Documentation
¶
Index ¶
- Variables
- func CtxAccountID(ctx context.Context) interface{}
- func CtxWithAccountID(ctx context.Context, accountID interface{}) context.Context
- type Authenticator
- type Authorizer
- type Option
- type Options
- type Role
- type RoleAuthorizer
- type RoleFindOption
- type RoleFindOptions
- type Scope
- type ScopeCollection
- type Token
- type TokenOption
- type TokenOptions
- type Tokener
- type TwoFactorAuthenticator
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrAuthorization is the major authorization errors. ErrAuthorization = errors.New("authorization") // ErrAuthorizationScope is an error related to the authorization scope. ErrAuthorizationScope = errors.Wrap(ErrAuthorization, "scope") // ErrAuthorizationHeader is an error related to authorization header. ErrAuthorizationHeader = errors.Wrap(ErrAuthorization, "invalid or no header") // ErrForbidden is the error classification when authorization fails. ErrForbidden = errors.Wrap(ErrAuthorization, "forbidden access") // ErrToken is the error for invalid token. ErrToken = errors.Wrap(ErrAuthorization, "invalid token") // ErrTokenExpired is an error related to expired token. ErrTokenExpired = errors.Wrap(ErrToken, "expired") // ErrInvalidRole is the error classification when the role is not valid. ErrInvalidRole = errors.Wrap(ErrAuthorization, "invalid role") // ErrAuthentication is an error related with authentication. ErrAuthentication = errors.New("authentication") // ErrInvalidSecret is the error classification when provided secret is not valid. ErrInvalidSecret = errors.Wrap(ErrAuthentication, "provided invalid secret") // ErrAccountNotFound is the error classification when account is not found. ErrAccountNotFound = errors.Wrap(ErrAuthentication, "account not found") // ErrInitialization is the error classification while initializing the structures. ErrInitialization = errors.New("auth initialization failed") // ErrAuthenticationNoRequiredOption is the error classification while there is no required option. ErrAuthenticationNoRequiredOption = errors.Wrap(ErrAuthentication, "provided no required option") )
Functions ¶
func CtxAccountID ¶
CtxAccountID gets the account id from the context 'ctx'. If the context doesn't contain account id the function returns empty string.
Types ¶
type Authenticator ¶
type Authenticator interface {
Authenticate(ctx context.Context, username, password string) (accountID interface{}, err error)
}
Authenticator is the interface used to authenticate the username and password.
type Authorizer ¶
type Authorizer interface {
// Authorize if the 'accountID' is allowed to access the resource. The resourceID is a unique resource identifier.
Authorize(ctx context.Context, accountID interface{}, scopes ...string) error
}
Authorizer is the interface used to authorize resources.
type Options ¶
type Options struct {
PasswordCost int
// Secret is the authorization secret.
Secret string
// PublicKey is used for decoding the token public key.
PublicKey string
// PrivateKey is used for encoding the token private key.
PrivateKey string
// TokenExpiration is the default token expiration time.
TokenExpiration time.Duration
// RefreshTokenExpiration is the default refresh token expiration time,.
RefreshTokenExpiration time.Duration
}
Options are the authorization service options.
type RoleAuthorizer ¶
type RoleAuthorizer interface {
// CreateRole creates a 'role'. An additional optional description might be provided for given role.
CreateRole(ctx context.Context, role, description string) (Role, error)
// FindRoles finds all stored roles. An optional argument(s) might be provided
// to specify the resource id(s) for which the roles should be taken.
FindRoles(ctx context.Context, options ...RoleFindOption) (roles []Role, err error)
// GetRoles gets stored roles for provided accountID.
GetRoles(ctx context.Context, accountID interface{}) (roles []Role, err error)
// DeleteRole removes the 'role'
DeleteRole(ctx context.Context, role string) error
// GrantRole grants given 'role' access to given 'scope'.
GrantRole(ctx context.Context, db database.DB, role, scope string) error
// RevokeRole revokes access to given 'scope' for the 'role'.
RevokeRole(ctx context.Context, db database.DB, role, scope string) error
// AddRole adds the role to the given accountID.
AddRole(ctx context.Context, db database.DB, accountID interface{}, role string) error
// ClearRoles clears all roles for given account.
ClearRoles(ctx context.Context, db database.DB, accountID interface{}) error
// RemoveRole removes the role for given account.
RemoveRole(ctx context.Context, db database.DB, accountID interface{}, role string) error
// SetRoles clears and sets the role for the account with id.
SetRoles(ctx context.Context, db database.DB, accountID interface{}, roles ...string) error
}
RoleAuthorizer is the role-based access control authorization.
type RoleFindOption ¶
type RoleFindOption func(o *RoleFindOptions)
RoleFindOption is a function that changes RoleFindOptions.
func RolesWithAccountIDs ¶
func RolesWithAccountIDs(accountIDs ...interface{}) RoleFindOption
RolesWithAccountIDs sets the role find option account ids.
func RolesWithScopes ¶
func RolesWithScopes(scopes ...string) RoleFindOption
RolesWithScopes sets the role find options scopes.
type RoleFindOptions ¶
type RoleFindOptions struct {
AccountIDs []interface{}
Scopes []string
}
RoleFindOptions are is the structure used to find the
type Scope ¶
type Scope interface {
ScopeName() string
}
Scope is an interface that defines authorization scope.
type ScopeCollection ¶
type ScopeCollection interface {
CreateScope(ctx context.Context, db database.DB, scope, description string) (Scope, error)
GetScope(ctx context.Context, db database.DB, scope string) (Scope, error)
DeleteScope(ctx context.Context, db database.DB, scope string) error
}
ScopeCollection is collection for the authorization scope.
type Token ¶
type Token struct {
// AccessToken is the string access token.
AccessToken string
// RefreshToken defines the token
RefreshToken string
}
Token is the authorization token structure.
type TokenOption ¶
type TokenOption func(o *TokenOptions)
TokenOption is the token options changer function.
func TokenAccountID ¶
func TokenAccountID(id interface{}) TokenOption
TokenAccountID sets account identifier for the token.
func TokenExpirationTime ¶
func TokenExpirationTime(d time.Duration) TokenOption
TokenExpirationTime sets the expiration time for the token.
func TokenRefreshToken ¶
func TokenRefreshToken(refresh string) TokenOption
TokenRefreshToken sets the refresh token in the options.
type TokenOptions ¶
type TokenOptions struct {
// AccountIdentifier is the account identifier (email, account id etc.)
AccountID interface{}
// RefreshToken is the token used to refresh the new token.
RefreshToken string
// ExpirationTime is the expiration time of the token.
ExpirationTime time.Duration
}
TokenOptions is the options used to create the token.
type Tokener ¶
type Tokener interface {
// InspectToken extracts claims from the token.
InspectToken(token string) (claims interface{}, err error)
// Token creates the token for provided options.
Token(ctx context.Context, options ...TokenOption) (Token, error)
// RefreshToken creates the token based on provided 'refreshToken'.
RefreshToken(ctx context.Context, refreshToken string) (Token, error)
}
Tokener is the interface used for the authorization with the token.
type TwoFactorAuthenticator ¶
type TwoFactorAuthenticator interface {
HasTwoFactorAuth(accountID interface{}) (bool, error)
GenerateTwoFactorAuth(accountID interface{}) (secret string, err error)
TwoFactorCreate(accountID interface{}) (err error)
TwoFactorVerify(accountID interface{}, code string) error
}
TwoFactorAuthenticator is the two factor authenticator
Source Files
Click to show internal directories.
Click to hide internal directories.