Documentation
¶
Index ¶
- func RegisterAuthEndpoints(api huma.API, cfg *config.Config)
- func RegisterDNSEndpoint(api huma.API, cfg *config.Config)
- func RegisterGitHubATEndpoint(api huma.API, cfg *config.Config)
- func RegisterGitHubOIDCEndpoint(api huma.API, cfg *config.Config)
- func RegisterHTTPEndpoint(api huma.API, cfg *config.Config)
- func RegisterNoneEndpoint(api huma.API, cfg *config.Config)
- func RegisterOIDCEndpoints(api huma.API, cfg *config.Config)
- type DNSAuthHandler
- type DNSResolver
- type DNSTokenExchangeInput
- type DefaultDNSResolver
- type DefaultHTTPKeyFetcher
- type GenericOIDCValidator
- type GitHubHandler
- type GitHubOIDCClaims
- type GitHubOIDCHandler
- type GitHubOIDCTokenExchangeInput
- type GitHubOIDCValidator
- type GitHubTokenExchangeInput
- type GitHubUserOrOrg
- type HTTPAuthHandler
- type HTTPKeyFetcher
- type HTTPTokenExchangeInput
- type JWK
- type JWKS
- type NoneHandler
- type OIDCClaims
- type OIDCHandler
- type OIDCTokenExchangeInput
- type OIDCValidator
- type StandardOIDCValidator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterAuthEndpoints ¶
RegisterAuthEndpoints registers all authentication endpoints
func RegisterDNSEndpoint ¶
RegisterDNSEndpoint registers the DNS authentication endpoint
func RegisterGitHubATEndpoint ¶
RegisterGitHubATEndpoint registers the GitHub access token authentication endpoint
func RegisterGitHubOIDCEndpoint ¶
RegisterGitHubOIDCEndpoint registers the GitHub OIDC authentication endpoint
func RegisterHTTPEndpoint ¶
RegisterHTTPEndpoint registers the HTTP authentication endpoint
func RegisterNoneEndpoint ¶
RegisterNoneEndpoint registers the anonymous authentication endpoint
func RegisterOIDCEndpoints ¶
RegisterOIDCEndpoints registers all OIDC authentication endpoints
Types ¶
type DNSAuthHandler ¶
type DNSAuthHandler struct {
// contains filtered or unexported fields
}
DNSAuthHandler handles DNS-based authentication
func NewDNSAuthHandler ¶
func NewDNSAuthHandler(cfg *config.Config) *DNSAuthHandler
NewDNSAuthHandler creates a new DNS authentication handler
func (*DNSAuthHandler) ExchangeToken ¶
func (h *DNSAuthHandler) ExchangeToken(ctx context.Context, domain, timestamp, signedTimestamp string) (*auth.TokenResponse, error)
ExchangeToken exchanges DNS signature for a Registry JWT token
func (*DNSAuthHandler) SetResolver ¶
func (h *DNSAuthHandler) SetResolver(resolver DNSResolver)
SetResolver sets a custom DNS resolver (used for testing)
type DNSResolver ¶
DNSResolver defines the interface for DNS resolution
type DNSTokenExchangeInput ¶
type DNSTokenExchangeInput struct {
Body struct {
Domain string `json:"domain" doc:"Domain name" example:"example.com" required:"true"`
Timestamp string `json:"timestamp" doc:"RFC3339 timestamp" example:"2023-01-01T00:00:00Z" required:"true"`
SignedTimestamp string `json:"signed_timestamp" doc:"Hex-encoded Ed25519 signature of timestamp" example:"abcdef1234567890" required:"true"`
}
}
DNSTokenExchangeInput represents the input for DNS-based authentication
type DefaultDNSResolver ¶
type DefaultDNSResolver struct{}
DefaultDNSResolver uses Go's standard DNS resolution
type DefaultHTTPKeyFetcher ¶
type DefaultHTTPKeyFetcher struct {
// contains filtered or unexported fields
}
DefaultHTTPKeyFetcher uses Go's standard HTTP client
func NewDefaultHTTPKeyFetcher ¶
func NewDefaultHTTPKeyFetcher() *DefaultHTTPKeyFetcher
