client

package

v0.0.0-...-376a835 Latest Latest Go to latest Published: Nov 20, 2025 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/andrewheberle/serverless-ssh-ca

Documentation ¶

Index ¶

Constants
Variables
type CertificateSignerPayload
type CertificateSignerResponse
type LoginHandler
- func NewLoginHandler(system, user string, opts ...LoginHandlerOption) (*LoginHandler, error)
type LoginHandlerOption

Constants ¶

View Source

const (
	DefaultLifetime = time.Hour * 24
	UserAgent       = "Serverless-SSH-CA-Client"
)

Variables ¶

View Source

var (
	ErrNoPrivateKey           = config.ErrNoPrivateKey
	ErrNoRefreshToken         = errors.New("no refresh token found")
	ErrAlreadyStarted         = errors.New("server has already started")
	ErrNotStarted             = errors.New("server has not been started")
	ErrPageantProxyNotEnabled = errors.New("pageant proxy not enabled")

	// DefaultLogger is the default [*slog.Logger] used
	DefaultLogger = slog.Default()
)

Functions ¶

This section is empty.

Types ¶

type CertificateSignerPayload ¶

type CertificateSignerPayload struct {
	Lifetime  time.Duration `json:"lifetime"`
	PublicKey []byte        `json:"public_key"`
	Identity  string        `json:"identity,omitempty"`
	Nonce     string        `json:"nonce"`
}

type CertificateSignerResponse ¶

type CertificateSignerResponse struct {
	Certificate []byte `json:"certificate"`
}

type LoginHandler ¶

type LoginHandler struct {
	// contains filtered or unexported fields
}

func NewLoginHandler ¶

func NewLoginHandler(system, user string, opts ...LoginHandlerOption) (*LoginHandler, error)

NewLoginHandler creates a new handler

func (*LoginHandler) Callback ¶

func (lh *LoginHandler) Callback(w http.ResponseWriter, r *http.Request)

The Callback method is intended for use as the handler function for the callback URL of the OIDC auth flow process as part of the Serverless SSH CA

func (*LoginHandler) CerificateExpiry ¶

func (lh *LoginHandler) CerificateExpiry() time.Time

func (*LoginHandler) CertificateAuthorityURL ¶

func (lh *LoginHandler) CertificateAuthorityURL() string

CertificateAuthorityURL shows the CA URL

func (*LoginHandler) CertificateValid ¶

func (lh *LoginHandler) CertificateValid() bool

func (*LoginHandler) ExecuteLogin ¶

func (lh *LoginHandler) ExecuteLogin(addr string) error

ExecuteLogin performs [*LoginHandler.Start()], attempts to open the users browser to start the OIDC auth flow, followed by [*LoginHandler.Wait()]

func (*LoginHandler) ExecuteLoginWithContext ¶

func (lh *LoginHandler) ExecuteLoginWithContext(ctx context.Context, addr string) error

ExecuteLoginWithContext is identitical to [*LoginHandler.ExecuteLogin()] however the provided context is used rather than the default of [context.Background()]

func (*LoginHandler) GenerateKey ¶

func (lh *LoginHandler) GenerateKey() error

GenerateKey will generate a new SSH private key

func (*LoginHandler) HasCertificate ¶

func (lh *LoginHandler) HasCertificate() bool

func (*LoginHandler) HasPrivateKey ¶

func (lh *LoginHandler) HasPrivateKey() bool

HasPrivateKey returns true or false if a SSH private key exists

func (lh *LoginHandler) Login(w http.ResponseWriter, r *http.Request)

The Login method is intended for use as the handler function for the intial login URL of the OIDC auth flow process as part of the Serverless SSH CA.

This will start the OIDC auth flow process and redirect the user to the configured OIDC IdP.

func (*LoginHandler) OIDCConfig ¶

func (lh *LoginHandler) OIDCConfig() config.ClientOIDCConfig

OIDCConfig shows the current underlying OIDC config

func (*LoginHandler) RedirectPath ¶

func (lh *LoginHandler) RedirectPath() string

RedirectPath returns the redirect path for the configured OIDC IdP

func (*LoginHandler) Refresh ¶

func (lh *LoginHandler) Refresh() error

Refresh attempts to refresh the authentication and identity token

func (*LoginHandler) RunPageantProxy ¶

func (lh *LoginHandler) RunPageantProxy(ctx context.Context) error

RunPageantProxy will proxy PuTTY Agent connections to the native OpenSSH SSH Agent.

This will block until the provided context is complete or [*LoginHandler.ShutdownPageantProxy()] is run.

func (*LoginHandler) SetLogger ¶

func (lh *LoginHandler) SetLogger(logger *slog.Logger)

SetLogger sets the *slog.Logger used after the *LoginHandler has been created by [NewHandler]

func (*LoginHandler) Shutdown ¶

func (lh *LoginHandler) Shutdown() error

Shutdown gracefully shuts down the HTTP service

func (*LoginHandler) ShutdownPageantProxy ¶

func (lh *LoginHandler) ShutdownPageantProxy()

ShutdownPageantProxy will shutdown a running PuTTY Agent proxy.

func (*LoginHandler) Start ¶

func (lh *LoginHandler) Start(address string) error

Start performs ListenAndServe() for the login handler HTTP service however unlike [*http.Server.ListenAndServe()] this will return immediately so you should run [*LoginHandler.Wait()] after.

If the server has already started this will return ErrAlreadyStarted

func (*LoginHandler) Wait ¶

func (lh *LoginHandler) Wait(ctx context.Context) error

Wait will block until the provided context completes or the login handler HTTP service is stopped via [*LoginHandler.Shutdown()].

If the service has not been started this will return ErrNotStarted

type LoginHandlerOption ¶

type LoginHandlerOption func(*LoginHandler)

Options for *LoginHandler

func AllowWithoutKey ¶

func AllowWithoutKey() LoginHandlerOption

By default NewLoginHandler will return a ErrNoPrivateKey error if no private private key exists, however passing the AllowWithoutKey LoginHandlerOption to NewLoginHandler will skip this check

func ShowTokens ¶

func ShowTokens() LoginHandlerOption

ShowTokens will display/log the tokens returned from the OIDC login/refresh process. This is designed as a debugging tool rather than something that is enabled by default

func SkipAgent ¶

func SkipAgent() LoginHandlerOption

SkipAgent sets the login process to skip adding the key and certificate to the users local SSH agent

func WithLifetime ¶

func WithLifetime(lifetime time.Duration) LoginHandlerOption

WithLifetime sets a different lifetime than DefaultLifetime

func WithLogger ¶

func WithLogger(logger *slog.Logger) LoginHandlerOption

WithLogger allows providing a custom *slog.Logger for the service

func WithPageantProxy ¶

func WithPageantProxy() LoginHandlerOption

func WithServer ¶

func WithServer(srv *http.Server) LoginHandlerOption

WithServer allows using a custom *http.Server instead of the default

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL