Skip to content

libesz/auth

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODES.md
CODES.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE.md
LICENSE.md
 
 
METRICS.md
METRICS.md
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
client.go
client.go
 
 
client_config.go
client_config.go
 
 
client_factory.go
client_factory.go
 
 
client_impl.go
client_impl.go
 
 
client_test.go
client_test.go
 
 
codes.go
codes.go
 
 
codes_doc.go
codes_doc.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
handler.go
handler.go
 
 
handler_factory.go
handler_factory.go
 
 
handler_impl.go
handler_impl.go
 
 
integration_test.go
integration_test.go
 
 
metrics.go
metrics.go
 
 
protocol.go
protocol.go
 
 
server.go
server.go
 
 

Repository files navigation

ContainerSSH - Launch Containers on Demand

ContainerSSH Authentication Library

Go Report Card LGTM Alerts

This library provides the server and client components for the authentication webhook

⚠⚠⚠ Warning: This is a developer documentation. ⚠⚠⚠
The user documentation for ContainerSSH is located at containerssh.io.

Creating a server

As a core component for your authentication server you will have to implement the Handler interface:

type myHandler struct {
}

func (h *myHandler) OnPassword(
    Username string,
    Password []byte,
    RemoteAddress string,
    ConnectionID string,
) (bool, error) {
    if Username == "foo" && string(Password) == "bar" {
        return true, nil
    }
    if Username == "crash" {
        // Simulate a database failure
        return false, fmt.Errorf("database error")
    }
    return false, nil
}

func (h *myHandler) OnPubKey(
    Username string,
    // PublicKey is the public key in the authorized key format.
    PublicKey string,
    RemoteAddress string,
    ConnectionID string,
) (bool, error) {
    // Handle public key auth here
}

Then you can use this handler to create a simple web server using the http library. The server requires using the lifecycle facility from the service library. You can create the server as follows:

server := auth.NewServer(
    http.ServerConfiguration{
        Listen: "127.0.0.1:8080",
    },
    &myHandler{},
    logger,
)

lifecycle := service.NewLifecycle(server)

go func() {
    if err := lifecycle.Run(); err != nil {
        // Handle error
    }
}

// When done, shut down server with an optional context for the shutdown deadline
lifecycle.Stop(context.Background())

The logger is a logger from the github.com/containerssh/log package. The server configuration optionally allows you to configure mutual TLS authentication. See the documentation for details.

You can also use the authentication handler with the native Go HTTP library:

func main() {
    logger := log.New(...)
    httpHandler := auth.NewHandler(&myHandler{}, logger)
    http.HandleFunc("/auth", httpHandler)
    http.ListenAndServe(":8090", nil)
}

Creating a client

This library also provides a HTTP client for authentication servers. This library can be used as follows:

client := auth.NewHttpAuthClient(
    auth.ClientConfig{
        URL: "http://localhost:8080"
        Password: true,
        PubKey: false,
        // This is the timeout for individual requests.
        Timeout: 2 * time.Second,
        // This is the overall timeout for the authentication process.
        AuthTimeout: 60 * time.Second,
    },
    logger,
)

success, err := client.Password(
    "foo",
    []byte("bar"),
    "0123456789ABCDEF",
    ip
) (bool, error)

success, err := client.PubKey(
    "foo",
    "ssh-rsa ...",
    "0123456789ABCDEF",
    ip
) (bool, error)

About

ContainerSSH authentication library

containerssh.io/

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Languages

  • Go 100.0%