core/oc-auth
6
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding

Browse Source
This commit is contained in:
mr
2024-10-28 14:58:11 +01:00
parent 05c4aab72a
commit 7198c40d30
37 changed files with 4181 additions and 610 deletions
Download Patch File Download Diff File Expand all files Collapse all files

539
swagger/swagger.json
View File

@@ -9,55 +9,248 @@
"email": "admin@o-cloud.io"
},
"license": {
"name": "MIT",
"url": "https://opensource.org/license/mit"
"name": "AGPL",
"url": "https://www.gnu.org/licenses/agpl-3.0.html"
}
},
"basePath": "/oc",
"paths": {
"/auth/": {
"/auth/claims": {
"post": {
"tags": [
"auth"
],
"description": "create auths\n\u003cbr\u003e",
"operationId": "AuthController.Create",
"description": "enrich token with claims\n\u003cbr\u003e",
"operationId": "OAuthController.Claims",
"parameters": [
{
"in": "body",
"name": "body",
"description": "The auth content",
"description": "The token info",
"required": true,
"schema": {
"type": "array",
"items": {
"$ref": "#/definitions/models.auth"
}
"$ref": "#/definitions/models.Token"
}
}
],
"responses": {
"200": {
"description": "{string} models.auth.Id"
},
"403": {
"description": "body is empty"
"description": "{string}"
}
}
}
},
"/auth/discover/{url}": {
"/auth/forward": {
"get": {
"tags": [
"auth"
],
"description": "find auth by authid\n\u003cbr\u003e",
"operationId": "AuthController.Get",
"description": "auth forward\n\u003cbr\u003e",
"operationId": "OAuthController.AuthForward",
"parameters": [
{
"in": "header",
"name": "Authorization",
"description": "auth token",
"type": "string"
},
{
"in": "body",
"name": "body",
"description": "The workflow content",
"required": true,
"schema": {
"$ref": "#/definitions/models.workflow"
}
}
],
"responses": {
"200": {
"description": "{string}"
}
}
}
},
"/auth/introspect": {
"get": {
"tags": [
"auth"
],
"description": "introspect token\n\u003cbr\u003e",
"operationId": "OAuthController.Introspection",
"parameters": [
{
"in": "header",
"name": "Authorization",
"description": "auth token",
"type": "string"
}
],
"responses": {
"200": {
"description": "{string}"
}
}
}
},
"/auth/ldap/login": {
"post": {
"tags": [
"auth"
],
"description": "authenticate user\n\u003cbr\u003e",
"operationId": "OAuthController.Login",
"parameters": [
{
"in": "body",
"name": "body",
"description": "The workflow content",
"required": true,
"schema": {
"$ref": "#/definitions/models.workflow"
}
}
],
"responses": {
"200": {
"description": "{string}"
}
}
}
},
"/auth/ldap/logout": {
"delete": {
"tags": [
"auth"
],
"description": "unauthenticate user\n\u003cbr\u003e",
"operationId": "OAuthController.Logout",
"parameters": [
{
"in": "header",
"name": "Authorization",
"description": "auth token",
"type": "string"
}
],
"responses": {
"200": {
"description": "{string}"
}
}
}
},
"/auth/refresh": {
"post": {
"tags": [
"auth"
],
"description": "introspect token\n\u003cbr\u003e",
"operationId": "OAuthController.Introspection",
"parameters": [
{
"in": "body",
"name": "body",
"description": "The token info",
"required": true,
"schema": {
"$ref": "#/definitions/models.Token"
}
}
],
"responses": {
"200": {
"description": "{string}"
}
}
}
},
"/permission/": {
"get": {
"tags": [
"permission"
],
"description": "find permissions\n\u003cbr\u003e",
"operationId": "PermissionController.GetAll",
"responses": {
"200": {
"description": "{permission} string"
}
}
}
},
"/permission/clear": {
"delete": {
"tags": [
"permission"
],
"description": "clear the permission\n\u003cbr\u003e",
"operationId": "PermissionController.Clear",
"responses": {
"200": {
"description": "{string} delete success!"
}
}
}
},
"/permission/role/{id}": {
"get": {
"tags": [
"permission"
],
"description": "find permission by role id\n\u003cbr\u003e",
"operationId": "PermissionController.GetByRole",
"parameters": [
{
"in": "path",
"name": "authId",
"description": "the authid you want to get",
"name": "id",
"description": "the id you want to get",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{auth} string"
}
}
}
},
"/permission/user/{id}": {
"get": {
"tags": [
"permission"
],
"description": "find permission by user id\n\u003cbr\u003e",
"operationId": "PermissionController.GetByUser",
"parameters": [
{
"in": "path",
"name": "id",
"description": "the id you want to get",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{auth} string"
}
}
}
},
"/permission/{id}/{relation[get]}": {
"get": {
"tags": [
"permission"
],
"description": "find auth by permission\n\u003cbr\u003e",
"operationId": "PermissionController.Get",
"parameters": [
{
"in": "path",
"name": "id",
"description": "the permission you want to get",
"required": true,
"type": "string"
}
@@ -65,75 +258,187 @@
"responses": {
"200": {
"description": "{auth} models.auth"
},
"403": {
"description": ":authId is empty"
}
}
}
},
"/auth/find/{query}": {
"get": {
"/permission/{permission_id}/{role_id}/{relation}": {
"post": {
"tags": [
"auth"
"permission"
],
"description": "find auths with query\n\u003cbr\u003e",
"operationId": "AuthController.Find",
"description": "bind the permission to role\n\u003cbr\u003e",
"operationId": "PermissionController.Bind",
"parameters": [
{
"in": "path",
"name": "query",
"description": "the keywords you need",
"name": "role_id",
"description": "The role_id you want to bind",
"required": true,
"type": "string"
},
{
"in": "path",
"name": "method",
"description": "The method you want to relate role \u0026 permission",
"required": true,
"type": "string"
},
{
"in": "path",
"name": "permission_id",
"description": "The permission_id you want to bind",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{auths} []models.auth"
},
"403": {
"description": ""
}
}
}
},
"/auth/{authId}": {
"get": {
"tags": [
"auth"
],
"description": "find auth by authid\n\u003cbr\u003e",
"operationId": "AuthController.Get",
"parameters": [
{
"in": "path",
"name": "authId",
"description": "the authid you want to get",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{auth} models.auth"
},
"403": {
"description": ":authId is empty"
"description": "{string} bind success!"
}
}
},
"delete": {
"tags": [
"auth"
"permission"
],
"description": "delete the auth\n\u003cbr\u003e",
"operationId": "AuthController.Delete",
"description": "unbind the permission to role\n\u003cbr\u003e",
"operationId": "PermissionController.UnBind",
"parameters": [
{
"in": "path",
"name": "authId",
"description": "The authId you want to delete",
"name": "role_id",
"description": "The role_id you want to unbind",
"required": true,
"type": "string"
},
{
"in": "path",
"name": "relation",
"description": "The method you want to unrelate role \u0026 permission",
"required": true,
"type": "string"
},
{
"in": "path",
"name": "permission_id",
"description": "The permission_id you want to unbind",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{string} bind success!"
}
}
}
},
"/role/": {
"get": {
"tags": [
"role"
],
"description": "find roles\n\u003cbr\u003e",
"operationId": "RoleController.GetAll",
"responses": {
"200": {
"description": "{role} string"
}
}
}
},
"/role/clear": {
"delete": {
"tags": [
"role"
],
"description": "clear the role\n\u003cbr\u003e",
"operationId": "RoleController.Clear",
"responses": {
"200": {
"description": "{string} delete success!"
}
}
}
},
"/role/user/{id}": {
"get": {
"tags": [
"role"
],
"description": "find role by user id\n\u003cbr\u003e",
"operationId": "RoleController.GetByUser",
"parameters": [
{
"in": "path",
"name": "id",
"description": "the id you want to get",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{auth} string"
}
}
}
},
"/role/{id}": {
"get": {
"tags": [
"role"
],
"description": "find role by id\n\u003cbr\u003e",
"operationId": "RoleController.Get",
"parameters": [
{
"in": "path",
"name": "id",
"description": "the id you want to get",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{role} string"
}
}
},
"post": {
"tags": [
"role"
],
"description": "create role\n\u003cbr\u003e",
"operationId": "RoleController.Create",
"parameters": [
{
"in": "path",
"name": "id",
"description": "the id you want to get",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{auth} create success!"
}
}
},
"delete": {
"tags": [
"role"
],
"description": "delete the role\n\u003cbr\u003e",
"operationId": "RoleController.Delete",
"parameters": [
{
"in": "path",
"name": "id",
"description": "The id you want to delete",
"required": true,
"type": "string"
}
@@ -141,37 +446,64 @@
"responses": {
"200": {
"description": "{string} delete success!"
},
"403": {
"description": "authId is empty"
}
}
}
},
"/registration/": {
"/role/{user_id}/{role_id}": {
"post": {
"tags": [
"registration"
"role"
],
"description": "create auths\n\u003cbr\u003e",
"operationId": "RegistrationController.Create",
"description": "bind the role to user\n\u003cbr\u003e",
"operationId": "RoleController.Bind",
"parameters": [
{
"in": "body",
"name": "body",
"description": "The app info",
"in": "path",
"name": "user_id",
"description": "The user_id you want to bind",
"required": true,
"schema": {
"$ref": "#/definitions/models.Application"
}
"type": "string"
},
{
"in": "path",
"name": "role_id",
"description": "The role_id you want to bind",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{string} models.auth.Id"
"description": "{string} bind success!"
}
}
},
"delete": {
"tags": [
"role"
],
"description": "unbind the role to user\n\u003cbr\u003e",
"operationId": "RoleController.UnBind",
"parameters": [
{
"in": "path",
"name": "role_id",
"description": "The role_id you want to unbind",
"required": true,
"type": "string"
},
"403": {
"description": "body is empty"
{
"in": "path",
"name": "user_id",
"description": "The user_id you want to unbind",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{string} bind success!"
}
}
}
@@ -189,32 +521,29 @@
}
}
}
},
"/version/discovery": {
"get": {
"tags": [
"version"
],
"description": "get version\n\u003cbr\u003e",
"operationId": "VersionController.Get",
"responses": {
"200": {
"description": ""
}
}
}
}
},
"definitions": {
"models.Application": {
"title": "Application",
"type": "object",
"properties": {
"access_token": {
"type": "string"
},
"callback_url": {
"type": "string"
},
"client_id": {
"type": "string"
},
"client_name": {
"type": "string"
},
"client_secret": {
"type": "string"
}
}
"models.Token": {
"title": "Token",
"type": "object"
},
"models.auth": {
"title": "auth",
"models.workflow": {
"title": "workflow",
"type": "object"
}
},
@@ -224,7 +553,11 @@
"description": "Operations about auth\n"
},
{
"name": "registration",
"name": "role",
"description": "Operations about auth\n"
},
{
"name": "permission",
"description": "Operations about auth\n"
},
{

437
swagger/swagger.yml
View File

@@ -8,127 +8,375 @@ info:
contact:
email: admin@o-cloud.io
license:
name: MIT
url: https://opensource.org/license/mit
name: AGPL
url: https://www.gnu.org/licenses/agpl-3.0.html
basePath: /oc
paths:
/auth/:
/auth/claims:
post:
tags:
- auth
description: |-
create auths
enrich token with claims
<br>
operationId: AuthController.Create
operationId: OAuthController.Claims
parameters:
- in: body
name: body
description: The auth content
description: The token info
required: true
schema:
type: array
items:
$ref: '#/definitions/models.auth'
$ref: '#/definitions/models.Token'
responses:
"200":
description: '{string} models.auth.Id'
"403":
description: body is empty
/auth/{authId}:
description: '{string}'
/auth/forward:
get:
tags:
- auth
description: |-
find auth by authid
auth forward
<br>
operationId: AuthController.Get
operationId: OAuthController.AuthForward
parameters:
- in: header
name: Authorization
description: auth token
type: string
- in: body
name: body
description: The workflow content
required: true
schema:
$ref: '#/definitions/models.workflow'
responses:
"200":
description: '{string}'
/auth/introspect:
get:
tags:
- auth
description: |-
introspect token
<br>
operationId: OAuthController.Introspection
parameters:
- in: header
name: Authorization
description: auth token
type: string
responses:
"200":
description: '{string}'
/auth/ldap/login:
post:
tags:
- auth
description: |-
authenticate user
<br>
operationId: OAuthController.Login
parameters:
- in: body
name: body
description: The workflow content
required: true
schema:
$ref: '#/definitions/models.workflow'
responses:
"200":
description: '{string}'
/auth/ldap/logout:
delete:
tags:
- auth
description: |-
unauthenticate user
<br>
operationId: OAuthController.Logout
parameters:
- in: header
name: Authorization
description: auth token
type: string
responses:
"200":
description: '{string}'
/auth/refresh:
post:
tags:
- auth
description: |-
introspect token
<br>
operationId: OAuthController.Introspection
parameters:
- in: body
name: body
description: The token info
required: true
schema:
$ref: '#/definitions/models.Token'
responses:
"200":
description: '{string}'
/permission/:
get:
tags:
- permission
description: |-
find permissions
<br>
operationId: PermissionController.GetAll
responses:
"200":
description: '{permission} string'
/permission/{id}/{relation[get]}:
get:
tags:
- permission
description: |-
find auth by permission
<br>
operationId: PermissionController.Get
parameters:
- in: path
name: authId
description: the authid you want to get
name: id
description: the permission you want to get
required: true
type: string
responses:
"200":
description: '{auth} models.auth'
"403":
description: :authId is empty
delete:
/permission/{permission_id}/{role_id}/{relation}:
post:
tags:
- auth
- permission
description: |-
delete the auth
bind the permission to role
<br>
operationId: AuthController.Delete
operationId: PermissionController.Bind
parameters:
- in: path
name: authId
description: The authId you want to delete
name: role_id
description: The role_id you want to bind
required: true
type: string
- in: path
name: method
description: The method you want to relate role & permission
required: true
type: string
- in: path
name: permission_id
description: The permission_id you want to bind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
delete:
tags:
- permission
description: |-
unbind the permission to role
<br>
operationId: PermissionController.UnBind
parameters:
- in: path
name: role_id
description: The role_id you want to unbind
required: true
type: string
- in: path
name: relation
description: The method you want to unrelate role & permission
required: true
type: string
- in: path
name: permission_id
description: The permission_id you want to unbind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
/permission/clear:
delete:
tags:
- permission
description: |-
clear the permission
<br>
operationId: PermissionController.Clear
responses:
"200":
description: '{string} delete success!'
/permission/role/{id}:
get:
tags:
- permission
description: |-
find permission by role id
<br>
operationId: PermissionController.GetByRole
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} string'
/permission/user/{id}:
get:
tags:
- permission
description: |-
find permission by user id
<br>
operationId: PermissionController.GetByUser
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} string'
/role/:
get:
tags:
- role
description: |-
find roles
<br>
operationId: RoleController.GetAll
responses:
"200":
description: '{role} string'
/role/{id}:
get:
tags:
- role
description: |-
find role by id
<br>
operationId: RoleController.Get
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{role} string'
post:
tags:
- role
description: |-
create role
<br>
operationId: RoleController.Create
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} create success!'
delete:
tags:
- role
description: |-
delete the role
<br>
operationId: RoleController.Delete
parameters:
- in: path
name: id
description: The id you want to delete
required: true
type: string
responses:
"200":
description: '{string} delete success!'
"403":
description: authId is empty
/auth/discover/{url}:
get:
tags:
- auth
description: |-
find auth by authid
<br>
operationId: AuthController.Get
parameters:
- in: path
name: authId
description: the authid you want to get
required: true
type: string
responses:
"200":
description: '{auth} models.auth'
"403":
description: :authId is empty
/auth/find/{query}:
get:
tags:
- auth
description: |-
find auths with query
<br>
operationId: AuthController.Find
parameters:
- in: path
name: query
description: the keywords you need
required: true
type: string
responses:
"200":
description: '{auths} []models.auth'
"403":
description: ""
/registration/:
/role/{user_id}/{role_id}:
post:
tags:
- registration
- role
description: |-
create auths
bind the role to user
<br>
operationId: RegistrationController.Create
operationId: RoleController.Bind
parameters:
- in: body
name: body
description: The app info
- in: path
name: user_id
description: The user_id you want to bind
required: true
schema:
$ref: '#/definitions/models.Application'
type: string
- in: path
name: role_id
description: The role_id you want to bind
required: true
type: string
responses:
"200":
description: '{string} models.auth.Id'
"403":
description: body is empty
description: '{string} bind success!'
delete:
tags:
- role
description: |-
unbind the role to user
<br>
operationId: RoleController.UnBind
parameters:
- in: path
name: role_id
description: The role_id you want to unbind
required: true
type: string
- in: path
name: user_id
description: The user_id you want to unbind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
/role/clear:
delete:
tags:
- role
description: |-
clear the role
<br>
operationId: RoleController.Clear
responses:
"200":
description: '{string} delete success!'
/role/user/{id}:
get:
tags:
- role
description: |-
find role by user id
<br>
operationId: RoleController.GetByUser
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} string'
/version/:
get:
tags:
@@ -140,29 +388,32 @@ paths:
responses:
"200":
description: ""
/version/discovery:
get:
tags:
- version
description: |-
get version
<br>
operationId: VersionController.Get
responses:
"200":
description: ""
definitions:
models.Application:
title: Application
models.Token:
title: Token
type: object
properties:
access_token:
type: string
callback_url:
type: string
client_id:
type: string
client_name:
type: string
client_secret:
type: string
models.auth:
title: auth
models.workflow:
title: workflow
type: object
tags:
- name: auth
description: |
Operations about auth
- name: registration
- name: role
description: |
Operations about auth
- name: permission
description: |
Operations about auth
- name: version