tmpauth

package module
v0.0.0-...-efa68f5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 7, 2024 License: Apache-2.0 Imports: 27 Imported by: 1

README

tmpauth-go

A tmpauth library for Go.

go get -u github.com/tmpim/tmpauth-go

Documentation

Index

Constants

View Source 
const (
	ConfigIDHeader   = "X-Tmpauth-Config-Id"
	RequestURIHeader = "X-Tmpauth-Request-URI"
	HostHeader       = "X-Tmpauth-Host"
	TokenHeader      = "X-Tmpauth-Token"
)
View Source 
const (
	TmpAuthHost = "auth.tmpim.pw"
)

Variables

View Source 
var (
	DefaultLogger = log.New(os.Stderr, "tmpauth", log.Ldate|log.Ltime|log.Lmicroseconds|log.Lshortfile)
	NoLogger      = log.New(io.Discard, "", 0)
)
View Source 
var ErrInvalidCallbackToken = &CallbackError{
	errorCode:    "invalid_token",
	humanMessage: "The callback token from tmpauth failed to be validated",
}

Functions

func MinValidationTime 

func MinValidationTime() time.Time

Types

type BackgroundWorker 

type BackgroundWorker struct {
	// contains filtered or unexported fields
}

func (*BackgroundWorker) DebugLog 

func (w *BackgroundWorker) DebugLog(str string)

func (*BackgroundWorker) MinValidationTime 

func (w *BackgroundWorker) MinValidationTime() time.Time

func (*BackgroundWorker) Start 

func (w *BackgroundWorker) Start(logger *log.Logger, debug bool, validationHost ...string)

type CachedToken 

type CachedToken struct {
	StateID        string
	UserDescriptor string
	CachedHeaders  map[string]string
	Expiry         time.Time
	RevalidateAt   time.Time
	ValidatedAt    time.Time
	IssuedAt       time.Time
	UserIDs        []string // IDs that can be used in Config.AllowedUsers from IDFormats
	RawToken       string
	// contains filtered or unexported fields
}

type CaddyHandleFunc 

type CaddyHandleFunc func(w http.ResponseWriter, r *http.Request) (int, error)

func FromHTTPHandleFunc 

func FromHTTPHandleFunc(h http.HandlerFunc) CaddyHandleFunc

func FromHTTPHandler 

func FromHTTPHandler(h http.Handler) CaddyHandleFunc

type CallbackError 

type CallbackError struct {
	// contains filtered or unexported fields
}

func (*CallbackError) Error 

func (c *CallbackError) Error() string

type Config 

type Config struct {
	PublicKey *ecdsa.PublicKey
	ClientID  string
	Secret    []byte
	Token     string

	Redirect              string
	AllowedUsers          []string
	IDFormats             []string
	Except                []string
	Include               []string
	Headers               map[string]*HeaderOption
	Host                  *url.URL
	CaseSensitiveMatching bool

	// Advanced settings, default zero values are sane.
	Debug          bool
	BaseHTTPClient *http.Client
	Logger         *log.Logger // If nil, DefaultLogger is used. Set to NoLogger to disable logging.
	UseFinalizer   bool        // Use the finalizer to clean up background workers.
}

type HeaderOption 

type HeaderOption struct {
	Format   string `json:"format"`
	Optional bool   `json:"optional"`
}

func (*HeaderOption) Evaluate 

func (h *HeaderOption) Evaluate(jsonData string) (string, error)

type MiniConfig 

type MiniConfig struct {
	PublicKey             string                   `json:"publicKey"`
	Secret                string                   `json:"secret"`
	AllowedUsers          []string                 `json:"allowedUsers"`
	IDFormats             []string                 `json:"idFormats"`
	Except                []string                 `json:"except"`
	Include               []string                 `json:"include"`
	Headers               map[string]*HeaderOption `json:"headers"`
	Redirect              string                   `json:"redirect"`
	Host                  string                   `json:"host"`
	Debug                 bool                     `json:"debug"`
	CaseSensitiveMatching bool                     `json:"caseSensitiveMatching"`
	MiniServerHost        string                   `json:"miniServerHost,omitempty"`
}

type MiniTransport 

type MiniTransport struct {
	// contains filtered or unexported fields
}

func (*MiniTransport) Do 

func (t *MiniTransport) Do(req *http.Request, depth int) (*http.Response, error)

type Path 

type Path string

Path represents a URI path.

