handlers

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2026 License: AGPL-3.0 Imports: 47 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CoseAlgorithmES256   = -7
	CoseAlgorithmEd25519 = -8 // COSE calls this EdDSA and marks it as deprecated, but implementations seem to use it for Ed25519 instead of -19 (which is what COSE uses for Ed25519)
	CoseAlgorithmPS256   = -37
	CoseAlgorithmRS256   = -257
)

Variables

View Source 
var (
	ErrMissingEmailVerificationToken = fmt.Errorf("missing email verification token: %w", utils.ErrHttpBadRequest)
)
View Source 
var ErrSignatureInvalid = fmt.Errorf("signature verification failed: %w", utils.ErrHttpUnauthorized)
View Source 
var ErrSignatureInvalidAlgorithm = errors.New("invalid public key algorithm")

Functions

func ActivateSuccess 

func ActivateSuccess(w http.ResponseWriter, r *http.Request)

func ApplicationHealth 

func ApplicationHealth(w http.ResponseWriter, _ *http.Request)

ApplicationHealth returns 200 when the service is up. @Summary Application health @Tags System @Produce plain @Success 200 {string} string "OK" @Router /health [get]

func AssignRole 

func AssignRole(w http.ResponseWriter, r *http.Request)

AssignRole @summary Assign role to user @description Assign an existing role to a user within a project. @tags Roles @accept application/json @param virtualServerName path string true "Virtual server name" default(keyline) @param projectSlug path string true "Project slug" @param roleId path string true "Role ID (UUID)" @param body body handlers.AssignRoleRequestDto true "Assignment data" @security BearerAuth @success 204 {string} string "No Content" @failure 400 {string} string "Bad Request" @failure 404 {string} string "Not Found" @router /api/virtual-servers/{virtualServerName}/projects/{projectSlug}/roles/{roleId}/assign [post]

func AssociateServiceUserPublicKey 

func AssociateServiceUserPublicKey(w http.ResponseWriter, r *http.Request)

AssociateServiceUserPublicKey associates a public key with a service user. @Summary Associate a public key with a service user @Tags Users @Accept json @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param body body AssociateServiceUserPublicKeyRequestDto true "Public key data" @Success 200 {object} AssociateServiceUserPublicKeyResponseDto @Failure 400 {string} string @Router /api/virtual-servers/{virtualServerName}/users/service-users/{serviceUserId}/keys [post]

func BeginAuthorizationFlow 

func BeginAuthorizationFlow(w http.ResponseWriter, r *http.Request)

BeginAuthorizationFlow starts the OIDC authorization code flow. @Summary Authorize @Description Starts the Authorization Code flow. If the user is not authenticated, redirects to your login UI; otherwise redirects to the application's redirect_uri with an authorization code. @Tags OIDC @Produce plain @Accept application/x-www-form-urlencoded @Param virtualServerName path string true "Virtual server name" default(keyline) @Param response_type query string true "Must be 'code'" @Param client_id query string true "Application (client) ID" @Param redirect_uri query string true "Registered redirect URI" @Param scope query string true "Space-delimited scopes (must include 'openid')" @Param state query string false "Opaque value returned to client" @Param response_mode query string false "e.g. 'query'" @Param code_challenge query string false "PKCE code challenge" @Param code_challenge_method query string false "S256 or plain" Enums(S256,plain) @Success 302 {string} string "Redirect to redirect_uri with code (& state)" @Failure 400 {string} string @Router /oidc/{virtualServerName}/authorize [get] @Router /oidc/{virtualServerName}/authorize [post]

func BeginDeviceFlow 

func BeginDeviceFlow(w http.ResponseWriter, r *http.Request)

func CreateApplication 

func CreateApplication(w http.ResponseWriter, r *http.Request)

CreateApplication creates a new application (OIDC client) in a project @Summary Create application @Description Create a new OIDC application/client with redirect URIs and type @Tags Applications @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param request body CreateApplicationRequestDto true "Application data" @Success 201 {object} CreateApplicationResponseDto @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/applications [post]

func CreatePasswordRule 

func CreatePasswordRule(w http.ResponseWriter, r *http.Request)

CreatePasswordRule @summary Create password rule @description Create a password rule for a virtual server. @tags Password rules @accept application/json @param virtualServerName path string true "Virtual server name" default(keyline) @param body body CreatePasswordRuleRequestDto true "Password rule details" @success 204 "No Content" @failure 400 {string} string "Bad Request" @failure 409 {string} string "Conflict" @router /api/virtual-servers/{virtualServerName}/password-policies/rules/{ruleType} [post]

func CreateProject 

func CreateProject(w http.ResponseWriter, r *http.Request)

CreateProject creates a new project @Summary Create project @Description Create a new project @Tags Projects @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param request body CreateProjectRequestDto true "Application data" @Success 201 {object} CreateProjectResponseDto @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/projects [post]

func CreateResourceServer 

func CreateResourceServer(w http.ResponseWriter, r *http.Request)

