security

package

v0.1.0 Latest Latest Go to latest Published: May 30, 2025 License: MIT Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/minuk-dev/opampcommander

Links

Open Source Insights

Documentation ¶

Overview ¶

Package security provides security-related functionality for the opampcommander application.

Index ¶

Constants
Variables
func NewAuthJWTMiddleware(service *Service) gin.HandlerFunc
type AdminUsecase
type OAuth2Usecase
type OAuthStateClaims
type OPAMPClaims
type Service
- func New(logger *slog.Logger, settings *config.AuthSettings) *Service
type UnsupportedTokenTypeError
- func (e *UnsupportedTokenTypeError) Error() string
type Usecase
type User
- func GetUser(ctx *gin.Context) *User

Constants ¶

View Source

const (
	// StateLength defines the length of the state string to be generated for OAuth2 authentication.
	StateLength = 16 // Length of the state string to be generated for OAuth2 authentication.
)

Variables ¶

View Source

var (
	// ErrInvalidState is returned when the state parameter is invalid.
	ErrInvalidState = errors.New("invalid state parameter")
	// ErrStateExpired is returned when the state parameter has expired.
	ErrStateExpired = errors.New("state parameter has expired")
	// ErrInvalidToken is returned when the provided token is invalid.
	ErrInvalidToken = errors.New("invalid token")
	// ErrInvalidEmail is returned when the email in the token claims is invalid.
	ErrInvalidEmail = errors.New("invalid email in token claims")
	// ErrInvalidTokenClaims is returned when the token claims are invalid.
	ErrInvalidTokenClaims = errors.New("invalid token claims")
	// ErrTokenExpired is returned when the token has expired.
	ErrTokenExpired = errors.New("token has expired")
	// ErrInvalidUsernameOrPassword is returned when the provided username or password is invalid.
	ErrInvalidUsernameOrPassword = errors.New("invalid username or password")
	// ErrNoPrimaryEmailFound is returned when no primary email is found in the user's emails.
	ErrNoPrimaryEmailFound = errors.New("no primary verified email found")
	// ErrOAuth2ClientCreationFailed is returned when the OAuth2 client creation fails.
	ErrOAuth2ClientCreationFailed = errors.New("failed to create OAuth2 client")
)

Functions ¶

func NewAuthJWTMiddleware ¶

func NewAuthJWTMiddleware(
	service *Service,
) gin.HandlerFunc

NewAuthJWTMiddleware creates a new Gin middleware for JWT authentication.

Types ¶

type AdminUsecase ¶

type AdminUsecase interface {
	// BasicAuth authenticates the user using basic authentication with username and password.
	BasicAuth(username, password string) (string, error)
}

AdminUsecase defines the use case for admin authentication.

type OAuth2Usecase ¶

type OAuth2Usecase interface {
	// AuthCodeURL generates the OAuth2 authorization URL with a unique state parameter.
	AuthCodeURL() (string, error)
	// Exchange exchanges the OAuth2 authorization code for an access token.
	Exchange(ctx context.Context, state, code string) (string, error)
}

OAuth2Usecase defines the use case for OAuth2 authentication.

type OAuthStateClaims ¶

type OAuthStateClaims struct {
	jwt.RegisteredClaims
}

OAuthStateClaims defines the custom claims for the JWT token used for the state parameter in OAuth2 authentication.

type OPAMPClaims ¶

type OPAMPClaims struct {
	Email string `json:"email"`
	jwt.RegisteredClaims
}

OPAMPClaims defines the custom claims for the JWT token used for opampcommander's authentication. It includes the user's email and standard JWT registered claims.

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

Service provides security-related functionality for the opampcommander application.

func New ¶

func New(
	logger *slog.Logger,
	settings *config.AuthSettings,
) *Service

New creates a new instance of the Service struct with the provided logger and OAuth settings.

func (*Service) AuthCodeURL ¶

func (s *Service) AuthCodeURL() (string, error)

AuthCodeURL generates the OAuth2 authorization URL with a unique state parameter.

func (*Service) BasicAuth ¶

func (s *Service) BasicAuth(username, password string) (string, error)

BasicAuth authenticates the user using basic authentication with username and password.

func (*Service) Exchange ¶

func (s *Service) Exchange(ctx context.Context, state, code string) (string, error)

Exchange exchanges the OAuth2 authorization code for an access token. It validates the state parameter to prevent CSRF attacks.

func (*Service) ValidateToken ¶

func (s *Service) ValidateToken(tokenString string) (*OPAMPClaims, error)

ValidateToken validates the provided JWT token string and returns the claims if valid. It checks the token's validity, expiration, and the email in the claims.

type UnsupportedTokenTypeError ¶

type UnsupportedTokenTypeError struct {
	TokenType string
}

UnsupportedTokenTypeError is returned when the token type is not supported.

func (*UnsupportedTokenTypeError) Error ¶

func (e *UnsupportedTokenTypeError) Error() string

type Usecase ¶

type Usecase interface {
	// ValidateToken validates the provided JWT token string and returns the claims if valid.
	ValidateToken(tokenString string) (*OPAMPClaims, error)

	// AdminUsecase returns the use case for admin authentication.
	AdminUsecase
	// OAuth2Usecase returns the use case for OAuth2 authentication.
	OAuth2Usecase
}

Usecase defines the use case for the security package.

type User ¶

type User struct {
	// Authenticated indicates if the user is authenticated
	Authenticated bool
	// Email is the primary email of the user
	// If the user is not authenticated, this will be nil
	Email *string
}

User represents a user in the system.

func GetUser ¶

func GetUser(ctx *gin.Context) *User

GetUser retrieves the user from the Gin context.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL