auth

package
v0.0.0-...-baf35ca Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2025 License: AGPL-3.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrCredentialsInvalid = errors.New("invalid credentials")
View Source 
var ErrTokenInvalid = errors.New("invalid token")

Functions

func ConnectionInfoJSON 

func ConnectionInfoJSON(ip, device, userAgent string) []byte

func CreateLoginToken 

func CreateLoginToken(db db.TxHandler, email string) (core.User, string, error)

func CreateResetToken 

func CreateResetToken(db db.TxHandler, email string) (core.User, string, error)

func GenerateAPIKey 

func GenerateAPIKey(db db.Handler, auth *Auth, description string) (string, string, string, error)

func Initialize 

func Initialize(cfg Config, log zerolog.Logger) error

func MagicLinksEnabled 

func MagicLinksEnabled() bool

func OpenIDProviders 

func OpenIDProviders() []openid.Provider

func OpenIDStart 

func OpenIDStart(db db.Handler, providerName, redirectURI string, clientType OpenIDClientType) (string, error)

func PasswordAuthEnabled 

func PasswordAuthEnabled() bool

func PasswordResetEnabled 

func PasswordResetEnabled() bool

func RevokeAPIKey 

func RevokeAPIKey(db db.Handler, userID int32, keyIDStr string, delete bool) error

func UpdateAPIKeyDescription 

func UpdateAPIKeyDescription(db db.Handler, userID int32, keyIDStr string, description string) error

func UpdateUserPassword 

func UpdateUserPassword(db db.TxHandler, email, password string) error

func VerifyAndChangeUserPassword 

func VerifyAndChangeUserPassword(db db.Handler, email, oldPassword, newPassword string) error

Types

type APIKey 

type APIKey struct {
	ID          string
	Created     time.Time
	Expires     pgtype.Timestamptz
	Description string
	Scopes      []string
	LastUsed    ConnectionInfo
}

func ListAPIKeys 

func ListAPIKeys(db db.Handler, userID int32, includeExpired bool) ([]APIKey, error)

type Auth 

type Auth struct {
	// contains filtered or unexported fields
}

func NewAuth 

func NewAuth(auth *Auth, expires pgtype.Timestamptz, scopes []string) (*Auth, error)

func NewSUAuth 

func NewSUAuth(user core.User) *Auth

func PerformPasswordLogin 

func PerformPasswordLogin(db db.TxHandler, email, password string) (auth *Auth, apiToken string, err error)

func PerformTokenLogin 

func PerformTokenLogin(db db.TxHandler, encodedToken string) (*Auth, string, error)

func ReadAPIKey 

func ReadAPIKey(db db.Handler, keyIDStr, keyStr string, connectionInfo []byte) (*Auth, error)

func ReadAPIToken 

func ReadAPIToken(db db.Handler, encodedKey string, connectionInfo []byte) (*Auth, error)

func ResetUserPassword 

func ResetUserPassword(db db.TxHandler, email, resetToken, password string) (auth *Auth, apiToken string, err error)

func VerifyUserPassword 

func VerifyUserPassword(d db.Handler, email, password string) (*Auth, error)

func (*Auth) GetFileSystem 

func (a *Auth) GetFileSystem(db db.Handler, rootOverride pgtype.UUID) *core.FileSystem

func (*Auth) HasScope 

func (a *Auth) HasScope(scope string) bool

HasScope checks whether or not this authorization includes the given scope, given the following rules:

  • Scopes are nested using ":"
  • All nested scopes are included for a given scope none are specified
  • "*" matches all scopes at that level of nesting (above point applies)

Examples:

  • "user:profile" is included in "user", which is included in "*"
  • "files:read:id" is included in "files:read", as well as "files:*:id" which are both included in "files", which itself is included in "*"

func (*Auth) UserID 

func (a *Auth) UserID() int32

func (*Auth) UserPermissions 

func (a *Auth) UserPermissions() core.UserPermissions

type Config 

type Config struct {
	AutoCreate                   []string       `koanf:"auto_create"`
	SuppressMultiProviderWarning bool           `koanf:"suppress_multi_provider_warning"`
	Password                     PasswordConfig `koanf:"password"`
	MagicLinks                   bool           `koanf:"magic_links"`
	OpenID                       openid.Config  `koanf:"openid"`
}

type ConnectionInfo 

type ConnectionInfo struct {
	Time   int64  `json:"timestamp"`
	IP     string `json:"ip"`
	Device string `json:"device"`
}

type OpenIDClientType 

type OpenIDClientType uint8
const (
	OpenIDClientNone OpenIDClientType = iota
	OpenIDClientWeb
	OpenIDClientNative
)

func OpenIDValidateAuthCode 

func OpenIDValidateAuthCode(d db.Handler, state, authCode, redirectURI string) (OpenIDClientType, error)

type PasswordBackend 

type PasswordBackend interface {
	SupportsPasswordUpdate() bool
	VerifyUserPassword(db db.Handler, email, password string) (bool, error)
	UpdateUserPassword(db db.Handler, email, password string) error
}

type PasswordConfig 

type PasswordConfig struct {
	Backend      string               `koanf:"backend"`
	ResetEnabled bool                 `koanf:"reset_enabled"`
	Crypt        crypt.Config         `koanf:"crypt"`
	LDAP         ldap.Config          `koanf:"ldap"`
	Requirements PasswordRequirements `koanf:"requirements"`
}

type PasswordRequirements 

type PasswordRequirements struct {
	Length  int `koanf:"length"`
	Lower   int `koanf:"lower"`
	Upper   int `koanf:"upper"`
	Numeric int `koanf:"numeric"`
	Symbols int `koanf:"symbols"`
}

type PasswordRequirementsError 

type PasswordRequirementsError struct {
	// contains filtered or unexported fields
}

func (PasswordRequirementsError) Error 

func (e PasswordRequirementsError) Error() string

Source Files

View all Source files

Directories

Path Synopsis
argon2
pbkdf2

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.