modulepackage
0.0.0-20200817214944-114f0b888ce9
Repository: https://github.com/aplbrain/echo-secure.git
Documentation: pkg.go.dev
# README
echo-secure
Go library that uses Google oAuth2 authentication and custom authorization for the echo framework.
This library has the following features:
- Configures https for echo web framework. It uses Let's Encrypt by default but allows manual specification of SSL certificate and key.
- REST endpoints for /login and /logout, as well as /profile which returns the email and profile image of the authenticated user (uses Google oauth2). Authenticated state is saved in a cookie.
- Provides simple functionality to manage user authorization using a JSON file or an http endpoint that uses google datastore. The file or datastore can be modified without requiring server restart.
- Provides middleware for authentication and authorization of echo REST endpoints.
- REST endpoint for /token that produces a JWT token for authentication.
Installation instructions
go get https://github.com/janelia-flyem/echo-secure
Usage
This library can be used without any configuration, which by default configures the echo framework to use https through Let's Encrypt without requiring authentication or authorization. To use authentication, Google oauth must be configured to recognize the web app. You will need a client id and client secret.
Example:
import "github.com/janelia-flyem/echo-secure"
// create echo object
e := echo.New()
// create JSON file authorize (file with JSON dictionary
// with keys of "emailaddress" with values of "read", "readwrite", or "admin"
authorizer, err := secure.NewFileAuthorizer(myJSONAuthFileName)
// configuration for echo secure object
sconfig := secure.SecureConfig{
SSLCert: certPEMFile,
SSLKey: keyPEMFile,
ClientID: googlecClientID,
ClientSecret: googleClientSecret,
AuthorizeChecker: authorizer,
Hostname: myhostname,
}
// configures echo web framework and creates wrapper for starting web service
secureAPI, err := secure.InitializeEchoSecure(e, sconfig, []byte("my secret password"))
// add authentication and authorization rules for all endpoints starting with "/api"
readGrp := e.Group("/api")
readGrp.Use(secureAPI.AuthMiddleware(secure.READ))
// start echo web framework at a given port
secureAPI.StartEchoSecure(port)
TODO
- Add unit tests
# Functions
InitializeEchoSecure sets up https configurations for echo.
LevelFromString finds the level corresponding.
NewFileAuthorizer creates a FileAuthorize object.
NewFileAuthorizer creates a FileAuthorize object.
LevelFromString finds the level corresponding.
# Constants
No description provided by the author
No description provided by the author
six months to expire.
No description provided by the author
No description provided by the author
No description provided by the author
# Variables
No description provided by the author
global to hold oauth configuration.
No description provided by the author
Horrible Hack.
# Structs
DatastoreAuthorize implements Authorizer using the appdata-store cloud function http interface.
EchoSecure handles secure connection configuration.
FileAuthorize implements Authorizer using a JSON file for authorization that is dictionary of emails with values "readonly", "readwrite", "admin".
No description provided by the author
No description provided by the author
SecureConfig provides configuration options when initializing echo.
# Interfaces
No description provided by the author
# Type aliases
AuthorizationLevel indicates the access level for given API.