README
¶
txsvc/auth
This package covers accounts, authentication and authorization on API calls
Documentation
¶
Index ¶
- Constants
- Variables
- func CreateSimpleID() string
- func CreateSimpleToken() string
- func GetBearerToken(r *http.Request) (string, error)
- func GetClientID(ctx context.Context, r *http.Request) (string, error)
- func RegisterAuthorization(auth *Authorization)
- type Authorization
- func CheckAuthorization(ctx context.Context, c echo.Context, scope string) (*Authorization, error)
- func DeleteAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
- func FindAuthorizationByToken(ctx context.Context, token string) (*Authorization, error)
- func LookupAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
- func NewAuthorization(req *AuthorizationRequest, expires int) *Authorization
- type AuthorizationRequest
Constants ¶
View Source
const ( // AuthTypeBearerToken constant token AuthTypeBearerToken = "token" // AuthTypeJWT constant jwt AuthTypeJWT = "jwt" // AuthTypeSlack constant slack AuthTypeSlack = "slack" // other defaults UserTokenType = "user" AppTokenType = "app" APITokenType = "api" BotTokenType = "bot" DefaultTokenType = UserTokenType // default scopes ScopeRead = "api:read" ScopeWrite = "api:write" ScopeAdmin = "api:admin" DefaultScope = "api:read api:write" )
Variables ¶
View Source
var ( // ErrNotAuthorized indicates that the API caller is not authorized ErrNotAuthorized = errors.New("not authorized") ErrAlreadyAuthorized = errors.New("already authorized") // ErrNoSuchEntity indicates that the authorization does not exist ErrNoSuchEntity = errors.New("entity does not exist") // ErrNoToken indicates that no bearer token was provided ErrNoToken = errors.New("no token provided") // ErrNoScope indicates that no scope was provided ErrNoScope = errors.New("no scope provided") )
Functions ¶
func CreateSimpleID ¶
func CreateSimpleID() string
func CreateSimpleToken ¶
func CreateSimpleToken() string
func GetBearerToken ¶
GetBearerToken extracts the bearer token
func GetClientID ¶
GetClientID extracts the ClientID from the token
func RegisterAuthorization ¶
func RegisterAuthorization(auth *Authorization)
Types ¶
type Authorization ¶
type Authorization struct {
ClientID string `json:"client_id" binding:"required"` // UNIQUE
Realm string `json:"realm"`
Token string `json:"token" binding:"required"`
TokenType string `json:"token_type" binding:"required"` // e.g. user,app,api,bot
UserID string `json:"user_id"` // depends on TokenType. E.g. email, ClientID or BotUserID(Slack)
Scope string `json:"scope"` // a comma separated list of scopes, see below
Expires int64 `json:"expires"` // 0 = never
// internal
Revoked bool `json:"-"`
Created int64 `json:"-"`
Updated int64 `json:"-"`
}
Authorization represents a user, app or bot and its permissions
func CheckAuthorization ¶
CheckAuthorization relies on the presence of a bearer token and validates the matching authorization against a list of requested scopes. If everything checks out, the function returns the authorization or an error otherwise.
func DeleteAuthorization ¶
func DeleteAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
func FindAuthorizationByToken ¶
func FindAuthorizationByToken(ctx context.Context, token string) (*Authorization, error)
FindAuthorizationByToken looks for an authorization by the token
func LookupAuthorization ¶
func LookupAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
LookupAuthorization looks for an authorization
func NewAuthorization ¶
func NewAuthorization(req *AuthorizationRequest, expires int) *Authorization
func (*Authorization) Equal ¶
func (auth *Authorization) Equal(a *Authorization) bool
func (*Authorization) HasAdminScope ¶
func (auth *Authorization) HasAdminScope() bool
HasAdminScope checks if the authorization includes scope 'api:admin'
func (*Authorization) IsValid ¶
func (auth *Authorization) IsValid() bool
IsValid verifies that the Authorization is still valid, i.e. is not expired and not revoked.
func (*Authorization) String ¶
func (auth *Authorization) String() string
type AuthorizationRequest ¶
type AuthorizationRequest struct {
Realm string `json:"realm" binding:"required"`
UserID string `json:"user_id" binding:"required"`
ClientID string `json:"client_id"`
Token string `json:"token"`
Scope string `json:"scope"`
}
AuthorizationRequest represents a login/authorization request from a user, app, or bot
Source Files
Click to show internal directories.
Click to hide internal directories.