middleware

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 15, 2020 License: BSD-3-Clause Imports: 9 Imported by: 0

Documentation

Overview

Package middleware provides means of verifying JWTs generated by `cmd/admin`'s login handler or similar mechanisms. It is compatible with Gorilla mux middleware.

Index

Constants

View Source 
const (
	// DefaultLoginURL is the default value for Client.LoginURL
	DefaultLoginURL = "/login"
	// DefaultRedirectKey is the default value for Client.RedirectKey
	DefaultRedirectKey = "redirect"
)

Variables

View Source 
var ClaimsKey claimsKeyType

ClaimsKey is under which key Claims will be stored in the request Context.

Functions

This section is empty.

Types

type Claims 

type Claims struct {
	*jwt.Claims
}

Claims is added to the request context

type Client 

type Client struct {
	Verificator *verify.Verificator

	// Groups of which as least 1 needs to be mentioned in the token.
	// A check is performed on the extra "groups" field which should
	// hold a JSON array of group names this user is member of.
	// If Groups is empty, checking is disabled.
	Groups []string

	// LoginURL is the path to a login handler.
	// Defaults to "/login".
	LoginURL string

	// Whenever the client needs to be redirected for login,
	// the original called URI is embedded as query parameter under RedirectKey.
	// This allows for a login hander (like cmd/admin) to send the client back to
	// the original URI upon succesfull login.
	// Defaults to "redirect".
	RedirectKey string

	// Scheme, hostname and optionaly port number of this host.
	// It is used for redirecting back to this server after login.
	ServerAddress string
	RefreshWithin time.Duration
}

Client holds a Verificator and AuthenticatorClient

func (*Client) Middleware 

func (c *Client) Middleware(next http.Handler) http.Handler

Middleware checks for a valid authentication token, named "jwt", in url or cookie. A token in the URL is copied to a newly set cookie in the response headers. The claims from the token added to the request context under "ClaimsKey" and type "Claims"

If the token is missing, invalid, expired or user is not member of the correct group and audience, the client is redirected for login. In case of a call error to the AuthenticatorClient, internal server error will be transmitted to the client. In both cases "next.ServeHttp()" is not called, halting the middleware call chain.

When the token is close to expire, "AuthenticatorClient.RefreshToken()" is called. The resulting new token is set in a new cookie. An error from RefreshToken is only logged, "next.ServeHttp()" will be called regardless.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.