type RemoteConfig 

type RemoteConfig struct {
	ConfigID string
	ClientID string
	Secret   []byte
}

type StateIDSession 

type StateIDSession struct {
	RedirectURI string
	ExpiresAt   time.Time
}

type StatusResponse 

type StatusResponse struct {
	Tmpauth        bool            `json:"tmpauth"`
	ClientID       string          `json:"clientID"`
	IsLoggedIn     bool            `json:"isLoggedIn"`
	UserDescriptor json.RawMessage `json:"loggedInUser,omitempty"`
}

type Tmpauth 

type Tmpauth struct {
	// We use a Caddy style HandleFunc for middleware.
	Next       CaddyHandleFunc
	Config     *Config
	TokenCache map[[32]byte]*CachedToken
	HttpClient *http.Client
	HMAC       hash.Hash
	// contains filtered or unexported fields
}

func NewMini 

func NewMini(config MiniConfig, next CaddyHandleFunc) (*Tmpauth, error)

func NewTmpauth 

func NewTmpauth(cfg *Config, next CaddyHandleFunc) *Tmpauth

NewTmpauth creates a new tmpauth handler. Although this can be used as a middleware, it doesn't have to be. For example you can leave most Config options unset, and use ParseWrappedAuthJWT to validate tokens.

func (*Tmpauth) CookieName 

func (t *Tmpauth) CookieName() string

func (*Tmpauth) DebugLog 

func (t *Tmpauth) DebugLog(str string)

func (*Tmpauth) Matches 

func (t *Tmpauth) Matches(urlPath, base string) bool

Matches checks to see if base matches p. The correct usage of this method sets p as the request path, and base as a Casketfile (user-defined) rule path.

Path matching will probably not always be a direct comparison; this method assures that paths can be easily and consistently matched.

Multiple slashes are collapsed/merged. Lifted from https://github.com/tmpim/casket/blob/v1.2.11/caskethttp/httpserver/path.go This code sample may be considered to be licensed under the Apache License 2.0 which can be found at https://github.com/tmpim/casket/blob/master/LICENSE.txt

func (*Tmpauth) ParseAuthJWT 

func (t *Tmpauth) ParseAuthJWT(tokenStr string, minValidationTime time.Time) (*CachedToken, error)

func (*Tmpauth) ParseWrappedAuthJWT 

func (t *Tmpauth) ParseWrappedAuthJWT(tokenStr string) (*CachedToken, error)

func (*Tmpauth) ParseWrappedMicrotoken 

func (t *Tmpauth) ParseWrappedMicrotoken(tokenStr string) (*CachedToken, error)

func (*Tmpauth) ReauthMini 

func (t *Tmpauth) ReauthMini() error

func (*Tmpauth) ServeHTTP 

func (t *Tmpauth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)

func (*Tmpauth) SetHeaders 

func (t *Tmpauth) SetHeaders(token *CachedToken, headers http.Header) error

func (*Tmpauth) Shutdown 

func (t *Tmpauth) Shutdown()

Shutdown signals background workers in tmpauth to stop. This is required for all use cases of tmpauth as it's used to stop the cache janitor.

func (*Tmpauth) StartAuth 

func (t *Tmpauth) StartAuth(w http.ResponseWriter, r *http.Request) (int, error)

func (*Tmpauth) StateIDCookieName 

func (t *Tmpauth) StateIDCookieName(id string) string

func (*Tmpauth) Stdlib 

func (t *Tmpauth) Stdlib() *TmpauthStdlib

Stdlib returns a http.Handler compatible version of the Tmpauth middleware.

func (*Tmpauth) VerifyWithPublicKey 

func (t *Tmpauth) VerifyWithPublicKey(token *jwt.Token) (interface{}, error)

func (*Tmpauth) VerifyWithSecret 

func (t *Tmpauth) VerifyWithSecret(token *jwt.Token) (interface{}, error)

func (*Tmpauth) Whomst 

func (t *Tmpauth) Whomst(token *CachedToken) (map[string]json.RawMessage, error)

type TmpauthStdlib 

type TmpauthStdlib struct {
	// contains filtered or unexported fields
}

func (*TmpauthStdlib) ServeHTTP 

func (t *TmpauthStdlib) ServeHTTP(w http.ResponseWriter, r *http.Request)

type Transport 

type Transport struct {
	// contains filtered or unexported fields
}

Transport represents the transport that injects credentials.

func (*Transport) RoundTrip 

func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip implements round trips as required by http.RoundTrippr

type UnserializableConfig 

type UnserializableConfig struct {
	PublicKey             string                   `json:"publicKey"`
	Secret                string                   `json:"secret"`
	AllowedUsers          []string                 `json:"allowedUsers"`
	IDFormats             []string                 `json:"idFormats"`
	Except                []string                 `json:"except"`
	Include               []string                 `json:"include"`
	Headers               map[string]*HeaderOption `json:"headers"`
	Redirect              string                   `json:"redirect"`
	Host                  string                   `json:"host"`
	Debug                 bool                     `json:"debug"`
	CaseSensitiveMatching bool                     `json:"caseSensitiveMatching"`
}

UnserializableConfig is a convenience struct for unmarshalling config from JSON like formats and validating them into a Config.

func (*UnserializableConfig) Parse 

func (c *UnserializableConfig) Parse() (*Config, error)

Source Files

View all Source files

Directories

Path Synopsis
cmd
microtoken-wasm command
mini-server command
mini-test-client command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.