CreateResourceServer creates a new resource server (API/(micro-)service) in a project @Summary Create resource server @Description Create a new resource server @Tags Resource servers @Accept json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param request body CreateResourceServerRequestDto true "Application data" @Success 204 {string} string "No Content" @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/resource-servers [post]

func CreateResourceServerScope 

func CreateResourceServerScope(w http.ResponseWriter, r *http.Request)

CreateResourceServerScope creates a new scope for a resource server @Summary Create resource server scope @Description Create a new scope for a resource server @Tags Resource server scopes @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param resourceServerId path string true "Resource server ID (UUID)" @Param request body CreateResourceServerScopeRequestDto true "Application data" @Success 201 {object} CreateResourceServerScopeResponseDto @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/resource-server/{resourceServerId}/scopes [post]

func CreateRole 

func CreateRole(w http.ResponseWriter, r *http.Request)

CreateRole @summary Create role @description Create a new role within a project. @tags Roles @accept application/json @produce application/json @param virtualServerName path string true "Virtual server name" default(keyline) @param projectSlug path string true "Project slug" @param body body handlers.CreateRoleRequestDto true "Role data" @security BearerAuth @success 201 {object} handlers.CreateRoleResponseDto @failure 400 {string} string "Bad Request" @router /api/virtual-servers/{virtualServerName}/projects/{projectSlug}/roles [post]

func CreateServiceUser 

func CreateServiceUser(w http.ResponseWriter, r *http.Request)

CreateServiceUser create a service user. @Summary Create service user @Tags Users @Accept json @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param body body CreateServiceUserRequestDto true "User data" @Success 200 {object} CreateServiceUserResponseDto @Failure 400 {string} string @Router /api/virtual-servers/{virtualServerName}/users/service-users [post]

func CreateUser 

func CreateUser(w http.ResponseWriter, r *http.Request)

CreateUser creates a new user. @Summary Create user @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param body body CreateUserRequestDto true "User data" @Success 201 {object} CreateUserResponseDto @Failure 400 {string} string @Router /api/virtual-servers/{virtualServerName}/users [post]

func CreateVirtualServer 

func CreateVirtualServer(w http.ResponseWriter, r *http.Request)

CreateVirtualServer creates a new virtual server. @Summary Create virtual server @Tags Admin @Accept json @Produce json @Param body body handlers.CreateVirtualServerRequestDto true "Virtual server" @Success 204 {string} string "No Content" @Failure 400 {string} string @Router /api/virtual-servers [post]

func Debug 

func Debug(w http.ResponseWriter, r *http.Request)

Debug renders a test email template and returns 200. @Summary Debug email template render @Tags Debug @Produce plain @Success 200 {string} string "OK" @Failure 500 {string} string @Router /debug [get]

func DeleteActiveSession 

func DeleteActiveSession(w http.ResponseWriter, r *http.Request)

func DeleteApplication 

func DeleteApplication(w http.ResponseWriter, r *http.Request)

DeleteApplication deletes a specific application by ID @Summary Delete application @Description Delete an application by ID from a project @Tags Applications @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param appId path string true "Application ID (UUID)" @Success 204 {string} string "No Content" @Failure 400 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/applications/{appId} [delete]

func DetermineNextLoginStep 

func DetermineNextLoginStep(
	ctx context.Context,
	loginInfo *jsonTypes.LoginInfo,
) (jsonTypes.LoginStep, error)

DetermineNextLoginStep decides what the next login step should be based on the current step, user state, and server configuration.

func ExpvarVars 

func ExpvarVars(w http.ResponseWriter, r *http.Request)

ExpvarVars proxies the standard expvar handler. @Summary Expvar variables @Description Exposes runtime/app stats (Go's expvar) as JSON. @Tags Debug @Produce json @Success 200 {string} string "expvar JSON" @Router /debug/vars [get]

func FinishLogin 

func FinishLogin(w http.ResponseWriter, r *http.Request)

FinishLogin creates a session and redirects to the original URL. @Summary Finish login @Tags Logins @Produce plain @Param loginToken path string true "Login session token" @Success 302 {string} string "Redirect to original URL" @Failure 400 {string} string "Bad Request" @Failure 401 {string} string "Unauthorized or wrong step" @Router /logins/{loginToken}/finish-login [post]

func FinishPasskeyLogin 

func FinishPasskeyLogin(w http.ResponseWriter, r *http.Request)

func GetActivatePage 

func GetActivatePage(w http.ResponseWriter, r *http.Request)

func GetApplication 

func GetApplication(w http.ResponseWriter, r *http.Request)

GetApplication retrieves details of a specific application by ID @Summary Get application @Description Get an application by ID from a project @Tags Applications @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param appId path string true "Application ID (UUID)" @Success 200 {object} GetApplicationResponseDto @Failure 400 @Failure 404 "Application not found" @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/applications/{appId} [get]

func GetLoginState 

func GetLoginState(w http.ResponseWriter, r *http.Request)

GetLoginState returns the current step of the login session. @Summary Get login state @Tags Logins @Produce json @Param loginToken path string true "Login session token" @Success 200 {object} handlers.GetLoginStateResponseDto @Failure 400 {string} string "Bad Request" @Failure 401 {string} string "Unknown/invalid token" @Router /logins/{loginToken} [get]

func GetProject 

func GetProject(w http.ResponseWriter, r *http.Request)

func GetResourceServer 

func GetResourceServer(w http.ResponseWriter, r *http.Request)

