Documentation
¶
Index ¶
- Constants
- func BuildScope(resource Resource, action Action) string
- func HasPermission(scopes []string, resource Resource, method string) bool
- func ParseScope(scope string) (Resource, Action)
- func RateLimitMiddleware(conf *config.Configuration) gin.HandlerFunc
- func SecurityHeaders() gin.HandlerFunc
- type Action
- type AuthMiddleware
- type Resource
Constants ¶
const ( // Actions ActionRead Action = "read" ActionWrite Action = "write" ActionDelete Action = "delete" ActionAll Action = "*" // Resources ResourceLedgers Resource = "ledgers" ResourceBalances Resource = "balances" ResourceAccounts Resource = "accounts" ResourceIdentities Resource = "identities" ResourceTransactions Resource = "transactions" ResourceBalanceMonitors Resource = "balance-monitors" ResourceHooks Resource = "hooks" ResourceAPIKeys Resource = "api-keys" ResourceSearch Resource = "search" ResourceReconciliation Resource = "reconciliation" ResourceMetadata Resource = "metadata" ResourceBackup Resource = "backup" ResourceAll Resource = "*" )
const (
KeyHeader = "X-Blnk-Key"
)
Variables ¶
This section is empty.
Functions ¶
func BuildScope ¶
BuildScope creates a scope string from resource and action
func HasPermission ¶
HasPermission checks if a set of scopes has permission for a given resource and HTTP method
func ParseScope ¶
ParseScope parses a scope string into resource and action
func RateLimitMiddleware ¶
func RateLimitMiddleware(conf *config.Configuration) gin.HandlerFunc
RateLimitMiddleware creates a middleware for rate limiting using Tollbooth. It sets up rate limiting based on the configuration parameters and applies it to incoming requests.
Parameters: - conf: The configuration object containing rate limit settings.
Returns: - gin.HandlerFunc: A middleware function that applies rate limiting to requests.
func SecurityHeaders ¶ added in v0.13.0
func SecurityHeaders() gin.HandlerFunc
SecurityHeaders sets security headers to the response. It sets the following headers: - X-Content-Type-Options: nosniff - X-Frame-Options: DENY - Referrer-Policy: strict-origin-when-cross-origin - Content-Security-Policy: default-src 'none'; frame-ancestors 'none' - Cache-Control: no-store - Strict-Transport-Security: max-age=31536000; includeSubDomains
Returns: - gin.HandlerFunc: A middleware function that sets security headers to the response.
Types ¶
type Action ¶
type Action string
Action represents the allowed actions on a resource. Actions include read, write, delete, and wildcard (*).
type AuthMiddleware ¶
type AuthMiddleware struct {
// contains filtered or unexported fields
}
AuthMiddleware handles authentication and authorization for API routes. It supports both master key and API key authentication using the X-Blnk-Key header.
func NewAuthMiddleware ¶
func NewAuthMiddleware(blnk *blnk.Blnk) *AuthMiddleware
NewAuthMiddleware creates a new instance of AuthMiddleware.
Parameters: - blnk: The Blnk service used to validate API keys.
Returns: - *AuthMiddleware: A new instance of the authentication middleware.
func (*AuthMiddleware) Authenticate ¶
func (m *AuthMiddleware) Authenticate() gin.HandlerFunc
Authenticate returns a middleware function that handles authentication and authorization for all routes. It checks for the X-Blnk-Key header and validates it against either the master key or API keys. For API keys, it verifies the key's validity and checks permissions based on the resource and HTTP method. For POST requests with API keys, it injects the API key ID into the metadata of the request body.
Returns: - gin.HandlerFunc: A middleware function that performs the authentication.
Responses: - 200 OK: When authentication succeeds. - 401 Unauthorized: When the API key is missing or invalid. - 403 Forbidden: When the API key lacks sufficient permissions.
Source Files