auth

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultLoginMaxAttempts is the number of failed login attempts before blocking.
	DefaultLoginMaxAttempts = 5
	// DefaultLoginWindow is the time window in which failures are counted; counter resets after.
	DefaultLoginWindow = 15 * time.Minute
)
View Source 
const (
	SessionCookieName = "ipam_session"
	SessionDuration   = 24 * time.Hour
)

Variables

This section is empty.

Functions

func ClearSessionCookie 

func ClearSessionCookie(w http.ResponseWriter, secure bool)

ClearSessionCookie clears the session cookie. secure should match the cookie that was set (e.g. request was HTTPS).

func ClientIP 

func ClientIP(r *http.Request) string

ClientIP returns the client IP from the request (X-Forwarded-For or RemoteAddr).

func EffectiveOrganizationID 

func EffectiveOrganizationID(ctx context.Context) uuid.UUID

EffectiveOrganizationID returns the effective organization for this request, or uuid.Nil if not set. When set (e.g. org-scoped API token), handlers should filter by this org and not treat the user as global admin for scope.

func IsGlobalAdmin 

func IsGlobalAdmin(u *store.User) bool

IsGlobalAdmin returns true if the user is the global admin (no organization). Global admin can create organizations and access all org-scoped resources. OrganizationID == uuid.Nil is the global-admin sentinel; it must never be assignable by non-global-admin. When EffectiveOrganizationID(ctx) is set (org-scoped token), the request is not treated as global admin for scope.

func Middleware 

func Middleware(s store.Storer) func(http.Handler) http.Handler

Middleware returns a middleware that requires a valid session or API key for /api/* except login and logout.

func NewSessionID 

func NewSessionID() string

NewSessionID returns a new session ID.

func RequestFromContext 

func RequestFromContext(ctx context.Context) *http.Request

RequestFromContext returns the request from the context, or nil if not set.

func RequireGlobalAdminForNilOrg 

func RequireGlobalAdminForNilOrg(user *store.User, organizationID uuid.UUID) error

RequireGlobalAdminForNilOrg returns nil if organizationID is not Nil, or if the user is global admin. Otherwise it returns an error so that assigning "global admin" (Nil org) is never allowed for non-global-admin. Call this before any operation that could set a user's or invite's organization to Nil.

func ResolveOrgID 

func ResolveOrgID(ctx context.Context, user *store.User, inputOrgID uuid.UUID) *uuid.UUID

ResolveOrgID returns the organization ID to use for list/create: effective org from token if set, else user's org (or optional input org for global admin). Used by env/block/alloc/reserved handlers.

func SetSessionCookie 

func SetSessionCookie(w http.ResponseWriter, sessionID string, secure bool)

SetSessionCookie sets the session cookie on the response. secure should be true when using HTTPS.

func UserFromContext 

func UserFromContext(ctx context.Context) *store.User

UserFromContext returns the user from the context, or nil if not set.

func UserIDFromContext 

func UserIDFromContext(ctx context.Context) uuid.UUID

UserIDFromContext returns the current user's ID, or uuid.Nil if not set.

func UserOrgForAccess 

func UserOrgForAccess(ctx context.Context, user *store.User) uuid.UUID

UserOrgForAccess returns the organization ID to use for access checks (get/update/delete). When effective org is set (org-scoped token), returns that; else returns user.OrganizationID (Nil for global admin).

func WithEffectiveOrganization 

func WithEffectiveOrganization(ctx context.Context, orgID uuid.UUID) context.Context

WithEffectiveOrganization sets the effective organization for this request (e.g. from an org-scoped API token). When set, the request is limited to that org even if the user is global admin.

func WithRequest 

func WithRequest(ctx context.Context, r *http.Request) context.Context

WithRequest returns a context with the request attached (for use cases that need cookies etc.).

func WithUser 

func WithUser(ctx context.Context, user *store.User) context.Context

WithUser returns a context with the user attached.

func WriteJSONError 

func WriteJSONError(w http.ResponseWriter, msg string, code int)

WriteJSONError writes a JSON error response.

Types

type LoginAttemptLimiter 

type LoginAttemptLimiter struct {
	// contains filtered or unexported fields
}

LoginAttemptLimiter limits failed login attempts per client IP to mitigate brute-force.

func NewLoginAttemptLimiter 

func NewLoginAttemptLimiter(maxAttempts int, window time.Duration) *LoginAttemptLimiter

NewLoginAttemptLimiter returns a limiter that blocks an IP after maxAttempts failed logins within the given window. Pass 0 for max or window to use defaults.

func (*LoginAttemptLimiter) IsBlocked 

func (l *LoginAttemptLimiter) IsBlocked(ip string) bool

IsBlocked returns true if the client IP has exceeded the failure limit and is still within the window.

func (*LoginAttemptLimiter) RecordFailure 

func (l *LoginAttemptLimiter) RecordFailure(ip string)

RecordFailure records a failed login attempt for the IP.

func (*LoginAttemptLimiter) RecordSuccess 

func (l *LoginAttemptLimiter) RecordSuccess(ip string)

RecordSuccess clears any failure count for the IP (e.g. after successful login).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.