GetResourceServer retrieves details of a specific resource server by ID @Summary Get resource server @Description Get a resource server by ID from a project @Tags Resource servers @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param resourceServerId path string true "Resource server ID (UUID)" @Success 200 {object} GetResourceServerResponseDto @Failure 400 @Failure 404 "Resource server not found" @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/resource-servers/{resourceServerId} [get]

func GetResourceServerScope 

func GetResourceServerScope(w http.ResponseWriter, r *http.Request)

GetResourceServerScope retrieves details of a specific resource server scope by ID @Summary Get resource server scope @Description Get a resource server scope by ID from a project @Tags Resource server scopes @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param resourceServerId path string true "Resource server ID (UUID)" @Param scopeId path string true "Scope ID (UUID)" @Success 200 {object} GetResourceServerScopeResponseDto @Failure 400 @Failure 404 "Resource server scope not found" @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/resource-server/{resourceServerId}/scopes/{scopeId} [get]

func GetRoleById 

func GetRoleById(w http.ResponseWriter, r *http.Request)

GetRoleById @summary Get role @description Get a role by its ID within a project. @tags Roles @produce application/json @param virtualServerName path string true "Virtual server name" default(keyline) @param projectSlug path string true "Project slug" @param roleId path string true "Role ID (UUID)" @security BearerAuth @success 200 {object} handlers.GetRoleByIdResponseDto @failure 400 {string} string "Bad Request" @failure 404 {string} string "Not Found" @router /api/virtual-servers/{virtualServerName}/projects/{projectSlug}/roles/{roleId} [get]

func GetTemplate 

func GetTemplate(w http.ResponseWriter, r *http.Request)

GetTemplate returns a single template by type. @Summary Get template @Tags Templates @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param templateType path string true "Template type" @Success 200 {object} GetTemplateResponseDto @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/templates/{templateType} [get]

func GetUserApplicationMetadata 

func GetUserApplicationMetadata(w http.ResponseWriter, r *http.Request)

GetUserApplicationMetadata returns a users application metadata. @Summary Get users application metadata @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param userId path string true "User ID (UUID)" @Param appId path string true "Application ID (UUID)" @Success 200 {object} GetUserApplicationMetadataResponseDto @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/users/{userId}/metadata/application/{appId} [get]

func GetUserById 

func GetUserById(w http.ResponseWriter, r *http.Request)

GetUserById returns a user by ID. @Summary Get user @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param userId path string true "User ID (UUID)" @Success 200 {object} GetUserByIdResponseDto @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/users/{userId} [get]

func GetUserGlobalMetadata 

func GetUserGlobalMetadata(w http.ResponseWriter, r *http.Request)

GetUserGlobalMetadata returns a users metadata (only the global metadata). @Summary Get user metadata (only global) @Tags Users @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param userId path string true "User ID (UUID)" @Success 200 {object} GetUserGlobalMetadataResponseDto @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/users/{userId}/metadata/user [get]

func GetUserMetadata 

func GetUserMetadata(w http.ResponseWriter, r *http.Request)

GetUserMetadata returns a users metadata. @Summary Get user metadata @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param userId path string true "User ID (UUID)" @Success 200 {object} GetUserMetadataResponseDto @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/users/{userId}/metadata [get]

func GetVirtualServer 

func GetVirtualServer(w http.ResponseWriter, r *http.Request)

GetVirtualServer returns details of a virtual server. @Summary Get virtual server @Tags Admin @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Success 200 {object} handlers.GetVirtualServerResponseDto @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName} [get]

func GetVirtualServerPublicInfo 

func GetVirtualServerPublicInfo(w http.ResponseWriter, r *http.Request)

GetVirtualServerPublicInfo returns public info of a virtual server. @Summary Get virtual server public info @Tags Admin @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Success 200 {object} handlers.GetVirtualServerListResponseDto @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/public-info [get]

func ListActiveSessions 

func ListActiveSessions(w http.ResponseWriter, r *http.Request)

func ListApplications 

func ListApplications(w http.ResponseWriter, r *http.Request)

ListApplications lists applications in a project @Summary List applications @Description Retrieve a paginated list of applications (OIDC clients) @Tags Applications @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param page query int false "Page number" @Param pageSize query int false "Page size" @Param orderBy query string false "Order by field" @Param orderDir query string false "Order direction (asc|desc)" @Param search query string false "Search term" @Success 200 {object} PagedApplicationsResponseDto @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/applications [get]

func ListAuditLog 

func ListAuditLog(w http.ResponseWriter, r *http.Request)

ListAuditLog @summary List audit log entries @description Retrieve a paginated list of audit log entries within a virtual server. @tags Audit @produce application/json @param virtualServerName path string true "Virtual server name" default(keyline) @param page query int false "Page number" @param pageSize query int false "Page size" @param orderBy query string false "Order by field (e.g., name, createdAt)" @param orderDir query string false "Order direction (asc|desc)" @security BearerAuth @success 200 {object} handlers.PagedAuditLogResponseDto @failure 400 {string} string "Bad Request" @router /api/virtual-servers/{virtualServerName}/audit [get]

func ListGroups 

func ListGroups(w http.ResponseWriter, r *http.Request)

