web

package
v0.0.0-...-5f05ef2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 8, 2025 License: AGPL-3.0, AGPL-3.0-or-later Imports: 33 Imported by: 0

Documentation

Overview

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

Index

Constants

View Source 
const (
	AuditActionLogin           = "auth.login"
	AuditActionLogout          = "auth.logout"
	AuditActionDocumentCreate  = "document.create"
	AuditActionDocumentUpdate  = "document.update"
	AuditActionDocumentDelete  = "document.delete"
	AuditActionSignatureCreate = "signature.create"
	AuditActionReminderSend    = "reminder.send"
	AuditActionWebhookCreate   = "webhook.create"
	AuditActionWebhookUpdate   = "webhook.update"
	AuditActionWebhookDelete   = "webhook.delete"
	AuditActionSignerAdd       = "signer.add"
	AuditActionSignerRemove    = "signer.remove"
	AuditActionAdminAccess     = "admin.access"
)

AuditAction constants for common audit events.

Variables

View Source 
var (
	ErrNotAuthenticated = errors.New("user not authenticated")
	ErrNotAuthorized    = errors.New("user not authorized")
	ErrQuotaExceeded    = errors.New("quota exceeded")
	ErrProviderDisabled = errors.New("provider is disabled")
)

Common errors for capability providers.

Functions

func EmbedDocumentMiddleware 

func EmbedDocumentMiddleware(
	docService docService,
	publisher webhookPublisher,
) func(http.Handler) http.Handler

EmbedDocumentMiddleware creates documents on /embed access with strict rate limiting This ensures documents exist before the SPA renders, without requiring authentication The docServiceFn should be a function that calls FindOrCreateDocument

func EmbedFolder 

func EmbedFolder(fsEmbed embed.FS, targetPath string, baseURL string, version string, oauthEnabled bool, magicLinkEnabled bool, smtpEnabled bool, onlyAdminCanCreate bool, signatureRepo SignatureRepository) http.HandlerFunc

EmbedFolder returns an http.HandlerFunc that serves an embedded filesystem with SPA fallback support (serves index.html for non-existent routes) For index.html, it replaces __ACKIFY_BASE_URL__ placeholder with the actual base URL, __ACKIFY_VERSION__ with the application version, __ACKIFY_OAUTH_ENABLED__ and __ACKIFY_MAGICLINK_ENABLED__ with auth method flags, __ACKIFY_SMTP_ENABLED__ with SMTP availability flag, __ACKIFY_ONLY_ADMIN_CAN_CREATE__ with document creation restriction flag, and __META_TAGS__ with dynamic meta tags based on query parameters

Types

type AuditEvent 

type AuditEvent struct {
	Timestamp  time.Time
	TenantID   string
	UserEmail  string
	UserSub    string
	Action     string
	Resource   string
	ResourceID string
	Details    map[string]any
	IPAddress  string
	UserAgent  string
}

AuditEvent represents an auditable action in the system.

type AuditLogger 

type AuditLogger interface {
	// Log records an audit event.
	Log(ctx context.Context, event AuditEvent) error
}

AuditLogger defines the interface for audit logging. CE: LogOnlyAuditLogger (logs to standard logger). SaaS: DatabaseAuditLogger (stores in database with search/export).

type AuthProvider 

type AuthProvider = providers.AuthProvider

Re-export interfaces from pkg/providers for backward compatibility. This allows pkg/web users to continue using web.AuthProvider, etc.

type AuthResult 

type AuthResult struct {
	User        *User
	RedirectURL string
}

AuthResult represents the result of an authentication operation.

type Authorizer 

type Authorizer = providers.Authorizer

type CompositeAuthProvider 

type CompositeAuthProvider struct {
	OAuth     OAuthAuthProvider
	MagicLink MagicLinkAuthProvider
	// contains filtered or unexported fields
}

CompositeAuthProvider combines multiple auth providers (OAuth + MagicLink). This is the typical setup for CE where both methods may be enabled.

