security

package
v0.1.35 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 25, 2024 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security is a toolkit for security check and authorization

Package security implements the functions, types, and interfaces for the module.

Package security is a package that provides security-related functions and types.

Package security implements the functions, types, and interfaces for the module.

Package security is a toolkit for security check and authorization

Index

Constants

View Source 
const (
	// HeaderAuthorize is the name of the authorization header.
	HeaderAuthorize = "Authorization"
	// HeaderContentType is the name of the content type header.
	HeaderContentType = "Content-Type"
	// HeaderContentLength is the name of the content length header.
	HeaderContentLength = "Content-Length"
	// HeaderUserAgent is the name of the user agent header.
	HeaderUserAgent = "User-Agent"
	// HeaderReferer is the name of the referer header.
	HeaderReferer = "Referer"
	// HeaderOrigin is the name of the origin header.
	HeaderOrigin = "Origin"
)
View Source 
const (
	// SchemeNTLM represents an NTLM authorization.
	SchemeNTLM = SchemeNegotiate
)
View Source 
const (
	TokenCacheNS = "security:token"
)

Variables

This section is empty.

Functions

func ContextIsRoot 

func ContextIsRoot(ctx context.Context) bool

func FromToken added in v0.1.8 

func FromToken(ctx context.Context) string

func NewToken added in v0.1.8 

func NewToken(ctx context.Context, token string) context.Context

func WithRootContext 

func WithRootContext(ctx context.Context) context.Context

Types

type Authenticator 

type Authenticator interface {
	// CreateIdentityClaims creates a new identity claims. bool true is for refresh token
	CreateIdentityClaims(context.Context, string, bool) (Claims, error)
	// CreateIdentityClaimsContext creates a new identity.It should be used when a new user is created.
	CreateIdentityClaimsContext(context.Context, TokenType, string) (context.Context, error)
	// Authenticate returns a nil error and the AuthClaims info (if available).
	Authenticate(context.Context, string) (Claims, error)
	// AuthenticateContext returns a nil error and the AuthClaims info (if available).
	// if the subject is authenticated or a non-nil error with an appropriate error cause otherwise.
	AuthenticateContext(context.Context, TokenType) (Claims, error)
	// Verify validates if a token is valid.
	Verify(context.Context, string) (bool, error)
	// VerifyContext validates if a token is valid.
	VerifyContext(context.Context, TokenType) (bool, error)
	// CreateToken inject user claims into token string.
	CreateToken(context.Context, Claims) (string, error)
	// CreateTokenContext inject user claims into context.
	CreateTokenContext(context.Context, TokenType, Claims) (context.Context, error)
	// DestroyToken invalidate a token by removing it from the token store.
	DestroyToken(context.Context, string) error
	// DestroyTokenContext invalidate a token by removing it from the token store.
	DestroyTokenContext(context.Context, TokenType) error
	// Close Cleans up the authenticator.
	Close(context.Context) error
}

Authenticator interface

type Authorizer 

type Authorizer interface {
	// SetPolicies sets the policies for a given context.
	// It takes a context, a map of policies, and a map of roles as input.
	// It returns an error if the policies cannot be set.
	SetPolicies(ctx context.Context, policies map[string]any, roles map[string]any) error

	// Authorized checks if a user is authorized to perform an action.
	// It takes a context and a UserClaims object as input.
	// It returns a boolean indicating whether the user is authorized and an error if the check fails.
	Authorized(ctx context.Context, claims UserClaims) (bool, error)
}

Authorizer is an interface that defines the methods for an authorizer. It is used to manage policies and check authorization.

