Documentation
¶
Index ¶
- Constants
- Variables
- func WithUserClaims(ctx context.Context, claims *Claims) context.Context
- type Claims
- type Config
- type InMemKey
- type InMemStore
- type NoopTokenVerifier
- type OIDCABACConfig
- type OIDCConfig
- type OIDCTokenVerifier
- type RedisConfig
- type RedisStore
- type TicketConfig
- type TicketProvider
- type TicketStore
- type TokenVerifier
Constants ¶
View Source
const ( IngestBatchesCreateAttr = "ingest:batches:create" IngestBatchesListAttr = "ingest:batches:list" IngestBatchesReadAttr = "ingest:batches:read" IngestSIPSCreateAttr = "ingest:sips:create" IngestSIPSDownloadAttr = "ingest:sips:download" IngestSIPSListAttr = "ingest:sips:list" IngestSIPSReadAttr = "ingest:sips:read" IngestSIPSReviewAttr = "ingest:sips:review" IngestSIPSUploadAttr = "ingest:sips:upload" IngestSIPSWorkflowsListAttr = "ingest:sips:workflows:list" IngestSIPSourcesObjectsListAttr = "ingest:sipsources:objects:list" IngestUsersListAttr = "ingest:users:list" StorageAIPSCreateAttr = "storage:aips:create" StorageAIPSDeletionReportAttr = "storage:aips:deletion:report" StorageAIPSDeletionRequestAttr = "storage:aips:deletion:request" StorageAIPSDeletionReviewAttr = "storage:aips:deletion:review" StorageAIPSDownloadAttr = "storage:aips:download" StorageAIPSListAttr = "storage:aips:list" StorageAIPSMoveAttr = "storage:aips:move" StorageAIPSReadAttr = "storage:aips:read" StorageAIPSReviewAttr = "storage:aips:review" StorageAIPSSubmitAttr = "storage:aips:submit" StorageAIPSWorkflowsListAttr = "storage:aips:workflows:list" StorageLocationsAIPSListAttr = "storage:locations:aips:list" StorageLocationsCreateAttr = "storage:locations:create" StorageLocationsListAttr = "storage:locations:list" StorageLocationsReadAttr = "storage:locations:read" )
View Source
const TicketTTL = time.Second * 5
Variables ¶
View Source
var ErrKeyNotFound = errors.New("key not found")
Functions ¶
Types ¶
type Claims ¶
type Claims struct {
Email string `json:"email,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
Name string `json:"name,omitempty"`
Iss string `json:"iss,omitempty"`
Sub string `json:"sub,omitempty"`
// The attributes are parsed from a configured claim and added here,
// they are needed in the JSON representation for the MarshalBinary and
// UnmarshalBinary methods below. We use the `enduro_internal_attributes`
// JSON key to reduce the possibility of a conflict when the JWT is parsed.
Attributes []string `json:"enduro_internal_attributes,omitempty"`
}
func UserClaimsFromContext ¶
UserClaimsFromContext returns the user claims from the context. A nil value is returned if they are not found.
func (*Claims) CheckAttributes ¶
CheckAttributes verifies all required attributes are present in the claim attributes. It always verifies if the claim is nil (authentication disabled) or the attributes are nil (access control disabled). Attributes are verified by exact match or by having an ancestor with wildcard. For example, a claim with "*" or "ingest:*" as one of it's attributes will verify all ingest actions, like "ingest:sips:list", "ingest:sips:read", etc.
func (*Claims) MarshalBinary ¶ added in v0.16.0
MarshalBinary implements encoding.BinaryMarshaler for Redis compatibility.
func (*Claims) UnmarshalBinary ¶ added in v0.16.0
UnmarshalBinary implements encoding.BinaryUnmarshaler for Redis compatibility.
type Config ¶
type Config struct {
Enabled bool
OIDC *OIDCConfig
Ticket *TicketConfig
}
type InMemStore ¶
type InMemStore struct {
// contains filtered or unexported fields
}
func NewInMemStore ¶
func NewInMemStore() *InMemStore
func (*InMemStore) Close ¶
func (s *InMemStore) Close() error
type NoopTokenVerifier ¶
type NoopTokenVerifier struct{}
type OIDCABACConfig ¶
type OIDCConfig ¶
type OIDCConfig struct {
ProviderURL string
ClientID string
SkipEmailVerifiedCheck bool
// Attribute Based Access Control configuration.
ABAC OIDCABACConfig
}
type OIDCTokenVerifier ¶
type OIDCTokenVerifier struct {
// contains filtered or unexported fields
}
func NewOIDCTokenVerifier ¶
func NewOIDCTokenVerifier(ctx context.Context, cfg *OIDCConfig) (*OIDCTokenVerifier, error)
type RedisConfig ¶
type RedisStore ¶
type RedisStore struct {
// contains filtered or unexported fields
}
RedisStore is an implementation of TicketStore based on Redis.
func NewRedisStore ¶
func NewRedisStore(ctx context.Context, tp trace.TracerProvider, cfg *RedisConfig) (*RedisStore, error)
func (*RedisStore) Close ¶
func (s *RedisStore) Close() error
type TicketConfig ¶
type TicketConfig struct {
Redis *RedisConfig
}
type TicketProvider ¶
type TicketProvider interface {
// Request requests a new ticket saving the key/value pair in the store.
Request(ctx context.Context, value any) (string, error)
// Check checks that a ticket is known to the provider and scan its value,
// not including tickets that exceeded the time-to-live attribute.
Check(ctx context.Context, ticket *string, value any) error
// Close closes the provider, releasing resources associated to the store.
Close() error
}
TicketProvider issues tickets used for authentication cookies.
func NewTicketProvider ¶
func NewTicketProvider(ctx context.Context, store TicketStore, rander io.Reader) TicketProvider
NewTicketProvider creates a new TicketProvider. The provider is no-op when the store is nil.
type TicketStore ¶
type TicketStore interface {
// SetEx persists a key/value pair with a timeout.
SetEx(ctx context.Context, key string, value any, ttl time.Duration) error
// GetDel checks whether a key exists in the store and scans the value.
// It returns ErrKeyNotFound if the key was not found or expired.
GetDel(ctx context.Context, key string, value any) error
// Close the client.
Close() error
}
TicketStore persists expirable tickets.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.