security

package
v0.1.21 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 16, 2024 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security is a toolkit for security check and authorization

Package security is a package that provides security-related functions and types.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security is a toolkit for security check and authorization

Index

Constants

View Source 
const (
	// HeaderAuthorize is the name of the authorization header.
	HeaderAuthorize = "Authorization"
	// HeaderContentType is the name of the content type header.
	HeaderContentType = "Content-Type"
	// HeaderContentLength is the name of the content length header.
	HeaderContentLength = "Content-Length"
	// HeaderUserAgent is the name of the user agent header.
	HeaderUserAgent = "User-Agent"
	// HeaderReferer is the name of the referer header.
	HeaderReferer = "Referer"
	// HeaderOrigin is the name of the origin header.
	HeaderOrigin = "Origin"
)
View Source 
const (
	// SchemeNTLM represents an NTLM authorization.
	SchemeNTLM = SchemeNegotiate
)
View Source 
const (
	TokenCacheNS = "security:token"
)

Variables

This section is empty.

Functions

func FromToken added in v0.1.8 

func FromToken(ctx context.Context) string

func NewMapCache added in v0.1.10 

func NewMapCache() cache.Cache

func NewToken added in v0.1.8 

func NewToken(ctx context.Context, token string) context.Context

Types

type Authenticator 

type Authenticator interface {
	// CreateIdentityClaims creates a new identity claims. bool true is for refresh token
	CreateIdentityClaims(context.Context, string, bool) (Claims, error)
	// CreateIdentityClaimsContext creates a new identity.It should be used when a new user is created.
	CreateIdentityClaimsContext(context.Context, TokenType, string) (context.Context, error)
	// Authenticate returns a nil error and the AuthClaims info (if available).
	Authenticate(context.Context, string) (Claims, error)
	// AuthenticateContext returns a nil error and the AuthClaims info (if available).
	// if the subject is authenticated or a non-nil error with an appropriate error cause otherwise.
	AuthenticateContext(context.Context, TokenType) (Claims, error)
	// Verify validates if a token is valid.
	Verify(context.Context, string) (bool, error)
	// VerifyContext validates if a token is valid.
	VerifyContext(context.Context, TokenType) (bool, error)
	// CreateToken inject user claims into token string.
	CreateToken(context.Context, Claims) (string, error)
	// CreateTokenContext inject user claims into context.
	CreateTokenContext(context.Context, TokenType, Claims) (context.Context, error)
	// DestroyToken invalidate a token by removing it from the token store.
	DestroyToken(context.Context, string) error
	// DestroyTokenContext invalidate a token by removing it from the token store.
	DestroyTokenContext(context.Context, TokenType) error
	// Close Cleans up the authenticator.
	Close(context.Context) error
}

Authenticator interface

type Authorizer 

type Authorizer interface {
	Authorized(context.Context, UserClaims) (bool, error)
}

type Claims 

type Claims interface {
	// GetSubject returns the subject of the security
	GetSubject() string
	// GetIssuer returns the issuer of the security
	GetIssuer() string
	// GetAudience returns the audience of the security
	GetAudience() []string
	// GetExpiration returns the expiration time of the security
	GetExpiration() time.Time
	// GetNotBefore returns the time before which the security cannot be accepted
	GetNotBefore() time.Time
	// GetIssuedAt returns the time at which the security was issued
	GetIssuedAt() time.Time
	// GetJWTID returns the unique identifier for the security
	GetJWTID() string
	// GetScopes returns the scopes associated with the security
	GetScopes() map[string]bool
	// GetExtra returns any additional data associated with the security
	GetExtra() map[string]string
}

Claims is an interface that defines the methods that a security claims object should have

type Policy added in v0.0.20 

type Policy struct {
	Subject string
	Object  string
	Action  string
	Domain  []string
	Extra   map[string]string
}

type PolicyChecker added in v0.1.7 

type PolicyChecker interface {
	// CheckPolicy checks if the policy for a given subject, object, action, domain and extra is allowed
	CheckPolicy(Policy) bool
	// CheckPolicyContext checks if the policy for a given subject, object, action
	CheckPolicyContext(context.Context, TokenType, Policy) bool
}

PolicyChecker is an interface that defines the methods for a policy checker

type PolicyManager 

type PolicyManager interface {
	// AddPolicy adds a policy for a given subject, object, action, domain and extra
	AddPolicy(sec string, pt string, rule []string) error
	// RemovePolicy removes a policy for a given subject, object, action, domain and extra
	RemovePolicy(sec string, pt string, rule []string) error
	// GetPolicy returns the policy for a given subject, object, action, domain and extra
	GetPolicy(subject string, object string, action string, domain []string, extra map[string]string) Policy
	// SetPolicy sets the policy for a given subject, object, action, domain and extra
	SetPolicy(subject string, object string, action string, domain []string, extra map[string]string)
	// SetPolicies sets the policies for a given context
	SetPolicies(context.Context, map[string]Policy) error
}

PolicyManager is an interface that defines the methods for a policy manager

type Scheme 

type Scheme int

Scheme represents the type of authorization. 

const (
	// SchemeAnonymous represents an anonymous authorization.
	SchemeAnonymous Scheme = iota
	// SchemeBasic represents a basic authorization.
	SchemeBasic
	// SchemeBearer represents a bearer authorization.
	SchemeBearer
	// SchemeDigest represents a digest authorization.
	SchemeDigest
	// SchemeHOBA represents a HTTP Origin-Bound Authentication (HOBA) authorization.
	SchemeHOBA
	// SchemeMutual represents a mutual authentication.
	SchemeMutual
	// SchemeNegotiate represents a negotiate authorization.
	SchemeNegotiate
	// SchemeVapid represents a VAPID authorization.
	SchemeVapid
	// SchemeSCRAM represents a SCRAM authorization.
	SchemeSCRAM
	// SchemeAWS4HMAC256 represents an AWS4-HMAC-SHA256 authorization.
	SchemeAWS4HMAC256
	// SchemeDPoP represents a DPoP authorization.
	SchemeDPoP
	// SchemeGNAP represents a GNAP authorization.
	SchemeGNAP
	// SchemePrivate represents a private authorization.
	SchemePrivate
	// SchemeOAuth represents an OAuth authorization.
	SchemeOAuth
	// SchemeUnknown represents an unknown authorization.
	SchemeUnknown
	SchemeMax
)

func (Scheme) Equal 

func (t Scheme) Equal(other string) bool

func (Scheme) Lower 

func (t Scheme) Lower() string

Lower returns the lowercase string representation of the Type.

func (Scheme) String 

func (i Scheme) String() string

type Serializer 

type Serializer interface {
	// Serialize serializes the given data into a byte slice
	Serialize(ctx context.Context, data Claims) ([]byte, error)
	// Deserialize deserializes the given byte slice into the given data
	Deserialize(ctx context.Context, data []byte) (Claims, error)
}

Serializer is an interface that defines the methods for a serializer

type StorageSetting 

type StorageSetting = func(*tokenCacheService)

func WithCache 

func WithCache(c cache.Cache) StorageSetting

func WithNamespace added in v0.0.42 

func WithNamespace(ns string) StorageSetting

type TokenCacheService added in v0.1.10 

type TokenCacheService interface {
	// Store stores the token with a specific expiration time to TokenCacheService
	Store(context.Context, string, time.Duration) error
	// Validate checks if the token exists in the TokenCacheService
	Validate(context.Context, string) (bool, error)
	// Remove deletes the token from the TokenCacheService
	Remove(context.Context, string) error
	// Close closes the TokenCacheService
	Close(context.Context) error
}

TokenCacheService is the interface that TokenCacheService the token.

func DefaultTokenCacheService added in v0.1.10 

func DefaultTokenCacheService(ss ...StorageSetting) TokenCacheService

DefaultTokenCacheService creates a new tokenCacheService with a c and optional StoreOptions

type TokenType 

type TokenType int

TokenType represents the type of token. 

const (
	// ContextTypeContext represents the context type for the context.
	ContextTypeContext TokenType = iota
	// ContextTypeHeader represents the context type for the header.
	ContextTypeHeader
	// ContextTypeMetadata represents the context type for the metadata.
	ContextTypeMetadata
	// ContextTypeQuery represents the context type for the query.
	ContextTypeQuery
	// ContextTypeCookie represents the context type for the cookie.
	ContextTypeCookie
	// ContextTypeParam represents the context type for the parameter.
	ContextTypeParam
	// ContextTypeForm represents the context type for the form.
	ContextTypeForm
	// ContextTypeBody represents the context type for the body.
	ContextTypeBody
	// ContextTypeSession represents the context type for the session.
	ContextTypeSession
	// ContextTypeUnknown represents an unknown context type.
	ContextTypeUnknown
)

ContextType constants represent the different types of context.

func (TokenType) String 

func (i TokenType) String() string

type UnimplementedClaims 

type UnimplementedClaims struct {
}

UnimplementedClaims is a struct that implements the Claims interface

func (UnimplementedClaims) GetAudience 

func (u UnimplementedClaims) GetAudience() []string

GetAudience returns an empty slice

func (UnimplementedClaims) GetExpiration 

func (u UnimplementedClaims) GetExpiration() time.Time

GetExpiration returns the current time

func (UnimplementedClaims) GetExtra 

func (u UnimplementedClaims) GetExtra() map[string]string

GetExtra returns an empty map

func (UnimplementedClaims) GetIssuedAt 

func (u UnimplementedClaims) GetIssuedAt() time.Time

GetIssuedAt returns the current time

func (UnimplementedClaims) GetIssuer 

func (u UnimplementedClaims) GetIssuer() string

GetIssuer returns an empty string

func (UnimplementedClaims) GetJwtID 

func (u UnimplementedClaims) GetJwtID() string

GetJwtID returns an empty string

func (UnimplementedClaims) GetNotBefore 

func (u UnimplementedClaims) GetNotBefore() time.Time

GetNotBefore returns the current time

func (UnimplementedClaims) GetScopes 

func (u UnimplementedClaims) GetScopes() map[string]bool

GetScopes returns an empty map

func (UnimplementedClaims) GetSubject 

func (u UnimplementedClaims) GetSubject() string

GetSubject returns an empty string

type UserClaims 

type UserClaims interface {
	// GetSubject returns the subject of the casbin policy
	GetSubject() string
	// GetObject returns the object of the casbin policy
	GetObject() string
	// GetAction returns the action of the casbin policy
	GetAction() string
	// GetDomain returns the domain of the casbin policy
	GetDomain() string
	// GetClaims returns the claims of the casbin policy
	GetClaims() Claims
	// GetExtra returns the extra information of the casbin policy
	GetExtra() map[string]string
}

UserClaims is an interface that defines the methods for a casbin policy

type UserClaimsParser 

type UserClaimsParser func(ctx context.Context, id string) (UserClaims, error)

UserClaimsParser is an interface that defines the methods for a user claims parser

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.