auth

package

v0.0.0-...-e6a591c Latest Latest Go to latest Published: Feb 16, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/harrybrwn/at

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AdminOnly(opts *Opts) func(http.Handler) http.Handler
func CreateAccessToken(opts *CreateTokenOpts) (string, error)
func CreateRefreshToken(opts *CreateTokenOpts) (string, error)
func CreateServiceJwt(params *ServiceJwtOpts) (tokenJwt string, err error)
func CreateTokens(opts *CreateTokenOpts) (access, refresh string, err error)
func ExtractToken(jwtSecret []byte) func(http.Handler) http.Handler
func GenerateJTI() (string, error)
func GenerateRandomToken() (string, error)
func GetRefreshTokenID() (string, error)
func GetResolverSigningKey(ctx context.Context, resolver indigodid.Resolver, iss string) (crypto.PublicKey, error)
func RefreshTokenOnly(opts *Opts) func(http.Handler) http.Handler
func Required(opts *Opts) func(http.Handler) http.Handler
func StashUser(ctx context.Context, auth *xrpc.Auth) context.Context
func TokenFromContext(ctx context.Context) *jwt.Token
func UserFromContext(ctx context.Context) *xrpc.Auth
type ContextKey
type CreateTokenOpts
type Middelware
- func ServiceJwt(opts *Opts) Middelware
type Opts
type Scope
type ServiceJwtOpts
type SigningMethodK256
- func (sm *SigningMethodK256) Alg() string
- func (sm *SigningMethodK256) Sign(signingString string, key any) ([]byte, error)
- func (sm *SigningMethodK256) Verify(signingString string, sig []byte, key any) (err error)
type SigningMethodP256
- func (sm *SigningMethodP256) Alg() string
- func (sm *SigningMethodP256) Sign(signingString string, key any) ([]byte, error)
- func (sm *SigningMethodP256) Verify(signingString string, sig []byte, key any) (err error)
type Verifier

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	K256SigningMethod *SigningMethodK256
	P256SigningMethod *SigningMethodP256
)

Functions ¶

func AdminOnly ¶

func AdminOnly(opts *Opts) func(http.Handler) http.Handler

func CreateAccessToken ¶

func CreateAccessToken(opts *CreateTokenOpts) (string, error)

CreateAccessToken generates an access token.

func CreateRefreshToken ¶

func CreateRefreshToken(opts *CreateTokenOpts) (string, error)

CreateRefreshToken generates a refresh token.

func CreateServiceJwt ¶

func CreateServiceJwt(params *ServiceJwtOpts) (tokenJwt string, err error)

func CreateTokens ¶

func CreateTokens(opts *CreateTokenOpts) (access, refresh string, err error)

func ExtractToken ¶

func ExtractToken(jwtSecret []byte) func(http.Handler) http.Handler

ExtractToken is a middleware function that will store a jwt token in the request context if one is present. It will not fail if the jwt token is invalid or not found.

func GenerateJTI ¶

func GenerateJTI() (string, error)

func GenerateRandomToken ¶

func GenerateRandomToken() (string, error)

GenerateRandomToken generates a random token formatted as xxxxx-xxxxx

func GetRefreshTokenID ¶

func GetRefreshTokenID() (string, error)

getRefreshTokenID generates a unique identifier for the refresh token.

func GetResolverSigningKey ¶

func GetResolverSigningKey(
	ctx context.Context,
	resolver indigodid.Resolver,
	iss string,
) (crypto.PublicKey, error)

func RefreshTokenOnly ¶

func RefreshTokenOnly(opts *Opts) func(http.Handler) http.Handler

func Required ¶

func Required(opts *Opts) func(http.Handler) http.Handler

AuthRequired will extract a jwt token and store it in the request context. It will fail hard if the token is invalid or not found.

func StashUser ¶

func StashUser(ctx context.Context, auth *xrpc.Auth) context.Context

func TokenFromContext ¶

func TokenFromContext(ctx context.Context) *jwt.Token

func UserFromContext ¶

func UserFromContext(ctx context.Context) *xrpc.Auth

Types ¶

type ContextKey ¶

type ContextKey string

type CreateTokenOpts ¶

type CreateTokenOpts struct {
	DID        string
	JWTKey     []byte
	ServiceDID string
	Scope      Scope
	ExpiresIn  time.Duration
	JTI        string // only used for creating refresh tokens
	Now        *time.Time
}

type Middelware ¶

type Middelware func(http.Handler) http.Handler

func ServiceJwt ¶

func ServiceJwt(opts *Opts) Middelware

type Opts ¶

type Opts struct {
	Logger        *slog.Logger
	JWTSecret     []byte
	AdminPassword string
	Resolver      indigodid.Resolver
}

type Scope ¶

type Scope string

const (
	ScopeAccess            Scope = "com.atproto.access"
	ScopeRefresh           Scope = "com.atproto.refresh"
	ScopeAppPass           Scope = "com.atproto.appPass"
	ScopeAppPassPrivileged Scope = "com.atproto.appPassPrivileged"
	ScopeSignupQueued      Scope = "com.atproto.signupQueued"
)

type ServiceJwtOpts ¶

type ServiceJwtOpts struct {
	Iss string
	Aud string
	Iat *time.Time
	Exp *time.Time
	// LXM is the lexicon method
	LXM     *string
	KeyPair crypto.PrivateKey
}

type SigningMethodK256 ¶

type SigningMethodK256 struct{}

func (*SigningMethodK256) Alg ¶

func (sm *SigningMethodK256) Alg() string

func (*SigningMethodK256) Sign ¶

func (sm *SigningMethodK256) Sign(signingString string, key any) ([]byte, error)

Returns signature or error

func (*SigningMethodK256) Verify ¶

func (sm *SigningMethodK256) Verify(signingString string, sig []byte, key any) (err error)

Returns nil if signature is valid

type SigningMethodP256 ¶

type SigningMethodP256 struct{}

func (*SigningMethodP256) Alg ¶

func (sm *SigningMethodP256) Alg() string

func (*SigningMethodP256) Sign ¶

func (sm *SigningMethodP256) Sign(signingString string, key any) ([]byte, error)

func (*SigningMethodP256) Verify ¶

func (sm *SigningMethodP256) Verify(signingString string, sig []byte, key any) (err error)

type Verifier ¶

type Verifier struct {
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL