Documentation
¶
Index ¶
- Variables
- func AdminAuthorizor(account Account, c *gin.Context) bool
- func CorsConfig() cors.Config
- func DeviceAuthorizor(account Account, c *gin.Context) bool
- func ExtractClaims(c *gin.Context) jwt.MapClaims
- func NullAuthorizor(account Account, c *gin.Context) bool
- func RunMigrations(db *sqlx.DB) error
- type Account
- type Authorizator
- type GinDatabaseMiddleware
- type GinJWTMiddleware
- func (mw *GinJWTMiddleware) LoginHandler(c *gin.Context)
- func (mw *GinJWTMiddleware) MiddlewareFunc(auth Authorizator) gin.HandlerFunc
- func (mw *GinJWTMiddleware) MiddlewareInit() error
- func (mw *GinJWTMiddleware) RefreshHandler(c *gin.Context)
- func (mw *GinJWTMiddleware) TokenGenerator(userID string, role string) string
- type Login
- type OrchestraClaims
Constants ¶
This section is empty.
Variables ¶
var ErrMissingToken = errors.New("JWT Token is missing")
ErrMissingToken when the auth token is missing in the headers, query paramters or cookies
Functions ¶
func AdminAuthorizor ¶
AdminAuthorizor is used to protect routes that are allowed only by administrator accounts
func CorsConfig ¶
CorsConfig stores the Cross Origin Resource Sharing configuration for orchestra
func DeviceAuthorizor ¶
DeviceAuthorizor is used to protect routes that are allowed only by authenticated devices
func ExtractClaims ¶
ExtractClaims help to extract the JWT claims
func NullAuthorizor ¶
NullAuthorizor is used for routes where authentication is optional and it returns always true
func RunMigrations ¶
RunMigrations runs the database migrations
Types ¶
type Authorizator ¶
Authorizator structure Callback function that should perform the authorization of the authenticated user. Called only after an authentication success. Must return true on success, false on failure.
type GinDatabaseMiddleware ¶
GinDatabaseMiddleware a database aware middleware. It will set the DB property, that can be accessed via: db := c.MustGet("DB").(*sqlx.DB)
func InitDatabaseMiddleware ¶
func InitDatabaseMiddleware(dbType string, dbString string) (*GinDatabaseMiddleware, error)
InitDatabaseMiddleware create the middleware that injects the database
func (*GinDatabaseMiddleware) MiddlewareFunc ¶
func (mw *GinDatabaseMiddleware) MiddlewareFunc() gin.HandlerFunc
MiddlewareFunc this is what you register as the middleware
type GinJWTMiddleware ¶
type GinJWTMiddleware struct {
// Realm name to display to the user. Required.
Realm string
// signing algorithm - possible values are HS256, HS384, HS512
// Optional, default is HS256.
SigningAlgorithm string
// Secret key used for signing. Required.
Key []byte
// Duration that a jwt token is valid. Optional, defaults to one hour.
Timeout time.Duration
// This field allows clients to refresh their token until MaxRefresh has passed.
// Note that clients can refresh their token in the last moment of MaxRefresh.
// This means that the maximum validity timespan for a token is MaxRefresh + Timeout.
// Optional, defaults to 0 meaning not refreshable.
MaxRefresh time.Duration
// Callback function that should perform the authentication of the user based on userID and
// password. Must return true on success, false on failure. Required.
// Option return user id, if so, user id will be stored in Claim Array.
Authenticator func(userID string, password string, c *gin.Context) (Account, bool)
Unauthorized func(*gin.Context, int, string)
// Set the identity handler function
IdentityHandler func(*OrchestraClaims) Account
// TokenLookup is a string in the form of "<source>:<name>" that is used
// to extract token from the request.
// Optional. Default value "header:Authorization".
// Possible values:
// - "header:<name>"
// - "query:<name>"
// - "cookie:<name>"
TokenLookup string
// TokenHeadName is a string in the header. Default value is "Bearer"
TokenHeadName string
// TimeFunc provides the current time. You can override it to use another time value. This is useful for testing or if your server uses a different time zone than your tokens.
TimeFunc func() time.Time
}
GinJWTMiddleware provides a Json-Web-Token authentication implementation. On failure, a 401 HTTP response is returned. On success, the wrapped middleware is called, and the userID is made available as c.Get("userID").(string). Users can get a token by posting a json request to LoginHandler. The token then needs to be passed in the Authentication header. Example: `Authorization: Bearer XXX_TOKEN_XXX`
func InitAuthMiddleware ¶
func InitAuthMiddleware(db *sqlx.DB) (*GinJWTMiddleware, error)
InitAuthMiddleware is called to initialise the authentication middleware
func (*GinJWTMiddleware) LoginHandler ¶
func (mw *GinJWTMiddleware) LoginHandler(c *gin.Context)
LoginHandler can be used by clients to get a jwt token. Payload needs to be json in the form of {"username": "USERNAME", "password": "PASSWORD"}. Reply will be of the form {"token": "TOKEN"}.
func (*GinJWTMiddleware) MiddlewareFunc ¶
func (mw *GinJWTMiddleware) MiddlewareFunc(auth Authorizator) gin.HandlerFunc
MiddlewareFunc makes GinJWTMiddleware implement the Middleware interface.
func (*GinJWTMiddleware) MiddlewareInit ¶
func (mw *GinJWTMiddleware) MiddlewareInit() error
MiddlewareInit initialize jwt configs.
func (*GinJWTMiddleware) RefreshHandler ¶
func (mw *GinJWTMiddleware) RefreshHandler(c *gin.Context)
RefreshHandler can be used to refresh a token. The token still needs to be valid on refresh. Shall be put under an endpoint that is using the GinJWTMiddleware. Reply will be of the form {"token": "TOKEN"}.
func (*GinJWTMiddleware) TokenGenerator ¶
func (mw *GinJWTMiddleware) TokenGenerator(userID string, role string) string
TokenGenerator handler that clients can use to get a jwt token.
type Login ¶
type Login struct {
Username string `form:"username" json:"username" binding:"required"`
Password string `form:"password" json:"password" binding:"required"`
}
Login form structure.
type OrchestraClaims ¶
type OrchestraClaims struct {
Role string `json:"role"`
User string `json:"user"`
jwt.StandardClaims
}
OrchestraClaims are claims for the JWT token
Source Files