ListGroups lists groups in a virtual server @Summary List groups @Description Retrieve a paginated list of groups @Tags Groups @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param page query int false "Page number" @Param pageSize query int false "Page size" @Param orderBy query string false "Order by field" @Param orderDir query string false "Order direction (asc|desc)" @Param search query string false "Search term" @Success 200 {object} PagedGroupsResponseDto @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/groups [get]

func ListPasskeys 

func ListPasskeys(w http.ResponseWriter, r *http.Request)

func ListPasswordRules 

func ListPasswordRules(w http.ResponseWriter, r *http.Request)

ListPasswordRules @summary List password rules @description Retrieve all password rules of a virtual server. @tags Password rules @produce application/json @param virtualServerName path string true "Virtual server name" default(keyline) @param page query int true "Page number" default(1) @param pageSize query int true "Page size" default(10) @success 200 {object} PagedPasswordRuleResponseDto @failure 400 {string} string "Bad Request" @router /api/virtual-servers/{virtualServerName}/password-policies/rules [get]

func ListProjects 

func ListProjects(w http.ResponseWriter, r *http.Request)

ListProjects lists projects in a virtual server @Summary List projects @Description Retrieve a paginated list of projects @Tags Projects @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param page query int false "Page number" @Param pageSize query int false "Page size" @Param orderBy query string false "Order by field" @Param orderDir query string false "Order direction (asc|desc)" @Param search query string false "Search term" @Success 200 {object} PagedProjectsResponseDto @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/projects [get]

func ListResourceServerScopes 

func ListResourceServerScopes(w http.ResponseWriter, r *http.Request)

ListResourceServerScopes lists resource server scopes @Summary List resource server scopes @Description Retrieve a paginated list of resource server scopes @Tags Resource server scopes @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param resourceServerId path string true "Resource server ID (UUID)" @Param page query int false "Page number" @Param pageSize query int false "Page size" @Param orderBy query string false "Order by field" @Param orderDir query string false "Order direction (asc|desc)" @Param search query string false "Search term" @Success 200 {object} PagedResourceServerScopeResponseDto @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/resource-server/{resourceServerId}/scopes [get]

func ListResourceServers 

func ListResourceServers(w http.ResponseWriter, r *http.Request)

ListResourceServers lists resource servers in a project @Summary List resource servers @Description Retrieve a paginated list of resource servers @Tags Resource servers @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param page query int false "Page number" @Param pageSize query int false "Page size" @Param orderBy query string false "Order by field" @Param orderDir query string false "Order direction (asc|desc)" @Param search query string false "Search term" @Success 200 {object} PagedResourceServersResponseDto @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/resource-servers [get]

func ListRoles 

func ListRoles(w http.ResponseWriter, r *http.Request)

ListRoles @summary List roles @description Retrieve a paginated list of roles within a project. @tags Roles @produce application/json @param virtualServerName path string true "Virtual server name" default(keyline) @param projectSlug path string true "Project slug" @param page query int false "Page number" @param pageSize query int false "Page size" @param orderBy query string false "Order by field (e.g., name, createdAt)" @param orderDir query string false "Order direction (asc|desc)" @param search query string false "Search term" @security BearerAuth @success 200 {object} handlers.PagedRolesResponseDto @failure 400 {string} string "Bad Request" @router /api/virtual-servers/{virtualServerName}/projects/{projectSlug}/roles [get]

func ListTemplates 

func ListTemplates(w http.ResponseWriter, r *http.Request)

ListTemplates lists available templates for the virtual server. @Summary List templates @Tags Templates @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Success 200 {object} PagedTemplatesResponseDto @Failure 400 {string} string @Router /api/virtual-servers/{virtualServerName}/templates [get]

func ListUsers 

func ListUsers(w http.ResponseWriter, r *http.Request)

ListUsers returns users with optional paging/search. @Summary List users @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param page query int false "Page number" @Param pageSize query int false "Page size" @Param search query string false "Search term" @Success 200 {object} PagedUsersResponseDto @Failure 400 {string} string @Router /api/virtual-servers/{virtualServerName}/users [get]

func ListUsersInRole 

func ListUsersInRole(w http.ResponseWriter, r *http.Request)

ListUsersInRole lists users in a role @Summary List users in role @Description Retrieve a paginated list of users @Tags Roles @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param roleId path string true "Role ID (UUID)" @Param page query int false "Page number" @Param pageSize query int false "Page size" @Param orderBy query string false "Order by field" @Param orderDir query string false "Order direction (asc|desc)" @Param search query string false "Search term" @Success 200 {object} PagedUsersInRoleResponseDto @Failure 400 @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/roles/{roleId}/users [get]

func NewPagedResponseDto 

func NewPagedResponseDto[T any](items []T, queryOps *QueryOps, totalItems int) api.PagedResponseDto[T]

func OidcEndSession 

func OidcEndSession(w http.ResponseWriter, r *http.Request)

