Documentation
¶
Overview ¶
Package middleware contains the request-level auth pipeline used by the API packages.
The package is organized by responsibility:
- middleware.go: top-level AuthzMiddleware construction and request orchestration
- local_mode.go and gen3_mode.go: mode-specific request flow
- authn_*.go: built-in authentication providers and local CSV loading
- plugin_clients.go: external authn/authz plugin process wiring
- token.go and jwks.go: JWT parsing and JWKS key discovery/cache
- config.go and auth_cache.go: env-driven config and Fence authz cache
- context_access.go: small helpers used by API packages when mapping auth failures
Index ¶
- Variables
- func AuthFailureStatus(ctx context.Context) int
- func MissingGen3AuthHeader(ctx context.Context) bool
- type AuthenticationPluginManager
- type AuthnPluginRPC
- type AuthnRPC
- type AuthzMiddleware
- type AuthzPluginRPC
- type AuthzRPC
- type DummyPluginManager
- type Gen3AuthPlugin
- type JWK
- type JWKS
- type JWKSCache
- type LocalAuthPlugin
- type PluginClient
- type PluginManager
- type RequestIDMiddleware
Constants ¶
This section is empty.
Variables ¶
var Handshake = hplugin.HandshakeConfig{
ProtocolVersion: 1,
MagicCookieKey: "SYFON_AUTHZ_PLUGIN",
MagicCookieValue: "syfon_authz_plugin_v1",
}
Plugin handshake config for go-plugin
Functions ¶
func AuthFailureStatus ¶ added in v0.2.8
func MissingGen3AuthHeader ¶ added in v0.2.8
Types ¶
type AuthenticationPluginManager ¶ added in v0.2.4
type AuthenticationPluginManager struct {
// contains filtered or unexported fields
}
AuthenticationPluginManager manages the plugin process and calls Authenticate.
func NewAuthenticationPluginManager ¶ added in v0.2.4
func NewAuthenticationPluginManager(pluginPath string) (*AuthenticationPluginManager, error)
NewAuthenticationPluginManager loads the plugin binary and returns a manager.
func (*AuthenticationPluginManager) Authenticate ¶ added in v0.2.4
func (pm *AuthenticationPluginManager) Authenticate(ctx context.Context, in *plugin.AuthenticationInput) (*plugin.AuthenticationOutput, error)
Authenticate delegates to the plugin.
type AuthnPluginRPC ¶ added in v0.2.4
AuthnPluginRPC is the hplugin.Plugin implementation for go-plugin.
type AuthnRPC ¶ added in v0.2.4
type AuthnRPC struct {
// contains filtered or unexported fields
}
AuthnRPC implements AuthenticationPlugin over RPC.
func (*AuthnRPC) Authenticate ¶ added in v0.2.4
func (a *AuthnRPC) Authenticate(ctx context.Context, in *plugin.AuthenticationInput) (*plugin.AuthenticationOutput, error)
type AuthzMiddleware ¶
type AuthzMiddleware struct {
// contains filtered or unexported fields
}
func NewAuthzMiddleware ¶
func NewAuthzMiddleware(logger *slog.Logger, mode, basicUser, basicPass string) *AuthzMiddleware
func (*AuthzMiddleware) FiberMiddleware ¶ added in v0.2.0
func (m *AuthzMiddleware) FiberMiddleware() fiber.Handler
type AuthzPluginRPC ¶ added in v0.2.4
AuthzPluginRPC is the hplugin.Plugin implementation for go-plugin.
type AuthzRPC ¶ added in v0.2.4
type AuthzRPC struct {
// contains filtered or unexported fields
}
AuthzRPC implements AuthorizationPlugin over RPC.
func (*AuthzRPC) Authorize ¶ added in v0.2.4
func (a *AuthzRPC) Authorize(ctx context.Context, in *plugin.AuthorizationInput) (*plugin.AuthorizationOutput, error)
type DummyPluginManager ¶ added in v0.2.4
type DummyPluginManager struct{}
DummyPluginManager implements the same interface as PluginManager for testing.
func (*DummyPluginManager) Authorize ¶ added in v0.2.4
func (d *DummyPluginManager) Authorize(ctx context.Context, in *plugin.AuthorizationInput) (*plugin.AuthorizationOutput, error)
type Gen3AuthPlugin ¶ added in v0.2.4
type Gen3AuthPlugin struct {
MockConfig mockAuthConfig
Logger any // Replace with actual logger type if needed
}
Gen3AuthPlugin implements AuthenticationPlugin for gen3 mode.
func (*Gen3AuthPlugin) Authenticate ¶ added in v0.2.4
func (p *Gen3AuthPlugin) Authenticate(_ context.Context, in *plugin.AuthenticationInput) (*plugin.AuthenticationOutput, error)
type JWK ¶ added in v0.2.4
type JWK struct {
Kty string `json:"kty"` // Key type (RSA, EC, etc)
Use string `json:"use"` // Use (sig, enc)
Kid string `json:"kid"` // Key ID
N string `json:"n"` // RSA modulus
E string `json:"e"` // RSA exponent
}
JWK represents a JSON Web Key
type JWKS ¶ added in v0.2.4
type JWKS struct {
Keys []JWK `json:"keys"`
}
JWKS represents a JSON Web Key Set response
type JWKSCache ¶ added in v0.2.4
type JWKSCache struct {
// contains filtered or unexported fields
}
JWKSCache holds JWKS public keys for JWT signature verification
func NewJWKSCache ¶ added in v0.2.4
NewJWKSCache creates a new JWKS cache for the given endpoint
type LocalAuthPlugin ¶ added in v0.2.4
LocalAuthPlugin implements AuthenticationPlugin for local mode.
func (*LocalAuthPlugin) Authenticate ¶ added in v0.2.4
func (p *LocalAuthPlugin) Authenticate(ctx context.Context, in *plugin.AuthenticationInput) (*plugin.AuthenticationOutput, error)
type PluginClient ¶ added in v0.2.4
type PluginClient struct {
// contains filtered or unexported fields
}
PluginClient is the concrete implementation for plugin communication.
type PluginManager ¶ added in v0.2.4
type PluginManager struct {
// contains filtered or unexported fields
}
PluginManager manages the plugin process and calls Authorize.
func NewPluginManager ¶ added in v0.2.4
func NewPluginManager(pluginPath string) (*PluginManager, error)
NewPluginManager loads the plugin binary and returns a manager.
func (*PluginManager) Authorize ¶ added in v0.2.4
func (pm *PluginManager) Authorize(ctx context.Context, in *plugin.AuthorizationInput) (*plugin.AuthorizationOutput, error)
Authorize delegates to the plugin.
type RequestIDMiddleware ¶
type RequestIDMiddleware struct {
// contains filtered or unexported fields
}
func NewRequestIDMiddleware ¶
func NewRequestIDMiddleware(logger *slog.Logger) *RequestIDMiddleware
func (*RequestIDMiddleware) FiberMiddleware ¶ added in v0.2.0
func (m *RequestIDMiddleware) FiberMiddleware() fiber.Handler
Source Files