Documentation
¶
Overview ¶
SPDX-License-Identifier: AGPL-3.0-or-later
SPDX-License-Identifier: AGPL-3.0-or-later
SPDX-License-Identifier: AGPL-3.0-or-later
SPDX-License-Identifier: AGPL-3.0-or-later
SPDX-License-Identifier: AGPL-3.0-or-later
SPDX-License-Identifier: AGPL-3.0-or-later
Index ¶
- Constants
- Variables
- func EmbedDocumentMiddleware(docService docService, publisher webhookPublisher) func(http.Handler) http.Handler
- func EmbedFolder(fsEmbed embed.FS, targetPath string, baseURL string, version string, ...) http.HandlerFunc
- type AuditEvent
- type AuditLogger
- type AuthProvider
- type AuthResult
- type Authorizer
- type CompositeAuthProvider
- func (c *CompositeAuthProvider) GetCurrentUser(r *http.Request) (*User, error)
- func (c *CompositeAuthProvider) IsConfigured() bool
- func (c *CompositeAuthProvider) Logout(w http.ResponseWriter, r *http.Request)
- func (c *CompositeAuthProvider) MagicLinkEnabled() bool
- func (c *CompositeAuthProvider) OAuthEnabled() bool
- func (c *CompositeAuthProvider) SetCurrentUser(w http.ResponseWriter, r *http.Request, user *User) error
- type LogOnlyAuditLogger
- type MagicLinkAuthProvider
- type MagicLinkResult
- type NoLimitQuotaEnforcer
- type OAuthAuthProvider
- type QuotaAction
- type QuotaEnforcer
- type QuotaUsage
- type Server
- func (s *Server) GetAddr() string
- func (s *Server) GetAuditLogger() AuditLogger
- func (s *Server) GetAuthProvider() AuthProvider
- func (s *Server) GetAuthorizer() Authorizer
- func (s *Server) GetDB() *sql.DB
- func (s *Server) GetEmailSender() email.Sender
- func (s *Server) GetQuotaEnforcer() QuotaEnforcer
- func (s *Server) RegisterRoutes(fn func(r *chi.Mux))
- func (s *Server) Router() *chi.Mux
- func (s *Server) Shutdown(ctx context.Context) error
- func (s *Server) Start() error
- type ServerBuilder
- func (b *ServerBuilder) Build(ctx context.Context) (*Server, error)
- func (b *ServerBuilder) WithAdminService(service *services.AdminService) *ServerBuilder
- func (b *ServerBuilder) WithAuditLogger(logger AuditLogger) *ServerBuilder
- func (b *ServerBuilder) WithAuthProvider(provider AuthProvider) *ServerBuilder
- func (b *ServerBuilder) WithAuthorizer(authorizer Authorizer) *ServerBuilder
- func (b *ServerBuilder) WithDB(db *sql.DB) *ServerBuilder
- func (b *ServerBuilder) WithDocumentService(service *services.DocumentService) *ServerBuilder
- func (b *ServerBuilder) WithEmailSender(sender email.Sender) *ServerBuilder
- func (b *ServerBuilder) WithI18nService(i18n *i18n.I18n) *ServerBuilder
- func (b *ServerBuilder) WithMagicLinkService(service *services.MagicLinkService) *ServerBuilder
- func (b *ServerBuilder) WithOAuthProvider(provider OAuthAuthProvider) *ServerBuilder
- func (b *ServerBuilder) WithQuotaEnforcer(enforcer QuotaEnforcer) *ServerBuilder
- func (b *ServerBuilder) WithReminderService(service *services.ReminderAsyncService) *ServerBuilder
- func (b *ServerBuilder) WithSignatureService(service *services.SignatureService) *ServerBuilder
- func (b *ServerBuilder) WithSigner(signer *crypto.Ed25519Signer) *ServerBuilder
- func (b *ServerBuilder) WithTenantProvider(tp tenant.Provider) *ServerBuilder
- func (b *ServerBuilder) WithWebhookService(service *services.WebhookService) *ServerBuilder
- type SignatureRepository
- type UsageMetric
- type User
Constants ¶
const ( AuditActionLogin = "auth.login" AuditActionLogout = "auth.logout" AuditActionDocumentCreate = "document.create" AuditActionDocumentUpdate = "document.update" AuditActionDocumentDelete = "document.delete" AuditActionSignatureCreate = "signature.create" AuditActionReminderSend = "reminder.send" AuditActionWebhookCreate = "webhook.create" AuditActionWebhookUpdate = "webhook.update" AuditActionWebhookDelete = "webhook.delete" AuditActionSignerAdd = "signer.add" AuditActionSignerRemove = "signer.remove" AuditActionAdminAccess = "admin.access" )
AuditAction constants for common audit events.
Variables ¶
var ( ErrNotAuthenticated = errors.New("user not authenticated") ErrNotAuthorized = errors.New("user not authorized") ErrQuotaExceeded = errors.New("quota exceeded") ErrProviderDisabled = errors.New("provider is disabled") )
Common errors for capability providers.
Functions ¶
func EmbedDocumentMiddleware ¶
func EmbedDocumentMiddleware( docService docService, publisher webhookPublisher, ) func(http.Handler) http.Handler
EmbedDocumentMiddleware creates documents on /embed access with strict rate limiting This ensures documents exist before the SPA renders, without requiring authentication The docServiceFn should be a function that calls FindOrCreateDocument
func EmbedFolder ¶
func EmbedFolder(fsEmbed embed.FS, targetPath string, baseURL string, version string, oauthEnabled bool, magicLinkEnabled bool, smtpEnabled bool, onlyAdminCanCreate bool, signatureRepo SignatureRepository) http.HandlerFunc
EmbedFolder returns an http.HandlerFunc that serves an embedded filesystem with SPA fallback support (serves index.html for non-existent routes) For index.html, it replaces __ACKIFY_BASE_URL__ placeholder with the actual base URL, __ACKIFY_VERSION__ with the application version, __ACKIFY_OAUTH_ENABLED__ and __ACKIFY_MAGICLINK_ENABLED__ with auth method flags, __ACKIFY_SMTP_ENABLED__ with SMTP availability flag, __ACKIFY_ONLY_ADMIN_CAN_CREATE__ with document creation restriction flag, and __META_TAGS__ with dynamic meta tags based on query parameters
Types ¶
type AuditEvent ¶ added in v1.2.7
type AuditEvent struct {
Timestamp time.Time
TenantID string
UserEmail string
UserSub string
Action string
Resource string
ResourceID string
Details map[string]any
IPAddress string
UserAgent string
}
AuditEvent represents an auditable action in the system.
type AuditLogger ¶ added in v1.2.7
type AuditLogger interface {
// Log records an audit event.
Log(ctx context.Context, event AuditEvent) error
}
AuditLogger defines the interface for audit logging. CE: LogOnlyAuditLogger (logs to standard logger). SaaS: DatabaseAuditLogger (stores in database with search/export).
type AuthProvider ¶ added in v1.2.7
type AuthProvider = providers.AuthProvider
Re-export interfaces from pkg/providers for backward compatibility. This allows pkg/web users to continue using web.AuthProvider, etc.
type AuthResult ¶ added in v1.2.7
AuthResult represents the result of an authentication operation.
type Authorizer ¶ added in v1.2.7
type Authorizer = providers.Authorizer
type CompositeAuthProvider ¶ added in v1.2.7
type CompositeAuthProvider struct {
OAuth OAuthAuthProvider
MagicLink MagicLinkAuthProvider
// contains filtered or unexported fields
}
CompositeAuthProvider combines multiple auth providers (OAuth + MagicLink). This is the typical setup for CE where both methods may be enabled.
func NewCompositeAuthProvider ¶ added in v1.2.7
func NewCompositeAuthProvider(oauth OAuthAuthProvider, magicLink MagicLinkAuthProvider, sessionProvider AuthProvider) *CompositeAuthProvider
NewCompositeAuthProvider creates a new composite auth provider.
