accesscontrol

package
v1.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 25, 2026 License: MIT Imports: 47 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DpopTyp = "dpop+jwt"
)

Variables

This section is empty.

Functions

func JwkToJKT added in v1.14.0 

func JwkToJKT(jwk map[string]interface{}) string

JwkToJKT creates a JWK SHA-256 thumbprint.

func JwkToString added in v1.14.0 

func JwkToString(jwk map[string]interface{}) string

Types

type AccessControl 

type AccessControl interface {
	Validate(req *http.Request) error
}

type BasicAuth 

type BasicAuth struct {
	// contains filtered or unexported fields
}

BasicAuth represents an AC-BasicAuth object

func NewBasicAuth 

func NewBasicAuth(name, user, pass, file string) (*BasicAuth, error)

NewBasicAuth creates a new AC-BasicAuth object

func (*BasicAuth) Validate 

func (ba *BasicAuth) Validate(req *http.Request) error

Validate implements the AccessControl interface

type DPoPTokenSource added in v1.14.0 

type DPoPTokenSource struct {
	// contains filtered or unexported fields
}

func (*DPoPTokenSource) TokenValue added in v1.14.0 

func (s *DPoPTokenSource) TokenValue(req *http.Request) (string, error)

func (*DPoPTokenSource) ValidateTokenClaims added in v1.14.0 

func (s *DPoPTokenSource) ValidateTokenClaims(token string, tokenClaims map[string]interface{}, req *http.Request) error

type DisablePrivateCaching 

type DisablePrivateCaching interface {
	DisablePrivateCaching() bool
}

type IntrospectionResponse added in v1.14.0 

type IntrospectionResponse map[string]interface{}

IntrospectionResponse represents the response body to a token introspection request.

func NewIntrospectionResponse added in v1.14.0 

func NewIntrospectionResponse(res *http.Response) (IntrospectionResponse, error)

func (IntrospectionResponse) Active added in v1.14.0 

func (ir IntrospectionResponse) Active() bool

Active returns whether the token is active.

type Introspector added in v1.14.0 

type Introspector struct {
	// contains filtered or unexported fields
}

Introspector represents a token introspector.

func NewIntrospector added in v1.14.0 

func NewIntrospector(evalCtx *hcl.EvalContext, conf *config.Introspection, transport http.RoundTripper, memStore *cache.MemoryStore) (*Introspector, error)

NewIntrospector creates a new token introspector.

func (*Introspector) Introspect added in v1.14.0 

func (i *Introspector) Introspect(ctx context.Context, token string, exp, nbf int64) (IntrospectionResponse, error)

Introspect retrieves introspection data for the given token using either cached or fresh information.

type JWT 

type JWT struct {
	// contains filtered or unexported fields
}

func NewJWT 

func NewJWT(jwtConf *config.JWT, introspector *Introspector, key []byte, memStore *cache.MemoryStore) (*JWT, error)

NewJWT parses the key and creates Validation obj which can be referenced in related handlers.

func NewJWTFromJWKS 

func NewJWTFromJWKS(jwtConf *config.JWT, introspector *Introspector, jwks *jwk.JWKS, memStore *cache.MemoryStore) (*JWT, error)

func (*JWT) DisablePrivateCaching 

func (j *JWT) DisablePrivateCaching() bool

func (*JWT) Validate 

func (j *JWT) Validate(req *http.Request) error

Validate reading the token from configured source and validates against the key.

type LimiterEntry added in v1.14.0 

type LimiterEntry struct {
	// contains filtered or unexported fields
}

type List 

type List []*ListItem

type ListItem 

type ListItem struct {
	// contains filtered or unexported fields
}

func NewItem 

func NewItem(nameLabel string, control AccessControl, errHandler http.Handler) *ListItem

func (ListItem) DisablePrivateCaching 

func (i ListItem) DisablePrivateCaching() bool

func (ListItem) ErrorHandler 

func (i ListItem) ErrorHandler() http.Handler

func (ListItem) Kind added in v1.14.0 

func (i ListItem) Kind() string

func (ListItem) Label added in v1.14.0 

func (i ListItem) Label() string

func (ListItem) Validate 

func (i ListItem) Validate(req *http.Request) error

type Map 

type Map map[string]AccessControl

type NameTokenSource added in v1.14.0 

type NameTokenSource struct {
	// contains filtered or unexported fields
}

func (*NameTokenSource) TokenValue added in v1.14.0 

func (s *NameTokenSource) TokenValue(req *http.Request) (string, error)

func (*NameTokenSource) ValidateTokenClaims added in v1.14.0 

func (s *NameTokenSource) ValidateTokenClaims(token string, tokenClaims map[string]interface{}, req *http.Request) error

type OAuth2Callback 

type OAuth2Callback struct {
	// contains filtered or unexported fields
}

OAuth2Callback represents the access control for the OAuth2 authorization code flow callback.

func NewOAuth2Callback 

func NewOAuth2Callback(oauth2Client oauth2.AuthCodeFlowClient, name string) *OAuth2Callback

NewOAuth2Callback creates a new access control for the OAuth2 authorization code flow callback.

func (*OAuth2Callback) Validate 

func (oa *OAuth2Callback) Validate(req *http.Request) error

Validate implements the AccessControl interface

type PermissionsControl 

type PermissionsControl struct {
	// contains filtered or unexported fields
}

func NewPermissionsControl 

func NewPermissionsControl(permissionExpr hcl.Expression) *PermissionsControl

func (*PermissionsControl) Validate 

func (p *PermissionsControl) Validate(req *http.Request) error

Validate validates the granted permissions provided by access controls against the required permission.

type ProofClaims added in v1.14.0 

type ProofClaims struct {
	jwt.RegisteredClaims
	Ath string `json:"ath,omitempty"`
	Htm string `json:"htm,omitempty"`
	Htu string `json:"htu,omitempty"`
	// contains filtered or unexported fields
}

func (*ProofClaims) Validate added in v1.14.0 

func (p *ProofClaims) Validate() error

type ProtectedHandler 

type ProtectedHandler interface {
	Child() http.Handler
}

type RateLimiter added in v1.14.0 

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter represents an AC-RateLimiter object

func NewRateLimiter added in v1.14.0 

func NewRateLimiter(ctx context.Context, name string, conf *config.RateLimiter) (*RateLimiter, error)

NewRateLimiter creates a new AC-RateLimiter object

func (*RateLimiter) ActiveKeyCount added in v1.14.0 

func (rl *RateLimiter) ActiveKeyCount() int

ActiveKeyCount returns the number of currently tracked keys.

func (*RateLimiter) Name added in v1.14.0 

func (rl *RateLimiter) Name() string

Name returns the rate limiter's configured name.

func (*RateLimiter) Validate added in v1.14.0 

func (rl *RateLimiter) Validate(req *http.Request) error

Validate implements the AccessControl interface

type Saml2 

type Saml2 struct {
	// contains filtered or unexported fields
}

func NewSAML2ACS 

func NewSAML2ACS(provider samlpkg.MetadataProvider, name string, acsURL string, spEntityID string, arrayAttributes []string) (*Saml2, error)

func (*Saml2) GetAssertionData 

func (s *Saml2) GetAssertionData(assertionInfo *saml2.AssertionInfo) map[string]interface{}

func (*Saml2) Validate 

func (s *Saml2) Validate(req *http.Request) error

func (*Saml2) ValidateAssertionInfo 

func (s *Saml2) ValidateAssertionInfo(assertionInfo *saml2.AssertionInfo) error

type TokenSource 

type TokenSource interface {
	// TokenValue retrieves the token value from the request.
	TokenValue(req *http.Request) (string, error)
	// ValidateTokenClaims validates the token (claims) according to e.g. a specific request header field.
	ValidateTokenClaims(token string, tokenClaims map[string]interface{}, req *http.Request) error
}

TokenSource represents the source from which a token is retrieved.

func NewTokenSource 

func NewTokenSource(bearer, dpop bool, cookie, header string, value hcl.Expression) (TokenSource, error)

NewTokenSource creates a new token source according to various configuration attributes.

type ValidateFunc 

type ValidateFunc func(*http.Request) error

func (ValidateFunc) Validate 

func (f ValidateFunc) Validate(req *http.Request) error

type ValueTokenSource added in v1.14.0 

type ValueTokenSource struct {
	// contains filtered or unexported fields
}

func (*ValueTokenSource) TokenValue added in v1.14.0 

func (s *ValueTokenSource) TokenValue(req *http.Request) (string, error)

func (*ValueTokenSource) ValidateTokenClaims added in v1.14.0 

func (s *ValueTokenSource) ValidateTokenClaims(token string, tokenClaims map[string]interface{}, req *http.Request) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.