iris/auth/provider.go

//go:build go1.18

package auth

import (
	stdContext "context"

	"github.com/kataras/iris/v12/context"
	"github.com/kataras/iris/v12/x/errors"

	"github.com/kataras/jwt"
)

// VerifiedToken holds the information about a verified token.
type VerifiedToken = jwt.VerifiedToken

// Provider is an interface of T which MUST be completed
// by a custom value type to provide user information to the Auth's
// JWT Token Signer and Verifier.
//
// A provider can optionally complete the Transformer, ClaimsProvider and
// ErrorHandler all in once when necessary.
// Set a provider using the AddProvider method of Auth type.
type Provider[T User] interface {
	// Signin accepts a username (or email) and a password and should
	// return a valid T value or an error describing
	// the user authentication or verification reason of failure.
	//
	// It's called on Auth.SigninHandler
	Signin(ctx stdContext.Context, username, password string) (T, error)

	// ValidateToken accepts the standard JWT claims and the T value obtained
	// by the Signin method and should return a nil error on validation success
	// or a non-nil error for validation failure.
	// It is mostly used to perform checks of the T value's struct fields or
	// the standard claim's (e.g. origin jwt token id).
	// It can be an empty method too which returns a nil error.
	//
	// It's caleld on Auth.VerifyHandler.
	ValidateToken(ctx stdContext.Context, standardClaims StandardClaims, t T) error

	// InvalidateToken is optional and can be used to allow tokens to be invalidated
	// from server-side. Commonly, implement when a token and user pair is saved
	// on a persistence storage and server can decide which token is valid or invalid.
	// It can be an empty method too which returns a nil error.
	//
	// It's called on Auth.SignoutHandler.
	InvalidateToken(ctx stdContext.Context, standardClaims StandardClaims, t T) error
	// InvalidateTokens is like InvalidateToken but it should invalidate
	// all tokens generated for a specific T value.
	// It can be an empty method too which returns a nil error.
	//
	// It's called on Auth.SignoutAllHandler.
	InvalidateTokens(ctx stdContext.Context, t T) error
}

// ClaimsProvider is an optional interface, which may not be used at all.
// If implemented by a Provider, it signs the jwt token
// using these claims to each of the following token types.
type ClaimsProvider interface {
	GetAccessTokenClaims() StandardClaims
	GetRefreshTokenClaims(accessClaims StandardClaims) StandardClaims
}

// Transformer is an optional interface which can be implemented by a Provider as well.
// Set a Transformer through Auth.SetTransformer or Auth.SetTransformerFunc or by implementing
// the Transform method inside a Provider which can be registered through the Auth.AddProvider
// method.
//
// A transformer is called on Auth.VerifyHandler before Provider.ValidateToken and it can
// be used to modify the T value based on the token's contents. It is mostly used
// to convert the json claims to T value manually, when they differ.
type Transformer[T User] interface {
	Transform(ctx stdContext.Context, tok *VerifiedToken) (T, error)
}

// TransformerFunc completes the Transformer interface.
type TransformerFunc[T User] func(ctx stdContext.Context, tok *VerifiedToken) (T, error)

// Transform calls itself.
func (fn TransformerFunc[T]) Transform(ctx stdContext.Context, tok *VerifiedToken) (T, error) {
	return fn(ctx, tok)
}

// ErrorHandler is an optional interface which can be implemented by a Provider as well.
//
// ErrorHandler is the interface which controls the HTTP errors on
// Auth.SigninHandler, Auth.VerifyHandler, Auth.SignoutHandler and
// Auth.SignoutAllHandler handelrs.
type ErrorHandler interface {
	// InvalidArgument should handle any 400 (bad request) errors,
	// e.g. invalid request body.
	InvalidArgument(ctx *context.Context, err error)
	// Unauthenticated should handle any 401 (unauthenticated) errors,
	// e.g. user not found or invalid credentials.
	Unauthenticated(ctx *context.Context, err error)
}

// DefaultErrorHandler is the default registered ErrorHandler which can be
// replaced through the Auth.SetErrorHandler method.
type DefaultErrorHandler struct{}

// InvalidArgument sends 400 (bad request) with "unable to parse body" as its message
// and the "err" value as its details.
func (e *DefaultErrorHandler) InvalidArgument(ctx *context.Context, err error) {
	errors.InvalidArgument.Details(ctx, "unable to parse body", err.Error())
}

// Unauthenticated sends 401 (unauthenticated) with the "err" value as its message.
func (e *DefaultErrorHandler) Unauthenticated(ctx *context.Context, err error) {
	errors.Unauthenticated.Err(ctx, err)
}
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`//go:build go1.18`

			`package auth`

			`import (`
			`stdContext "context"`

			`"github.com/kataras/iris/v12/context"`
			`"github.com/kataras/iris/v12/x/errors"`

			`"github.com/kataras/jwt"`
			`)`

			`// VerifiedToken holds the information about a verified token.`
			`type VerifiedToken = jwt.VerifiedToken`

