Documentation
¶
Index ¶
- Constants
- Variables
- func CheckRequest(ctx context.Context, instance Auth, r *http.Request) error
- func CheckScope(c *gin.Context, requiredScopes ...string) error
- func CheckURI(ctx context.Context, instance Auth, url *url.URL) error
- func GetScopesFromContext(ctx context.Context) (bool, []string)
- func RedactSensitiveValues(errorMessage string) string
- func SignRequest(ctx context.Context, instance Auth, r *http.Request, expires *time.Time) *http.Request
- func SignRequestDeprecated(instance Auth, r *http.Request, expires int64) *http.Request
- func SignURI(ctx context.Context, instance Auth, uri string, expires *time.Time) (*url.URL, error)
- func SignURIDeprecated(instance Auth, uri string, expires int64) (*url.URL, error)
- func ValidateScopes(requestedScopes, allowedScopes []string) bool
- type Auth
- type Claims
- type HMACAuth
- type IssueTokenArgs
- type ScopeContextKey
- type Token
- type TokenAuth
- type TokenIDContextKey
- type TokenType
Constants ¶
View Source
const ( AuthorizationHeader = "Authorization" TokenHeaderPrefix = "Bearer " RevokeTokenPrefix = "jwt_revoke_" )
View Source
const (
TokenHeaderPrefixCr = "Bearer Cr "
)
Variables ¶
View Source
var ( ErrAuthFailed = serializer.NewError(serializer.CodeInvalidSign, "invalid sign", nil) ErrAuthHeaderMissing = serializer.NewError(serializer.CodeNoPermissionErr, "authorization header is missing", nil) ErrExpiresMissing = serializer.NewError(serializer.CodeNoPermissionErr, "expire timestamp is missing", nil) ErrExpired = serializer.NewError(serializer.CodeSignExpired, "signature expired", nil) )
Functions ¶
func CheckRequest ¶
CheckRequest 对复杂请求进行签名验证
func RedactSensitiveValues ¶
func SignRequest ¶
func SignRequest(ctx context.Context, instance Auth, r *http.Request, expires *time.Time) *http.Request
SignRequest 对PUT\POST等复杂HTTP请求签名,只会对URI部分、 请求正文、`X-Cr-`开头的header进行签名
func SignRequestDeprecated ¶
SignRequestDeprecated 对PUT\POST等复杂HTTP请求签名,只会对URI部分、 请求正文、`X-Cr-`开头的header进行签名
func SignURIDeprecated ¶
SignURIDeprecated 对URI进行签名,签名只针对Path部分,query部分不做验证 Deprecated
func ValidateScopes ¶
ValidateScopes checks if all requested scopes are a subset of the allowed scopes. Returns true if all requested scopes are valid, false otherwise.
Types ¶
type Auth ¶
type Auth interface {
// 对给定Body进行签名,expires为0表示永不过期
Sign(body string, expires int64) string
// 对给定Body和Sign进行检查
Check(body string, sign string) error
}
Auth 鉴权认证
var General Auth
General 通用的认证接口 Deprecated
type HMACAuth ¶
type HMACAuth struct {
SecretKey []byte
}
HMACAuth HMAC算法鉴权
type IssueTokenArgs ¶
type ScopeContextKey ¶
type ScopeContextKey struct{}
type Token ¶
type Token struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
AccessExpires time.Time `json:"access_expires"`
RefreshExpires time.Time `json:"refresh_expires"`
UID int `json:"-"`
}
Token stores token pair for authentication
type TokenAuth ¶
type TokenAuth interface {
// Issue issues a new pair of credentials for the given user.
Issue(ctx context.Context, args *IssueTokenArgs) (*Token, error)
// VerifyAndRetrieveUser verifies the given token and inject the user into current context.
// Returns if upper caller should continue process other session provider.
VerifyAndRetrieveUser(c *gin.Context) (bool, error)
// Refresh refreshes the given refresh token and returns a new pair of credentials.
Refresh(ctx context.Context, refreshToken string) (*Token, error)
// Claims parses the given token string and returns the claims.
Claims(ctx context.Context, tokenStr string) (*Claims, error)
}
type TokenIDContextKey ¶
type TokenIDContextKey struct{}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.