access

package

v0.0.0-...-2bf1e3b Latest Latest Go to latest Published: Jan 30, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/liquidgecka/blobby

Links

Open Source Insights

Documentation ¶

Index ¶

type ACL
- func (a *ACL) Assert(ir *request.Request)
- func (a *ACL) Proxy(source, dest *http.Request)
type BasicAuth
type Method
type SAML
- func (s *SAML) MetaData(ir *request.Request)
- func (s *SAML) Post(ir *request.Request)
type SAMLAuth
type WebAuth
type WebAuthProvider
- func (w *WebAuthProvider) LoginGet(ir *request.Request)
- func (w *WebAuthProvider) LoginPost(ir *request.Request)
type WhiteList

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ACL ¶

type ACL struct {
	// A list of Required accessors. These must be true for all requests that
	// pass through this resource.
	Required []Method

	// A list of optional accessors. At least one of these must be true
	// in order for a request to flow through this resource. If this is not
	// defined then only Required will be used.
	Any []Method
}

For some request times access can be limited in several different ways including: IP white listing and authentication. This object allows those methods to be configured.

func (*ACL) Assert ¶

func (a *ACL) Assert(ir *request.Request)

Checks a given Request and sees if it should be allowed.

func (*ACL) Proxy ¶

func (a *ACL) Proxy(source, dest *http.Request)

When proxying a request forward to a different blobby server this will walk through each access control method to make sure that it can set the appropriate values on the request so that it gets auth details forwarded.

type BasicAuth ¶

type BasicAuth struct {
	// Access to the htpasswd data.
	Users *secretloader.HTPasswd

	// The realm that will be returned to the user if they fail to auth.
	Realm string

	// The tags required for this resource. If no tags are required then
	// all users will be allowed.
	UserTags []string
}

If a Request can be authenticated with Basic Auth then this will handle the authentication cycle.

type Method ¶

type Method interface {
	// contains filtered or unexported methods
}

A tool used to validate that a given request is allowed to proceed. It is expected that this gets implemented by the various authentication methods in the access package.

type SAML ¶

type SAML struct {
	// The Secret Loader that manages access to the SAML Identity Provider.
	Provider *secretloader.SAMLProvider

	// How long to allow SAML based authentication to be valid for. Setting
	// this too high will make it impossible to expunge a logged in user from
	// the system without removing the user completely. Setting it too low
	// will be annoying for users as they will have to login constantly.
	CookieValidity time.Duration

	// The name of the cookie to use for authentication. This name should
	// not conflict with any other possible cookies used on this domain.
	CookieName string

	// The domain that the cookie will be limited too.
	CookieDomain string

	// Used for encrypting the contents of the cookie.
	CookieTool *cookie.CookieTool

	// Set to secure if the cookie should only ever be returned over https.
	CookieSecure bool

	// The amount of time that a user has after being directed to the
	// Identity Provider before the login attempt is considered
	// expired.
	LoginDuration time.Duration

	// The name of the SAML attribute that will be used when assigning login
	// names. This is useful if your provider uses displayName over say
	// uid. If not set this will default to "uid"
	UserNameAttribute string

	// The name of the SAML attribute that will be used when setting up
	// tags. Each tag within this attribute will be usable with the
	// UserTags portion of the SAMLAuth object type.
	TagAttribute string
}

Handle all of configuration for a SAML provider that can be used with access control lists.

func (*SAML) MetaData ¶

func (s *SAML) MetaData(ir *request.Request)

Writes the meta data for the service provider out to the given request object.

func (*SAML) Post ¶

func (s *SAML) Post(ir *request.Request)

Called when an IDP response is issued to the httpserver. This will take the response, validate it, and if its valid then sets a cookie that will be used for future requests.

type SAMLAuth ¶

type SAMLAuth struct {
	// The reference to the common provider for this SAML instance.
	Source *SAML

	// If provided then users must have all of the given tags to be able
	// to authenticate to this service.
	UserTags []string
}

A specific implementation of a SAMLAuth that will validate that the user has logged in.

type WebAuth ¶

type WebAuth struct {
	// The Provider that configures users.
	Provider *WebAuthProvider

	// A list of tags that users must have in order to access this
	// resource. All tags must be present in the user profile for this
	// to work. Alternatively if this is left nil then all users
	// will be allowed access.
	UserTags []string
}

An acl.Method implementation of WebAuthProvider that uses the provider but allows individual resources to configure Tags required by users.

type WebAuthProvider ¶

type WebAuthProvider struct {
	// Access to the htpasswd data.
	Users *secretloader.HTPasswd

	// How long to allow the web authentication to be valid for. Setting this
	// too high will make it impossible to expunge a logged in user from the
	// system without removing the user entry completely. Setting it too low
	// will be annoying for users as they will have to login in constantly.
	CookieValidity time.Duration

	// The Name of the cookie to use when setting the authorized cookie.
	CookieName string

	// The domain that web login cookies should be restricted too.
	CookieDomain string

	// Used for encrypting the contents of the cookie.
	CookieTool *cookie.CookieTool
}

If a Request can be authenticated with Web Auth then this will handle the authentication cycle.

func (*WebAuthProvider) LoginGet ¶

func (w *WebAuthProvider) LoginGet(ir *request.Request)

Handles requests to /_login (GET)

func (*WebAuthProvider) LoginPost ¶

func (w *WebAuthProvider) LoginPost(ir *request.Request)

Handles request to /_login (POST)

type WhiteList ¶

type WhiteList struct {
	// A list of IP/Mask combinations that can be used to limit who can
	// access a given resource within the HTTP server.
	CIDRs []net.IPNet

	// Allow the following IPs to set the value of RemoteAddr via the
	// X-Forwarded-For header. This should be restricted to a list of
	// trusted hosts as they will effectively be able to circumvent the
	// IP white listing process.
	AllowXForwardedForFrom []net.IPNet
}

Handles CIDR white listing requests.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL