providers

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 31, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAPIKeyProvider 

func NewAPIKeyProvider(name string, opts ...APIKeyOption) auth.AuthProvider

NewAPIKeyProvider creates a new API key auth provider. By default, it looks for the API key in the "X-API-Key" header.

func NewBasicAuthProvider 

func NewBasicAuthProvider(name string, opts ...BasicAuthOption) auth.AuthProvider

NewBasicAuthProvider creates a new HTTP Basic Auth provider.

func NewBearerTokenProvider 

func NewBearerTokenProvider(name string, opts ...BearerTokenOption) auth.AuthProvider

NewBearerTokenProvider creates a new bearer token auth provider. By default, it expects JWT tokens.

func NewOAuth2Provider 

func NewOAuth2Provider(name string, flows *auth.OAuthFlows, opts ...OAuth2Option) auth.AuthProvider

NewOAuth2Provider creates a new OAuth2 auth provider.

func NewOIDCProvider 

func NewOIDCProvider(name string, openIdConnectUrl string, opts ...OIDCOption) auth.AuthProvider

NewOIDCProvider creates a new OpenID Connect auth provider.

Types

type APIKeyOption 

type APIKeyOption func(*APIKeyProvider)

func WithAPIKeyContainer 

func WithAPIKeyContainer(container forge.Container) APIKeyOption

WithAPIKeyContainer sets the DI container (for accessing services).

func WithAPIKeyCookie 

func WithAPIKeyCookie(name string) APIKeyOption

WithAPIKeyCookie sets the cookie name to look for the API key.

func WithAPIKeyDescription 

func WithAPIKeyDescription(desc string) APIKeyOption

WithAPIKeyDescription sets the OpenAPI description.

func WithAPIKeyHeader 

func WithAPIKeyHeader(name string) APIKeyOption

WithAPIKeyHeader sets the header name to look for the API key.

func WithAPIKeyQuery 

func WithAPIKeyQuery(param string) APIKeyOption

WithAPIKeyQuery sets the query parameter name to look for the API key.

func WithAPIKeyValidator 

func WithAPIKeyValidator(validator APIKeyValidator) APIKeyOption

WithAPIKeyValidator sets the validator function.

type APIKeyProvider 

type APIKeyProvider struct {
	// contains filtered or unexported fields
}

APIKeyProvider implements API key authentication. API keys can be provided in headers, query parameters, or cookies.

func (*APIKeyProvider) Authenticate 

func (p *APIKeyProvider) Authenticate(ctx context.Context, r *http.Request) (*auth.AuthContext, error)

func (*APIKeyProvider) Middleware 

func (p *APIKeyProvider) Middleware() forge.Middleware

func (*APIKeyProvider) Name 

func (p *APIKeyProvider) Name() string

func (*APIKeyProvider) OpenAPIScheme 

func (p *APIKeyProvider) OpenAPIScheme() auth.SecurityScheme

func (*APIKeyProvider) Type 

func (p *APIKeyProvider) Type() auth.SecuritySchemeType

type APIKeyValidator 

type APIKeyValidator func(ctx context.Context, apiKey string) (*auth.AuthContext, error)

APIKeyValidator validates an API key and returns the auth context. The validator has access to the DI container via the provider and can retrieve services like databases, caches, etc. for validation.

type BasicAuthOption 

type BasicAuthOption func(*BasicAuthProvider)

func WithBasicAuthContainer 

func WithBasicAuthContainer(container forge.Container) BasicAuthOption

WithBasicAuthContainer sets the DI container (for accessing services).

func WithBasicAuthDescription 

func WithBasicAuthDescription(desc string) BasicAuthOption

WithBasicAuthDescription sets the OpenAPI description.

func WithBasicAuthValidator 

func WithBasicAuthValidator(validator BasicAuthValidator) BasicAuthOption

WithBasicAuthValidator sets the validator function.

type BasicAuthProvider 

type BasicAuthProvider struct {
	// contains filtered or unexported fields
}

BasicAuthProvider implements HTTP Basic Authentication. It extracts username and password from the Authorization header.

func (*BasicAuthProvider) Authenticate 

func (p *BasicAuthProvider) Authenticate(ctx context.Context, r *http.Request) (*auth.AuthContext, error)

func (*BasicAuthProvider) Middleware 

func (p *BasicAuthProvider) Middleware() forge.Middleware

func (*BasicAuthProvider) Name 

func (p *BasicAuthProvider) Name() string

func (*BasicAuthProvider) OpenAPIScheme 

func (p *BasicAuthProvider) OpenAPIScheme() auth.SecurityScheme

func (*BasicAuthProvider) Type 

func (p *BasicAuthProvider) Type() auth.SecuritySchemeType

type BasicAuthValidator 

type BasicAuthValidator func(ctx context.Context, username, password string) (*auth.AuthContext, error)

BasicAuthValidator validates username and password and returns the auth context. The validator can access services from the DI container to verify credentials against a database, LDAP, etc.

type BearerTokenOption 

type BearerTokenOption func(*BearerTokenProvider)

func WithBearerContainer 

func WithBearerContainer(container forge.Container) BearerTokenOption

WithBearerContainer sets the DI container (for accessing services).

func WithBearerDescription 

func WithBearerDescription(desc string) BearerTokenOption

WithBearerDescription sets the OpenAPI description.

func WithBearerFormat 

func WithBearerFormat(format string) BearerTokenOption

WithBearerFormat sets the bearer token format (e.g., "JWT", "token").

func WithBearerValidator 

func WithBearerValidator(validator BearerTokenValidator) BearerTokenOption

WithBearerValidator sets the validator function.

type BearerTokenProvider 

type BearerTokenProvider struct {
	// contains filtered or unexported fields
}

BearerTokenProvider implements Bearer token authentication (JWT, OAuth2, etc.). It extracts tokens from the Authorization header using the "Bearer" scheme.

func (*BearerTokenProvider) Authenticate 

func (p *BearerTokenProvider) Authenticate(ctx context.Context, r *http.Request) (*auth.AuthContext, error)

func (*BearerTokenProvider) Middleware 

func (p *BearerTokenProvider) Middleware() forge.Middleware

func (*BearerTokenProvider) Name 

func (p *BearerTokenProvider) Name() string

func (*BearerTokenProvider) OpenAPIScheme 

func (p *BearerTokenProvider) OpenAPIScheme() auth.SecurityScheme

func (*BearerTokenProvider) Type 

func (p *BearerTokenProvider) Type() auth.SecuritySchemeType

type BearerTokenValidator 

type BearerTokenValidator func(ctx context.Context, token string) (*auth.AuthContext, error)

BearerTokenValidator validates a bearer token and returns the auth context. The validator can access services from the DI container for JWT verification, token introspection, etc.

type LDAPConfig added in v0.4.0 

type LDAPConfig struct {
	// Connection settings
	Host string `json:"host" yaml:"host"`
	Port int    `json:"port" yaml:"port"`

	// Bind credentials (service account)
	BindDN       string `json:"bind_dn"       yaml:"bind_dn"`
	BindPassword string `json:"bind_password" yaml:"bind_password"`

	// Search settings
	BaseDN       string   `json:"base_dn"       yaml:"base_dn"`
	SearchFilter string   `json:"search_filter" yaml:"search_filter"` // e.g., "(uid=%s)" or "(sAMAccountName=%s)"
	Attributes   []string `json:"attributes"    yaml:"attributes"`    // Attributes to fetch

	// TLS settings
	UseTLS             bool `json:"use_tls"              yaml:"use_tls"`
	InsecureSkipVerify bool `json:"insecure_skip_verify" yaml:"insecure_skip_verify"`

	// Connection pool
	PoolSize          int           `json:"pool_size"          yaml:"pool_size"`
	ConnectionTimeout time.Duration `json:"connection_timeout" yaml:"connection_timeout"`
	RequestTimeout    time.Duration `json:"request_timeout"    yaml:"request_timeout"`
	IdleTimeout       time.Duration `json:"idle_timeout"       yaml:"idle_timeout"`
	MaxRetries        int           `json:"max_retries"        yaml:"max_retries"`
	RetryDelay        time.Duration `json:"retry_delay"        yaml:"retry_delay"`

	// Cache settings
	EnableCache bool          `json:"enable_cache" yaml:"enable_cache"`
	CacheTTL    time.Duration `json:"cache_ttl"    yaml:"cache_ttl"`

	// Group mapping
	GroupBaseDN string            `json:"group_base_dn" yaml:"group_base_dn"` // e.g., "ou=groups,dc=company,dc=com"
	GroupFilter string            `json:"group_filter"  yaml:"group_filter"`  // e.g., "(member=%s)"
	RoleMapping map[string]string `json:"role_mapping"  yaml:"role_mapping"`  // LDAP group DN -> app role

	// Advanced
	EnableReferrals bool `json:"enable_referrals" yaml:"enable_referrals"` // Handle AD referrals
	PageSize        int  `json:"page_size"        yaml:"page_size"`        // Paging for large result sets
}

LDAPConfig holds LDAP/Active Directory configuration.

func DefaultLDAPConfig added in v0.4.0 

func DefaultLDAPConfig() LDAPConfig

DefaultLDAPConfig returns default LDAP configuration.

