Documentation
¶
Index ¶
- Constants
- Variables
- func BlockAccount(ctx context.Context, realm, clientID string) error
- func ConfirmLoginChallenge(ctx context.Context, token string) (*account.Account, int, error)
- func CreateSimpleToken() string
- func GetBearerToken(r *http.Request) (string, error)
- func GetClientID(ctx context.Context, r *http.Request) (string, error)
- func LogoutAccount(ctx context.Context, realm, clientID string) (int, error)
- func UpdateAuthorization(ctx context.Context, auth *Authorization) error
- type AuthenticationProvider
- type AuthenticationProviderOpts
- type Authorization
- func CheckAuthorization(ctx context.Context, c echo.Context, scope string) (*Authorization, error)
- func DeleteAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
- func ExchangeToken(ctx context.Context, req *AuthorizationRequest, expires int, loginFrom string) (*Authorization, int, error)
- func FindAuthorizationByToken(ctx context.Context, token string) (*Authorization, error)
- func LookupAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
- func NewAuthorization(req *AuthorizationRequest, expires int) *Authorization
- type AuthorizationRequest
Constants ¶
View Source
const ( // AuthTypeBearerToken constant token AuthTypeBearerToken = "token" // AuthTypeJWT constant jwt AuthTypeJWT = "jwt" // AuthTypeSlack constant slack AuthTypeSlack = "slack" // other defaults UserTokenType = "user" AppTokenType = "app" APITokenType = "api" BotTokenType = "bot" DefaultTokenType = UserTokenType // default scopes DefaultScope = "api:read,api:write" ScopeAPIAdmin = "api:admin" // DefaultAuthenticationExpiration in minutes. Used when sending an account challenge or the temporary token. DefaultAuthenticationExpiration = 10 // DefaultAuthorizationExpiration in days DefaultAuthorizationExpiration = 90 // DefaultEndpoint is used to build the urls in the notifications DefaultEndpoint = "http://localhost" // error messages MsgAuthenticationNotFound = "account '%s' not found" )
Variables ¶
View Source
var ( // ErrNotAuthorized indicates that the API caller is not authorized ErrNotAuthorized = errors.New("not authorized") ErrAlreadyAuthorized = errors.New("already authorized") // ErrNoSuchEntity indicates that the authorization does not exist ErrNoSuchEntity = errors.New("entity does not exist") // ErrNoToken indicates that no bearer token was provided ErrNoToken = errors.New("no token provided") // ErrNoScope indicates that no scope was provided ErrNoScope = errors.New("no scope provided") // ErrInvalidRoute indicates that the route and/or its parameters are not valid ErrInvalidRoute = errors.New("invalid route") )
Functions ¶
func ConfirmLoginChallenge ¶
ConfirmLoginChallenge confirms the account
func CreateSimpleToken ¶
func CreateSimpleToken() string
func GetBearerToken ¶
GetBearerToken extracts the bearer token
func GetClientID ¶
GetClientID extracts the ClientID from the token
func UpdateAuthorization ¶
func UpdateAuthorization(ctx context.Context, auth *Authorization) error
UpdateAuthorization updates all data needed for the auth fu
Types ¶
type AuthenticationProvider ¶
type AuthenticationProvider interface {
// Send an account challenge to confirm the account
AccountChallengeNotification(context.Context, *account.Account) error
// Send the new token
ProvideAuthorizationToken(context.Context, *account.Account) error
// Options returns the provider configuration
Options() *AuthenticationProviderOpts
}
type Authorization ¶
type Authorization struct {
ClientID string `json:"client_id" binding:"required"` // UNIQUE
Realm string `json:"realm"`
Token string `json:"token" binding:"required"`
TokenType string `json:"token_type" binding:"required"` // e.g. user,app,api,bot
UserID string `json:"user_id"` // depends on TokenType. UserID could equal ClientID or BotUserID in Slack
Scope string `json:"scope"` // a comma separated list of scopes, see below
Expires int64 `json:"expires"` // 0 = never
// internal
Revoked bool `json:"-"`
Created int64 `json:"-"`
Updated int64 `json:"-"`
}
Authorization represents a user, app or bot and its permissions
func CheckAuthorization ¶
CheckAuthorization relies on the presence of a bearer token and validates the matching authorization against a list of requested scopes. If everything checks out, the function returns the authorization or an error otherwise.
func DeleteAuthorization ¶
func DeleteAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
func ExchangeToken ¶
func ExchangeToken(ctx context.Context, req *AuthorizationRequest, expires int, loginFrom string) (*Authorization, int, error)
ExchangeToken confirms the temporary auth token and creates the permanent one
func FindAuthorizationByToken ¶
func FindAuthorizationByToken(ctx context.Context, token string) (*Authorization, error)
FindAuthorizationByToken looks for an authorization by the token
func LookupAuthorization ¶
func LookupAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
LookupAuthorization looks for an authorization
func NewAuthorization ¶
func NewAuthorization(req *AuthorizationRequest, expires int) *Authorization
func (*Authorization) Equal ¶
func (ath *Authorization) Equal(a *Authorization) bool
func (*Authorization) HasAdminScope ¶
func (ath *Authorization) HasAdminScope() bool
HasAdminScope checks if the authorization includes scope 'api:admin'
func (*Authorization) IsValid ¶
func (ath *Authorization) IsValid() bool
IsValid verifies that the Authorization is still valid, i.e. is not expired and not revoked.
func (*Authorization) Key ¶
func (ath *Authorization) Key() string
type AuthorizationRequest ¶
type AuthorizationRequest struct {
Realm string `json:"realm" binding:"required"`
UserID string `json:"user_id" binding:"required"`
ClientID string `json:"client_id"`
Token string `json:"token"`
Scope string `json:"scope"`
}
AuthorizationRequest represents a login/authorization request from a user, app, or bot
Source Files
Click to show internal directories.
Click to hide internal directories.