auth

package

v0.10.4 Latest Latest Go to latest Published: May 18, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/shini4i/argo-watcher

Links

Open Source Insights

Documentation ¶

Index ¶

type AuthStrategy
type Authenticator
- func NewAuthenticator(strategies map[string]AuthStrategy) *Authenticator
type DeployTokenAuthService
- func NewDeployTokenAuthService(token string) *DeployTokenAuthService
- func (s *DeployTokenAuthService) Validate(token string) (bool, error)
type JWTAuthService
- func NewJWTAuthService(secret string) *JWTAuthService
- func (j *JWTAuthService) Validate(tokenStr string) (bool, error)
type KeycloakAuthService
- func NewKeycloakAuthService(config *config.ServerConfig) (*KeycloakAuthService, error)
- func (k *KeycloakAuthService) Init(keycloakURL, realm, clientId string, privilegedGroups []string) error
- func (k *KeycloakAuthService) Validate(token string) (bool, error)
type KeycloakResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthStrategy ¶

type AuthStrategy interface {
	Validate(token string) (bool, error)
}

AuthStrategy defines the behaviour required for a token validation strategy.

type Authenticator ¶

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator coordinates multiple AuthStrategy implementations against an HTTP request.

func NewAuthenticator ¶

func NewAuthenticator(strategies map[string]AuthStrategy) *Authenticator

NewAuthenticator builds an Authenticator instance using the provided strategies map.

func (*Authenticator) Strategy ¶

func (a *Authenticator) Strategy(header string) (AuthStrategy, bool)

Strategy returns a specific AuthStrategy by header key if it exists.

func (*Authenticator) Validate ¶

func (a *Authenticator) Validate(request *http.Request) (bool, error)

Validate walks through all registered strategies and validates any matching token on the request.

func (*Authenticator) ValidateStrategy ¶

func (a *Authenticator) ValidateStrategy(request *http.Request, allowedHeader string) (bool, error)

ValidateStrategy restricts validation to a single allowed strategy header. Only the strategy registered under allowedHeader is considered; all other headers are skipped.

type DeployTokenAuthService ¶

type DeployTokenAuthService struct {
	// contains filtered or unexported fields
}

DeployTokenAuthService is a struct that maintains and validates deploy tokens.

func NewDeployTokenAuthService ¶

func NewDeployTokenAuthService(token string) *DeployTokenAuthService

NewDeployTokenAuthService initializes a new deploy token authentication service. Accepts a token string and returns a pointer to a DeployTokenAuthService.

func (*DeployTokenAuthService) Validate ¶

func (s *DeployTokenAuthService) Validate(token string) (bool, error)

Validate checks if the provided token matches the stored deploy token Returns a boolean indicating whether the token is valid, and any errors encountered.

type JWTAuthService ¶

type JWTAuthService struct {
	// contains filtered or unexported fields
}

JWTAuthService manages JSON Web Token authentication.

func NewJWTAuthService ¶

func NewJWTAuthService(secret string) *JWTAuthService

NewJWTAuthService initializes a new JWT authentication service. It takes a secret key string and returns a pointer to a JWTAuthService.

func (*JWTAuthService) Validate ¶

func (j *JWTAuthService) Validate(tokenStr string) (bool, error)

Validate verifies a JSON Web Token, checking signature and claims.

type KeycloakAuthService ¶

type KeycloakAuthService struct {
	Url              string
	Realm            string
	ClientId         string
	PrivilegedGroups []string
	// contains filtered or unexported fields
}

func NewKeycloakAuthService ¶

func NewKeycloakAuthService(config *config.ServerConfig) (*KeycloakAuthService, error)

NewKeycloakAuthService initializes a new Keycloak authentication service using the given server config. It validates the Keycloak URL and returns an error if the config is nil or the URL is malformed.

func (*KeycloakAuthService) Init ¶

func (k *KeycloakAuthService) Init(keycloakURL, realm, clientId string, privilegedGroups []string) error

Init initializes KeycloakAuthService with Keycloak URL, realm and client ID. It validates the base URL and pre-builds the userinfo endpoint URL to prevent SSRF via tainted input.

func (*KeycloakAuthService) Validate ¶

func (k *KeycloakAuthService) Validate(token string) (bool, error)

Validate implements quite simple token validation approach We just call Keycloak userinfo endpoint and check if it returns 200 effectively delegating token validation to Keycloak

type KeycloakResponse ¶

type KeycloakResponse struct {
	Username string   `json:"preferred_username"`
	Groups   []string `json:"groups"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL