auth

package
v0.0.0-...-ec844c3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 25, 2026 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ProviderTypeSecret = "secret"
	ProviderTypeSAML   = "saml"
	ProviderTypeOIDC   = "oidc"

	HMAC_SHA2_256 = "hmac-sha2-256"
)
View Source 
const (
	RoleUploadOnly    = "Upload-Only"
	RoleReadOnly      = "Read-Only"
	RoleAuditor       = "Auditor"
	RoleUser          = "User"
	RolePowerUser     = "Power User"
	RoleAdministrator = "Administrator"
)

Variables

View Source 
var (
	ErrInvalidOTP = fmt.Errorf("invalid one time password")
)

Functions

func GenerateQRCodeBase64 

func GenerateQRCodeBase64(key otp.Key) (string, error)

func GenerateTOTPSecret 

func GenerateTOTPSecret(issuer, accountName string) (*otp.Key, error)

func GetAssertionConsumerServiceURL 

func GetAssertionConsumerServiceURL(metadata *saml.EntityDescriptor, bindingType string) (string, error)

GetAssertionConsumerServiceURL This may not be present, we return the first we find

func GetIDPSingleSignOnServiceURL 

func GetIDPSingleSignOnServiceURL(metadata *saml.EntityDescriptor, bindingType string) (string, error)

func GetUserFromAuthCtx 

func GetUserFromAuthCtx(ctx Context) (model.User, bool)

func NewServiceProvider 

func NewServiceProvider(hostUrl url.URL, cfg config.Configuration, samlProvider model.SAMLProvider) (saml.ServiceProvider, error)

func NewUserAuthToken 

func NewUserAuthToken(ownerId string, tokenName string, hmacMethod string) (model.AuthToken, error)

NewUserAuthToken creates a new User model.AuthToken using the details provided

This isn't an ideal location for this function but it was determined to be the best place "for now". See https://specterops.atlassian.net/browse/BED-3367

func Roles 

func Roles() map[string]RoleTemplate

Roles Note: Not the source of truth, changes here must be added to a migration *.sql file to update the roles & roles_permissions table

func ValidateTOTPSecret 

func ValidateTOTPSecret(otp string, secret model.AuthSecret) error

Types

type AuditLogger 

type AuditLogger interface {
	AppendAuditLog(ctx context.Context, entry model.AuditEntry) error
}

type Authorizer 

type Authorizer struct {
	// contains filtered or unexported fields
}

func NewAuthorizer 

func NewAuthorizer(auditLogger AuditLogger) Authorizer

func NewCustomAuthorizer 

func NewCustomAuthorizer(auditLogger AuditLogger, getPermissionsFn GetPermissionsFunc) Authorizer

func (Authorizer) AllowsAllPermissions 

func (s Authorizer) AllowsAllPermissions(ctx Context, requiredPermissions model.Permissions) bool

func (Authorizer) AllowsAtLeastOnePermission 

func (s Authorizer) AllowsAtLeastOnePermission(ctx Context, requiredPermissions model.Permissions) bool

func (Authorizer) AllowsPermission 

func (s Authorizer) AllowsPermission(ctx Context, requiredPermission model.Permission) bool

func (Authorizer) AuditLogUnauthorizedAccess 

func (s Authorizer) AuditLogUnauthorizedAccess(request *http.Request)

type Context 

type Context struct {
	PermissionOverrides PermissionOverrides
	Owner               any
	Session             model.UserSession
}

func (Context) Authenticated 

func (s Context) Authenticated() bool

type GetPermissionsFunc 

type GetPermissionsFunc func(context Context) (model.Permissions, bool)

type IdentityResolver 

type IdentityResolver interface {
	GetIdentity(ctx Context) (SimpleIdentity, error)
}

func NewIdentityResolver 

func NewIdentityResolver() IdentityResolver

type PermissionOverrides 

type PermissionOverrides struct {
	Enabled     bool
	Permissions model.Permissions
}

type PermissionSet 

type PermissionSet struct {
	AppReadApplicationConfiguration  model.Permission
	AppWriteApplicationConfiguration model.Permission

	APsGenerateReport model.Permission
	APsManageAPs      model.Permission

	AuditLogRead model.Permission

	AuthAcceptEULA                      model.Permission
	AuthCreateToken                     model.Permission
	AuthManageApplicationConfigurations model.Permission
	AuthManageProviders                 model.Permission
	AuthManageSelf                      model.Permission
	AuthManageUsers                     model.Permission
	AuthReadUsers                       model.Permission

	ClientsManage  model.Permission
	ClientsRead    model.Permission
	ClientsTasking model.Permission

	CollectionManageJobs model.Permission

	GraphDBIngest model.Permission
	GraphDBMutate model.Permission
	GraphDBRead   model.Permission
	GraphDBWrite  model.Permission

	SavedQueriesRead  model.Permission
	SavedQueriesWrite model.Permission

	WipeDB model.Permission
}

func Permissions 

func Permissions() PermissionSet

Permissions Note: Not the only source of truth, changes here must be added to a migration *.sql file to update the permissions table

func (PermissionSet) All 

func (s PermissionSet) All() model.Permissions

type RoleTemplate 

type RoleTemplate struct {
	Name        string
	Description string
	Permissions model.Permissions
}

type SimpleIdentity 

type SimpleIdentity struct {
	ID    uuid.UUID
	Name  string
	Email string
	Key   string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.