Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Groups ¶
type Groups []string
Groups is a string list, preferably a string set.
func (Groups) Test ¶
Test verifies that the user's groups satisfy the membership rules.
Use AllOf and/or OneOf to describe how to authorise the user's groups.
Usage:
// user must be able to read both payments and inventory.
Groups([]string{...}).Test(AllOf("can_read_payment", "can_read_inventory"))
// user must be able to read both payments and inventory, but write permissions implies read as well.
Groups([]string{...}).Test(OneOf("can_read_payment", "can_write_payment"), OneOf("can_read_inventory", "can_write_inventory"))
type HasGroups ¶
type HasGroups interface {
GetGroups() Groups
}
HasGroups is the interface for the GetGroups method which returns all the groups that the user belongs to.
The return value is intended to be used with Groups.Test to test for membership.
type HasUser ¶
type HasUser[UserType interface{}] interface {
GetUser() *UserType
}
HasUser is the interface for the GetUser method which can be used to return information about a user attached with a session.
type Middleware ¶
type Middleware[SessionType HasUser[UserType], UserType HasGroups] struct { // Client is the DynamoDB client for making GetItem calls. // // If not given, one will be created from `config.LoadDefaultConfig(...)`. Client MiddlewareAPIClient // CookieName is the name of the cookie to retrieve the session Id. // // The default value is "sid". CookieName string // SessionContextKey is the key to attach a valid session with a given [gin.Context] via [gin.Context.Set]. // // The default value is "session". Pass empty string to disable this feature. SessionContextKey string // UserContextKey is the key to attach a valid user with a given [gin.Context] via [gin.Context.Set]. // // The default value is "session.user". Pass empty string to disable this feature. UserContextKey string // ClientOptions is passed to each GetItem call. ClientOptions []func(*dynamodb.Options) }
Middleware is a gin middleware that can be used to retrieve session data from DynamoDB.
The zero-value is ready for use.
func New ¶
func New[SessionType HasUser[UserType], UserType HasGroups](client MiddlewareAPIClient, optFns ...func(*Middleware[SessionType, UserType])) *Middleware[SessionType, UserType]
New is a convenient function to create a Middleware instance and modifies it.
func (*Middleware[SessionType, UserType]) RequireAuthentication ¶
func (m *Middleware[SessionType, UserType]) RequireAuthentication() gin.HandlerFunc
RequireAuthentication adds a middleware that rejects all requests with http.StatusUnauthorized that don't have a valid session, or if the session is not authenticated (HasUser.GetUser returning a nil value).
func (*Middleware[SessionType, UserType]) RequireAuthorisation ¶
func (m *Middleware[SessionType, UserType]) RequireAuthorisation(rule Rule, more ...Rule) gin.HandlerFunc
RequireAuthorisation implies RequireAuthentication while also rejects requests with http.StatusForbidden if the user returned by [HasUser.GetUser] does not have permission according to some set of rules.
func (*Middleware[SessionType, UserType]) RequireSession ¶
func (m *Middleware[SessionType, UserType]) RequireSession() gin.HandlerFunc
RequireSession adds a middleware that rejects all requests with http.StatusUnauthorized that don't have a valid session.
type MiddlewareAPIClient ¶
type MiddlewareAPIClient interface {
GetItem(ctx context.Context, params *dynamodb.GetItemInput, optFns ...func(*dynamodb.Options)) (*dynamodb.GetItemOutput, error)
}
MiddlewareAPIClient abstracts the API needed by Middleware.
Source Files