type Claims 

type Claims interface {
	// GetSubject returns the subject of the security
	GetSubject() string
	// GetIssuer returns the issuer of the security
	GetIssuer() string
	// GetAudience returns the audience of the security
	GetAudience() []string
	// GetExpiration returns the expiration time of the security
	GetExpiration() time.Time
	// GetNotBefore returns the time before which the security cannot be accepted
	GetNotBefore() time.Time
	// GetIssuedAt returns the time at which the security was issued
	GetIssuedAt() time.Time
	// GetJWTID returns the unique identifier for the security
	GetJWTID() string
	// GetScopes returns the scopes associated with the security
	GetScopes() map[string]bool
	// GetExtra returns any additional data associated with the security
	GetExtra() map[string]string
}

Claims is an interface that defines the methods that a security claims object should have

type PolicyManager 

type PolicyManager interface {
	// AddPolicy adds a policy for a given subject, object, action, domain
	AddPolicy(sec string, pt string, rule []string) error
	// RemovePolicy removes a policy for a given subject, object, action, domain
	RemovePolicy(sec string, pt string, rule []string) error
	// SetPolicies sets the policies for a given context
	SetPolicies(context.Context, map[string]any) error
}

PolicyManager is an interface that defines the methods for a policy manager

type Scheme 

type Scheme int

Scheme represents the type of authorization. 

const (
	// SchemeAnonymous represents an anonymous authorization.
	SchemeAnonymous Scheme = iota
	// SchemeBasic represents a basic authorization.
	SchemeBasic
	// SchemeBearer represents a bearer authorization.
	SchemeBearer
	// SchemeDigest represents a digest authorization.
	SchemeDigest
	// SchemeHOBA represents a HTTP Origin-Bound Authentication (HOBA) authorization.
	SchemeHOBA
	// SchemeMutual represents a mutual authentication.
	SchemeMutual
	// SchemeNegotiate represents a negotiate authorization.
	SchemeNegotiate
	// SchemeVapid represents a VAPID authorization.
	SchemeVapid
	// SchemeSCRAM represents a SCRAM authorization.
	SchemeSCRAM
	// SchemeAWS4HMAC256 represents an AWS4-HMAC-SHA256 authorization.
	SchemeAWS4HMAC256
	// SchemeDPoP represents a DPoP authorization.
	SchemeDPoP
	// SchemeGNAP represents a GNAP authorization.
	SchemeGNAP
	// SchemePrivate represents a private authorization.
	SchemePrivate
	// SchemeOAuth represents an OAuth authorization.
	SchemeOAuth
	// SchemeUnknown represents an unknown authorization.
	SchemeUnknown
	SchemeMax
)

func (Scheme) Equal 

func (t Scheme) Equal(other string) bool

func (Scheme) Lower 

func (t Scheme) Lower() string

Lower returns the lowercase string representation of the Type.

func (Scheme) String 

func (i Scheme) String() string

type Serializer 

type Serializer interface {
	// Serialize serializes the given data into a byte slice
	Serialize(ctx context.Context, data Claims) ([]byte, error)
	// Deserialize deserializes the given byte slice into the given data
	Deserialize(ctx context.Context, data []byte) (Claims, error)
}

Serializer is an interface that defines the methods for a serializer

type StorageSetting 

type StorageSetting = func(*tokenService)

func WithCache 

func WithCache(c cache.Cache) StorageSetting

func WithNamespace added in v0.0.42 

func WithNamespace(ns string) StorageSetting

type TokenService added in v0.1.28 

type TokenService interface {
	// Store stores the token with a specific expiration time to TokenService
	Store(context.Context, string, time.Duration) error
	// Validate checks if the token exists in the TokenService
	Validate(context.Context, string) (bool, error)
	// Remove deletes the token from the TokenService
	Remove(context.Context, string) error
	// Close closes the TokenService
	Close(context.Context) error
}

TokenService is the interface that TokenService the token.

func DefaultTokenService added in v0.1.28 

func DefaultTokenService(ss ...StorageSetting) TokenService

DefaultTokenService creates a new tokenService with a c and optional StoreOptions

type TokenType 

type TokenType int

TokenType represents the type of token. 

