auth

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2026 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AuthContextKey contextKey = "auth_context"
)

Variables

This section is empty.

Functions

func RequireAuth 

func RequireAuth(next http.Handler) http.Handler

Types

type AuthContext 

type AuthContext struct {
	SessionState *session.State
	ClientType   ClientType
	IsValid      bool
}

func GetAuthContext 

func GetAuthContext(ctx context.Context) *AuthContext

type AuthHandler 

type AuthHandler struct {
	// contains filtered or unexported fields
}

func NewAuthHandler 

func NewAuthHandler(oidc OIDCProvider, jwtService *JWTService, cookieSigningKey, cookieEncryptionKey []byte, sessionStore session.Store, tokenExpiry time.Duration) *AuthHandler

func (*AuthHandler) HandleAuthorize 

func (ah *AuthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request)

func (*AuthHandler) HandleCallback 

func (ah *AuthHandler) HandleCallback(w http.ResponseWriter, r *http.Request)

type AuthHandlerInterface 

type AuthHandlerInterface interface {
	HandleAuthorize(w http.ResponseWriter, r *http.Request)
	HandleCallback(w http.ResponseWriter, r *http.Request)
}

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

func NewAuthMiddleware 

func NewAuthMiddleware(
	jwtService *JWTService,
	cookieSigningKey, cookieEncryptionKey []byte,
	kubernetesManager *kubernetes.Manager,
	sessionStore session.Store,
) *AuthMiddleware

func (*AuthMiddleware) AuthenticateRequest 

func (am *AuthMiddleware) AuthenticateRequest(next http.Handler) http.Handler

type AuthResponse 

type AuthResponse struct {
	Success bool                   `json:"success"`
	Data    interface{}            `json:"data,omitempty"`
	Error   string                 `json:"error,omitempty"`
	Message string                 `json:"message,omitempty"`
	Meta    map[string]interface{} `json:"meta,omitempty"`
}

type AuthorizeRequest 

type AuthorizeRequest struct {
	RedirectURL string     `json:"redirect_url" form:"redirect_url"`
	SessionID   string     `json:"session_id" form:"session_id"`
	ClusterID   string     `json:"cluster_id" form:"cluster_id"`
	ClientType  ClientType `json:"client_type" form:"client_type"`
	ConsumerID  string     `json:"consumer_id" form:"consumer_id"`
}

type CallbackRequest 

type CallbackRequest struct {
	Code             string `json:"code" form:"code"`
	State            string `json:"state" form:"state"`
	Error            string `json:"error,omitempty" form:"error"`
	ErrorDescription string `json:"error_description,omitempty" form:"error_description"`
}

type Claims 

type Claims struct {
	Subject     string   `json:"sub"`
	Issuer      string   `json:"iss"`
	SessionID   string   `json:"sid"`
	ClusterID   string   `json:"cid"`
	Groups      []string `json:"groups,omitempty"`
	RedirectURL string   `json:"red,omitempty"`
	jwt.RegisteredClaims
}

type ClientType 

type ClientType string
const (
	ClientTypeUI  ClientType = "ui"
	ClientTypeCLI ClientType = "cli"

	// UIIdentity is the well-known identity value that the UI sends in bind requests.
	// The backend resolves it to the actual identity derived from the authenticated session.
	UIIdentity = "ui-identity"
)

type JWTService 

type JWTService struct {
	// contains filtered or unexported fields
}

func NewJWTService 

func NewJWTService(issuer string) (*JWTService, error)

func (*JWTService) GenerateToken 

func (js *JWTService) GenerateToken(subject, oidcIssuer, sessionID, clusterID, redirectURL string, groups []string, expiration time.Duration) (string, error)

func (*JWTService) GetPublicKey 

func (js *JWTService) GetPublicKey() *rsa.PublicKey

func (*JWTService) ValidateToken 

func (js *JWTService) ValidateToken(tokenString string) (*Claims, error)

type OIDCProvider 

type OIDCProvider interface {
	GetOIDCProvider(ctx context.Context) (*OIDCServiceProvider, error)
}

type OIDCServiceProvider 

type OIDCServiceProvider struct {
	// contains filtered or unexported fields
}

func NewOIDCServiceProvider 

func NewOIDCServiceProvider(ctx context.Context, clientID, clientSecret, redirectURI, issuerURL string) (*OIDCServiceProvider, error)

func NewOIDCServiceProviderWithTLS 

func NewOIDCServiceProviderWithTLS(
	ctx context.Context,
	clientID, clientSecret, redirectURI, issuerURL string,
	tlsConfig *tls.Config,
) (*OIDCServiceProvider, error)

func (*OIDCServiceProvider) ClientID added in v0.8.0 

func (o *OIDCServiceProvider) ClientID() string

func (*OIDCServiceProvider) ClientSecret added in v0.8.0 

func (o *OIDCServiceProvider) ClientSecret() string

func (*OIDCServiceProvider) GetTLSConfig 

func (o *OIDCServiceProvider) GetTLSConfig() *tls.Config

func (*OIDCServiceProvider) IssuerURL added in v0.8.0 

func (o *OIDCServiceProvider) IssuerURL() string

func (*OIDCServiceProvider) OIDCProviderConfig 

func (o *OIDCServiceProvider) OIDCProviderConfig(scopes []string) *oauth2.Config

type TokenResponse 

type TokenResponse struct {
	AccessToken  string    `json:"access_token"`
	TokenType    string    `json:"token_type"`
	ExpiresIn    int64     `json:"expires_in"`
	ExpiresAt    time.Time `json:"expires_at"`
	Scope        string    `json:"scope,omitempty"`
	RefreshToken string    `json:"refresh_token,omitempty"`

	ClusterID string `json:"cluster_id,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.