auth

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 22, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNotFound         = fmt.Errorf("auth: %w", commonerrors.ErrNotFound)
	ErrAlreadyExists    = fmt.Errorf("auth: %w", commonerrors.ErrAlreadyExists)
	ErrHasDependents    = fmt.Errorf("auth: %w", commonerrors.ErrHasDependents)
	ErrInvalidName      = fmt.Errorf("auth: invalid name: %w", commonerrors.ErrValidation)
	ErrInvalidGatewayID = fmt.Errorf("auth: invalid gateway_id: %w", commonerrors.ErrValidation)
	ErrInvalidType      = fmt.Errorf("auth: invalid type: %w", commonerrors.ErrValidation)
	ErrInvalidConfig    = fmt.Errorf("auth: invalid config: %w", commonerrors.ErrValidation)
	ErrDuplicateOAuth2  = fmt.Errorf("auth: another enabled oauth2 auth already covers this issuer and audience: %w", commonerrors.ErrAlreadyExists)
)

Functions

func GenerateAPIKey

func GenerateAPIKey() (string, error)

func HashAPIKey

func HashAPIKey(raw string) string

func IsValidType

func IsValidType(t Type) bool

Types

type Auth

type Auth struct {
	ID        ids.AuthID    `json:"id"`
	GatewayID ids.GatewayID `json:"gateway_id"`
	Name      string        `json:"name"`
	Type      Type          `json:"type"`
	Enabled   bool          `json:"enabled"`
	Config    Config        `json:"config"`
	KeyHash   string        `json:"-"`
	RawKey    string        `json:"-"`
	CreatedAt time.Time     `json:"created_at"`
	UpdatedAt time.Time     `json:"updated_at"`
}

func NewAPIKeyAuth

func NewAPIKeyAuth(gatewayID ids.GatewayID, name string, enabled bool) (*Auth, error)

func NewAuth

func NewAuth(gatewayID ids.GatewayID, name string, authType Type, enabled bool, config Config) (*Auth, error)

func (*Auth) Validate

func (a *Auth) Validate() error

type Config

type Config struct {
	OAuth2 *OAuth2Config `json:"oauth2,omitempty"`
	OIDC   *OIDCConfig   `json:"oidc,omitempty"`
	MTLS   *MTLSConfig   `json:"mtls,omitempty"`
}

func (*Config) ResolveSecretsFrom

func (c *Config) ResolveSecretsFrom(prev Config)

func (*Config) Scan

func (c *Config) Scan(value interface{}) error

func (Config) Validate

func (c Config) Validate(t Type) error

func (Config) Value

func (c Config) Value() (driver.Value, error)

type ListFilter

type ListFilter struct {
	GatewayID    ids.GatewayID
	NameContains string
	Page         int
	Size         int
}

type MTLSConfig

type MTLSConfig struct {
	CACert              string   `json:"ca_cert"`
	AllowedCommonNames  []string `json:"allowed_common_names,omitempty"`
	AllowedDNSNames     []string `json:"allowed_dns_names,omitempty"`
	AllowedFingerprints []string `json:"allowed_fingerprints,omitempty"`
}

type OAuth2Config

type OAuth2Config struct {
	Issuer           string   `json:"issuer"`
	Audiences        []string `json:"audiences,omitempty"`
	JWKSURL          string   `json:"jwks_url,omitempty"`
	IntrospectionURL string   `json:"introspection_url,omitempty"`
	ClientID         string   `json:"client_id,omitempty"`
	ClientSecret     string   `json:"client_secret,omitempty"`
	RequiredScopes   []string `json:"required_scopes,omitempty"`
	Algorithms       []string `json:"allowed_algorithms,omitempty"`
}

func (*OAuth2Config) ConflictsWith

func (c *OAuth2Config) ConflictsWith(other *OAuth2Config) bool

ConflictsWith reports whether two oauth2 configs cover the same inbound tokens: same issuer and at least one audience in common. An entry without audiences accepts any audience of its issuer, so it conflicts with every other entry on that issuer. Used as an admin-time guardrail; the request path disambiguates at runtime, but duplicate (issuer, audience) pairs make token attribution ambiguous everywhere else.

type OIDCConfig

type OIDCConfig struct {
	Issuer            string   `json:"issuer"`
	Audiences         []string `json:"audiences"`
	JWKSURL           string   `json:"jwks_url,omitempty"`
	PublicKeys        []string `json:"public_keys,omitempty"`
	RequiredScopes    []string `json:"required_scopes,omitempty"`
	AllowedAlgorithms []string `json:"allowed_algorithms,omitempty"`
	SubjectClaim      string   `json:"subject_claim,omitempty"`
}

type Repository

type Repository interface {
	Save(ctx context.Context, a *Auth) error
	Update(ctx context.Context, a *Auth) error
	Delete(ctx context.Context, gatewayID ids.GatewayID, id ids.AuthID) error
	FindByID(ctx context.Context, id ids.AuthID) (*Auth, error)
	FindByIDs(ctx context.Context, gatewayID ids.GatewayID, authIDs []ids.AuthID) ([]*Auth, error)
	FindByAPIKeyHash(ctx context.Context, keyHash string) (*Auth, error)
	FindEnabledByTypes(ctx context.Context, types []Type) ([]*Auth, error)
	ListEnabledByGatewayAndType(ctx context.Context, gatewayID ids.GatewayID, authType Type) ([]*Auth, error)
	List(ctx context.Context, filter ListFilter) (items []*Auth, total int, err error)
}

type Type

type Type string
const (
	TypeAPIKey Type = "api_key"
	TypeOAuth2 Type = "oauth2"
	TypeOIDC   Type = "oidc"
	TypeMTLS   Type = "mtls"
)

func Types

func Types() []Type

func (Type) IsIdentityProvider

func (t Type) IsIdentityProvider() bool

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL