token

package

v1.1.5 Latest Latest Go to latest Published: Mar 31, 2025 License: AGPL-3.0, MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/infinitbyte/framework

Links

Open Source Insights

Documentation ¶

Overview ¶

Package token provides authentication strategy, to authenticate HTTP requests based on token.

Index ¶

Variables
func GetNamedScopes(info auth.Info) (scopes []string)
func NoOpAuthenticate(ctx context.Context, r *http.Request, token string) (auth.Info, time.Time, error)
func SetHash(h crypto.Hash, key []byte) auth.Option
func SetParser(p Parser) auth.Option
func SetScopes(scopes ...Scope) auth.Option
func SetType(t Type) auth.Optiondeprecated
func WithNamedScopes(info auth.Info, scopes ...string)
type AuthenticateFunc
type Parser
type Scope
- func NewScope(name, endpoint, method string) Scope
type Type

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrTokenScopes is returned by token scopes verification when,
	// token scopes do not grant access to the requested resource.
	ErrTokenScopes = errors.New("strategies/token: The access token scopes do not grant access to the requested resource")

	// ErrInvalidToken indicate a hit of an invalid token format.
	// And it's returned by Token Parser.
	ErrInvalidToken = errors.New("strategies/token: Invalid token")

	// ErrTokenNotFound is returned by authenticating functions for token strategies,
	// when token not found in their store.
	ErrTokenNotFound = errors.New("strategies/token: Token does not exists")

	// ErrNOOP is a soft error similar to EOF,
	// returned by NoOpAuthenticate function to indicate there no op,
	// and signal the caller to unauthenticate the request.
	ErrNOOP = errors.New("strategies/token: NOOP")
)

Functions ¶

func GetNamedScopes ¶

func GetNamedScopes(info auth.Info) (scopes []string)

GetNamedScopes return's all named scopes from auth.info. Typically used internally when token scopes verification enabled.

func NoOpAuthenticate ¶

func NoOpAuthenticate(ctx context.Context, r *http.Request, token string) (auth.Info, time.Time, error)

NoOpAuthenticate implements AuthenticateFunc, it return nil, time.Time{}, ErrNOOP, commonly used when token refreshed/mangaed directly using cache or Append function, and there is no need to parse token and authenticate request.

func SetHash ¶

func SetHash(h crypto.Hash, key []byte) auth.Option

SetHash apply token hashing based on HMAC with h and key, To prevent precomputation and length extension attacks, and to mitigates hash map DOS attacks via collisions.

func SetParser ¶

func SetParser(p Parser) auth.Option

SetParser sets the strategy token parser.

func SetScopes ¶

func SetScopes(scopes ...Scope) auth.Option

SetScopes sets the scopes to be used when verifying user access token.

func SetType deprecated

func SetType(t Type) auth.Option

SetType sets the authentication token type or scheme, used for HTTP WWW-Authenticate header.

Deprecated: No longer used.

func WithNamedScopes ¶

func WithNamedScopes(info auth.Info, scopes ...string)

WithNamedScopes add all the provided named scopes to the provided auth.info. Typically used when token scopes verification enabled and need to add token scopes to the auth info.

token.WithNamedScopes(info, "read:repo", "read:user")

Types ¶

type AuthenticateFunc ¶

type AuthenticateFunc func(ctx context.Context, r *http.Request, token string) (auth.Info, time.Time, error)

AuthenticateFunc declare function signature to authenticate request using token. Any function that has the appropriate signature can be registered to the token strategy. AuthenticateFunc must return authenticated user info and token expiry time, otherwise error.

type Parser ¶

type Parser interface {
	Token(r *http.Request) (string, error)
}

Parser parse and extract token from incoming HTTP request.

func AuthorizationParser ¶

func AuthorizationParser(key string) Parser

AuthorizationParser return a token parser, where token extracted form Authorization header.

func CookieParser ¶

func CookieParser(key string) Parser

CookieParser return a token parser, where token extracted form HTTP Cookie.

func JSONBodyParser ¶

func JSONBodyParser(key string) Parser

JSONBodyParser return a token parser, where token extracted extracted form request body.

func QueryParser ¶

func QueryParser(key string) Parser

QueryParser return a token parser, where token extracted form HTTP query string.

func XHeaderParser ¶

func XHeaderParser(header string) Parser

XHeaderParser return a token parser, where token extracted form "X-" header.

type Scope ¶

type Scope interface {
	// Name return's scope name.
	GetName() string
	// Verify is called after the user authenticated to verify the user token,
	// grants access to the requested resource/endpoint.
	Verify(ctx context.Context, r *http.Request, info auth.Info, token string) (ok bool)
}

Scope provide a way to manage permissions to protected resources.

Scope is not an authorization alternative and should be only used to limit the access token.

func NewScope ¶

func NewScope(name, endpoint, method string) Scope

NewScope return's a new scope instance. the returned scope verify the request by matching the scope endpoint to the request path and the scope method to the request method.

The endpoint and method parameters will be passed to regexp.MustCompile to get a Regexp object to be used later in verification.

Example:

token.NewScope("admin.write","/admin|/system","POST|PUT")
token.NewScope("read:repo","/repo","GET")

type Type ¶

type Type string

Type is Authentication token type or scheme. A common type is Bearer.

const (
	// Bearer Authentication token type or scheme.
	Bearer Type = "Bearer"
	// APIKey Authentication token type or scheme.
	APIKey Type = "ApiKey"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL