Documentation
¶
Index ¶
- type JwtGenerator
- type SecurityService
- type TokenBasedSecurityService
- func (service *TokenBasedSecurityService) AssignTokens(realm string, userId uuid.UUID, accessToken *string, refreshToken *string)
- func (service *TokenBasedSecurityService) CheckCredentials(tokenIssueData *dto.TokenGenerationData, realmName string) *data.OperationError
- func (service *TokenBasedSecurityService) CheckSessionAndRefreshExpired(realm string, userId uuid.UUID) (bool, bool)
- func (service *TokenBasedSecurityService) GetCurrentUserById(realmName string, userId uuid.UUID) data.User
- func (service *TokenBasedSecurityService) GetCurrentUserByName(realmName string, userName string) data.User
- func (service *TokenBasedSecurityService) GetSession(realm string, userId uuid.UUID) *data.UserSession
- func (service *TokenBasedSecurityService) GetSessionByAccessToken(realm string, token *string) *data.UserSession
- func (service *TokenBasedSecurityService) GetSessionByRefreshToken(realm string, token *string) *data.UserSession
- func (service *TokenBasedSecurityService) StartOrUpdateSession(realm string, userId uuid.UUID, duration int, refresh int) uuid.UUID
- func (service *TokenBasedSecurityService) Validate(tokenIssueData *dto.TokenGenerationData, realm *data.Realm) *data.OperationError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type JwtGenerator ¶
type JwtGenerator struct {
// TODO(UMV): we should add possibility to regenerate SignKey (probably via CLI)
SignKey []byte
Logger *logging.AppLogger
}
JwtGenerator is useful struct that has methods to generate JWT tokens using golang-jwt utility
func (*JwtGenerator) GenerateJwtAccessToken ¶
func (generator *JwtGenerator) GenerateJwtAccessToken(realmBaseUrl string, tokenType string, scope string, sessionData *data.UserSession, userData data.User) string
GenerateJwtAccessToken generates encoded string of access token in JWT format
This function combines a lot of arguments into one big JSON and encode it using SignKey (should be loaded by application)
* Parameters:
* - realmBaseUrl - common path of all routes, usually ~/auth/realms/{realm}/ (see api/rest/getRealmBaseUrl)
* - tokenType - string with type of token, rest.Bearer
* - scope - verification scope, currently used only globals.ProfileEmailScope
* - sessionData - full session data of authorized user
* - userData - full public user data
* Returns: JWT-encoded string with access token
func (*JwtGenerator) GenerateJwtRefreshToken ¶
func (generator *JwtGenerator) GenerateJwtRefreshToken(realmBaseUrl string, tokenType string, scope string, sessionData *data.UserSession) string
GenerateJwtRefreshToken generates encoded string of refresh token in JWT format
This function combines a lot of arguments into one big JSON and encode it using SignKey (should be loaded by application).
* FULLY SIMILAR To GenerateJwtAccessToken except it has not userData like previous func
* Parameters:
* - realmBaseUrl - common path of all routes, usually ~/auth/realms/{realm}/ (see api/rest/getRealmBaseUrl)
* - tokenType - string with type of token, rest.Refresh
* - scope - verification scope, currently used only globals.ProfileEmailScope
* - sessionData - full session data of authorized user
* Returns: JWT-encoded string with refresh token
type SecurityService ¶
type SecurityService interface {
// Validate checks whether provided tokenIssueData could be used for token generation or not
Validate(tokenIssueData *dto.TokenGenerationData, realm *data.Realm) *data.OperationError
// CheckCredentials validates provided in tokenIssueData pairs of clientId+clientSecret and username+password
CheckCredentials(tokenIssueData *dto.TokenGenerationData, realmName string) *data.OperationError
// GetCurrentUserByName return CurrentUser data by name
GetCurrentUserByName(realmName string, userName string) data.User
// GetCurrentUserById return CurrentUser data by id
GetCurrentUserById(realmName string, userId uuid.UUID) data.User
// StartOrUpdateSession starting new session on new successful token issue request or updates existing one with new request with valid token
StartOrUpdateSession(realm string, userId uuid.UUID, duration int, refresh int) uuid.UUID
// AssignTokens this function creates relation between userId and issued tokens (access and refresh)
AssignTokens(realm string, userId uuid.UUID, accessToken *string, refreshToken *string)
// GetSession returns user session data
GetSession(realm string, userId uuid.UUID) *data.UserSession
// GetSessionByAccessToken returns session data by access token
GetSessionByAccessToken(realm string, token *string) *data.UserSession
// GetSessionByRefreshToken returns session data by access token
GetSessionByRefreshToken(realm string, token *string) *data.UserSession
// CheckSessionAndRefreshExpired checks is user tokens expired or not (could user use them or should get new ones)
CheckSessionAndRefreshExpired(realm string, userId uuid.UUID) (bool, bool)
}
SecurityService is an interface that implements all checks and manipulation with sessions data
func CreateSecurityService ¶
func CreateSecurityService(dataProvider *managers.DataContext, logger *logging.AppLogger) SecurityService
CreateSecurityService creates instance of TokenBasedSecurityService as SecurityService
This function creates SecurityService based on dataProvider as managers.DataContext * Parameters: * - dataProvider - any managers.DataContext implementation (config.FILE, config.REDIS) * - logger - logger service * Returns instance of TokenBasedSecurityService as SecurityService
type TokenBasedSecurityService ¶
type TokenBasedSecurityService struct {
DataProvider *managers.DataContext
UserSessions map[string][]data.UserSession
// contains filtered or unexported fields
}
TokenBasedSecurityService structure that implements SecurityService
func (*TokenBasedSecurityService) AssignTokens ¶
func (service *TokenBasedSecurityService) AssignTokens(realm string, userId uuid.UUID, accessToken *string, refreshToken *string)
AssignTokens saves obtained tokens in existing UserSession
This function saves tokens in existing session searching it by userId (session must exist) * Parameters: * - realm - name of realm * - userId - user identifier * - accessToken - obtained access token * - refreshToken - obtained refresh token * Returns nothing
func (*TokenBasedSecurityService) CheckCredentials ¶
func (service *TokenBasedSecurityService) CheckCredentials(tokenIssueData *dto.TokenGenerationData, realmName string) *data.OperationError
CheckCredentials function that checks provided credentials (username and password)
This function extracts data.User from DataProvider and also this function checks password from user credentials * Parameters: * - tokenIssueData - issues token * - realm - name of a data.Realm * Returns: nil if credentials are valid, otherwise error (data.OperationError) with description
func (*TokenBasedSecurityService) CheckSessionAndRefreshExpired ¶ added in v0.9.1
func (service *TokenBasedSecurityService) CheckSessionAndRefreshExpired(realm string, userId uuid.UUID) (bool, bool)
CheckSessionAndRefreshExpired this function checks both token are expired or not
This function compares current time with expiration time (usually refresh token expires earlier than access) * Parameters: * - realm - name of a realm * - userId - user identifier * Returns tuple of (bool, bool) with values for access token (first) and refresh token (second) expired. If token expired value is true.
func (*TokenBasedSecurityService) GetCurrentUserById ¶ added in v0.9.1
func (service *TokenBasedSecurityService) GetCurrentUserById(realmName string, userId uuid.UUID) data.User
GetCurrentUserById return public user info by username
This function simply return user by id, by querying user from DataProvider * Parameters: * - realm - realm previously obtained from DataProvider * - userId - user identifier * Returns user from DataProvider or nil (user not found)
func (*TokenBasedSecurityService) GetCurrentUserByName ¶ added in v0.9.1
func (service *TokenBasedSecurityService) GetCurrentUserByName(realmName string, userName string) data.User
GetCurrentUserByName return public user info by username
This function simply return user by name, by querying user from DataProvider * Parameters: * - realm - realm previously obtained from DataProvider * - userName - name of user * Returns user from DataProvider or nil (user not found)
func (*TokenBasedSecurityService) GetSession ¶
func (service *TokenBasedSecurityService) GetSession(realm string, userId uuid.UUID) *data.UserSession
GetSession returns user session related to user
Function iterates over sessions and searches appropriate session by comparing userId with s.UserId * Parameters: * - realm - name of a realm * - userId - user identifier * Returns data.UserSession if found or nil
func (*TokenBasedSecurityService) GetSessionByAccessToken ¶
func (service *TokenBasedSecurityService) GetSessionByAccessToken(realm string, token *string) *data.UserSession
GetSessionByAccessToken returns user session related to user by access token
Function iterates over sessions and searches appropriate session by comparing token with s.JwtAccessToken * Parameters: * - realm - name of a realm * - token - access token * Returns data.UserSession if found or nil
func (*TokenBasedSecurityService) GetSessionByRefreshToken ¶ added in v0.9.1
func (service *TokenBasedSecurityService) GetSessionByRefreshToken(realm string, token *string) *data.UserSession
GetSessionByRefreshToken returns user session related to user by refresh token
Function iterates over sessions and searches appropriate session by comparing token with s.JwtRefreshToken * Parameters: * - realm - name of a realm * - token - refresh token * Returns data.UserSession if found or nil
func (*TokenBasedSecurityService) StartOrUpdateSession ¶
func (service *TokenBasedSecurityService) StartOrUpdateSession(realm string, userId uuid.UUID, duration int, refresh int) uuid.UUID
StartOrUpdateSession this function starts new session or updates existing one
This function starts new session when user successfully gets access token, duration && refresh takes from data.Realm data.Client * Sessions storing in internal memory, probably it will be changed and store as temporary key * Parameters: * - realm - realm name * - userId - user identifier * - duration - access token == session duration * - refresh - refresh token duration * Returns: identifier of session
func (*TokenBasedSecurityService) Validate ¶
func (service *TokenBasedSecurityService) Validate(tokenIssueData *dto.TokenGenerationData, realm *data.Realm) *data.OperationError
Validate functions that check whether provided clientId and clientSecret valid or not
First this function get find data.Realm data.Client by clientId, if client is data.Public there is nothing to do, for confidential * clients function checks provided clientSecret * Parameters: * - tokenIssueData data required for issue new token * - realm - obtained from managers.DataContext realm * Returns: nil if Validation passed, otherwise error (data.OperationError) with description
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.