func NewCompositeAuthProvider 

func NewCompositeAuthProvider(oauth OAuthAuthProvider, magicLink MagicLinkAuthProvider, sessionProvider AuthProvider) *CompositeAuthProvider

NewCompositeAuthProvider creates a new composite auth provider.

func (*CompositeAuthProvider) GetCurrentUser 

func (c *CompositeAuthProvider) GetCurrentUser(r *http.Request) (*User, error)

GetCurrentUser implements AuthProvider.

func (*CompositeAuthProvider) IsConfigured 

func (c *CompositeAuthProvider) IsConfigured() bool

IsConfigured implements AuthProvider.

func (*CompositeAuthProvider) Logout 

func (c *CompositeAuthProvider) Logout(w http.ResponseWriter, r *http.Request)

Logout implements AuthProvider.

func (*CompositeAuthProvider) MagicLinkEnabled 

func (c *CompositeAuthProvider) MagicLinkEnabled() bool

MagicLinkEnabled returns true if MagicLink is configured.

func (*CompositeAuthProvider) OAuthEnabled 

func (c *CompositeAuthProvider) OAuthEnabled() bool

OAuthEnabled returns true if OAuth is configured.

func (*CompositeAuthProvider) SetCurrentUser 

func (c *CompositeAuthProvider) SetCurrentUser(w http.ResponseWriter, r *http.Request, user *User) error

SetCurrentUser implements AuthProvider.

type LogOnlyAuditLogger 

type LogOnlyAuditLogger struct{}

LogOnlyAuditLogger logs audit events to the standard logger. This is the default for Community Edition.

func NewLogOnlyAuditLogger 

func NewLogOnlyAuditLogger() *LogOnlyAuditLogger

NewLogOnlyAuditLogger creates a new log-only audit logger.

func (*LogOnlyAuditLogger) Log 

func (l *LogOnlyAuditLogger) Log(_ context.Context, event AuditEvent) error

Log writes the audit event to the standard logger.

type MagicLinkAuthProvider 

type MagicLinkAuthProvider interface {
	providers.AuthProvider

	// RequestMagicLink sends a magic link to the specified email.
	RequestMagicLink(ctx context.Context, email, redirectTo, ip, userAgent, locale string) error

	// VerifyMagicLink verifies a magic link token and returns the associated user info.
	VerifyMagicLink(ctx context.Context, token, ip, userAgent string) (*MagicLinkResult, error)

	// VerifyReminderAuthToken verifies a reminder auth token.
	VerifyReminderAuthToken(ctx context.Context, token, ip, userAgent string) (*MagicLinkResult, error)

	// CreateReminderAuthToken creates an auth token for reminder emails.
	CreateReminderAuthToken(ctx context.Context, email, docID string) (string, error)
}

MagicLinkAuthProvider extends AuthProvider with magic link-specific methods. Used when magic link authentication is enabled.

type MagicLinkResult 

type MagicLinkResult struct {
	Email      string
	RedirectTo string
	DocID      *string // Non-nil for reminder auth tokens
}

MagicLinkResult represents the result of verifying a magic link.

type NoLimitQuotaEnforcer 

type NoLimitQuotaEnforcer struct{}

NoLimitQuotaEnforcer is a quota enforcer that imposes no limits. This is the default for Community Edition.

func NewNoLimitQuotaEnforcer 

func NewNoLimitQuotaEnforcer() *NoLimitQuotaEnforcer

NewNoLimitQuotaEnforcer creates a new no-limit quota enforcer.

func (*NoLimitQuotaEnforcer) Check 

func (e *NoLimitQuotaEnforcer) Check(_ context.Context, _ string, _ QuotaAction) error

Check always returns nil (no quota limits).

func (*NoLimitQuotaEnforcer) GetUsage 

func (e *NoLimitQuotaEnforcer) GetUsage(_ context.Context, tenantID string) (*QuotaUsage, error)

GetUsage returns unlimited usage metrics.

func (*NoLimitQuotaEnforcer) Record 

func (e *NoLimitQuotaEnforcer) Record(_ context.Context, _ string, _ QuotaAction) error

Record is a no-op (nothing to track).

type OAuthAuthProvider 

type OAuthAuthProvider = providers.OAuthAuthProvider

type QuotaAction 

type QuotaAction string

QuotaAction represents an action that can be quota-limited. 

const (
	QuotaActionCreateDocument    QuotaAction = "document.create"
	QuotaActionCreateSignature   QuotaAction = "signature.create"
	QuotaActionSendReminder      QuotaAction = "reminder.send"
	QuotaActionCreateWebhook     QuotaAction = "webhook.create"
	QuotaActionAddExpectedSigner QuotaAction = "signer.add"
	QuotaActionWebhookDelivery   QuotaAction = "webhook.delivery"
)

type QuotaEnforcer 

type QuotaEnforcer interface {
	// Check verifies if the action is allowed under current quotas.
	// Returns ErrQuotaExceeded if the quota would be exceeded.
	Check(ctx context.Context, tenantID string, action QuotaAction) error

	// Record records that an action was performed (for tracking usage).
	// Should be called after the action succeeds.
	Record(ctx context.Context, tenantID string, action QuotaAction) error

	// GetUsage returns the current usage metrics for a tenant.
	GetUsage(ctx context.Context, tenantID string) (*QuotaUsage, error)
}

QuotaEnforcer defines the interface for quota management. CE: NoLimitQuotaEnforcer (no limits). SaaS: PlanBasedQuotaEnforcer (limits based on subscription plan).

type QuotaUsage 

type QuotaUsage struct {
	TenantID   string
	Period     string // e.g., "2024-01" for monthly quotas
	Documents  UsageMetric
	Signatures UsageMetric
	Reminders  UsageMetric
	Webhooks   UsageMetric
}

QuotaUsage represents current usage metrics for a tenant.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server represents the HTTP server with all its dependencies.

func (*Server) GetAddr 

func (s *Server) GetAddr() string

func (*Server) GetAuditLogger 

func (s *Server) GetAuditLogger() AuditLogger

GetAuditLogger returns the audit logger.

func (*Server) GetAuthProvider 

func (s *Server) GetAuthProvider() AuthProvider

GetAuthProvider returns the auth provider.

func (*Server) GetAuthorizer 

func (s *Server) GetAuthorizer() Authorizer

GetAuthorizer returns the authorizer.

func (*Server) GetDB 

func (s *Server) GetDB() *sql.DB

func (*Server) GetEmailSender 

func (s *Server) GetEmailSender() email.Sender

func (*Server) GetQuotaEnforcer 

func (s *Server) GetQuotaEnforcer() QuotaEnforcer

GetQuotaEnforcer returns the quota enforcer.

func (*Server) RegisterRoutes 

func (s *Server) RegisterRoutes(fn func(r *chi.Mux))

func (*Server) Router 

func (s *Server) Router() *chi.Mux

func (*Server) Shutdown 

func (s *Server) Shutdown(ctx context.Context) error

func (*Server) Start 

func (s *Server) Start() error

type ServerBuilder 

type ServerBuilder struct {
	// contains filtered or unexported fields
}

ServerBuilder allows dependency injection for extensibility. AuthProvider and Authorizer are REQUIRED and must be provided. QuotaEnforcer and AuditLogger have sensible defaults for CE.

func NewServerBuilder 

func NewServerBuilder(cfg *config.Config, frontend embed.FS, version string) *ServerBuilder

NewServerBuilder creates a new server builder with required configuration.

func (*ServerBuilder) Build 

func (b *ServerBuilder) Build(ctx context.Context) (*Server, error)

Build constructs the server with all dependencies.

func (*ServerBuilder) WithAdminService 

func (b *ServerBuilder) WithAdminService(service *services.AdminService) *ServerBuilder

WithAdminService injects an admin service.

func (*ServerBuilder) WithAuditLogger 

func (b *ServerBuilder) WithAuditLogger(logger AuditLogger) *ServerBuilder

WithAuditLogger injects an audit logger (optional, defaults to LogOnly).

func (*ServerBuilder) WithAuthProvider 

func (b *ServerBuilder) WithAuthProvider(provider AuthProvider) *ServerBuilder

WithAuthProvider injects an authentication provider (REQUIRED).

func (*ServerBuilder) WithAuthorizer 

func (b *ServerBuilder) WithAuthorizer(authorizer Authorizer) *ServerBuilder

WithAuthorizer injects an authorizer (REQUIRED).

func (*ServerBuilder) WithDB 

func (b *ServerBuilder) WithDB(db *sql.DB) *ServerBuilder

WithDB injects a database connection.

func (*ServerBuilder) WithDocumentService 

func (b *ServerBuilder) WithDocumentService(service *services.DocumentService) *ServerBuilder

WithDocumentService injects a document service.

func (*ServerBuilder) WithEmailSender 

func (b *ServerBuilder) WithEmailSender(sender email.Sender) *ServerBuilder

WithEmailSender injects an email sender.

func (*ServerBuilder) WithI18nService 

func (b *ServerBuilder) WithI18nService(i18n *i18n.I18n) *ServerBuilder

WithI18nService injects an i18n service.

func (*ServerBuilder) WithMagicLinkService 

func (b *ServerBuilder) WithMagicLinkService(service *services.MagicLinkService) *ServerBuilder

WithMagicLinkService injects a magic link service.

func (*ServerBuilder) WithOAuthProvider 

func (b *ServerBuilder) WithOAuthProvider(provider OAuthAuthProvider) *ServerBuilder

WithOAuthProvider injects an OAuth authentication provider (optional).

func (*ServerBuilder) WithQuotaEnforcer 

func (b *ServerBuilder) WithQuotaEnforcer(enforcer QuotaEnforcer) *ServerBuilder

WithQuotaEnforcer injects a quota enforcer (optional, defaults to NoLimit).

func (*ServerBuilder) WithReminderService 

func (b *ServerBuilder) WithReminderService(service *services.ReminderAsyncService) *ServerBuilder

WithReminderService injects a reminder service.

func (*ServerBuilder) WithSignatureService 

func (b *ServerBuilder) WithSignatureService(service *services.SignatureService) *ServerBuilder

WithSignatureService injects a signature service.

func (*ServerBuilder) WithSigner 

func (b *ServerBuilder) WithSigner(signer *crypto.Ed25519Signer) *ServerBuilder

WithSigner injects a cryptographic signer.

func (*ServerBuilder) WithTenantProvider 

func (b *ServerBuilder) WithTenantProvider(tp tenant.Provider) *ServerBuilder

WithTenantProvider injects a tenant provider.

func (*ServerBuilder) WithWebhookService 

func (b *ServerBuilder) WithWebhookService(service *services.WebhookService) *ServerBuilder

WithWebhookService injects a webhook service.

type SignatureRepository 

type SignatureRepository interface {
	GetByDoc(ctx context.Context, docID string) ([]*models.Signature, error)
}

SignatureRepository defines minimal signature operations for meta tags

type UsageMetric 

type UsageMetric struct {
	Used  int64
	Limit int64 // -1 means unlimited
}

UsageMetric represents usage for a single resource type.

func (UsageMetric) IsExceeded 

func (m UsageMetric) IsExceeded() bool

IsExceeded returns true if usage has exceeded the limit.

func (UsageMetric) IsUnlimited 

func (m UsageMetric) IsUnlimited() bool

IsUnlimited returns true if the metric has no limit.

func (UsageMetric) Remaining 

func (m UsageMetric) Remaining() int64

Remaining returns the remaining quota, or -1 if unlimited.

type User 

type User = types.User

User is an alias for the unified user type. This allows web package to use web.User while sharing the same underlying type.

Source Files

View all Source files

Directories

Path Synopsis
SPDX-License-Identifier: AGPL-3.0-or-later
 SPDX-License-Identifier: AGPL-3.0-or-later

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.