NewDefaultHTTPKeyFetcher creates a new HTTP key fetcher with timeout
type GenericOIDCValidator ¶
type GenericOIDCValidator interface {
ValidateToken(ctx context.Context, token string) (*OIDCClaims, error)
}
GenericOIDCValidator defines the interface for validating OIDC tokens from any provider
type GitHubHandler ¶
type GitHubHandler struct {
// contains filtered or unexported fields
}
GitHubHandler handles GitHub authentication
func NewGitHubHandler ¶
func NewGitHubHandler(cfg *config.Config) *GitHubHandler
NewGitHubHandler creates a new GitHub handler
func (*GitHubHandler) ExchangeToken ¶
func (h *GitHubHandler) ExchangeToken(ctx context.Context, githubToken string) (*auth.TokenResponse, error)
ExchangeToken exchanges a GitHub OAuth token for a Registry JWT token
func (*GitHubHandler) SetBaseURL ¶
func (h *GitHubHandler) SetBaseURL(url string)
SetBaseURL sets the base URL for GitHub API (used for testing)
type GitHubOIDCClaims ¶
type GitHubOIDCClaims struct {
jwt.RegisteredClaims
RepositoryOwner string `json:"repository_owner"` // e.g., "octo-org"
}
GitHubOIDCClaims represents the claims we need from a GitHub OIDC token
type GitHubOIDCHandler ¶
type GitHubOIDCHandler struct {
// contains filtered or unexported fields
}
GitHubOIDCHandler handles GitHub OIDC authentication
func NewGitHubOIDCHandler ¶
func NewGitHubOIDCHandler(cfg *config.Config) *GitHubOIDCHandler
NewGitHubOIDCHandler creates a new GitHub OIDC handler
func (*GitHubOIDCHandler) ExchangeToken ¶
func (h *GitHubOIDCHandler) ExchangeToken(ctx context.Context, oidcToken string) (*auth.TokenResponse, error)
ExchangeToken exchanges a GitHub OIDC token for a Registry JWT token
func (*GitHubOIDCHandler) SetValidator ¶
func (h *GitHubOIDCHandler) SetValidator(validator OIDCValidator)
SetValidator sets a custom OIDC validator (used for testing)
type GitHubOIDCTokenExchangeInput ¶
type GitHubOIDCTokenExchangeInput struct {
Body struct {
OIDCToken string `json:"oidc_token" doc:"GitHub Actions OIDC token" required:"true"`
}
}
GitHubOIDCTokenExchangeInput represents the input for GitHub OIDC token exchange
type GitHubOIDCValidator ¶
type GitHubOIDCValidator struct {
// contains filtered or unexported fields
}
GitHubOIDCValidator validates GitHub OIDC tokens
func NewGitHubOIDCValidator ¶
func NewGitHubOIDCValidator() *GitHubOIDCValidator
NewGitHubOIDCValidator creates a new GitHub OIDC validator
func NewMockOIDCValidator ¶
func NewMockOIDCValidator(jwksURL, issuer string) *GitHubOIDCValidator
NewMockOIDCValidator creates a mock validator for testing
func (*GitHubOIDCValidator) ValidateToken ¶
func (v *GitHubOIDCValidator) ValidateToken(ctx context.Context, tokenString string, audience string) (*GitHubOIDCClaims, error)
ValidateToken validates a GitHub OIDC token
type GitHubTokenExchangeInput ¶
type GitHubTokenExchangeInput struct {
Body struct {
GitHubToken string `json:"github_token" doc:"GitHub OAuth token" required:"true"`
}
}
GitHubTokenExchangeInput represents the input for GitHub token exchange
type GitHubUserOrOrg ¶
type HTTPAuthHandler ¶
type HTTPAuthHandler struct {
// contains filtered or unexported fields
}
HTTPAuthHandler handles HTTP-based authentication
func NewHTTPAuthHandler ¶
func NewHTTPAuthHandler(cfg *config.Config) *HTTPAuthHandler
NewHTTPAuthHandler creates a new HTTP authentication handler
func (*HTTPAuthHandler) ExchangeToken ¶
func (h *HTTPAuthHandler) ExchangeToken(ctx context.Context, domain, timestamp, signedTimestamp string) (*auth.TokenResponse, error)