OidcEndSession ends the user session and redirects. @Summary End session @Tags OIDC @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param id_token_hint query string true "ID token hint of the current session" @Param post_logout_redirect_uri query string false "Where to redirect after logout (must be registered)" @Param state query string false "Opaque value returned to client" @Success 302 {string} string "Redirect to post_logout_redirect_uri" @Failure 400 {string} string @Router /oidc/{virtualServerName}/end_session [get]

func OidcToken 

func OidcToken(w http.ResponseWriter, r *http.Request)

OidcToken exchanges authorization code or refresh token for tokens. @Summary Token endpoint @Tags OIDC @Accept application/x-www-form-urlencoded @Produce json @Param grant_type formData string true "authorization_code | refresh_token" @Param code formData string false "Required when grant_type=authorization_code" @Param refresh_token formData string false "Required when grant_type=refresh_token" @Param client_id formData string false "If no Authorization header" @Security BasicAuth @Success 200 {object} handlers.CodeFlowResponse "When grant_type=authorization_code" @Success 200 {object} handlers.RefreshTokenResponse "When grant_type=refresh_token" @Success 200 {object} handlers.TokenExchangeResponse "When grant_type=urn:ietf:params:oauth:grant-type:token-exchange" @Failure 400 {string} string @Router /oidc/{virtualServerName}/token [post]

func OidcUserinfo 

func OidcUserinfo(w http.ResponseWriter, r *http.Request)

OidcUserinfo returns the userinfo for the presented access token. @Summary Userinfo @Tags OIDC @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Security BearerAuth @Success 200 {object} handlers.OidcUserInfoResponseDto @Failure 401 {string} string @Router /oidc/{virtualServerName}/userinfo [post][get]

func OnboardTotp 

func OnboardTotp(w http.ResponseWriter, r *http.Request)

OnboardTotp advances the login after the user has onboarded TOTP. @Summary Onboard TOTP (advance state) @Tags Logins @Accept json @Produce plain @Param loginToken path string true "Login session token" @Param body body handlers.OnboardTotpRequestDto true "TOTP code" @Success 204 {string} string "No Content" @Failure 400 {string} string "Bad Request" @Failure 401 {string} string "Unauthorized or wrong step" @Router /logins/{loginToken}/onboard-totp [post]

func PasskeyCreateChallenge 

func PasskeyCreateChallenge(w http.ResponseWriter, r *http.Request)

func PasskeyValidateCreateChallengeResponse 

func PasskeyValidateCreateChallengeResponse(w http.ResponseWriter, r *http.Request)

func PatchApplication 

func PatchApplication(w http.ResponseWriter, r *http.Request)

PatchApplication updates fields of a specific application by ID @Summary Patch application @Description Update an application by ID from a virtual server @Tags Applications @Accept json @Produce json @Param vsName path string true "Virtual server name" default(keyline) @Param projectSlug path string true "Project slug" @Param appId path string true "Application ID (UUID)" @Param request body PatchApplicationRequestDto true "Application data" @Success 204 {string} string "No Content" @Failure 400 @Failure 404 "Application not found" @Failure 500 @Router /api/virtual-servers/{vsName}/projects/{projectSlug}/applications/{appId} [patch]

func PatchUser 

func PatchUser(w http.ResponseWriter, r *http.Request)

PatchUser updates fields of a user. @Summary Patch user @Tags Users @Accept json @Produce plain @Param virtualServerName path string true "Virtual server name" default(keyline) @Param userId path string true "User ID (UUID)" @Param body body PatchUserRequestDto true "Patch document" @Success 204 {string} string "No Content" @Failure 400 {string} string @Router /api/virtual-servers/{virtualServerName}/users/{userId} [patch]

func PatchUserApplicationMetadata 

func PatchUserApplicationMetadata(w http.ResponseWriter, r *http.Request)

PatchUserApplicationMetadata patch a users application metadata. @Summary Patch a users application metadata using JSON Merge Patch (RFC 7396) @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param userId path string true "User ID (UUID)" @Param appId path string true "Application ID (UUID)" @Param body body PatchUserApplicationMetadataRequestDto true "Patch document" @Accept json @Accept application/merge-patch+json @Success 204 {string} string "No Content" @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/users/{userId}/metadata/user [patch]

func PatchUserGlobalMetadata 

func PatchUserGlobalMetadata(w http.ResponseWriter, r *http.Request)

PatchUserGlobalMetadata patch a users metadata. @Summary Patch a user metadata using JSON Merge Patch (RFC 7396) @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param userId path string true "User ID (UUID)" @Param body body PatchUserGlobalMetadataRequestDto true "Patch document" @Accept json @Accept application/merge-patch+json @Success 204 {string} string "No Content" @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/users/{userId}/metadata/user [patch]

func PatchVirtualServer 

func PatchVirtualServer(w http.ResponseWriter, r *http.Request)

PatchVirtualServer patches a virtual server. @Summary Patch virtual server @Tags Admin @Accept json @Produce plain @Param virtualServerName path string true "Virtual server name" default(keyline) @Param body body PatchVirtualServerRequestDto true "Patch document" @Success 204 {string} string "No Content" @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName} [patch]

func PostActivatePage 

func PostActivatePage(w http.ResponseWriter, r *http.Request)

func PrometheusMetrics 

func PrometheusMetrics(w http.ResponseWriter, r *http.Request)

PrometheusMetrics proxies the promhttp handler. @Summary Prometheus metrics @Description Exposes Prometheus metrics in text exposition format. @Tags Monitoring @Produce plain @Success 200 {string} string "Prometheus exposition format (text/plain; version=0.0.4)" @Router /metrics [get]

func RegisterUser 

func RegisterUser(w http.ResponseWriter, r *http.Request)

RegisterUser registers a new user. @Summary Register user @Tags Users @Accept json @Produce plain @Param virtualServerName path string true "Virtual server name" default(keyline) @Param body body RegisterUserRequestDto true "User data" @Success 204 {string} string "No Content" @Failure 400 {string} string @Router /api/virtual-servers/{virtualServerName}/users/register [post]

func ResendEmailVerification 

func ResendEmailVerification(w http.ResponseWriter, r *http.Request)

ResendEmailVerification sends a new email verification message. @Summary Resend email verification @Tags Logins @Produce plain @Param loginToken path string true "Login session token" @Success 204 {string} string "No Content" @Failure 400 {string} string "Bad Request" @Failure 401 {string} string "Unauthorized or wrong step" @Router /logins/{loginToken}/resend-email-verification [post]

func ResetTemporaryPassword 

func ResetTemporaryPassword(w http.ResponseWriter, r *http.Request)

ResetTemporaryPassword sets a new password when the current one is temporary. @Summary Reset temporary password @Tags Logins @Accept json @Produce plain @Param loginToken path string true "Login session token" @Param body body handlers.ResetTemporaryPasswordRequestDto true "New password" @Success 204 {string} string "No Content" @Failure 400 {string} string "Bad Request" @Failure 401 {string} string "Unauthorized or wrong step" @Router /logins/{loginToken}/reset-temporary-password [post]

func StartPasskeyLogin 

func StartPasskeyLogin(w http.ResponseWriter, r *http.Request)

func UpdatePasswordRule 

func UpdatePasswordRule(w http.ResponseWriter, r *http.Request)

UpdatePasswordRule @summary Update a password rule @description Update a password rule for a virtual server. @tags Password rules @accept application/json @param virtualServerName path string true "Virtual server name" default(keyline) @param body body PatchPasswordRuleRequestDto true "Password rule details" @success 204 "No Content" @failure 400 {string} string "Bad Request" @failure 404 {string} string "Not Found" @router /api/virtual-servers/{virtualServerName}/password-policies/rules/{ruleType} [put]

func UpdateUserApplicationMetadata 

func UpdateUserApplicationMetadata(w http.ResponseWriter, r *http.Request)

UpdateUserApplicationMetadata updates a users application metadata. @Summary Update a users application metadata @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param userId path string true "User ID (UUID)" @Param appId path string true "Application ID (UUID)" @Param body body UpdateUserApplicationMetadataRequestDto true "Metadata" @Success 204 {string} string "No Content" @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/users/{userId}/metadata/application/{appId} [put]

func UpdateUserGlobalMetadata 

func UpdateUserGlobalMetadata(w http.ResponseWriter, r *http.Request)

UpdateUserGlobalMetadata updates a users metadata. @Summary Update a user metadata @Tags Users @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Param userId path string true "User ID (UUID)" @Param body body UpdateUserGlobalMetadataRequestDto true "Metadata" @Success 204 {string} string "No Content" @Failure 404 {string} string @Router /api/virtual-servers/{virtualServerName}/users/{userId}/metadata/user [put]

func VerifyEmail 

func VerifyEmail(w http.ResponseWriter, r *http.Request)

VerifyEmail verifies a user's email via token. @Summary Verify email @Tags Users @Produce plain @Param virtualServerName path string true "Virtual server name" default(keyline) @Param token query string true "Verification token" @Success 302 {string} string "Redirect to frontend confirmation page" @Failure 400 {string} string @Router /api/virtual-servers/{virtualServerName}/users/verify-email [get]

func VerifyEmailToken 

func VerifyEmailToken(w http.ResponseWriter, r *http.Request)

VerifyEmailToken advances the login after the user's email is verified. @Summary Verify email token (advance state) @Tags Logins @Produce plain @Param loginToken path string true "Login session token" @Success 204 {string} string "No Content" @Failure 400 {string} string "Bad Request" @Failure 401 {string} string "Unauthorized or wrong step" @Router /logins/{loginToken}/verify-email [post]

func VerifyPassword 

func VerifyPassword(w http.ResponseWriter, r *http.Request)

VerifyPassword verifies user credentials for the login session. @Summary Verify password @Tags Logins @Accept json @Produce plain @Param loginToken path string true "Login session token" @Param body body handlers.VerifyPasswordRequestDto true "Credentials" @Success 204 {string} string "No Content" @Failure 400 {string} string "Bad Request" @Failure 401 {string} string "Unauthorized or wrong step" @Router /logins/{loginToken}/verify-password [post]

func VerifyTotp 

func VerifyTotp(w http.ResponseWriter, r *http.Request)

VerifyTotp advances the login after the user has verified TOTP. @Summary Verify TOTP (advance state) @Tags Logins @Produce plain @Param loginToken path string true "Login session token" @Param body body handlers.VerifyTotpRequestDto true "TOTP code" @Success 204 {string} string "No Content" @Failure 400 {string} string "Bad Request" @Failure 401 {string} string "Unauthorized or wrong step" @Router /logins/{loginToken}/verify-totp [post]

func VirtualServerHealth 

func VirtualServerHealth(w http.ResponseWriter, _ *http.Request)

VirtualServerHealth returns 200 when the virtual server is healthy. @Summary Virtual server health @Tags System @Produce plain @Param virtualServerName path string true "Virtual server name" default(keyline) @Success 200 {string} string "OK" @Router /api/virtual-servers/{virtualServerName}/health [get]

func WellKnownJwks 

func WellKnownJwks(w http.ResponseWriter, r *http.Request)

WellKnownJwks returns the JSON Web Key Set (JWKS) for a virtual server. @Summary JWKS for virtual server @Description Returns the public keys used to verify tokens for this virtual server. @Tags OIDC @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Success 200 {object} handlers.JwksResponseDto @Failure 400 {string} string @Failure 500 {string} string @Router /oidc/{virtualServerName}/.well-known/jwks.json [get]

func WellKnownOpenIdConfiguration 

func WellKnownOpenIdConfiguration(w http.ResponseWriter, r *http.Request)

WellKnownOpenIdConfiguration exposes the OIDC discovery document. @Summary OpenID Provider configuration @Tags OIDC @Produce json @Param virtualServerName path string true "Virtual server name" default(keyline) @Success 200 {object} handlers.OpenIdConfigurationResponseDto @Failure 400 {string} string @Router /oidc/{virtualServerName}/.well-known/openid-configuration [get]

Types

type AccessTokenGenerationParams 

type AccessTokenGenerationParams struct {
	ExternalUrl       string
	VirtualServerName string
	ClientId          string
	ApplicationId     uuid.UUID
	GrantedScopes     []string
	IssuedAt          time.Time
	Expiry            time.Duration
	UserId            uuid.UUID
	KeyPair           services.KeyPair
	HeaderType        string
}

type AuthorizationRequest 

type AuthorizationRequest struct {
	ResponseTypes       []string
	VirtualServerName   string
	ApplicationName     string
	RedirectUri         string
	Scopes              []string
	State               string
	Nonce               string
	ResponseMode        string
	PKCEChallenge       string
	PKCEChallengeMethod string
}

type CodeFlowResponse 

type CodeFlowResponse struct {
	TokenType    string `json:"token_type"`
	IdToken      string `json:"id_token"`
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	Scope        string `json:"scope"`
	ExpiresIn    int    `json:"expires_in"`
}

type Data 

type Data struct {
	Link string
}

type Ed25519JWK 

type Ed25519JWK struct {
	Kty string `json:"kty"` // Key Type
	Crv string `json:"crv"` // Curve
	Alg string `json:"alg"` // Algorithm
	Use string `json:"use"` // Use (sig = signature)
	Kid string `json:"kid"` // Key ID
	X   string `json:"x"`   // Public key (base64url)
}

type FinishPasskeyLoginRequestDto 

type FinishPasskeyLoginRequestDto struct {
	Id               uuid.UUID `json:"id" validate:"required"`
	WebauthnResponse struct {
		Id       string `json:"id"`
		RawId    string `json:"rawId"`
		Response struct {
			ClientDataJSON    string `json:"clientDataJSON"`
			AuthenticatorData string `json:"authenticatorData"`
			Signature         string `json:"signature"`
			UserHandle        string `json:"userHandle"`
		} `json:"response"`
		AuthenticatorAttachment string `json:"authenticatorAttachment"`
		Type                    string `json:"type"`
	} `json:"webauthnResponse" validate:"required"`
}

type GeneratedTokens 

type GeneratedTokens struct {
	IdToken      string
	AccessToken  string
	RefreshToken string
	ExpiresIn    int
}

type GetLoginStateResponseDto 

type GetLoginStateResponseDto struct {
	// Step is one of: password_verification | temporary_password | email_verification | finish
	Step                     string `json:"step"`
	ApplicationDisplayName   string `json:"applicationDisplayName"`
	VirtualServerDisplayName string `json:"virtualServerDisplayName"`
	VirtualServerName        string `json:"virtualServerName"`
	SignupEnabled            bool   `json:"signupEnabled"`
	TotpSecret               string `json:"totpSecret"`
}

type IdTokenGenerationParams 

type IdTokenGenerationParams struct {
	ClientId          string
	ExternalUrl       string
	UserDisplayName   string
	VirtualServerName string
	Nonce             string
	IssuedAt          time.Time
	Expiry            time.Duration
	UserId            uuid.UUID
	KeyPair           services.KeyPair
	GrantedScopes     []string
	AuthenticatedAt   time.Time
}

