auth

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2020 License: Apache-2.0 Imports: 4 Imported by: 12

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// MjrAuthorization is the major authorization errors.
	MjrAuthorization errors.Major
	ClassScope       errors.Class

	// ClassInternal is the errors classification for internal auth errors.
	ClassInternal errors.Class
	// ClassForbidden is the error classification when authorization fails.
	ClassForbidden errors.Class
	// ClassTokenExpired is the error classification when the token expired.
	MnrToken          errors.Minor
	ClassInvalidToken errors.Class
	ClassTokenExpired errors.Class
	// ClassInvalidRole is the error classification when the role is not valid.
	ClassInvalidRole errors.Class
	// ClassInvalidSecret is the error classification when provided secret is not valid.
	ClassInvalidSecret errors.Class
	// ClassAccountNotFound is the error classification when account is not found.
	ClassAccountNotFound     errors.Class
	ClassAuthorizationHeader errors.Class
	// ClassInitialization is the error classification while initializing the structures.
	ClassInitialization errors.Class
	// ClassNoRequiredOption is the error classification while there is no required option.
	ClassNoRequiredOption errors.Class
)

Functions

func CtxAccountID 

func CtxAccountID(ctx context.Context) interface{}

CtxAccountID gets the account id from the context 'ctx'. If the context doesn't contain account id the function returns empty string.

func CtxWithAccountID 

func CtxWithAccountID(ctx context.Context, accountID interface{}) context.Context

CtxWithAccountID stores account id in the context.

Types

type Authenticator 

type Authenticator interface {
	Authenticate(ctx context.Context, username, password string) (accountID interface{}, err error)
}

Authenticator is the interface used to authenticate the username and password.

type Authorizer 

type Authorizer interface {
	// Authorize if the 'accountID' is allowed to access the resource. The resourceID is a unique resource identifier.
	Authorize(ctx context.Context, accountID interface{}, scopes ...string) error
}

Authorizer is the interface used to authorize resources.

type Option 

type Option func(o *Options)

Option is a function used to set authentication options.

type Options 

type Options struct {
	PasswordCost int
	// Secret is the authorization secret.
	Secret string
	// PublicKey is used for decoding the token public key.
	PublicKey string
	// PrivateKey is used for encoding the token private key.
	PrivateKey string
	// TokenExpiration is the default token expiration time.
	TokenExpiration time.Duration
	// RefreshTokenExpiration is the default refresh token expiration time,.
	RefreshTokenExpiration time.Duration
}

Options are the authorization service options.

type Role 

type Role interface {
	RoleName() string
}

Role is the interface used for the roles.

type RoleAuthorizer 

type RoleAuthorizer interface {
	// CreateRole creates a 'role'. An additional optional description might be provided for given role.
	CreateRole(ctx context.Context, role, description string) (Role, error)
	// FindRoles finds all stored roles. An optional argument(s) might be provided
	// to specify the resource id(s) for which the roles should be taken.
	FindRoles(ctx context.Context, options ...RoleFindOption) (roles []Role, err error)
	// GetRoles gets stored roles for provided accountID.
	GetRoles(ctx context.Context, accountID interface{}) (roles []Role, err error)
	// DeleteRole removes the 'role'
	DeleteRole(ctx context.Context, role string) error

	// GrantRole grants given 'role' access to given 'scope'.
	GrantRole(ctx context.Context, db database.DB, role, scope string) error
	// RevokeRole revokes access to given 'scope' for the 'role'.
	RevokeRole(ctx context.Context, db database.DB, role, scope string) error

	// AddRole adds the role to the given accountID.
	AddRole(ctx context.Context, db database.DB, accountID interface{}, role string) error
	// ClearRoles clears all roles for given account.
	ClearRoles(ctx context.Context, db database.DB, accountID interface{}) error
	// RemoveRole removes the role for given account.
	RemoveRole(ctx context.Context, db database.DB, accountID interface{}, role string) error
	// SetRoles clears and sets the role for the account with id.
	SetRoles(ctx context.Context, db database.DB, accountID interface{}, roles ...string) error
}

RoleAuthorizer is the role-based access control authorization.

type RoleFindOption 

type RoleFindOption func(o *RoleFindOptions)

func RolesWithAccountIDs 

func RolesWithAccountIDs(accountIDs ...interface{}) RoleFindOption

func RolesWithScopes 

func RolesWithScopes(scopes ...string) RoleFindOption

type RoleFindOptions 

type RoleFindOptions struct {
	AccountIDs []interface{}
	Scopes     []string
}

RoleFindOptions are is the structure used to find the

type Scope 

type Scope interface {
	ScopeName() string
}

type ScopeCollection 

type ScopeCollection interface {
	CreateScope(ctx context.Context, db database.DB, scope, description string) (Scope, error)
	GetScope(ctx context.Context, db database.DB, scope string) (Scope, error)
	DeleteScope(ctx context.Context, db database.DB, scope string) error
}

ScopeCollection is collection for the authorization scope.

type Token 

type Token struct {
	// AccessToken is the string access token.
	AccessToken string
	// RefreshToken defines the token
	RefreshToken string
}

Token is the authorization token structure.

type TokenOption 

type TokenOption func(o *TokenOptions)

TokenOption is the token options changer function.

func TokenAccountID 

func TokenAccountID(id interface{}) TokenOption

TokenAccountID sets account identifier for the token.

func TokenExpirationTime 

func TokenExpirationTime(d time.Duration) TokenOption

TokenExpirationTime sets the expiration time for the token.

func TokenRefreshToken 

func TokenRefreshToken(refresh string) TokenOption

TokenRefreshToken sets the refresh token in the options.

type TokenOptions 

type TokenOptions struct {
	// AccountIdentifier is the account identifier (email, account id etc.)
	AccountID interface{}
	// RefreshToken is the token used to refresh the new token.
	RefreshToken string
	// ExpirationTime is the expiration time of the token.
	ExpirationTime time.Duration
}

TokenOption is the options used to create the token.

type Tokener 

type Tokener interface {
	// InspectToken extracts claims from the token.
	InspectToken(token string) (claims interface{}, err error)
	// Token creates the token for provided options.
	Token(ctx context.Context, options ...TokenOption) (Token, error)
	// RefreshToken creates the token based on provided 'refreshToken'.
	RefreshToken(ctx context.Context, refreshToken string) (Token, error)
}

Tokener is the interface used for the authorization with the token.

type TwoFactorAuthenticator 

type TwoFactorAuthenticator interface {
	HasTwoFactorAuth(accountID interface{}) (bool, error)
	GenerateTwoFactorAuth(accountID interface{}) (secret string, err error)
	TwoFactorCreate(accountID interface{}) (err error)
	TwoFactorVerify(accountID interface{}, code string) error
}

TwoFactorAuthenticator is the two factor authenticator

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.