forked from oapi-codegen/oapi-codegen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
securityprovider.go
110 lines (95 loc) · 3.45 KB
/
securityprovider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
// Package securityprovider contains some default securityprovider
// implementations, which can be used as a RequestEditorFn of a
// client.
package securityprovider
import (
"context"
"fmt"
"net/http"
)
const (
// ErrSecurityProviderApiKeyInvalidIn indicates a usage of an invalid In.
// Should be cookie, header or query
ErrSecurityProviderApiKeyInvalidIn = SecurityProviderError("invalid 'in' specified for apiKey")
)
// SecurityProviderError defines error values of a security provider.
type SecurityProviderError string
// Error implements the error interface.
func (e SecurityProviderError) Error() string {
return string(e)
}
// NewSecurityProviderBasicAuth provides a SecurityProvider, which can solve
// the BasicAuth challenge for api-calls.
func NewSecurityProviderBasicAuth(username, password string) (*SecurityProviderBasicAuth, error) {
return &SecurityProviderBasicAuth{
username: username,
password: password,
}, nil
}
// SecurityProviderBasicAuth sends a base64-encoded combination of
// username, password along with a request.
type SecurityProviderBasicAuth struct {
username string
password string
}
// Intercept will attach an Authorization header to the request and ensures that
// the username, password are base64 encoded and attached to the header.
func (s *SecurityProviderBasicAuth) Intercept(ctx context.Context, req *http.Request) error {
req.SetBasicAuth(s.username, s.password)
return nil
}
// NewSecurityProviderBearerToken provides a SecurityProvider, which can solve
// the Bearer Auth challende for api-calls.
func NewSecurityProviderBearerToken(token string) (*SecurityProviderBearerToken, error) {
return &SecurityProviderBearerToken{
token: token,
}, nil
}
// SecurityProviderBearerToken sends a token as part of an
// Authorization: Bearer header along with a request.
type SecurityProviderBearerToken struct {
token string
}
// Intercept will attach an Authorization header to the request
// and ensures that the bearer token is attached to the header.
func (s *SecurityProviderBearerToken) Intercept(ctx context.Context, req *http.Request) error {
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", s.token))
return nil
}
// NewSecurityProviderApiKey will attach a generic apiKey for a given name
// either to a cookie, header or as a query parameter.
func NewSecurityProviderApiKey(in, name, apiKey string) (*SecurityProviderApiKey, error) {
interceptors := map[string]func(ctx context.Context, req *http.Request) error{
"cookie": func(ctx context.Context, req *http.Request) error {
req.AddCookie(&http.Cookie{Name: name, Value: apiKey})
return nil
},
"header": func(ctx context.Context, req *http.Request) error {
req.Header.Add(name, apiKey)
return nil
},
"query": func(ctx context.Context, req *http.Request) error {
query := req.URL.Query()
query.Add(name, apiKey)
req.URL.RawQuery = query.Encode()
return nil
},
}
interceptor, ok := interceptors[in]
if !ok {
return nil, ErrSecurityProviderApiKeyInvalidIn
}
return &SecurityProviderApiKey{
interceptor: interceptor,
}, nil
}
// SecurityProviderApiKey will attach an apiKey either to a
// cookie, header or query.
type SecurityProviderApiKey struct {
interceptor func(ctx context.Context, req *http.Request) error
}
// Intercept will attach a cookie, header or query param for the configured
// name and apiKey.
func (s *SecurityProviderApiKey) Intercept(ctx context.Context, req *http.Request) error {
return s.interceptor(ctx, req)
}