Documentation
¶
Index ¶
- Constants
- func AddApiSessionHeaders(rc *RequestContext)
- func AddHeaders(rc *RequestContext)
- func GetApiEnrollmentVersion() string
- func GetApiVersion() string
- type EdgeResponseMapper
- type EventLogger
- type RequestContext
- func (rc *RequestContext) GetAction() permissions.Action
- func (rc *RequestContext) GetApi() permissions.Api
- func (rc *RequestContext) GetBody() []byte
- func (rc *RequestContext) GetEntityAction() string
- func (rc *RequestContext) GetEntityId() (string, error)
- func (rc *RequestContext) GetEntitySubId() (string, error)
- func (rc *RequestContext) GetEntityType() string
- func (rc *RequestContext) GetId() string
- func (rc *RequestContext) GetRequest() *http.Request
- func (rc *RequestContext) GetResponseWriter() http.ResponseWriter
- func (rc *RequestContext) GetSecurityTokenCtx() *common.SecurityTokenCtx
- func (rc *RequestContext) HasJwtSecurityToken() bool
- func (rc *RequestContext) HasLegacySecurityToken() bool
- func (rc *RequestContext) HasPermission(s string) bool
- func (rc *RequestContext) InitPermissionsContext(api permissions.Api, entityType string, action permissions.Action)
- func (rc *RequestContext) NewChangeContext() *change.Context
- func (rc *RequestContext) NewChangeContextForIdentity(identity *model.Identity) *change.Context
- func (rc *RequestContext) SetEntityId(id string)
- func (rc *RequestContext) SetEntitySubId(id string)
- type Responder
- type ResponderImpl
- type SecurityCtx
Constants ¶
View Source
const ( IdPropertyName = "id" SubIdPropertyName = "subId" )
View Source
const ( ApiSessionExpirationSecondsHeader = "expiration-seconds" ApiSessionExpiresAtHeader = "expires-at" ServerHeader = "server" )
Variables ¶
This section is empty.
Functions ¶
func AddApiSessionHeaders ¶
func AddApiSessionHeaders(rc *RequestContext)
AddApiSessionHeaders writes API-session lifetime headers when a resolved session is available, and appends WWW-Authenticate or other structured error headers from any MFA or session-level errors so that clients can determine the next required action.
func AddHeaders ¶
func AddHeaders(rc *RequestContext)
AddHeaders sets standard response headers for every API response, including the server version banner and API-session expiry information.
func GetApiEnrollmentVersion ¶
func GetApiEnrollmentVersion() string
func GetApiVersion ¶
func GetApiVersion() string
Types ¶
type EdgeResponseMapper ¶
type EdgeResponseMapper struct{}
func (EdgeResponseMapper) EmptyOkData ¶
func (EdgeResponseMapper) EmptyOkData() interface{}
func (EdgeResponseMapper) MapApiError ¶
func (self EdgeResponseMapper) MapApiError(requestId string, apiError *errorz.ApiError) interface{}
type EventLogger ¶
type RequestContext ¶
type RequestContext struct {
Responder
// Id is the unique identifier generated for this request, used in logging and tracing.
Id string
ResponseWriter http.ResponseWriter
Request *http.Request
Api permissions.Api
EntityType string
Action permissions.Action
Body []byte
StartTime time.Time
// SecurityCtx holds the resolved authentication and authorization state for the request.
SecurityCtx SecurityCtx
// contains filtered or unexported fields
}
RequestContext carries all state for a single inbound API request as it flows through middleware and route handlers. It provides access to the raw HTTP request and response writer, the resolved security context, routing metadata (entity type, action, IDs), and helpers for building audit change records.
func (*RequestContext) GetAction ¶
func (rc *RequestContext) GetAction() permissions.Action
func (*RequestContext) GetApi ¶
func (rc *RequestContext) GetApi() permissions.Api
func (*RequestContext) GetBody ¶
func (rc *RequestContext) GetBody() []byte
func (*RequestContext) GetEntityAction ¶
func (rc *RequestContext) GetEntityAction() string
func (*RequestContext) GetEntityId ¶
func (rc *RequestContext) GetEntityId() (string, error)
func (*RequestContext) GetEntitySubId ¶
func (rc *RequestContext) GetEntitySubId() (string, error)
func (*RequestContext) GetEntityType ¶
func (rc *RequestContext) GetEntityType() string
func (*RequestContext) GetId ¶
func (rc *RequestContext) GetId() string
func (*RequestContext) GetRequest ¶
func (rc *RequestContext) GetRequest() *http.Request
func (*RequestContext) GetResponseWriter ¶
func (rc *RequestContext) GetResponseWriter() http.ResponseWriter
func (*RequestContext) GetSecurityTokenCtx ¶
func (rc *RequestContext) GetSecurityTokenCtx() *common.SecurityTokenCtx
GetSecurityTokenCtx returns the raw token context from the resolved security context, providing access to bearer tokens and their verification state.
func (*RequestContext) HasJwtSecurityToken ¶
func (rc *RequestContext) HasJwtSecurityToken() bool
HasJwtSecurityToken returns true if the request context has a valid JWT security token
func (*RequestContext) HasLegacySecurityToken ¶
func (rc *RequestContext) HasLegacySecurityToken() bool
HasLegacySecurityToken returns true if the request context has a legacy zt-session security token
func (*RequestContext) HasPermission ¶
func (rc *RequestContext) HasPermission(s string) bool
func (*RequestContext) InitPermissionsContext ¶
func (rc *RequestContext) InitPermissionsContext(api permissions.Api, entityType string, action permissions.Action)
func (*RequestContext) NewChangeContext ¶
func (rc *RequestContext) NewChangeContext() *change.Context
func (*RequestContext) NewChangeContextForIdentity ¶
func (rc *RequestContext) NewChangeContextForIdentity(identity *model.Identity) *change.Context
NewChangeContextForIdentity builds a change.Context attributed to the given identity rather than the session's own identity. This is the primary implementation used by NewChangeContext and can be called directly when an administrator is acting on behalf of another identity.
func (*RequestContext) SetEntityId ¶
func (rc *RequestContext) SetEntityId(id string)
func (*RequestContext) SetEntitySubId ¶
func (rc *RequestContext) SetEntitySubId(id string)
type Responder ¶
type Responder interface {
api.Responder
RespondWithOk(data interface{}, meta *rest_model.Meta)
RespondWithCreatedId(id string, link rest_model.Link)
}
todo: rename to Responder, remove old Responder and RequestResponder
type ResponderImpl ¶
func NewResponder ¶
func NewResponder(rc *RequestContext) *ResponderImpl
func (*ResponderImpl) RespondWithCreatedId ¶
func (responder *ResponderImpl) RespondWithCreatedId(id string, link rest_model.Link)
func (*ResponderImpl) RespondWithOk ¶
func (responder *ResponderImpl) RespondWithOk(data interface{}, meta *rest_model.Meta)
type SecurityCtx ¶
type SecurityCtx interface {
// GetSecurityTokenCtx returns the raw token context carrying bearer token state.
GetSecurityTokenCtx() *common.SecurityTokenCtx
// GetIdentity resolves and returns the identity for the session. When a masquerade
// is active, the masquerade identity is returned instead.
GetIdentity() (*model.Identity, error)
// GetAuthPolicy resolves and returns the auth policy for the session's identity.
GetAuthPolicy() (*model.AuthPolicy, error)
// GetApiSession resolves and returns the API session for the request.
GetApiSession() (*model.ApiSession, error)
// GetTotp resolves and returns the TOTP MFA configuration for the session's identity.
GetTotp() (*model.Mfa, error)
// GetApiSessionWithoutResolve returns the API session only if already resolved.
GetApiSessionWithoutResolve() (*model.ApiSession, error)
// GetMfaAuthQueriesWithoutResolve returns MFA challenges only if already resolved.
GetMfaAuthQueriesWithoutResolve() []*rest_model.AuthQueryDetail
// GetMfaErrorWithoutResolve returns the MFA error only if already resolved.
GetMfaErrorWithoutResolve() error
// IsPartiallyAuthed returns true when primary auth succeeded but secondary auth is pending.
IsPartiallyAuthed() bool
// IsFullyAuthed returns true when both primary and secondary auth are satisfied.
IsFullyAuthed() bool
// GetPermissions returns the resolved permission set for the session.
GetPermissions() map[string]struct{}
// AddToRequest attaches this SecurityCtx to the request's context.
AddToRequest(r *http.Request)
// GetError returns the error from primary session resolution, if any.
GetError() error
// GetMfaAuthQueries resolves and returns outstanding MFA challenges.
GetMfaAuthQueries() []*rest_model.AuthQueryDetail
// GetMfaError resolves and returns any secondary-auth failure.
GetMfaError() error
// MasqueradeAsIdentity allows an admin to act as another identity for this request.
MasqueradeAsIdentity(identity *model.Identity) error
// EndMasquerade clears any active masquerade.
EndMasquerade()
}
SecurityCtx is the interface that RequestContext uses to access per-request authentication and authorization state. The concrete implementation (env.SecurityCtx) resolves identity, API session, auth policy, MFA queries, and permission sets lazily and caches results. Implementations must be safe for concurrent use within a single request lifetime.
Source Files
Click to show internal directories.
Click to hide internal directories.