security

package
v0.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 1, 2025 License: MIT Imports: 4 Imported by: 2

Documentation

Overview

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security is a toolkit for security check and authorization

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Package security is a package that provides security-related functions and types.

Package security implements the functions, types, and interfaces for the module.

Package security implements the functions, types, and interfaces for the module.

Index

Constants

View Source 
const (
	// HeaderAuthorize is the name of the authorization header.
	HeaderAuthorize = "Authorization"
	// HeaderContentType is the name of the content type header.
	HeaderContentType = "Content-Type"
	// HeaderContentLength is the name of the content length header.
	HeaderContentLength = "Content-Length"
	// HeaderUserAgent is the name of the user agent header.
	HeaderUserAgent = "User-Agent"
	// HeaderReferer is the name of the referer header.
	HeaderReferer = "Referer"
	// HeaderOrigin is the name of the origin header.
	HeaderOrigin = "Origin"
)
View Source 
const (
	// SchemeNTLM represents an NTLM authorization.
	SchemeNTLM = SchemeNegotiate
)

Variables

This section is empty.

Functions

func ContextIsRoot 

func ContextIsRoot(ctx context.Context) bool

ContextIsRoot checks if the context has the rootCtxKey set to true.

func NewClaimsContext 

func NewClaimsContext(ctx context.Context, claims Claims) context.Context

func NewPolicyContext 

func NewPolicyContext(ctx context.Context, policy Policy) context.Context

func NewTokenContext 

func NewTokenContext(ctx context.Context, token string) context.Context

func TokenFromContext 

func TokenFromContext(ctx context.Context) string

func WithRootContext 

func WithRootContext(ctx context.Context) context.Context

WithRootContext returns a new context with the rootCtxKey set to true.

Types

type Auditor 

type Auditor interface {
	LogAuthEvent(ctx context.Context, event AuditorEvent) error
}

type AuditorEvent 

type AuditorEvent struct {
	Timestamp time.Time
	Subject   string
	Action    string
	Object    string
	Success   bool
	ClientIP  string
	UserAgent string
}

type Authenticator 

type Authenticator interface {
	// Authenticate returns a nil error and the AuthClaims info (if available).
	Authenticate(context.Context, string) (Claims, error)
	// AuthenticateContext returns a nil error and the AuthClaims info (if available).
	// if the subject is authenticated or a non-nil error with an appropriate error cause otherwise.
	AuthenticateContext(context.Context, TokenSource) (Claims, error)
	// DestroyToken invalidate a token by removing it from the token store.
	DestroyToken(context.Context, string) error
	// DestroyRefreshToken by removing from the token store to invalidate a refresh token
	DestroyRefreshToken(context.Context, string) error
}

Authenticator interface

type Authorizer 

type Authorizer interface {
	// Authorized checks if a user is authorized to perform an action.
	// It takes a context and a UserClaims object as input.
	// It returns a boolean indicating whether the user is authorized and an error if the check fails.
	Authorized(ctx context.Context, policy Policy, object string, action string) (bool, error)
	// AuthorizedWithDomain checks if a user is authorized to perform an action within a specific domain.
	// It takes a context, a UserClaims object, a domain, an object, and an action as input.
	// It returns a boolean indicating whether the user is authorized and an error if the check fails.
	AuthorizedWithDomain(ctx context.Context, policy Policy, object string, action string, domain string) (bool, error)
	// AuthorizedWithExtra checks if a user is authorized to perform an action within a specific domain.
	// It takes a context, a UserClaims object, a domain, an object, and an action as input.
	// It returns a boolean indicating whether the user is authorized and an error if the check fails.
	AuthorizedWithExtra(ctx context.Context, data ExtraData) (bool, error)
}

Authorizer is an interface that defines the methods for an authorizer. It is used to manage policies and check authorization.

type Claims 

type Claims interface {
	// GetSubject returns the subject of the security
	GetSubject() string
	// GetIssuer returns the issuer of the security
	GetIssuer() string
	// GetAudience returns the audience of the security
	GetAudience() []string
	// GetExpiration returns the expiration time of the security
	GetExpiration() int64
	// GetNotBefore returns the time before which the security cannot be accepted
	GetNotBefore() int64
	// GetIssuedAt returns the time at which the security was issued
	GetIssuedAt() int64
	// GetID returns the unique identifier for the security
	GetID() string
	// GetScopes returns the scopes associated with the security
	GetScopes() map[string]bool
}

