auth

package
v0.112.1-nightly Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 22, 2026 License: AGPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const WireGuardSubnet = "10.0.0.0/24"

WireGuardSubnet is the internal WireGuard mesh CIDR.

Variables

This section is empty.

Functions

func ClearAllCredentials 

func ClearAllCredentials() error

ClearAllCredentials removes all stored credentials

func FormatWalletAddress 

func FormatWalletAddress(address string) string

FormatWalletAddress formats a wallet address consistently

func GenerateRandomString 

func GenerateRandomString(length int) (string, error)

GenerateRandomString generates a cryptographically secure random string

func GetCredentialsPath 

func GetCredentialsPath() (string, error)

GetCredentialsPath returns the path to the credentials file

func GetDefaultGatewayURL 

func GetDefaultGatewayURL() string

GetDefaultGatewayURL returns the default gateway URL from environment config, env vars, or fallback

func HasValidCredentials 

func HasValidCredentials() (bool, error)

HasValidCredentials checks if there are valid credentials for the default gateway

func HasValidEnhancedCredentials 

func HasValidEnhancedCredentials() (bool, error)

HasValidEnhancedCredentials checks if there are valid credentials for the default gateway

func IsRootWalletInstalled 

func IsRootWalletInstalled() bool

IsRootWalletInstalled checks if the `rw` CLI is available in PATH

func IsWireGuardPeer 

func IsWireGuardPeer(remoteAddr string) bool

IsWireGuardPeer checks whether remoteAddr (host:port format) originates from the WireGuard mesh subnet. This provides cryptographic peer authentication since WireGuard validates keys at the tunnel layer.

func SaveCredentialsForDefaultGateway 

func SaveCredentialsForDefaultGateway(creds *Credentials) error

SaveCredentialsForDefaultGateway saves credentials for the default gateway

func ValidateWalletAddress 

func ValidateWalletAddress(address string) bool

ValidateWalletAddress validates that a wallet address is properly formatted

Types

type AuthChoice 

type AuthChoice int

AuthChoice represents user's choice during authentication 

const (
	AuthChoiceUseCredential AuthChoice = iota
	AuthChoiceAddCredential
	AuthChoiceLogout
	AuthChoiceExit
)

type AuthServer 

type AuthServer struct {
	// contains filtered or unexported fields
}

AuthServer handles the local HTTP server for receiving auth callbacks

func NewAuthServer 

func NewAuthServer() (*AuthServer, error)

NewAuthServer creates a new authentication callback server

func (*AuthServer) Close 

func (as *AuthServer) Close() error

Close shuts down the authentication server

func (*AuthServer) GetPort 

func (as *AuthServer) GetPort() int

GetPort returns the port the server is listening on

type CredentialStore 

type CredentialStore struct {
	Gateways map[string]*Credentials `json:"gateways"`
	Version  string                  `json:"version"`
}

CredentialStore manages credentials for multiple gateways

func LoadCredentials 

func LoadCredentials() (*CredentialStore, error)

LoadCredentials loads credentials from ~/.orama/credentials.json

func (*CredentialStore) GetCredentialsForGateway 

func (store *CredentialStore) GetCredentialsForGateway(gatewayURL string) (*Credentials, bool)

GetCredentialsForGateway returns credentials for a specific gateway URL

func (*CredentialStore) RemoveCredentialsForGateway 

func (store *CredentialStore) RemoveCredentialsForGateway(gatewayURL string)

RemoveCredentialsForGateway removes credentials for a specific gateway URL

func (*CredentialStore) SaveCredentials 

func (store *CredentialStore) SaveCredentials() error

SaveCredentials saves credentials to ~/.orama/credentials.json

func (*CredentialStore) SetCredentialsForGateway 

func (store *CredentialStore) SetCredentialsForGateway(gatewayURL string, creds *Credentials)

SetCredentialsForGateway stores credentials for a specific gateway URL

type Credentials 

type Credentials struct {
	APIKey       string    `json:"api_key"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	Namespace    string    `json:"namespace"`
	UserID       string    `json:"user_id,omitempty"`
	Wallet       string    `json:"wallet,omitempty"`
	ExpiresAt    time.Time `json:"expires_at,omitempty"`
	IssuedAt     time.Time `json:"issued_at"`
	LastUsedAt   time.Time `json:"last_used_at,omitempty"`
	Plan         string    `json:"plan,omitempty"`
	NamespaceURL string    `json:"namespace_url,omitempty"`

	// ProvisioningPollURL is set when namespace cluster is being provisioned.
	// Used only during the login flow, not persisted.
	ProvisioningPollURL string `json:"-"`
}

Credentials represents authentication credentials for a specific gateway

func GetOrPromptForCredentials 

func GetOrPromptForCredentials(gatewayURL string) (*Credentials, error)

GetOrPromptForCredentials handles the complete authentication flow

func GetValidEnhancedCredentials 

func GetValidEnhancedCredentials() (*Credentials, error)

GetValidEnhancedCredentials returns valid credentials for the default gateway

func PerformPhantomAuthentication 

func PerformPhantomAuthentication(gatewayURL, namespace string) (*Credentials, error)

PerformPhantomAuthentication runs the Phantom Solana auth flow: 1. Prompt for namespace 2. Create session via gateway 3. Display QR code in terminal 4. Poll for completion 5. Return credentials

func PerformRootWalletAuthentication 

func PerformRootWalletAuthentication(gatewayURL, namespace string) (*Credentials, error)

PerformRootWalletAuthentication performs a challenge-response authentication flow using the RootWallet CLI to sign a gateway-issued nonce

func PerformSimpleAuthentication added in v0.69.13 

func PerformSimpleAuthentication(gatewayURL, wallet, namespace, existingAPIKey string) (*Credentials, error)

PerformSimpleAuthentication performs a simple authentication flow where the user provides a wallet address and receives an API key without signature verification. Requires an existing valid API key (convenience re-auth only).

func PerformWalletAuthentication 

func PerformWalletAuthentication(gatewayURL string) (*Credentials, error)

PerformWalletAuthentication starts the complete wallet authentication flow

func (*Credentials) IsExpired 

func (creds *Credentials) IsExpired() bool

IsExpired checks if credentials are expired

func (*Credentials) IsValid 

func (creds *Credentials) IsValid() bool

IsValid checks if credentials are valid (not empty and not expired)

func (*Credentials) UpdateLastUsed 

func (creds *Credentials) UpdateLastUsed()

UpdateLastUsed updates the last used timestamp

type EnhancedCredentialStore 

type EnhancedCredentialStore struct {
	Gateways map[string]*GatewayCredentials `json:"gateways"`
	Version  string                         `json:"version"`
}

EnhancedCredentialStore manages multiple credentials per gateway

func LoadEnhancedCredentials 

func LoadEnhancedCredentials() (*EnhancedCredentialStore, error)

LoadEnhancedCredentials loads the enhanced credential store, with migration support from legacy v2.0 format

func (*EnhancedCredentialStore) AddCredential 

func (store *EnhancedCredentialStore) AddCredential(gatewayURL string, creds *Credentials)

AddCredential adds a new credential for the gateway

func (*EnhancedCredentialStore) ClearAllCredentials 

func (store *EnhancedCredentialStore) ClearAllCredentials()

ClearAllCredentials removes all credentials

func (*EnhancedCredentialStore) DisplayCredentialMenu 

func (store *EnhancedCredentialStore) DisplayCredentialMenu(gatewayURL string) (AuthChoice, int, error)

DisplayCredentialMenu shows the interactive credential selection menu

func (*EnhancedCredentialStore) GetDefaultCredential 

func (store *EnhancedCredentialStore) GetDefaultCredential(gatewayURL string) *Credentials

GetDefaultCredential returns the default credential for a gateway

func (*EnhancedCredentialStore) RemoveCredentialByNamespace 

func (store *EnhancedCredentialStore) RemoveCredentialByNamespace(gatewayURL, namespace string) bool

RemoveCredentialByNamespace removes the credential for a specific namespace from a gateway. Returns true if a credential was removed.

func (*EnhancedCredentialStore) Save 

func (store *EnhancedCredentialStore) Save() error

Save saves the enhanced credential store

func (*EnhancedCredentialStore) SetDefaultCredential 

func (store *EnhancedCredentialStore) SetDefaultCredential(gatewayURL string, index int) bool

SetDefaultCredential sets the default credential by index

type GatewayCredentials 

type GatewayCredentials struct {
	Credentials   []*Credentials `json:"credentials"`
	DefaultIndex  int            `json:"default_index"`
	LastUsedIndex int            `json:"last_used_index"`
}

GatewayCredentials holds multiple credentials for a single gateway

type PhantomSession 

type PhantomSession struct {
	SessionID string `json:"session_id"`
	ExpiresAt string `json:"expires_at"`
}

PhantomSession represents a phantom auth session from the gateway.

type PhantomSessionStatus 

type PhantomSessionStatus struct {
	SessionID string `json:"session_id"`
	Status    string `json:"status"`
	Wallet    string `json:"wallet"`
	APIKey    string `json:"api_key"`
	Namespace string `json:"namespace"`
	Error     string `json:"error"`
}

PhantomSessionStatus represents the polled status of a phantom auth session.

type WalletAuthResult 

type WalletAuthResult struct {
	APIKey       string `json:"api_key"`
	RefreshToken string `json:"refresh_token,omitempty"`
	Namespace    string `json:"namespace"`
	Wallet       string `json:"wallet"`
	Plan         string `json:"plan,omitempty"`
	ExpiresAt    string `json:"expires_at,omitempty"`
}

WalletAuthResult represents the result of wallet authentication

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.