github.com/kiali/kiali@v1.84.0/business/authentication/auth_controller.go (about) 1 package authentication 2 3 import ( 4 "fmt" 5 "net/http" 6 "time" 7 8 "k8s.io/client-go/tools/clientcmd/api" 9 ) 10 11 // TerminateSessionError is a helper type implementing the error interface. 12 // Its main goal is to pass the right HTTP status code that should be sent 13 // to the client if a session Logout operation fails. 14 type TerminateSessionError struct { 15 // A description of the error. 16 Message string 17 18 // The HTTP Status code that should be sent to the client. 19 HttpStatus int 20 } 21 22 // Error returns the string representation of an instance of TerminateSessionError. 23 func (e TerminateSessionError) Error() string { 24 return e.Message 25 } 26 27 // AuthController is the interface that all Kiali authentication strategies should implement. 28 // An authentication controller is initialized during Kiali startup. 29 type AuthController interface { 30 // Authenticate handles an HTTP request that contains credentials. The method to pass the credentials 31 // is chosen by the authentication controller implementation. The credentials are verified and if 32 // it is supported by the controller, RBAC permissions are verified to ensure that the logging in user 33 // has enough privileges to login to Kiali. 34 // An AuthenticationFailureError is returned if the authentication request is rejected (unauthorized). Any 35 // other kind of error means that something unexpected happened. 36 Authenticate(r *http.Request, w http.ResponseWriter) (*UserSessionData, error) 37 38 // ValidateSession restores a session previously created by the Authenticate function. The validity of 39 // the restored should be verified as much as possible by the implementing controllers. 40 // If the session is still valid, a populated UserSessionData is returned. Otherwise, nil is returned. 41 ValidateSession(r *http.Request, w http.ResponseWriter) (*UserSessionData, error) 42 43 // TerminateSession performs the needed procedures to terminate an existing session. If there is no 44 // active session, nothing is performed. If there is some invalid session, it is cleared. 45 TerminateSession(r *http.Request, w http.ResponseWriter) error 46 } 47 48 // UserSessionData userSessionData 49 // This is used for returning the token 50 // swagger:model UserSessionData 51 type UserSessionData struct { 52 // The expired time for the token 53 // A string with the Datetime when the token will be expired 54 // 55 // example: Thu, 07 Mar 2019 17:50:26 +0000 56 // required: true 57 ExpiresOn time.Time `json:"expiresOn"` 58 59 // The username for the token 60 // A string with the user's username 61 // 62 // example: admin 63 // required: true 64 Username string `json:"username"` 65 66 // The authentication information of the user to access the cluster API 67 // It is usually only a bearer token that can be used to connect to the cluster API. 68 // However, it is possible to add more options, like impersonation attributes. 69 // 70 // required: true 71 AuthInfo *api.AuthInfo `json:"-"` 72 } 73 74 // AuthenticationFailureError is a helper Error to assist callers of the TokenAuthController.Authenticate 75 // function in distinguishing between authentication failures and 76 // unexpected errors. 77 type AuthenticationFailureError struct { 78 // Wraps the error causing the authentication failure 79 Detail error 80 81 // The status code that should have the HTTP response for this error. 82 HttpStatus int 83 84 // A description of the authentication failure 85 Reason string 86 } 87 88 // Error returns the string representation of an AuthenticationFailureError 89 func (e *AuthenticationFailureError) Error() string { 90 if e.Detail != nil { 91 return fmt.Sprintf("%s: %v", e.Reason, e.Detail) 92 } 93 94 return e.Reason 95 }