			`// Provider is an interface of T which MUST be completed`
			`// by a custom value type to provide user information to the Auth's`
			`// JWT Token Signer and Verifier.`
			`//`
auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// A provider can optionally complete the Transformer, ClaimsProvider and`
			`// ErrorHandler all in once when necessary.`
			`// Set a provider using the AddProvider method of Auth type.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`type Provider[T User] interface {`
			`// Signin accepts a username (or email) and a password and should`
			`// return a valid T value or an error describing`
			`// the user authentication or verification reason of failure.`
			`//`
auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// It's called on Auth.SigninHandler`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`Signin(ctx stdContext.Context, username, password string) (T, error)`

			`// ValidateToken accepts the standard JWT claims and the T value obtained`
			`// by the Signin method and should return a nil error on validation success`
			`// or a non-nil error for validation failure.`
			`// It is mostly used to perform checks of the T value's struct fields or`
			`// the standard claim's (e.g. origin jwt token id).`
			`// It can be an empty method too which returns a nil error.`
			`//`
auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// It's caleld on Auth.VerifyHandler.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`ValidateToken(ctx stdContext.Context, standardClaims StandardClaims, t T) error`

			`// InvalidateToken is optional and can be used to allow tokens to be invalidated`
			`// from server-side. Commonly, implement when a token and user pair is saved`
			`// on a persistence storage and server can decide which token is valid or invalid.`
			`// It can be an empty method too which returns a nil error.`
			`//`
auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// It's called on Auth.SignoutHandler.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`InvalidateToken(ctx stdContext.Context, standardClaims StandardClaims, t T) error`
			`// InvalidateTokens is like InvalidateToken but it should invalidate`
			`// all tokens generated for a specific T value.`
			`// It can be an empty method too which returns a nil error.`
			`//`
auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// It's called on Auth.SignoutAllHandler.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`InvalidateTokens(ctx stdContext.Context, t T) error`
			`}`

			`// ClaimsProvider is an optional interface, which may not be used at all.`
			`// If implemented by a Provider, it signs the jwt token`
			`// using these claims to each of the following token types.`
			`type ClaimsProvider interface {`
			`GetAccessTokenClaims() StandardClaims`
			`GetRefreshTokenClaims(accessClaims StandardClaims) StandardClaims`
			`}`

auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// Transformer is an optional interface which can be implemented by a Provider as well.`
			`// Set a Transformer through Auth.SetTransformer or Auth.SetTransformerFunc or by implementing`
			`// the Transform method inside a Provider which can be registered through the Auth.AddProvider`
			`// method.`
			`//`
			`// A transformer is called on Auth.VerifyHandler before Provider.ValidateToken and it can`
			`// be used to modify the T value based on the token's contents. It is mostly used`
			`// to convert the json claims to T value manually, when they differ.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`type Transformer[T User] interface {`
			`Transform(ctx stdContext.Context, tok *VerifiedToken) (T, error)`
			`}`

auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// TransformerFunc completes the Transformer interface.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`type TransformerFunc[T User] func(ctx stdContext.Context, tok *VerifiedToken) (T, error)`

auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// Transform calls itself.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`func (fn TransformerFunc[T]) Transform(ctx stdContext.Context, tok *VerifiedToken) (T, error) {`
			`return fn(ctx, tok)`
			`}`

auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// ErrorHandler is an optional interface which can be implemented by a Provider as well.`
			`//`
			`// ErrorHandler is the interface which controls the HTTP errors on`
			`// Auth.SigninHandler, Auth.VerifyHandler, Auth.SignoutHandler and`
			`// Auth.SignoutAllHandler handelrs.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`type ErrorHandler interface {`
auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// InvalidArgument should handle any 400 (bad request) errors,`
			`// e.g. invalid request body.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`InvalidArgument(ctx *context.Context, err error)`
auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// Unauthenticated should handle any 401 (unauthenticated) errors,`
			`// e.g. user not found or invalid credentials.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`Unauthenticated(ctx *context.Context, err error)`
			`}`

auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// DefaultErrorHandler is the default registered ErrorHandler which can be`
			`// replaced through the Auth.SetErrorHandler method.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`type DefaultErrorHandler struct{}`

auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// InvalidArgument sends 400 (bad request) with "unable to parse body" as its message`
			`// and the "err" value as its details.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`func (e DefaultErrorHandler) InvalidArgument(ctx context.Context, err error) {`
			`errors.InvalidArgument.Details(ctx, "unable to parse body", err.Error())`
			`}`

auth: godoc: provider, claims provider, transformer, error handler and user helpers 2022-04-02 20:14:46 +02:00			`// Unauthenticated sends 401 (unauthenticated) with the "err" value as its message.`
rename the sso to auth package 2022-04-02 16:30:55 +02:00			`func (e DefaultErrorHandler) Unauthenticated(ctx context.Context, err error) {`
			`errors.Unauthenticated.Err(ctx, err)`
			`}`