-
Notifications
You must be signed in to change notification settings - Fork 2
/
guard.go
101 lines (81 loc) · 2.92 KB
/
guard.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
// Copyright © 2014-2023 Thomas Rabaix <thomas.rabaix@gmail.com>.
//
// Use of this source code is governed by an MIT-style
// license that can be found in the LICENSE file.
package guard
import (
"errors"
"net/http"
)
var (
ErrInvalidCredentialsFormat = errors.New("invalid credentials format")
ErrInvalidCredentials = errors.New("invalid credentials")
ErrUnableRetrieveUser = errors.New("unable to retrieve the user")
ErrCredentialMismatch = errors.New("credential mismatch")
ErrAuthenticatedTokenCreation = errors.New("unable to create authentication token")
ErrTokenExpired = errors.New("token expired")
)
// Bare interface with the default requirement to check username and password
type GuardUser interface {
GetUsername() string
GetPassword() string
GetRoles() []string
}
type DefaultGuardUser struct {
Username string
Password string
Roles []string
}
func (u *DefaultGuardUser) GetUsername() string {
return u.Username
}
func (u *DefaultGuardUser) GetPassword() string {
return u.Password
}
func (u *DefaultGuardUser) GetRoles() []string {
return u.Roles
}
// Bare interface to used inside a request lifecycle
type GuardToken interface {
// return the current username for the current token
GetUsername() string
// return the related roles linked to the current token
GetRoles() []string
}
// Default implementation to the GuardToken
type DefaultGuardToken struct {
Username string
Roles []string
}
func (t *DefaultGuardToken) GetUsername() string {
return t.Username
}
func (t *DefaultGuardToken) GetRoles() []string {
return t.Roles
}
type GuardAuthenticator interface {
// This method is call on each request.
// If the method return nil as interface{} value, it means the authenticator
// cannot handle the request
GetCredentials(req *http.Request) (interface{}, error)
// Return the user from the credentials
GetUser(credentials interface{}) (GuardUser, error)
// Check if the provided credentials are valid for the current user
CheckCredentials(credentials interface{}, user GuardUser) error
// Return a security token related to the user
CreateAuthenticatedToken(u GuardUser) (GuardToken, error)
// Action when the authentication fail.
// On a default form login, it can be used to redirect the user to login page
// return true if the workflows must be stopped (ie, the authenticator was written
// bytes on the response. false if not.
OnAuthenticationFailure(req *http.Request, res http.ResponseWriter, err error) bool
// Action when the authentication success
// On a default form login, it can be used to redirect the user to protected page
// or the homepage
// return true if the workflows must be stopped (ie, the authenticator was written
// bytes on the response. false if not.
OnAuthenticationSuccess(req *http.Request, res http.ResponseWriter, token GuardToken) bool
}
type GuardManager interface {
GetUser(username string) (GuardUser, error)
}