Claims is an interface that defines the methods that a security claims object should have It provides methods for getting the subject, issuer, audience, expiration, not before, issued at, JWT ID, and scopes of the claims

func ClaimsFromContext 

func ClaimsFromContext(ctx context.Context) Claims

func ClaimsWithExtra 

func ClaimsWithExtra(claims Claims, ext map[string]string) Claims

type Extra 

type Extra interface {
	// GetExtra returns the extra data as a map of strings
	GetExtra() map[string]string
	// Get returns the value associated with the given key
	Get(key string) (string, bool)
	// Set sets the value associated with the given key
	Set(key string, value string)
}

func ExtraObject 

func ExtraObject(extra any) (Extra, bool)

ExtraObject retrieves the ExtraData object from a Policy if it implements the ExtraData interface

type ExtraClaims 

type ExtraClaims struct {
	// Claims is the registered claims part of the ExtraClaims object.
	Claims Claims
	// Extra is the extra claims part of the ExtraClaims object.
	Extra Extra
}

ExtraClaims represents a claims object that contains both registered claims and extra claims.

func (ExtraClaims) Get 

func (e ExtraClaims) Get(key string) (string, bool)

Get returns the value of the given key from the extra claims.

func (ExtraClaims) GetAudience 

func (e ExtraClaims) GetAudience() []string

GetAudience returns the audience of the claims.

func (ExtraClaims) GetExpiration 

func (e ExtraClaims) GetExpiration() int64

GetExpiration returns the expiration time of the claims.

func (ExtraClaims) GetExtra 

func (e ExtraClaims) GetExtra() map[string]string

GetExtra returns the extra claims as a map of strings.

func (ExtraClaims) GetID 

func (e ExtraClaims) GetID() string

GetID returns the unique identifier for the claims.

func (ExtraClaims) GetIssuedAt 

func (e ExtraClaims) GetIssuedAt() int64

GetIssuedAt returns the time at which the claims were issued.

func (ExtraClaims) GetIssuer 

func (e ExtraClaims) GetIssuer() string

GetIssuer returns the issuer of the claims.

func (ExtraClaims) GetNotBefore 

func (e ExtraClaims) GetNotBefore() int64

GetNotBefore returns the time before which the claims cannot be accepted.

func (ExtraClaims) GetScopes 

func (e ExtraClaims) GetScopes() map[string]bool

GetScopes returns the scopes associated with the claims.

func (ExtraClaims) GetSubject 

func (e ExtraClaims) GetSubject() string

GetSubject returns the subject of the claims.

func (ExtraClaims) Set 

func (e ExtraClaims) Set(key string, value string)

Set sets the value of the given key in the extra claims.

type ExtraData 

type ExtraData interface {
	Extra
	// GetClaims returns the Claims object associated with the extra data,if Claims exists
	GetClaims() (Claims, bool)
	// HasClaims returns true if the extra data contains a Claims object
	HasClaims() bool
	// GetPolicy returns the Policy object associated with the extra data,if Policy exists
	GetPolicy() (Policy, bool)
	// HasPolicy returns true if the extra data contains a Policy object
	HasPolicy() bool
}

ExtraData is an interface that defines methods for handling extra data associated with the security claims

func Claims2Extra 

func Claims2Extra(claims Claims, ext map[string]string) ExtraData

func DataWithExtra 

func DataWithExtra(claims Claims, policy Policy, ext map[string]string) ExtraData

func Policy2Extra 

func Policy2Extra(policy Policy, ext map[string]string) ExtraData

func WithExtraData 

func WithExtraData(ext map[string]string) ExtraData

type ExtraPolicy 

type ExtraPolicy struct {
	// Policy is the underlying-registered policy.
	Policy Policy
	// Extra is the additional metadata associated with the policy.
	Extra Extra
}

ExtraPolicy represents an extended policy that includes additional metadata.

func (ExtraPolicy) Get 

func (e ExtraPolicy) Get(key string) (string, bool)

func (ExtraPolicy) GetAction 

func (e ExtraPolicy) GetAction() string

GetAction returns the action of the policy.

func (ExtraPolicy) GetDomain 

func (e ExtraPolicy) GetDomain() string

GetDomain returns the domain of the policy.