func (*CompositeAuthProvider) GetCurrentUser ¶ added in v1.2.7
func (c *CompositeAuthProvider) GetCurrentUser(r *http.Request) (*User, error)
GetCurrentUser implements AuthProvider.
func (*CompositeAuthProvider) IsConfigured ¶ added in v1.2.7
func (c *CompositeAuthProvider) IsConfigured() bool
IsConfigured implements AuthProvider.
func (*CompositeAuthProvider) Logout ¶ added in v1.2.7
func (c *CompositeAuthProvider) Logout(w http.ResponseWriter, r *http.Request)
Logout implements AuthProvider.
func (*CompositeAuthProvider) MagicLinkEnabled ¶ added in v1.2.7
func (c *CompositeAuthProvider) MagicLinkEnabled() bool
MagicLinkEnabled returns true if MagicLink is configured.
func (*CompositeAuthProvider) OAuthEnabled ¶ added in v1.2.7
func (c *CompositeAuthProvider) OAuthEnabled() bool
OAuthEnabled returns true if OAuth is configured.
func (*CompositeAuthProvider) SetCurrentUser ¶ added in v1.2.7
func (c *CompositeAuthProvider) SetCurrentUser(w http.ResponseWriter, r *http.Request, user *User) error
SetCurrentUser implements AuthProvider.
type LogOnlyAuditLogger ¶ added in v1.2.7
type LogOnlyAuditLogger struct{}
LogOnlyAuditLogger logs audit events to the standard logger. This is the default for Community Edition.
func NewLogOnlyAuditLogger ¶ added in v1.2.7
func NewLogOnlyAuditLogger() *LogOnlyAuditLogger
NewLogOnlyAuditLogger creates a new log-only audit logger.
func (*LogOnlyAuditLogger) Log ¶ added in v1.2.7
func (l *LogOnlyAuditLogger) Log(_ context.Context, event AuditEvent) error
Log writes the audit event to the standard logger.
type MagicLinkAuthProvider ¶ added in v1.2.7
type MagicLinkAuthProvider interface {
providers.AuthProvider
// RequestMagicLink sends a magic link to the specified email.
RequestMagicLink(ctx context.Context, email, redirectTo, ip, userAgent, locale string) error
// VerifyMagicLink verifies a magic link token and returns the associated user info.
VerifyMagicLink(ctx context.Context, token, ip, userAgent string) (*MagicLinkResult, error)
// VerifyReminderAuthToken verifies a reminder auth token.
VerifyReminderAuthToken(ctx context.Context, token, ip, userAgent string) (*MagicLinkResult, error)
// CreateReminderAuthToken creates an auth token for reminder emails.
CreateReminderAuthToken(ctx context.Context, email, docID string) (string, error)
}
MagicLinkAuthProvider extends AuthProvider with magic link-specific methods. Used when magic link authentication is enabled.
type MagicLinkResult ¶ added in v1.2.7
type MagicLinkResult struct {
Email string
RedirectTo string
DocID *string // Non-nil for reminder auth tokens
}
MagicLinkResult represents the result of verifying a magic link.
type NoLimitQuotaEnforcer ¶ added in v1.2.7
type NoLimitQuotaEnforcer struct{}
NoLimitQuotaEnforcer is a quota enforcer that imposes no limits. This is the default for Community Edition.
func NewNoLimitQuotaEnforcer ¶ added in v1.2.7
func NewNoLimitQuotaEnforcer() *NoLimitQuotaEnforcer
NewNoLimitQuotaEnforcer creates a new no-limit quota enforcer.
func (*NoLimitQuotaEnforcer) Check ¶ added in v1.2.7
func (e *NoLimitQuotaEnforcer) Check(_ context.Context, _ string, _ QuotaAction) error
Check always returns nil (no quota limits).
func (*NoLimitQuotaEnforcer) GetUsage ¶ added in v1.2.7
func (e *NoLimitQuotaEnforcer) GetUsage(_ context.Context, tenantID string) (*QuotaUsage, error)
GetUsage returns unlimited usage metrics.
