The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrJWTExpired = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc6750.html#section-3.1",
Status: 401,
Title: "JSON Web Token Expired",
Detail: "The JSON Web Token used to access this resource has expired. Access has been denied",
}
ErrJWTExpired is returned if the JWT in the request is already expired
var ErrJWTInvalidIssuer = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc6750.html#section-3.1",
Status: 401,
Title: "JSON Web Token Issuer Wrong",
Detail: "The JSON Web Token used to access this resource has not been issued by the correct issuer. Please check your authentication provider.",
}
ErrJWTInvalidIssuer is returned if the JWTs issuer field indicates that it has not been issued by the API Gateway
var ErrJWTMalformed = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc9110#section-15.5.1",
Status: 400,
Title: "JSON Web Token Malformed",
Detail: "The JSON Web Token presented as Bearer Token is not correctly formatted",
}
ErrJWTMalformed is returned if the request did contain a JWT but is malformed
var ErrJWTNoGroups = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc9110#section-15.5.1",
Status: 400,
Title: "JSON Web Token No Groups Claim",
Detail: "The JSON Web Token used to access this resource did not contain the required `groups` claim",
}
ErrJWTNoGroups is returned if the JWT did not contain the group claim and therefore is not usable for the service
var ErrJWTNotCreatedYet = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc6750.html#section-3.1",
Status: 401,
Title: "JSON Web Token Used Before Creation",
Detail: "The JSON Web Token used to access this resource been created in the future, therefore it is invalid and the access has been denied. Please check your authentication provider.",
}
ErrJWTNotCreatedYet is returned if the JWTs iat field indicating at which the token has been issued is in the future
var ErrJWTNotYetValid = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc6750.html#section-3.1",
Status: 401,
Title: "JSON Web Token Used Before Validity",
Detail: "The JSON Web Token used to access this resource has been used before it is permitted to be used. Access has been denied",
}
ErrJWTNotYetValid is returned if the field indicating a time before the jwt is not valid contains a time in the future
var ErrMissingAuthorizationHeader = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc6750.html#section-3.1",
Status: 401,
Title: "Missing Authorization Header",
Detail: "The request did not contain the 'Authorization' header. Please check your request.",
}
ErrMissingAuthorizationHeader is returned if the request did not contain the `Authorization` header
var ErrSingleAuthorizationHeaderOnly = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc6750.html#section-3.1",
Status: 400,
Title: "Multiple Credentials supplied",
Detail: "The request contained multiple credentials. Due to security reasons, this is not supported and the request has been rejected",
}
ErrSingleAuthorizationHeaderOnly is returned if the request contained multiple credentials
var ErrUnsupportedTokenScheme = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc6750.html#section-3.1",
Status: 400,
Title: "Unsupported Token Scheme used",
Detail: "The token scheme used in this request is not supported by the service. Please check your request.",
}
ErrUnsupportedTokenScheme is returned if the request did not utilize the Bearer token scheme as documented in RFC 6750.
var ErrorChannelName = randstr.Hex(16)
var Forbidden = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc9110#section-15.5.4",
Status: 403,
Title: "Forbidden",
Detail: "Access to this resource is not allowed for your user. Please check that you have been assigned to the required scope: %s",
}
Forbidden is returned if the user is authenticated but not authorized to access the resource
var InternalError = &types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc9110#section-15.6.1",
Status: 500,
Title: "Internal Server Error",
Detail: "The service encountered an internal error during the handling of your request",
}
InternalError is the base types.ServiceError if the ErrorHandler only received objects implementing the Error() interface and no other errors were raised during the handling of the request
var InvalidTypeProvided = &types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc9110#section-16.2",
Status: 999,
Title: "Invalid Error Supplied",
Detail: "The content provided to the error handler is invalid",
}
InvalidTypeProvided is used in the case that an unsupported type has been passed to the ErrorHandler
var NotFound = types.ServiceError{
Type: "https://www.rfc-editor.org/rfc/rfc9110#section-15.5.5",
Status: 404,
Title: "Route Not Found",
Detail: "The requested route was not found. Please check your request and ensure that the route is correctly set up in the service",
}
NotFound is an error used in the NotFoundError handler
var Panic = &types.ServiceError{
Type: "https://pkg.go.dev/builtin#panic",
Status: 500,
Title: "Internal Panic",
Detail: "The service encountered a panic state during the handling of your request.",
}
Panic is the base types.ServiceError used if the ErrorHandler catches a panic during the handling of a request.
Functions ¶
func ErrorHandler ¶
ErrorHandler is used to inject a channel into the request's context to enable a deferred handling of errors that may occur during handling of a request. The channel will be inserted using the ErrorChannelName variable which is generated automatically to circumvent possible name clashes. Furthermore, the ErrorHandler also recovers from internal panics and sends an error message about them as well.
In case a types.ServiceError and multiple Errors are supplied to the ErrorHandler the errors are automatically added to the Errors field and sent together with the supplied types.ServiceError instance
Usage Example:
r := chi.NewRouter()
r.Use(middleware.ErrorHandler)
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
errorChannel := r.Context.Value(middleware.ErrorChannelName).(chan interface{})
errorChannel <- errors.New("example error")
})
The ErrorHandler accepts objects implementing the Error interface and types.ServiceError objects. Using other types will result in a InvalidTypeProvided error being sent instead using the undocumented HTTP Status Code 999.
func NotFoundError ¶ added in v1.0.2
func NotFoundError(w http.ResponseWriter, _ *http.Request)
func RequireScope ¶
RequireScope is a middleware restricts the access to a resource for users with the specified scope on the specified group. The values required by this middleware are inserted by the JWTValidator.Handler middleware. If the JWTValidator.Handler is not executed before this middleware, the request will automatically be allowed and a warning message will appear on the os.Stderr output.
Types ¶
type JWTValidator ¶
type JWTValidator struct {
// contains filtered or unexported fields
}
JWTValidator allows authenticating and deconstructing JSON Web Tokens. During configuration, it tries to use the OpenID Connect Discovery Protocol to resolve a JSON Web Key used to sign the JWT to increase the security.
func (*JWTValidator) Configure ¶
func (m *JWTValidator) Configure(issuer string) error
Configure uses the OpenID Connect Discovery Protocol to resolve and verify the issuer for the JWTs contained in a request and configures the JWTValidator.Handler
func (*JWTValidator) Handler ¶
func (m *JWTValidator) Handler(next http.Handler) http.Handler
Handler contains the actual middleware which analyzes the Authorization header contained in each request. It extracts the JWT and supplies the groups that have been assigned to the JWT to the request's context. This allows the usage of the RequireScope middleware to check the permissions for accessing a specific resource.
Source Files