web

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2026 License: AGPL-3.0, AGPL-3.0-or-later Imports: 36 Imported by: 0

Documentation

Overview

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

Index

Constants

View Source 
const (
	AuditActionLogin           = "auth.login"
	AuditActionLogout          = "auth.logout"
	AuditActionDocumentCreate  = "document.create"
	AuditActionDocumentUpdate  = "document.update"
	AuditActionDocumentDelete  = "document.delete"
	AuditActionSignatureCreate = "signature.create"
	AuditActionReminderSend    = "reminder.send"
	AuditActionWebhookCreate   = "webhook.create"
	AuditActionWebhookUpdate   = "webhook.update"
	AuditActionWebhookDelete   = "webhook.delete"
	AuditActionSignerAdd       = "signer.add"
	AuditActionSignerRemove    = "signer.remove"
	AuditActionAdminAccess     = "admin.access"
)

AuditAction constants for common audit events.

Variables

View Source 
var (
	ErrNotAuthenticated = errors.New("user not authenticated")
	ErrNotAuthorized    = errors.New("user not authorized")
	ErrQuotaExceeded    = errors.New("quota exceeded")
	ErrProviderDisabled = errors.New("provider is disabled")
)

Common errors for capability providers.

Functions

func EmbedDocumentMiddleware 

func EmbedDocumentMiddleware(
	docService docService,
	publisher webhookPublisher,
) func(http.Handler) http.Handler

EmbedDocumentMiddleware creates documents on /embed access with strict rate limiting This ensures documents exist before the SPA renders, without requiring authentication The docServiceFn should be a function that calls FindOrCreateDocument

func EmbedFolder 

func EmbedFolder(fsEmbed embed.FS, targetPath string, baseURL string, version string, signatureRepo SignatureRepository) http.HandlerFunc

EmbedFolder returns an http.HandlerFunc that serves an embedded filesystem with SPA fallback support (serves index.html for non-existent routes). Only BASE_URL and VERSION are injected - other config is loaded via /api/v1/config.

Types

type AuditEvent added in v1.2.7 

type AuditEvent struct {
	Timestamp  time.Time
	TenantID   string
	UserEmail  string
	UserSub    string
	Action     string
	Resource   string
	ResourceID string
	Details    map[string]any
	IPAddress  string
	UserAgent  string
}

AuditEvent represents an auditable action in the system.

type AuditLogger added in v1.2.7 

type AuditLogger interface {
	// Log records an audit event.
	Log(ctx context.Context, event AuditEvent) error
}

AuditLogger defines the interface for audit logging. CE: LogOnlyAuditLogger (logs to standard logger). SaaS: DatabaseAuditLogger (stores in database with search/export).

type AuthProvider added in v1.2.7 

type AuthProvider = providers.AuthProvider

Re-export types from pkg/providers for convenience.

type AuthResult added in v1.2.7 

type AuthResult struct {
	User        *User
	RedirectURL string
}

AuthResult represents the result of an authentication operation.

type Authorizer added in v1.2.7 

type Authorizer = providers.Authorizer

type ConfigProvider added in v1.3.0 

type ConfigProvider interface {
	GetConfig() *models.MutableConfig
}

ConfigProvider provides dynamic configuration values.

type LogOnlyAuditLogger added in v1.2.7 

type LogOnlyAuditLogger struct{}

LogOnlyAuditLogger logs audit events to the standard logger. This is the default for Community Edition.

func NewLogOnlyAuditLogger added in v1.2.7 

func NewLogOnlyAuditLogger() *LogOnlyAuditLogger

func (*LogOnlyAuditLogger) Log added in v1.2.7 

func (l *LogOnlyAuditLogger) Log(_ context.Context, event AuditEvent) error

type MagicLinkResult added in v1.2.7 

type MagicLinkResult = providers.MagicLinkResult

type NoLimitQuotaEnforcer added in v1.2.7 

type NoLimitQuotaEnforcer struct{}

NoLimitQuotaEnforcer is a quota enforcer that imposes no limits. This is the default for Community Edition.

func NewNoLimitQuotaEnforcer added in v1.2.7 

func NewNoLimitQuotaEnforcer() *NoLimitQuotaEnforcer

func (*NoLimitQuotaEnforcer) Check added in v1.2.7 

func (e *NoLimitQuotaEnforcer) Check(_ context.Context, _ string, _ QuotaAction) error

func (*NoLimitQuotaEnforcer) GetUsage added in v1.2.7 

func (e *NoLimitQuotaEnforcer) GetUsage(_ context.Context, tenantID string) (*QuotaUsage, error)

func (*NoLimitQuotaEnforcer) Record added in v1.2.7 

func (e *NoLimitQuotaEnforcer) Record(_ context.Context, _ string, _ QuotaAction) error

type QuotaAction added in v1.2.7 

type QuotaAction string

QuotaAction represents an action that can be quota-limited. 

const (
	QuotaActionCreateDocument    QuotaAction = "document.create"
	QuotaActionCreateSignature   QuotaAction = "signature.create"
	QuotaActionSendReminder      QuotaAction = "reminder.send"
	QuotaActionCreateWebhook     QuotaAction = "webhook.create"
	QuotaActionAddExpectedSigner QuotaAction = "signer.add"
	QuotaActionWebhookDelivery   QuotaAction = "webhook.delivery"
)

type QuotaEnforcer added in v1.2.7 

type QuotaEnforcer interface {
	// Check verifies if the action is allowed under current quotas.
	Check(ctx context.Context, tenantID string, action QuotaAction) error

