)
func (*Client) UpdateApplication ¶
func (c *Client) UpdateApplication(ctx context.Context, req authn.UpdateApplicationRequest) (authn.Application, error)
func (*Client) UpdateGroup ¶
func (*Client) UpdateOrganization ¶
func (c *Client) UpdateOrganization(ctx context.Context, req authn.UpdateOrganizationRequest) (authn.Organization, error)
func (*Client) UpdateUser ¶ added in v0.2.4
func (*Client) UpsertUser ¶
func (*Client) VerifyToken ¶
type Config ¶
type Config struct {
Endpoint string `json:"endpoint" yaml:"endpoint"`
// Issuer is the trusted OIDC issuer expected in Casdoor JWTs. When empty,
// Endpoint is used as a compatibility default. For application-specific
// discovery this should match the issuer returned by that discovery document.
Issuer string `json:"issuer" yaml:"issuer"`
// DiscoveryURL and JWKSURL enable standard OIDC/JWKS verification. Prefer
// these in Gateway and production deployments. JWTCertificate remains as a
// static fallback for local/dev setups.
DiscoveryURL string `json:"discovery_url" yaml:"discovery_url"`
JWKSURL string `json:"jwks_url" yaml:"jwks_url"`
// Audience limits tokens to the expected Casdoor application/client IDs.
// When empty, ClientID is used as the default audience.
Audience []string `json:"audience" yaml:"audience"`
// AllowedOwners optionally restricts accepted Casdoor organizations.
AllowedOwners []string `json:"allowed_owners" yaml:"allowed_owners"`
// AllowedAlgs limits JWT signing algorithms accepted from Casdoor.
// Default: RS256, RS512, ES256, ES512.
AllowedAlgs []string `json:"allowed_algs" yaml:"allowed_algs"`
// JWKSCacheTTL controls local JWKS cache lifetime.
JWKSCacheTTL time.Duration `json:"jwks_cache_ttl_ns" yaml:"jwks_cache_ttl_ns"`
OrganizationName string `json:"organization_name" yaml:"organization_name"`
ApplicationName string `json:"application_name" yaml:"application_name"`
ClientID string `json:"client_id" yaml:"client_id"`
ClientSecret string `json:"client_secret" yaml:"client_secret"`
// JWTCertificate is the PEM public certificate used by Casdoor SDK to verify
// JWT access/id tokens signed by the Casdoor application cert.
JWTCertificate string `json:"jwt_certificate" yaml:"jwt_certificate"`
JWTCertificateFile string `json:"jwt_certificate_file" yaml:"jwt_certificate_file"`
// Certificate is kept as a backward-compatible alias for JWTCertificate.
// Prefer jwt_certificate or jwt_certificate_file in new configs.
Certificate string `json:"certificate" yaml:"certificate"`
Admin AdminConfig `json:"admin" yaml:"admin"`
HTTPClient *http.Client `json:"-" yaml:"-"`
Timeout time.Duration `json:"timeout" yaml:"timeout"`
// Logger is the component logger. If nil, casdoor uses logx.DefaultLogger().
Logger logx.Logger `json:"-" yaml:"-"`
// Metrics is the optional metrics manager for Casdoor backend HTTP calls.
Metrics metricsx.Manager `json:"-" yaml:"-"`
// MetricsEnabled controls whether Casdoor backend calls record metrics.
MetricsEnabled bool `json:"metrics_enabled" yaml:"metrics_enabled"`
}
Config contains Casdoor application configuration used by the SDK.
The top-level fields describe the login/OIDC application that exchanges authorization codes and verifies user tokens. Admin describes the optional M2M/service application used for provisioning users, organizations, applications and groups. Do not configure this with built-in/admin credentials for normal runtime use.