Documentation
¶
Overview ¶
Package session provides a session manager for creating and verifying JWT tokens.
Index ¶
- Constants
- func ClientCacheOptions() *cache.Options
- type Blocklist
- type JWTContent
- type Manager
- func (mgr *Manager) Authenticate(ctx context.Context, username string, password string) error
- func (mgr *Manager) BlocklistMiddleWare(skipperFunc func() (echomiddleware.Skipper, error)) (echo.MiddlewareFunc, error)
- func (mgr *Manager) Create(subject string, secondsBeforeExpiry int64, id string) (string, error)
- func (mgr *Manager) IsBlocked(ctx context.Context, token *jwt.Token) (bool, error)
- func (mgr *Manager) KeyFunc() jwt.Keyfunc
- type Option
- type TokenStore
- type TokenStoreClient
Constants ¶
const (
// SessionManagerClaimsIssuer fills the "iss" field of the token.
SessionManagerClaimsIssuer = "everest"
)
Variables ¶
This section is empty.
Functions ¶
func ClientCacheOptions ¶ added in v1.7.0
ClientCacheOptions returns the cache options for the session manager k8s client. To avoid overwhelming k8s API with requests, the client should cache the accounts secret, because every authenticated API request checks the secret. It also defines a rule for the system namespace which gets requested otherwise the ByObject won't allow to read the ns.
Types ¶
type Blocklist ¶ added in v1.7.0
type Blocklist interface {
// Block invalidates the token from the context by adding it to blocklist.
Block(ctx context.Context, token *jwt.Token) error
// IsBlocked checks if the token from the context is blocked.
IsBlocked(ctx context.Context, token *jwt.Token) (bool, error)
}
Blocklist represents interface to block JWT tokens and check if a token is blocked.
func NewBlocklist ¶ added in v1.7.0
NewBlocklist creates a new block list
type JWTContent ¶ added in v1.7.0
type JWTContent struct {
Payload map[string]interface{} `json:"payload"`
}
JWTContent represents the JWT token structure that is used by blocklist.
type Manager ¶
type Manager struct {
Blocklist
// contains filtered or unexported fields
}
Manager provides functionality for creating and managing JWT tokens.
func (*Manager) Authenticate ¶
Authenticate verifies the given username and password.
func (*Manager) BlocklistMiddleWare ¶ added in v1.7.0
func (mgr *Manager) BlocklistMiddleWare(skipperFunc func() (echomiddleware.Skipper, error)) (echo.MiddlewareFunc, error)
func (*Manager) Create ¶
Create creates a new token for a given subject (user) and returns it as a string. Passing a value of `0` for secondsBeforeExpiry creates a token that never expires. The id parameter holds an optional unique JWT token identifier and stored as a standard claim "jti" in the JWT token.
type Option ¶
type Option func(*Manager)
Option is a function that modifies a SessionManager.
func WithAccountManager ¶
WithAccountManager sets the account manager to use for verifying user credentials.
type TokenStore ¶ added in v1.7.0
type TokenStore interface {
// Add adds the shortened token to the blocklist
Add(ctx context.Context, shortenedToken string) error
// Exists checks if the shortened token is in the blocklist
Exists(ctx context.Context, shortenedToken string) (bool, error)
}
TokenStore represents an abstraction for storage, hiding details about how the data is actually stored.
type TokenStoreClient ¶ added in v1.7.0
type TokenStoreClient interface {
// GetSecret returns a secret that matches the criteria.
GetSecret(ctx context.Context, key client.ObjectKey) (*corev1.Secret, error)
// CreateSecret creates a secret.
CreateSecret(ctx context.Context, secret *corev1.Secret) (*corev1.Secret, error)
// UpdateSecret updates a secret.
UpdateSecret(ctx context.Context, secret *corev1.Secret) (*corev1.Secret, error)
}
TokenStoreClient contains the methods that are needed for the token store management.
Source Files