providers

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 23, 2018 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrMissingRefreshToken     = errors.New("missing refresh token")
	ErrAuthProviderUnavailable = errors.New("auth provider unavailable")
)

Errors

View Source 
var (
	ErrUnexpectedReturnType = errors.New("received unexpected return type from single flight func call")
)

Error message for ErrUnexpectedReturnType

Functions

func MarshalSession 

func MarshalSession(s *SessionState, c aead.Cipher) (string, error)

MarshalSession marshals the session state as JSON, encrypts the JSON using the given cipher, and base64-encodes the result

Types

type Provider 

type Provider interface {
	Data() *ProviderData
	GetEmailAddress(*SessionState) (string, error)
	Redeem(string, string) (*SessionState, error)
	ValidateGroup(string, []string) ([]string, bool, error)
	UserGroups(string, []string) ([]string, error)
	ValidateSessionState(*SessionState, []string) bool
	GetSignInURL(redirectURL *url.URL, finalRedirect string) *url.URL
	GetSignOutURL(redirectURL *url.URL) *url.URL
	RefreshSession(*SessionState, []string) (bool, error)
}

Provider is an interface exposing functions necessary to authenticate with a given provider.

func New 

func New(provider string, p *ProviderData, sc *statsd.Client) Provider

New returns a new sso Provider

type ProviderData 

type ProviderData struct {
	ProviderName      string
	ProviderURL       *url.URL
	ClientID          string
	ClientSecret      string
	SignInURL         *url.URL
	SignOutURL        *url.URL
	RedeemURL         *url.URL
	RefreshURL        *url.URL
	ProfileURL        *url.URL
	ProtectedResource *url.URL
	ValidateURL       *url.URL
	Scope             string
	ApprovalPrompt    string

	SessionValidTTL    time.Duration
	SessionLifetimeTTL time.Duration
	GracePeriodTTL     time.Duration
}

ProviderData holds the fields associated with providers necessary to implement the Provider interface.

func (*ProviderData) Data 

func (p *ProviderData) Data() *ProviderData

Data returns the ProviderData struct

func (*ProviderData) GetEmailAddress 

func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns an email address or error

func (*ProviderData) GetSignInURL 

func (p *ProviderData) GetSignInURL(redirectURL *url.URL, state string) *url.URL

GetSignInURL with typical oauth parameters

func (*ProviderData) GetSignOutURL 

func (p *ProviderData) GetSignOutURL(redirectURL *url.URL) *url.URL

GetSignOutURL creates and returns the sign out URL, given a redirectURL

func (*ProviderData) Redeem 

func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem takes a redirectURL and code, creates some params and redeems the request

func (*ProviderData) RefreshSession 

func (p *ProviderData) RefreshSession(s *SessionState, group []string) (bool, error)

RefreshSession returns a boolean or error

func (*ProviderData) UserGroups 

func (p *ProviderData) UserGroups(string, []string) ([]string, error)

UserGroups returns a list of users

func (*ProviderData) ValidateGroup 

func (p *ProviderData) ValidateGroup(_ string, _ []string) ([]string, bool, error)

ValidateGroup validates that the provided email exists in the configured provider email group(s).

func (*ProviderData) ValidateSessionState 

func (p *ProviderData) ValidateSessionState(s *SessionState, groups []string) bool

ValidateSessionState calls to validate the token given the session and groups

type SSOProvider 

type SSOProvider struct {
	*ProviderData

	StatsdClient *statsd.Client
}

SSOProvider holds the data associated with the SSOProviders necessary to implement a SSOProvider interface.

func NewSSOProvider 

func NewSSOProvider(p *ProviderData, sc *statsd.Client) *SSOProvider

NewSSOProvider instantiates a new SSOProvider with provider data and a statsd client.

func (*SSOProvider) Redeem 

func (p *SSOProvider) Redeem(redirectURL, code string) (*SessionState, error)

Redeem takes a redirectURL and code and redeems the SessionState

func (*SSOProvider) RefreshSession 

func (p *SSOProvider) RefreshSession(s *SessionState, allowedGroups []string) (bool, error)

RefreshSession takes a SessionState and allowedGroups and refreshes the session access token, returns `true` on success, and `false` on error

func (*SSOProvider) UserGroups 

func (p *SSOProvider) UserGroups(email string, groups []string) ([]string, error)

UserGroups takes an email and returns the UserGroups for that email

func (*SSOProvider) ValidateGroup 

func (p *SSOProvider) ValidateGroup(email string, allowedGroups []string) ([]string, bool, error)