func (*NoLimitQuotaEnforcer) Record ¶ added in v1.2.7
func (e *NoLimitQuotaEnforcer) Record(_ context.Context, _ string, _ QuotaAction) error
Record is a no-op (nothing to track).
type OAuthAuthProvider ¶ added in v1.2.7
type OAuthAuthProvider = providers.OAuthAuthProvider
type QuotaAction ¶ added in v1.2.7
type QuotaAction string
QuotaAction represents an action that can be quota-limited.
const ( QuotaActionCreateDocument QuotaAction = "document.create" QuotaActionCreateSignature QuotaAction = "signature.create" QuotaActionSendReminder QuotaAction = "reminder.send" QuotaActionCreateWebhook QuotaAction = "webhook.create" QuotaActionAddExpectedSigner QuotaAction = "signer.add" QuotaActionWebhookDelivery QuotaAction = "webhook.delivery" )
type QuotaEnforcer ¶ added in v1.2.7
type QuotaEnforcer interface {
// Check verifies if the action is allowed under current quotas.
// Returns ErrQuotaExceeded if the quota would be exceeded.
Check(ctx context.Context, tenantID string, action QuotaAction) error
// Record records that an action was performed (for tracking usage).
// Should be called after the action succeeds.
Record(ctx context.Context, tenantID string, action QuotaAction) error
// GetUsage returns the current usage metrics for a tenant.
GetUsage(ctx context.Context, tenantID string) (*QuotaUsage, error)
}
QuotaEnforcer defines the interface for quota management. CE: NoLimitQuotaEnforcer (no limits). SaaS: PlanBasedQuotaEnforcer (limits based on subscription plan).
type QuotaUsage ¶ added in v1.2.7
type QuotaUsage struct {
TenantID string
Period string // e.g., "2024-01" for monthly quotas
Documents UsageMetric
Signatures UsageMetric
Reminders UsageMetric
Webhooks UsageMetric
}
QuotaUsage represents current usage metrics for a tenant.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server represents the HTTP server with all its dependencies.
func (*Server) GetAuditLogger ¶ added in v1.2.7
func (s *Server) GetAuditLogger() AuditLogger
GetAuditLogger returns the audit logger.
func (*Server) GetAuthProvider ¶ added in v1.2.7
func (s *Server) GetAuthProvider() AuthProvider
GetAuthProvider returns the auth provider.
func (*Server) GetAuthorizer ¶ added in v1.2.7
func (s *Server) GetAuthorizer() Authorizer
GetAuthorizer returns the authorizer.
func (*Server) GetEmailSender ¶
func (*Server) GetQuotaEnforcer ¶ added in v1.2.7
func (s *Server) GetQuotaEnforcer() QuotaEnforcer
GetQuotaEnforcer returns the quota enforcer.
func (*Server) RegisterRoutes ¶
type ServerBuilder ¶ added in v1.2.7
type ServerBuilder struct {
// contains filtered or unexported fields
}
ServerBuilder allows dependency injection for extensibility. AuthProvider and Authorizer are REQUIRED and must be provided. QuotaEnforcer and AuditLogger have sensible defaults for CE.
func NewServerBuilder ¶ added in v1.2.7
NewServerBuilder creates a new server builder with required configuration.
func (*ServerBuilder) Build ¶ added in v1.2.7
func (b *ServerBuilder) Build(ctx context.Context) (*Server, error)
Build constructs the server with all dependencies.
func (*ServerBuilder) WithAdminService ¶ added in v1.2.7
func (b *ServerBuilder) WithAdminService(service *services.AdminService) *ServerBuilder
WithAdminService injects an admin service.
func (*ServerBuilder) WithAuditLogger ¶ added in v1.2.7
func (b *ServerBuilder) WithAuditLogger(logger AuditLogger) *ServerBuilder
WithAuditLogger injects an audit logger (optional, defaults to LogOnly).
func (*ServerBuilder) WithAuthProvider ¶ added in v1.2.7
func (b *ServerBuilder) WithAuthProvider(provider AuthProvider) *ServerBuilder
WithAuthProvider injects an authentication provider (REQUIRED).
func (*ServerBuilder) WithAuthorizer ¶ added in v1.2.7
func (b *ServerBuilder) WithAuthorizer(authorizer Authorizer) *ServerBuilder
WithAuthorizer injects an authorizer (REQUIRED).
func (*ServerBuilder) WithDB ¶ added in v1.2.7
func (b *ServerBuilder) WithDB(db *sql.DB) *ServerBuilder
WithDB injects a database connection.
func (*ServerBuilder) WithDocumentService ¶ added in v1.2.7
func (b *ServerBuilder) WithDocumentService(service *services.DocumentService) *ServerBuilder
WithDocumentService injects a document service.
func (*ServerBuilder) WithEmailSender ¶ added in v1.2.7
func (b *ServerBuilder) WithEmailSender(sender email.Sender) *ServerBuilder
WithEmailSender injects an email sender.
func (*ServerBuilder) WithI18nService ¶ added in v1.2.7
func (b *ServerBuilder) WithI18nService(i18n *i18n.I18n) *ServerBuilder
WithI18nService injects an i18n service.
func (*ServerBuilder) WithMagicLinkService ¶ added in v1.2.7
func (b *ServerBuilder) WithMagicLinkService(service *services.MagicLinkService) *ServerBuilder
WithMagicLinkService injects a magic link service.
func (*ServerBuilder) WithOAuthProvider ¶ added in v1.2.7
func (b *ServerBuilder) WithOAuthProvider(provider OAuthAuthProvider) *ServerBuilder
WithOAuthProvider injects an OAuth authentication provider (optional).
func (*ServerBuilder) WithQuotaEnforcer ¶ added in v1.2.7
func (b *ServerBuilder) WithQuotaEnforcer(enforcer QuotaEnforcer) *ServerBuilder
WithQuotaEnforcer injects a quota enforcer (optional, defaults to NoLimit).
func (*ServerBuilder) WithReminderService ¶ added in v1.2.7
func (b *ServerBuilder) WithReminderService(service *services.ReminderAsyncService) *ServerBuilder
WithReminderService injects a reminder service.
func (*ServerBuilder) WithSignatureService ¶ added in v1.2.7
func (b *ServerBuilder) WithSignatureService(service *services.SignatureService) *ServerBuilder
WithSignatureService injects a signature service.
func (*ServerBuilder) WithSigner ¶ added in v1.2.7
func (b *ServerBuilder) WithSigner(signer *crypto.Ed25519Signer) *ServerBuilder
WithSigner injects a cryptographic signer.
func (*ServerBuilder) WithTenantProvider ¶ added in v1.2.7
func (b *ServerBuilder) WithTenantProvider(tp tenant.Provider) *ServerBuilder
WithTenantProvider injects a tenant provider.
func (*ServerBuilder) WithWebhookService ¶ added in v1.2.7
func (b *ServerBuilder) WithWebhookService(service *services.WebhookService) *ServerBuilder
WithWebhookService injects a webhook service.
type SignatureRepository ¶ added in v1.2.7
type SignatureRepository interface {
GetByDoc(ctx context.Context, docID string) ([]*models.Signature, error)
}
SignatureRepository defines minimal signature operations for meta tags
type UsageMetric ¶ added in v1.2.7
UsageMetric represents usage for a single resource type.
func (UsageMetric) IsExceeded ¶ added in v1.2.7
func (m UsageMetric) IsExceeded() bool
IsExceeded returns true if usage has exceeded the limit.
func (UsageMetric) IsUnlimited ¶ added in v1.2.7
func (m UsageMetric) IsUnlimited() bool
IsUnlimited returns true if the metric has no limit.
func (UsageMetric) Remaining ¶ added in v1.2.7
func (m UsageMetric) Remaining() int64
Remaining returns the remaining quota, or -1 if unlimited.
Source Files
Directories