const (
	// ContextTypeContext represents the context type for the context.
	ContextTypeContext TokenType = iota
	// ContextTypeHeader represents the context type for the header.
	ContextTypeHeader
	// ContextTypeMetadata represents the context type for the metadata.
	ContextTypeMetadata
	// ContextTypeQuery represents the context type for the query.
	ContextTypeQuery
	// ContextTypeCookie represents the context type for the cookie.
	ContextTypeCookie
	// ContextTypeParam represents the context type for the parameter.
	ContextTypeParam
	// ContextTypeForm represents the context type for the form.
	ContextTypeForm
	// ContextTypeBody represents the context type for the body.
	ContextTypeBody
	// ContextTypeSession represents the context type for the session.
	ContextTypeSession
	// ContextTypeUnknown represents an unknown context type.
	ContextTypeUnknown
)

ContextType constants represent the different types of context.

func (TokenType) String 

func (i TokenType) String() string

type UnimplementedClaims 

type UnimplementedClaims struct {
}

UnimplementedClaims is a struct that implements the Claims interface

func (UnimplementedClaims) GetAudience 

func (u UnimplementedClaims) GetAudience() []string

GetAudience returns an empty slice

func (UnimplementedClaims) GetExpiration 

func (u UnimplementedClaims) GetExpiration() time.Time

GetExpiration returns the current time

func (UnimplementedClaims) GetExtra 

func (u UnimplementedClaims) GetExtra() map[string]string

GetExtra returns an empty map

func (UnimplementedClaims) GetIssuedAt 

func (u UnimplementedClaims) GetIssuedAt() time.Time

GetIssuedAt returns the current time

func (UnimplementedClaims) GetIssuer 

func (u UnimplementedClaims) GetIssuer() string

GetIssuer returns an empty string

func (UnimplementedClaims) GetJWTID 

func (u UnimplementedClaims) GetJWTID() string

func (UnimplementedClaims) GetJwtID 

func (u UnimplementedClaims) GetJwtID() string

GetJwtID returns an empty string

func (UnimplementedClaims) GetNotBefore 

func (u UnimplementedClaims) GetNotBefore() time.Time

GetNotBefore returns the current time

func (UnimplementedClaims) GetScopes 

func (u UnimplementedClaims) GetScopes() map[string]bool

GetScopes returns an empty map

func (UnimplementedClaims) GetSubject 

func (u UnimplementedClaims) GetSubject() string

GetSubject returns an empty string

type UnimplementedUserClaims 

type UnimplementedUserClaims struct {
}

func (UnimplementedUserClaims) GetAction 

func (u UnimplementedUserClaims) GetAction() string

func (UnimplementedUserClaims) GetClaims 

func (u UnimplementedUserClaims) GetClaims() Claims

func (UnimplementedUserClaims) GetDomain 

func (u UnimplementedUserClaims) GetDomain() string

func (UnimplementedUserClaims) GetExtra 

func (u UnimplementedUserClaims) GetExtra() map[string]string

func (UnimplementedUserClaims) GetObject 

func (u UnimplementedUserClaims) GetObject() string

func (UnimplementedUserClaims) GetSubject 

func (u UnimplementedUserClaims) GetSubject() string

func (UnimplementedUserClaims) IsRoot 

func (u UnimplementedUserClaims) IsRoot() bool

type UserClaims 

type UserClaims interface {
	// GetSubject returns the subject of the casbin policy
	GetSubject() string
	// GetObject returns the object of the casbin policy
	GetObject() string
	// GetAction returns the action of the casbin policy
	GetAction() string
	// GetDomain returns the domain of the casbin policy
	GetDomain() string
	// GetClaims returns the claims of the casbin policy
	GetClaims() Claims
	// GetExtra returns the extra information of the casbin policy
	GetExtra() map[string]string
}

UserClaims is an interface that defines the methods for a casbin policy

type UserClaimsParser 

type UserClaimsParser func(ctx context.Context, claims Claims) (UserClaims, error)

UserClaimsParser is an interface that defines the methods for a user claims parser

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.