security

package
v0.31.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 17, 2026 License: Apache-2.0 Imports: 5 Imported by: 1,372

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultRealmName = "API"

Functions

func APIKeyAuth 

func APIKeyAuth(name, in string, authenticate TokenAuthentication) runtime.Authenticator

APIKeyAuth creates an authenticator that uses a token for authorization. This token can be obtained from either a header or a query string.

func APIKeyAuthCtx 

func APIKeyAuthCtx(name, in string, authenticate TokenAuthenticationCtx) runtime.Authenticator

APIKeyAuthCtx creates an authenticator that uses a token for authorization with support for context.Context. This token can be obtained from either a header or a query string.

func Authorized 

func Authorized() runtime.Authorizer

Authorized provides a default implementation of the [Authorizer] interface where all requests are authorized (successful).

func BasicAuth 

func BasicAuth(authenticate UserPassAuthentication) runtime.Authenticator

BasicAuth creates a basic auth authenticator with the provided authentication function.

func BasicAuthCtx 

func BasicAuthCtx(authenticate UserPassAuthenticationCtx) runtime.Authenticator

BasicAuthCtx creates a basic auth authenticator with the provided authentication function with support for context.Context.

func BasicAuthRealm 

func BasicAuthRealm(realm string, authenticate UserPassAuthentication) runtime.Authenticator

BasicAuthRealm creates a basic auth authenticator with the provided authentication function and realm name.

func BasicAuthRealmCtx 

func BasicAuthRealmCtx(realm string, authenticate UserPassAuthenticationCtx) runtime.Authenticator

BasicAuthRealmCtx creates a basic auth authenticator with the provided authentication function and realm name with support for context.Context.

func BearerAuth 

func BearerAuth(name string, authenticate ScopedTokenAuthentication) runtime.Authenticator

BearerAuth for use with oauth2 flows.

func BearerAuthCtx 

func BearerAuthCtx(name string, authenticate ScopedTokenAuthenticationCtx) runtime.Authenticator

BearerAuthCtx for use with oauth2 flows with support for context.Context.

func FailedBasicAuth 

func FailedBasicAuth(r *http.Request) string

func FailedBasicAuthCtx 

func FailedBasicAuthCtx(ctx context.Context) string

func HTTPAuthenticator added in v0.31.0 

func HTTPAuthenticator(handler func(*http.Request) (bool, any, error)) runtime.Authenticator

HTTPAuthenticator is a function that authenticates a HTTP request.

func HttpAuthenticator deprecated 

func HttpAuthenticator(handler func(*http.Request) (bool, any, error)) runtime.Authenticator

HttpAuthenticator aliases HTTPAuthenticator for backward-compatibility.

Deprecated: use HTTPAuthenticator instead.

func OAuth2SchemeName 

func OAuth2SchemeName(r *http.Request) string

func OAuth2SchemeNameCtx 

func OAuth2SchemeNameCtx(ctx context.Context) string

func ScopedAuthenticator 

func ScopedAuthenticator(handler func(*ScopedAuthRequest) (bool, any, error)) runtime.Authenticator

ScopedAuthenticator is a function that authenticates an http.Request against a list of valid scopes.

Types

type ScopedAuthRequest 

type ScopedAuthRequest struct {
	Request        *http.Request
	RequiredScopes []string
}

ScopedAuthRequest contains both the http.Request and the required scopes for a particular operation.

type ScopedTokenAuthentication 

type ScopedTokenAuthentication func(string, []string) (any, error)

ScopedTokenAuthentication validates a bearer/OAuth2 token along with the scopes required for the operation.

Implementations comparing the token against a known value MUST use crypto/subtle.ConstantTimeCompare; the runtime delegates the comparison here and does not enforce a constant-time posture on the caller's behalf.

type ScopedTokenAuthenticationCtx 

type ScopedTokenAuthenticationCtx func(context.Context, string, []string) (context.Context, any, error)

ScopedTokenAuthenticationCtx is the context.Context-aware variant of ScopedTokenAuthentication. The same constant-time-comparison guidance applies.

type TokenAuthentication 

type TokenAuthentication func(string) (any, error)

TokenAuthentication validates an API-key token.

Implementations comparing the token against a known value MUST use crypto/subtle.ConstantTimeCompare; the runtime delegates the comparison here and does not enforce a constant-time posture on the caller's behalf.

type TokenAuthenticationCtx 

type TokenAuthenticationCtx func(context.Context, string) (context.Context, any, error)

TokenAuthenticationCtx is the context.Context-aware variant of TokenAuthentication. The same constant-time-comparison guidance applies.

type UserPassAuthentication 

type UserPassAuthentication func(string, string) (any, error)

UserPassAuthentication validates a basic-auth credential.

Implementations comparing the password (or any derived secret) against a known value MUST use crypto/subtle.ConstantTimeCompare: the runtime extracts the credential from the request and delegates the comparison here, and does not enforce a constant-time posture on the caller's behalf.

type UserPassAuthenticationCtx 

type UserPassAuthenticationCtx func(context.Context, string, string) (context.Context, any, error)

UserPassAuthenticationCtx is the context.Context-aware variant of UserPassAuthentication. The same constant-time-comparison guidance applies.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.