authmode

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 22, 2025 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package authmode defines common types and utilities for auth modes.

Index

Constants

View Source 
const (
	// XHasuraDefaultRole is the constant string of the x-hasura-default-role key.
	XHasuraDefaultRole = "x-hasura-default-role"
	// XHasuraAllowedRoles is the constant string of the x-hasura-allowed-roles key.
	XHasuraAllowedRoles = "x-hasura-allowed-roles"
	// XHasuraRole is the constant string of the x-hasura-role key.
	XHasuraRole = "x-hasura-role"
)

Variables

View Source 
var (
	// ErrAuthConfigRequired occurs when the auth config is null.
	ErrAuthConfigRequired = errors.New("auth definition is empty")
	// ErrAuthConfigValueRequired occurs when the auth value is empty.
	ErrAuthConfigValueRequired = errors.New("auth definition value is empty")
	// ErrOnlyOneNoAuthModeAllowed occurs when there are many auth config definitions with noAuth mode.
	ErrOnlyOneNoAuthModeAllowed = errors.New("only one noAuth config is allowed")
	// ErrAuthFieldRequired occurs when a field in the auth config is empty.
	ErrAuthFieldRequired = errors.New("required field")
	// ErrLocationNameRequired occurs when the name of the token location is empty.
	ErrLocationNameRequired = errors.New("name of token location is required")
	// ErrAuthTokenNotFound occurs when the API key or token is not found.
	ErrAuthTokenNotFound = errors.New("auth token not found")
	// ErrUnsupportedAuthMode occurs when the auth mode is unsupported.
	ErrUnsupportedAuthMode = errors.New("unsupported auth mode")
)

Functions

func FindAuthTokenByLocation 

func FindAuthTokenByLocation(
	body *AuthenticateRequestData,
	location *authscheme.TokenLocation,
) (string, error)

FindAuthTokenByLocation finds the authentication token or api key from the request.

func NewAuthFieldRequiredError 

func NewAuthFieldRequiredError(authMode AuthMode, name string) error

NewAuthFieldRequiredError creates a required auth field error.

func SerializeSessionVariablesHasuraGraphQLEngine 

func SerializeSessionVariablesHasuraGraphQLEngine(
	sessionVariables map[string]any,
) (map[string]string, error)

SerializeSessionVariablesHasuraGraphQLEngine serializes session variables to be compatible with Hasura GraphQL Engine.

func ValidateTokenLocation 

func ValidateTokenLocation(
	tokenLocation authscheme.TokenLocation,
) (authscheme.TokenLocation, error)

ValidateTokenLocation validates the token location.

Types

type AuthMode 

type AuthMode string

AuthMode represents an authentication mode enum. 

const (
	AuthModeNoAuth   AuthMode = "noAuth"
	AuthModeAPIKey   AuthMode = "apiKey"
	AuthModeJWT      AuthMode = "jwt"
	AuthModeWebhook  AuthMode = "webhook"
	AuthModeComposed AuthMode = "composed"
)

func GetSupportedAuthModes 

func GetSupportedAuthModes() []AuthMode

GetSupportedAuthModes gets the list of supported auth modes.

func (AuthMode) JSONSchema 

func (AuthMode) JSONSchema() *jsonschema.Schema

JSONSchema defines a custom definition for JSON schema.

type AuthenticateRequestData 

type AuthenticateRequestData struct {
	// URL of the original request.
	URL string `json:"url,omitempty"`
	// Request headers.
	Headers map[string]string `json:"headers"`
	// Raw request body.
	Request json.RawMessage `json:"request"`
}

AuthenticateRequestData contains the request body of the auth hook request.

type AuthenticatedOutput 

type AuthenticatedOutput struct {
	ID               string
	Mode             AuthMode
	SessionVariables map[string]any
}

AuthenticatedOutput represents the authenticated output and authenticator metadata.

type Authenticator 

type Authenticator interface {
	// Authenticate validates and authenticates the token from the auth webhook request.
	Authenticate(ctx context.Context, body *AuthenticateRequestData) (AuthenticatedOutput, error)
}

Authenticator abstracts an authenticator struct for the Authenticate method.

type HasuraV2PostRequestBody 

type HasuraV2PostRequestBody struct {
	Variables     map[string]any `json:"variables"`
	OperationName string         `json:"operationName,omitempty"`
	Query         string         `json:"query"`
}

HasuraV2PostRequestBody holds the original body of the request. It's available in [Hasura GraphQL Engine v2](https://hasura.io/docs/2.0/auth/authentication/webhook/#post-request-example) only.

[Hasura GraphQL Engine v2](https://hasura.io/docs/2.0/auth/authentication/webhook/#post-request-example)

type RelyAuthDefinitionInterface 

type RelyAuthDefinitionInterface interface {
	goutils.IsZeroer

	// GetMode returns the auth mode of the current config.
	GetMode() AuthMode
	// Validate if the current instance is valid.
	Validate() error
}

RelyAuthDefinitionInterface abstracts the interface of an auth mode definition.

type RelyAuthSettings 

type RelyAuthSettings struct {
	// Strict mode, when enabled will return HTTP 401 if the token is found but unauthorized.
	// It won't fallback to the noAuth mode.
	Strict bool `json:"strict,omitempty" yaml:"strict,omitempty"`
	// The interval in seconds to reload JSON web keys from the remote URL.
	// If the value is zero or negative, disables the process.
	ReloadInterval int `json:"reloadInterval,omitempty" yaml:"reloadInterval,omitempty" jsonschema:"minimum=0,default=0"`
}

RelyAuthSettings holds global settings for the authenticators.

type RelyAuthenticator 

type RelyAuthenticator interface {
	Authenticator

	// GetMode returns the auth mode of the current authenticator.
	Mode() AuthMode
	// Close handles the resources cleaning.
	Close() error
}

RelyAuthenticator abstracts the authenticator for the auth webhook.

type RelyAuthenticatorOption 

type RelyAuthenticatorOption func(*RelyAuthenticatorOptions)

RelyAuthenticatorOption abstracts a function to modify RelyAuthenticatorOptions.

func WithCustomAttributes 

func WithCustomAttributes(attrs []attribute.KeyValue) RelyAuthenticatorOption

WithCustomAttributes sets custom trace and metrics attributes to auth manager options.

func WithCustomEnvGetter 

func WithCustomEnvGetter(
	getter func(ctx context.Context) goenvconf.GetEnvFunc,
) RelyAuthenticatorOption

WithCustomEnvGetter returns a function to set the GetEnvFunc getter to RelyAuthenticatorOptions.

func WithHTTPClient 

func WithHTTPClient(client *gohttpc.Client) RelyAuthenticatorOption

WithHTTPClient sets the HTTP client to auth manager options.

func WithLogger 

func WithLogger(logger *slog.Logger) RelyAuthenticatorOption

WithLogger sets the logger to auth manager options.

func WithPrefix 

func WithPrefix(prefix string) RelyAuthenticatorOption

WithPrefix sets the prefix to auth manager options.

type RelyAuthenticatorOptions 

type RelyAuthenticatorOptions struct {
	CustomEnvGetter  func(ctx context.Context) goenvconf.GetEnvFunc
	Logger           *slog.Logger
	HTTPClient       *gohttpc.Client
	CustomAttributes []attribute.KeyValue
	// Prefix is used to create unique JWKS registration keys, allowing multiple authenticators
	// to register the same JWKS URL independently.
	Prefix string
}

RelyAuthenticatorOptions define common options for the authenticator.

func NewRelyAuthenticatorOptions 

func NewRelyAuthenticatorOptions(options ...RelyAuthenticatorOption) RelyAuthenticatorOptions

NewRelyAuthenticatorOptions creates a new RelyAuthenticatorOptions instance.

func (RelyAuthenticatorOptions) GetEnvFunc 

func (rao RelyAuthenticatorOptions) GetEnvFunc(ctx context.Context) goenvconf.GetEnvFunc

GetEnvFunc return the get-env function. Default is OS environment.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.