Documentation
¶
Index ¶
- Constants
- Variables
- func DeviceTPMAuth(deviceStore *store.DeviceStore, nonceStore *NonceStore, verifier tpm.Verifier, ...) gin.HandlerFunc
- func NexusAuth(cfg *config.Config, clientCAs *x509.CertPool, logger *slog.Logger) gin.HandlerFunc
- func RateLimit(globalRPS, perIPRPS int) gin.HandlerFunc
- func RequestIDMiddleware() gin.HandlerFunc
- type NonceStore
Constants ¶
View Source
const ( ContextKeyDeviceID = "device_id" ContextKeyDevice = "device" ContextKeyRequestID = "request_id" )
ContextKeys for values stored in Gin context
Variables ¶
View Source
var ( ErrNonceNotFound = errors.New("nonce not found or expired") ErrNonceCapacity = errors.New("nonce store at capacity") )
Functions ¶
func DeviceTPMAuth ¶
func DeviceTPMAuth(deviceStore *store.DeviceStore, nonceStore *NonceStore, verifier tpm.Verifier, logger *slog.Logger) gin.HandlerFunc
DeviceTPMAuth validates per-request TPM attestation.
func RateLimit ¶
func RateLimit(globalRPS, perIPRPS int) gin.HandlerFunc
RateLimit implements a simple token bucket rate limiter with periodic cleanup.
func RequestIDMiddleware ¶
func RequestIDMiddleware() gin.HandlerFunc
RequestIDMiddleware adds a unique request ID to each request.
Types ¶
type NonceStore ¶
type NonceStore struct {
// contains filtered or unexported fields
}
func NewNonceStore ¶
func NewNonceStore(logger *slog.Logger) *NonceStore
func (*NonceStore) CleanupLoop ¶
func (s *NonceStore) CleanupLoop(ctx context.Context)
CleanupLoop removes expired nonces periodically.
func (*NonceStore) Consume ¶
func (s *NonceStore) Consume(nonce string) error
Consume validates and removes a nonce (one-time use).
Source Files
Click to show internal directories.
Click to hide internal directories.