func (ExtraPolicy) GetExtra 

func (e ExtraPolicy) GetExtra() map[string]string

func (ExtraPolicy) GetObject 

func (e ExtraPolicy) GetObject() string

GetObject returns the object of the policy.

func (ExtraPolicy) GetPermissions 

func (e ExtraPolicy) GetPermissions() []string

GetPermissions returns the permissions associated with the policy.

func (ExtraPolicy) GetRoles 

func (e ExtraPolicy) GetRoles() []string

GetRoles returns the roles associated with the policy.

func (ExtraPolicy) GetSubject 

func (e ExtraPolicy) GetSubject() string

GetSubject returns the subject of the policy.

func (ExtraPolicy) Set 

func (e ExtraPolicy) Set(key string, value string)

type Policy 

type Policy interface {
	// GetSubject returns the subject of the casbin policy
	GetSubject() string
	// GetObject returns the object of the casbin policy
	GetObject() string
	// GetAction returns the action of the casbin policy
	GetAction() string
	// GetDomain returns the domain of the casbin policy
	GetDomain() string
	// GetRoles returns a list of roles for the user
	GetRoles() []string
	// GetPermissions returns a list of permissions for the user
	GetPermissions() []string
}

Policy is an interface that defines the methods for a policy It provides methods for getting the subject, object, action, domain, roles, and permissions of the policy

func PolicyFromContext 

func PolicyFromContext(ctx context.Context) Policy

func PolicyWithExtra 

func PolicyWithExtra(policy Policy, ext map[string]string) Policy

type PolicyMap 

type PolicyMap map[string]any

type PolicyParser 

type PolicyParser func(ctx context.Context, claims Claims) (Policy, error)

PolicyParser is an interface that defines the methods for a user claims parser It takes a context and a Claims object as input and returns a Policy object and an error

type PolicyRegistry 

type PolicyRegistry interface {
	// AddPolicy adds a policy for a given subject, object, action, domain
	AddPolicy(sec string, pt string, rule []string) error
	// RemovePolicy removes a policy for a given subject, object, action, domain
	RemovePolicy(sec string, pt string, rule []string) error
	// SetRoles Set the role for a given context
	SetRoles(ctx context.Context, roles RoleMap) error
	// SetPolicies sets the policies for a given context
	SetPolicies(ctx context.Context, policies PolicyMap) error
	// SetPolicyRoles sets the policies for a given context.
	// It takes a context, a map of policies, and a map of roles as input.
	// It returns an error if the policies cannot be set.
	SetPolicyRoles(ctx context.Context, policies PolicyMap, roles RoleMap) error
}

PolicyRegistry is an interface that defines the methods for a policy manager

type RefreshTokenizer 

type RefreshTokenizer interface {
	Tokenizer
	// CreateRefreshClaims creates a new identity claims specifically for a refresh token.
	CreateRefreshClaims(context.Context, string) (Claims, error)
}

type RegisteredClaims 

type RegisteredClaims struct {
	ID         string          `json:"jti,omitempty"`
	Subject    string          `json:"sub,omitempty"`
	Issuer     string          `json:"iss,omitempty"`
	Audience   []string        `json:"aud,omitempty"`
	Expiration int64           `json:"exp,omitempty"`
	NotBefore  int64           `json:"nbf,omitempty"`
	IssuedAt   int64           `json:"iat,omitempty"`
	Scopes     map[string]bool `json:"scopes,omitempty"`
}

RegisteredClaims is a struct that implements the Claims interface It provides fields for the subject, issuer, audience, expiration, not before, issued at, JWT ID, and scopes of the claims json example: 

{
  "sub": "test_subject",
  "iss": "test_issuer",
  "aud": [
    "test_audience1",
    "test_audience2"
  ],
  "exp": 1735647621,
  "nbf": 1735644021,
  "iat": 1735644021,
  "jti": "test_jti",
  "scopes": {
    "scope1": true,
    "scope2": false
  }
}

func (RegisteredClaims) GetAudience 

func (r RegisteredClaims) GetAudience() []string

GetAudience returns the audience of the claims

func (RegisteredClaims) GetExpiration 

func (r RegisteredClaims) GetExpiration() int64

GetExpiration returns the expiration time of the claims

func (RegisteredClaims) GetID 

func (r RegisteredClaims) GetID() string

GetID returns the unique identifier for the claims

func (RegisteredClaims) GetIssuedAt 

func (r RegisteredClaims) GetIssuedAt() int64

GetIssuedAt returns the time at which the claims were issued

func (RegisteredClaims) GetIssuer 

func (r RegisteredClaims) GetIssuer() string

GetIssuer returns the issuer of the claims

func (RegisteredClaims) GetNotBefore 

func (r RegisteredClaims) GetNotBefore() int64

GetNotBefore returns the time before which the claims cannot be accepted

func (RegisteredClaims) GetScopes 

func (r RegisteredClaims) GetScopes() map[string]bool

GetScopes returns the scopes associated with the RegisteredClaims.

func (RegisteredClaims) GetSubject 

func (r RegisteredClaims) GetSubject() string

GetSubject returns the subject of the claims

type RegisteredPolicy 

type RegisteredPolicy struct {
	Subject     string   `json:"subject"`     // The subject of the policy.
	Object      string   `json:"object"`      // The object of the policy.
	Action      string   `json:"action"`      // The action of the policy.
	Domain      string   `json:"domain"`      // The domain of the policy.
	Roles       []string `json:"roles"`       // The roles associated with the policy.
	Permissions []string `json:"permissions"` // The permissions associated with the policy.
}

RegisteredPolicy represents a registered policy in your system. It contains information about the subject, object, action, domain, roles, and permissions.

func (RegisteredPolicy) GetAction 

func (r RegisteredPolicy) GetAction() string

GetAction returns the action of the policy.

func (RegisteredPolicy) GetDomain 

func (r RegisteredPolicy) GetDomain() string

GetDomain returns the domain of the policy.

func (RegisteredPolicy) GetObject 

func (r RegisteredPolicy) GetObject() string

GetObject returns the object of the policy.

func (RegisteredPolicy) GetPermissions 

func (r RegisteredPolicy) GetPermissions() []string

GetPermissions returns the permissions associated with the policy.

func (RegisteredPolicy) GetRoles 

func (r RegisteredPolicy) GetRoles() []string

GetRoles returns the roles associated with the policy.

func (RegisteredPolicy) GetSubject 

func (r RegisteredPolicy) GetSubject() string

GetSubject returns the subject of the policy.

type RoleMap 

type RoleMap map[string]any

type Scheme 

type Scheme int

Scheme represents the type of authorization. 

const (
	// SchemeAnonymous represents an anonymous authorization.
	SchemeAnonymous Scheme = iota
	// SchemeBasic represents a basic authorization.
	SchemeBasic
	// SchemeBearer represents a bearer authorization.
	SchemeBearer
	// SchemeDigest represents a digest authorization.
	SchemeDigest
	// SchemeHOBA represents a HTTP Origin-Bound Authentication (HOBA) authorization.
	SchemeHOBA
	// SchemeMutual represents a mutual authentication.
	SchemeMutual
	// SchemeNegotiate represents a negotiate authorization.
	SchemeNegotiate
	// SchemeVapid represents a VAPID authorization.
	SchemeVapid
	// SchemeSCRAM represents a SCRAM authorization.
	SchemeSCRAM
	// SchemeAWS4HMAC256 represents an AWS4-HMAC-SHA256 authorization.
	SchemeAWS4HMAC256
	// SchemeDPoP represents a DPoP authorization.
	SchemeDPoP
	// SchemeGNAP represents a GNAP authorization.
	SchemeGNAP
	// SchemePrivate represents a private authorization.
	SchemePrivate
	// SchemeOAuth represents an OAuth authorization.
	SchemeOAuth
	// SchemeUnknown represents an unknown authorization.
	SchemeUnknown
	SchemeMax
)

func (Scheme) Equal 

func (t Scheme) Equal(other string) bool

func (Scheme) Lower 

func (t Scheme) Lower() string

Lower returns the lowercase string representation of the Type.

func (Scheme) String 

func (i Scheme) String() string

type Security 

type Security interface {
	Authenticator
	Authorizer
}

Security represents the security interface.

type Serializer 

type Serializer interface {
	// Serialize serializes the given data into a byte slice
	Serialize(ctx context.Context, data Claims) ([]byte, error)
	// Deserialize deserializes the given byte slice into the given data
	Deserialize(ctx context.Context, data []byte) (Claims, error)
}

Serializer is an interface that defines the methods for a serializer

type TokenSource 

type TokenSource int

TokenSource type is defined to represent the origin of the token. 

const (
	// TokenSourceContext represents the token source for the context.
	TokenSourceContext TokenSource = iota
	// TokenSourceHeader represents the token source for the header, if you don't know server or client
	TokenSourceHeader
	// TokenSourceClientHeader represents the token source for the header.
	TokenSourceClientHeader
	// TokenSourceServerHeader represents the token source for the header.
	TokenSourceServerHeader
	// TokenSourceMetadata represents the token source for the metadata, if you don't know server or client.
	TokenSourceMetadata
	// TokenSourceMetadataClient represents the token source for the metadata.
	TokenSourceMetadataClient
	// TokenSourceMetadataServer represents the token source for the metadata.
	TokenSourceMetadataServer
	// TokenSourceQueryParameter represents the token source for the query.
	TokenSourceQueryParameter
	// TokenSourceCookie represents the token source for the cookie.
	TokenSourceCookie
	// TokenSourceURLParameter represents the token source for the parameter.
	TokenSourceURLParameter
	// TokenSourceForm represents the token source for the form.
	TokenSourceForm
	// TokenSourceRequestBody represents the token source for the body.
	TokenSourceRequestBody
	// TokenSourceSession represents the token source for the session.
	TokenSourceSession
	// TokenSourceUnknown represents an unknown token source.
	TokenSourceUnknown
)

TokenSource constants represent the different types of context.

func (TokenSource) String 

func (i TokenSource) String() string

type Tokenizer 

type Tokenizer interface {
	// CreateClaims creates a new identity claims.
	CreateClaims(context.Context, string) (Claims, error)
	// CreateToken inject user claims into token string.
	CreateToken(context.Context, Claims) (string, error)
	// ParseClaims parses a token string and returns the Claims.
	ParseClaims(context.Context, string) (Claims, error)
	// Validate validates if a token is valid.
	Validate(context.Context, string) (bool, error)
}

type UnimplementedClaims 

type UnimplementedClaims struct {
}

UnimplementedClaims is a struct that implements the Claims interface

func (UnimplementedClaims) GetAudience 

func (u UnimplementedClaims) GetAudience() []string

GetAudience returns an empty slice

func (UnimplementedClaims) GetExpiration 

func (u UnimplementedClaims) GetExpiration() int64

GetExpiration returns the current time

func (UnimplementedClaims) GetID 

func (u UnimplementedClaims) GetID() string

GetID returns an empty string

func (UnimplementedClaims) GetIssuedAt 

func (u UnimplementedClaims) GetIssuedAt() int64

GetIssuedAt returns the current time

func (UnimplementedClaims) GetIssuer 

func (u UnimplementedClaims) GetIssuer() string

GetIssuer returns an empty string

func (UnimplementedClaims) GetJWTID 

func (u UnimplementedClaims) GetJWTID() string

func (UnimplementedClaims) GetNotBefore 

func (u UnimplementedClaims) GetNotBefore() int64

GetNotBefore returns the current time

func (UnimplementedClaims) GetScopes 

func (u UnimplementedClaims) GetScopes() map[string]bool

GetScopes returns an empty map

func (UnimplementedClaims) GetSubject 

func (u UnimplementedClaims) GetSubject() string

GetSubject returns an empty string

type UnimplementedPolicy 

type UnimplementedPolicy struct {
}

func (UnimplementedPolicy) GetAction 

func (u UnimplementedPolicy) GetAction() string

func (UnimplementedPolicy) GetDomain 

func (u UnimplementedPolicy) GetDomain() string

func (UnimplementedPolicy) GetObject 

func (u UnimplementedPolicy) GetObject() string

func (UnimplementedPolicy) GetPermissions 

func (u UnimplementedPolicy) GetPermissions() []string

func (UnimplementedPolicy) GetRoles 

func (u UnimplementedPolicy) GetRoles() []string

func (UnimplementedPolicy) GetSubject 

func (u UnimplementedPolicy) GetSubject() string

Source Files

View all Source files

Directories

Path Synopsis
Package token provides token caching functionality for security module
 Package token provides token caching functionality for security module

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.