ValidateGroup does a GET request to the profile url and returns true if the user belongs to an authorized group.

func (*SSOProvider) ValidateSessionState 

func (p *SSOProvider) ValidateSessionState(s *SessionState, allowedGroups []string) bool

ValidateSessionState takes a sessionState and allowedGroups and validates the session state

type SessionState 

type SessionState struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`

	RefreshDeadline  time.Time `json:"refresh_deadline"`
	LifetimeDeadline time.Time `json:"lifetime_deadline"`
	ValidDeadline    time.Time `json:"valid_deadline"`
	GracePeriodStart time.Time `json:"grace_period_start"`

	Email  string   `json:"email"`
	User   string   `json:"user"`
	Groups []string `json:"groups"`
}

SessionState is our object that keeps track of a user's session state

func UnmarshalSession 

func UnmarshalSession(value string, c aead.Cipher) (*SessionState, error)

UnmarshalSession takes the marshaled string, base64-decodes into a byte slice, decrypts the byte slice using the pased cipher, and unmarshals the resulting JSON into a session state struct

func (*SessionState) LifetimePeriodExpired 

func (s *SessionState) LifetimePeriodExpired() bool

LifetimePeriodExpired returns true if the lifetime has expired

func (*SessionState) RefreshPeriodExpired 

func (s *SessionState) RefreshPeriodExpired() bool

RefreshPeriodExpired returns true if the refresh period has expired

func (*SessionState) ValidationPeriodExpired 

func (s *SessionState) ValidationPeriodExpired() bool

ValidationPeriodExpired returns true if the validation period has expired

type SingleFlightProvider 

type SingleFlightProvider struct {
	StatsdClient *statsd.Client
	// contains filtered or unexported fields
}

SingleFlightProvider middleware provider that multiple requests for the same object to be processed as a single request. This is often called request collpasing or coalesce. This middleware leverages the golang singlelflight provider, with modifications for metrics.

It's common among HTTP reverse proxy cache servers such as nginx, Squid or Varnish - they all call it something else but works similarly.

* https://www.varnish-cache.org/docs/3.0/tutorial/handling_misbehaving_servers.html * http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock * http://wiki.squid-cache.org/Features/CollapsedForwarding

func NewSingleFlightProvider 

func NewSingleFlightProvider(provider Provider, StatsdClient *statsd.Client) *SingleFlightProvider

NewSingleFlightProvider instatiates a SingleFlightProvider given a provider and statsdClient

func (*SingleFlightProvider) Data 

func (p *SingleFlightProvider) Data() *ProviderData

Data calls the provider's Data function

func (*SingleFlightProvider) GetEmailAddress 

func (p *SingleFlightProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress calls the provider function getEmailAddress

func (*SingleFlightProvider) GetSignInURL 

func (p *SingleFlightProvider) GetSignInURL(redirectURI *url.URL, finalRedirect string) *url.URL

GetSignInURL calls the GetSignInURL for the provider, which will return the sign in url

func (*SingleFlightProvider) GetSignOutURL 

func (p *SingleFlightProvider) GetSignOutURL(redirectURI *url.URL) *url.URL

GetSignOutURL calls the GetSignOutURL for the provider, which will return the sign out url

func (*SingleFlightProvider) Redeem 

func (p *SingleFlightProvider) Redeem(redirectURL, code string) (*SessionState, error)

Redeem takes the redirectURL and a code and calls the provider function Redeem

func (*SingleFlightProvider) RefreshSession 

func (p *SingleFlightProvider) RefreshSession(s *SessionState, allowedGroups []string) (bool, error)

RefreshSession takes in a SessionState and allowedGroups and returns false if the session is not refreshed and true if it is.

func (*SingleFlightProvider) UserGroups 

func (p *SingleFlightProvider) UserGroups(email string, groups []string) ([]string, error)

UserGroups takes an email and passes it to the provider's UserGroups function and returns the response

func (*SingleFlightProvider) ValidateGroup 

func (p *SingleFlightProvider) ValidateGroup(email string, allowedGroups []string) ([]string, bool, error)

ValidateGroup takes an email, allowedGroups, and userGroups and passes it to the provider's ValidateGroup function and returns the response

func (*SingleFlightProvider) ValidateSessionState 

func (p *SingleFlightProvider) ValidateSessionState(s *SessionState, allowedGroups []string) bool

ValidateSessionState calls the provider's ValidateSessionState function and returns the response

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.