ExchangeToken exchanges HTTP signature for a Registry JWT token
func (*HTTPAuthHandler) SetFetcher ¶
func (h *HTTPAuthHandler) SetFetcher(fetcher HTTPKeyFetcher)
SetFetcher sets a custom HTTP key fetcher (used for testing)
type HTTPKeyFetcher ¶
HTTPKeyFetcher defines the interface for fetching HTTP keys
type HTTPTokenExchangeInput ¶
type HTTPTokenExchangeInput struct {
Body struct {
Domain string `json:"domain" doc:"Domain name" example:"example.com" required:"true"`
Timestamp string `json:"timestamp" doc:"RFC3339 timestamp" example:"2023-01-01T00:00:00Z" required:"true"`
SignedTimestamp string `json:"signed_timestamp" doc:"Hex-encoded Ed25519 signature of timestamp" example:"abcdef1234567890" required:"true"`
}
}
HTTPTokenExchangeInput represents the input for HTTP-based authentication
type JWK ¶
type JWK struct {
KTY string `json:"kty"`
KID string `json:"kid"`
Use string `json:"use"`
N string `json:"n"`
E string `json:"e"`
}
JWK represents a JSON Web Key
type NoneHandler ¶
type NoneHandler struct {
// contains filtered or unexported fields
}
NoneHandler handles anonymous authentication
func NewNoneHandler ¶
func NewNoneHandler(cfg *config.Config) *NoneHandler
NewNoneHandler creates a new anonymous authentication handler
func (*NoneHandler) GetAnonymousToken ¶
func (h *NoneHandler) GetAnonymousToken(ctx context.Context) (*auth.TokenResponse, error)
GetAnonymousToken generates an anonymous Registry JWT token
type OIDCClaims ¶
type OIDCClaims struct {
Subject string `json:"sub"`
Issuer string `json:"iss"`
Audience []string `json:"aud"`
ExtraClaims map[string]any `json:"-"`
}
OIDCClaims represents the claims we extract from any OIDC token
type OIDCHandler ¶
type OIDCHandler struct {
// contains filtered or unexported fields
}
OIDCHandler handles configurable OIDC authentication
func NewOIDCHandler ¶
func NewOIDCHandler(cfg *config.Config) *OIDCHandler
NewOIDCHandler creates a new OIDC handler
func (*OIDCHandler) ExchangeToken ¶
func (h *OIDCHandler) ExchangeToken(ctx context.Context, oidcToken string) (*auth.TokenResponse, error)
ExchangeToken exchanges an OIDC ID token for a Registry JWT token
func (*OIDCHandler) SetValidator ¶
func (h *OIDCHandler) SetValidator(validator GenericOIDCValidator)
SetValidator sets a custom OIDC validator (used for testing)
type OIDCTokenExchangeInput ¶
type OIDCTokenExchangeInput struct {
Body struct {
OIDCToken string `json:"oidc_token" doc:"OIDC ID token from any provider" required:"true"`
}
}
OIDCTokenExchangeInput represents the input for OIDC token exchange
type OIDCValidator ¶
type OIDCValidator interface {
ValidateToken(ctx context.Context, token string, audience string) (*GitHubOIDCClaims, error)
}
OIDCValidator defines the interface for OIDC token validation
type StandardOIDCValidator ¶
type StandardOIDCValidator struct {
// contains filtered or unexported fields
}
StandardOIDCValidator validates OIDC tokens using go-oidc library
func NewStandardOIDCValidator ¶
func NewStandardOIDCValidator(issuer, clientID string) (*StandardOIDCValidator, error)
NewStandardOIDCValidator creates a new standard OIDC validator using go-oidc
func (*StandardOIDCValidator) ValidateToken ¶
func (v *StandardOIDCValidator) ValidateToken(ctx context.Context, tokenString string) (*OIDCClaims, error)
ValidateToken validates an OIDC ID token using go-oidc library
Source Files