type JwksResponseDto 

type JwksResponseDto struct {
	Keys []any `json:"keys"`
}

type OidcError 

type OidcError struct {
	Error            string
	ErrorDescription string
	ErrorUri         string
}

type OidcUserInfoResponseDto 

type OidcUserInfoResponseDto struct {
	Sub           string `json:"sub"`
	Email         string `json:"email,omitempty"`
	EmailVerified *bool  `json:"email_verified,omitempty"`
	Name          string `json:"name,omitempty"`
}

type OnboardTotpRequestDto 

type OnboardTotpRequestDto struct {
	TotpCode string `json:"totpCode" validate:"required"`
}

type OpenIdConfigurationResponseDto 

type OpenIdConfigurationResponseDto struct {
	Issuer                            string   `json:"issuer"`
	AuthorizationEndpoint             string   `json:"authorization_endpoint"`
	TokenEndpoint                     string   `json:"token_endpoint"`
	UserinfoEndpoint                  string   `json:"userinfo_endpoint"`
	EndSessionEndpoint                string   `json:"end_session_endpoint"`
	DeviceAuthorizationEndpoint       string   `json:"device_authorization_endpoint"`
	JwksUri                           string   `json:"jwks_uri"`
	ResponseTypesSupported            []string `json:"response_types_supported"`
	SubjectTypesSupported             []string `json:"subject_types_supported"`
	IdTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported"`
	ScopesSupported                   []string `json:"scopes_supported"`
	ClaimsSupported                   []string `json:"claims_supported"`
	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
	RequestParameterSupported         bool     `json:"request_parameter_supported"`
	GrantTypesSupported               []string `json:"grant_types_supported"`
}

type QueryOps 

type QueryOps struct {
	PageSize int
	Page     int
	OrderBy  string
	OrderDir string
	Search   string
}

func ParseQueryOps 

func ParseQueryOps(r *http.Request) (*QueryOps, error)

func (*QueryOps) ToOrderedQuery 

func (q *QueryOps) ToOrderedQuery() queries.OrderedQuery

func (*QueryOps) ToPagedQuery 

func (q *QueryOps) ToPagedQuery() queries.PagedQuery

type RS256JWK 

type RS256JWK struct {
	Kty string `json:"kty"` // Key Type, e.g. "RSA"
	Alg string `json:"alg"` // Algorithm, e.g. "RS256"
	Use string `json:"use"` // Public key use, usually "sig"
	Kid string `json:"kid"` // Key ID
	N   string `json:"n"`   // Modulus, base64url encoded
	E   string `json:"e"`   // Exponent, base64url encoded
}

type RefreshTokenGenerationParams 

type RefreshTokenGenerationParams struct {
	VirtualServerName string
	GrantedScopes     []string
	ClientId          string
	UserId            uuid.UUID
}

type RefreshTokenResponse 

type RefreshTokenResponse struct {
	TokenType    string `json:"token_type"`
	IdToken      string `json:"id_token"`
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
}

type ResetTemporaryPasswordRequestDto 

type ResetTemporaryPasswordRequestDto struct {
	NewPassword string `json:"newPassword" validate:"required"`
}

type StartPasskeyLoginResponseDto 

type StartPasskeyLoginResponseDto struct {
	Id        uuid.UUID `json:"id"`
	Challenge string    `json:"challenge"`
}

type TokenExchangeResponse 

type TokenExchangeResponse struct {
	AccessToken     string `json:"access_token"`
	IssuedTokenType string `json:"issued_token_type"`
	TokenType       string `json:"token_type"`
}

type TokenGenerationParams 

type TokenGenerationParams struct {
	UserId                uuid.UUID
	VirtualServerName     string
	ClientId              string
	ApplicationId         uuid.UUID
	GrantedScopes         []string
	UserDisplayName       string
	UserPrimaryEmail      string
	ExternalUrl           string
	KeyPair               services.KeyPair
	IssuedAt              time.Time
	AccessTokenExpiry     time.Duration
	IdTokenExpiry         time.Duration
	RefreshTokenExpiry    time.Duration
	Nonce                 string
	AuthenticatedAt       time.Time
	AccessTokenHeaderType string
}

func (*TokenGenerationParams) ToAccessTokenGenerationParams 

func (t *TokenGenerationParams) ToAccessTokenGenerationParams() AccessTokenGenerationParams

func (*TokenGenerationParams) ToIdTokenGenerationParams 

func (t *TokenGenerationParams) ToIdTokenGenerationParams() IdTokenGenerationParams

func (*TokenGenerationParams) ToRefreshTokenGenerationParams 

func (t *TokenGenerationParams) ToRefreshTokenGenerationParams() RefreshTokenGenerationParams

type VerifyPasswordRequestDto 

type VerifyPasswordRequestDto struct {
	Username string `json:"username" validate:"required"`
	Password string `json:"password" validate:"required"`
}

type VerifyTotpRequestDto 

type VerifyTotpRequestDto struct {
	TotpCode string `json:"totpCode" validate:"required"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.