	// Record records that an action was performed.
	Record(ctx context.Context, tenantID string, action QuotaAction) error

	// GetUsage returns the current usage metrics for a tenant.
	GetUsage(ctx context.Context, tenantID string) (*QuotaUsage, error)
}

QuotaEnforcer defines the interface for quota management. CE: NoLimitQuotaEnforcer (no limits). SaaS: PlanBasedQuotaEnforcer (limits based on subscription plan).

type QuotaUsage added in v1.2.7 

type QuotaUsage struct {
	TenantID   string
	Period     string // e.g., "2024-01" for monthly quotas
	Documents  UsageMetric
	Signatures UsageMetric
	Reminders  UsageMetric
	Webhooks   UsageMetric
}

QuotaUsage represents current usage metrics for a tenant.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

func (*Server) GetAddr 

func (s *Server) GetAddr() string

func (*Server) GetAuditLogger added in v1.2.7 

func (s *Server) GetAuditLogger() AuditLogger

func (*Server) GetAuthProvider added in v1.2.7 

func (s *Server) GetAuthProvider() AuthProvider

func (*Server) GetAuthorizer added in v1.2.7 

func (s *Server) GetAuthorizer() Authorizer

func (*Server) GetDB 

func (s *Server) GetDB() *sql.DB

func (*Server) GetEmailSender 

func (s *Server) GetEmailSender() email.Sender

func (*Server) GetQuotaEnforcer added in v1.2.7 

func (s *Server) GetQuotaEnforcer() QuotaEnforcer

func (*Server) RegisterRoutes 

func (s *Server) RegisterRoutes(fn func(r *chi.Mux))

func (*Server) Router 

func (s *Server) Router() *chi.Mux

func (*Server) Shutdown 

func (s *Server) Shutdown(ctx context.Context) error

func (*Server) Start 

func (s *Server) Start() error

type ServerBuilder added in v1.2.7 

type ServerBuilder struct {
	// contains filtered or unexported fields
}

ServerBuilder allows dependency injection for extensibility. DB and TenantProvider are REQUIRED. AuthProvider and Authorizer have sensible CE defaults (AuthProvider, SimpleAuthorizer). QuotaEnforcer and AuditLogger have sensible CE defaults (NoLimit, LogOnly). All technical services (I18n, Email, MagicLink, Reminder, Config) are created internally.

func NewServerBuilder added in v1.2.7 

func NewServerBuilder(cfg *config.Config, frontend embed.FS, version string) *ServerBuilder

func (*ServerBuilder) Build added in v1.2.7 

func (b *ServerBuilder) Build(ctx context.Context) (*Server, error)

Build constructs the server with all dependencies.

func (*ServerBuilder) WithAuditLogger added in v1.2.7 

func (b *ServerBuilder) WithAuditLogger(logger AuditLogger) *ServerBuilder

WithAuditLogger injects an audit logger (optional, defaults to LogOnly).

func (*ServerBuilder) WithAuthProvider added in v1.2.7 

func (b *ServerBuilder) WithAuthProvider(provider AuthProvider) *ServerBuilder

WithAuthProvider injects an authentication provider (REQUIRED).

func (*ServerBuilder) WithAuthorizer added in v1.2.7 

func (b *ServerBuilder) WithAuthorizer(authorizer Authorizer) *ServerBuilder

WithAuthorizer injects an authorizer (REQUIRED).

func (*ServerBuilder) WithDB added in v1.2.7 

func (b *ServerBuilder) WithDB(db *sql.DB) *ServerBuilder

WithDB injects a database connection (REQUIRED).

func (*ServerBuilder) WithQuotaEnforcer added in v1.2.7 

func (b *ServerBuilder) WithQuotaEnforcer(enforcer QuotaEnforcer) *ServerBuilder

WithQuotaEnforcer injects a quota enforcer (optional, defaults to NoLimit).

func (*ServerBuilder) WithTenantProvider added in v1.2.7 

func (b *ServerBuilder) WithTenantProvider(tp tenant.Provider) *ServerBuilder

WithTenantProvider injects a tenant provider (REQUIRED).

type SignatureRepository added in v1.2.7 

type SignatureRepository interface {
	GetByDoc(ctx context.Context, docID string) ([]*models.Signature, error)
}

SignatureRepository defines minimal signature operations for meta tags

type UsageMetric added in v1.2.7 

type UsageMetric struct {
	Used  int64
	Limit int64 // -1 means unlimited
}

UsageMetric represents usage for a single resource type.

func (UsageMetric) IsExceeded added in v1.2.7 

func (m UsageMetric) IsExceeded() bool

IsExceeded returns true if usage has exceeded the limit.

func (UsageMetric) IsUnlimited added in v1.2.7 

func (m UsageMetric) IsUnlimited() bool

IsUnlimited returns true if the metric has no limit.

func (UsageMetric) Remaining added in v1.2.7 

func (m UsageMetric) Remaining() int64

Remaining returns the remaining quota, or -1 if unlimited.

type User added in v1.2.7 

type User = types.User

User is an alias for the unified user type. This allows web package to use web.User while sharing the same underlying type.

Source Files

View all Source files

Directories

Path Synopsis
SPDX-License-Identifier: AGPL-3.0-or-later
 SPDX-License-Identifier: AGPL-3.0-or-later

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.