type LDAPProvider added in v0.4.0 

type LDAPProvider struct {
	// contains filtered or unexported fields
}

LDAPProvider implements LDAP/Active Directory authentication.

func NewLDAPProvider added in v0.4.0 

func NewLDAPProvider(config LDAPConfig, logger forge.Logger) (*LDAPProvider, error)

NewLDAPProvider creates a new LDAP authentication provider.

func (*LDAPProvider) Authenticate added in v0.4.0 

func (p *LDAPProvider) Authenticate(ctx context.Context, r *http.Request) (*auth.AuthContext, error)

Authenticate authenticates a user against LDAP/AD.

func (*LDAPProvider) Close added in v0.4.0 

func (p *LDAPProvider) Close() error

Close closes the LDAP connection pool.

func (*LDAPProvider) Middleware added in v0.4.0 

func (p *LDAPProvider) Middleware() forge.Middleware

Middleware returns the authentication middleware.

func (*LDAPProvider) Name added in v0.4.0 

func (p *LDAPProvider) Name() string

Name returns the provider name.

func (*LDAPProvider) OpenAPIScheme added in v0.4.0 

func (p *LDAPProvider) OpenAPIScheme() auth.SecurityScheme

OpenAPIScheme returns the OpenAPI security scheme.

func (*LDAPProvider) Type added in v0.4.0 

func (p *LDAPProvider) Type() auth.SecuritySchemeType

Type returns the security scheme type.

type OAuth2Option 

type OAuth2Option func(*OAuth2Provider)

func WithOAuth2Container 

func WithOAuth2Container(container forge.Container) OAuth2Option

WithOAuth2Container sets the DI container (for accessing services).

func WithOAuth2Description 

func WithOAuth2Description(desc string) OAuth2Option

WithOAuth2Description sets the OpenAPI description.

func WithOAuth2Validator 

func WithOAuth2Validator(validator OAuth2TokenValidator) OAuth2Option

WithOAuth2Validator sets the validator function.

type OAuth2Provider 

type OAuth2Provider struct {
	// contains filtered or unexported fields
}

OAuth2Provider implements OAuth 2.0 authentication. It validates OAuth2 access tokens and extracts scopes and permissions.

func (*OAuth2Provider) Authenticate 

func (p *OAuth2Provider) Authenticate(ctx context.Context, r *http.Request) (*auth.AuthContext, error)

func (*OAuth2Provider) Middleware 

func (p *OAuth2Provider) Middleware() forge.Middleware

func (*OAuth2Provider) Name 

func (p *OAuth2Provider) Name() string

func (*OAuth2Provider) OpenAPIScheme 

func (p *OAuth2Provider) OpenAPIScheme() auth.SecurityScheme

func (*OAuth2Provider) Type 

func (p *OAuth2Provider) Type() auth.SecuritySchemeType

type OAuth2TokenValidator 

type OAuth2TokenValidator func(ctx context.Context, token string) (*auth.AuthContext, error)

OAuth2TokenValidator validates an OAuth2 token and returns the auth context. The validator should verify the token with the OAuth2 authorization server and extract claims, scopes, etc.

type OIDCOption 

type OIDCOption func(*OIDCProvider)

func WithOIDCContainer 

func WithOIDCContainer(container forge.Container) OIDCOption

WithOIDCContainer sets the DI container (for accessing services).

func WithOIDCDescription 

func WithOIDCDescription(desc string) OIDCOption

WithOIDCDescription sets the OpenAPI description.

func WithOIDCValidator 

func WithOIDCValidator(validator OIDCTokenValidator) OIDCOption

WithOIDCValidator sets the validator function.

type OIDCProvider 

type OIDCProvider struct {
	// contains filtered or unexported fields
}

OIDCProvider implements OpenID Connect authentication. It validates OIDC ID tokens and access tokens.

func (*OIDCProvider) Authenticate 

func (p *OIDCProvider) Authenticate(ctx context.Context, r *http.Request) (*auth.AuthContext, error)

func (*OIDCProvider) Middleware 

func (p *OIDCProvider) Middleware() forge.Middleware

func (*OIDCProvider) Name 

func (p *OIDCProvider) Name() string

func (*OIDCProvider) OpenAPIScheme 

func (p *OIDCProvider) OpenAPIScheme() auth.SecurityScheme

func (*OIDCProvider) Type 

func (p *OIDCProvider) Type() auth.SecuritySchemeType

type OIDCTokenValidator 

type OIDCTokenValidator func(ctx context.Context, token string) (*auth.AuthContext, error)

OIDCTokenValidator validates an OIDC token and returns the auth context. The validator should verify the token with the OIDC provider and extract claims (sub, email, name, etc.).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.