auth

package

v0.6.4 Latest Latest Go to latest Published: Dec 30, 2025 License: AGPL-3.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/compliance-framework/api

Links

Open Source Insights

Documentation ¶

Index ¶

func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, cfg *config.Config, ...)
type AuthHandler
- func NewAuthHandler(logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, ...) *AuthHandler
type ProviderInfo
type SSOHandler
- func NewSSOHandler(logger *zap.SugaredLogger, db *gorm.DB, cfg *config.Config, ...) *SSOHandler

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RegisterHandlers ¶

func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, cfg *config.Config, metrics *api.PrometheusMetrics)

Types ¶

type AuthHandler ¶

type AuthHandler struct {
	// contains filtered or unexported fields
}

func NewAuthHandler ¶

func NewAuthHandler(logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, metrics *api.PrometheusMetrics, emailService *email.Service) *AuthHandler

func (*AuthHandler) CheckUser ¶

func (h *AuthHandler) CheckUser(username, password string) (*relational.User, bool, error)

CheckUser verifies a user's credentials.

It looks up the user by email (username) in the database. If the user is not found, it returns (nil, true, error) where the error is a generic invalid credentials error and the boolean indicates unauthorized access. If a database error occurs, it returns (nil, false, error). If the user is found but the password does not match, it returns (nil, true, error) with the same invalid credentials error. If the credentials are valid, it returns the user, false, and nil error.

Parameters:

username: the user's email address
password: the user's password

Returns:

*relational.User: the user object if credentials are valid, otherwise nil
bool: true if unauthorized (invalid credentials), false otherwise
error: error if any occurred, or nil

func (*AuthHandler) ForgotPassword ¶ added in v0.6.4

func (h *AuthHandler) ForgotPassword(ctx echo.Context) error

ForgotPassword godoc

@Summary		Forgot password
@Description	Sends a password reset email to users with authMethod=password
@Tags			Auth
@Accept			json
@Produce		json
@Param			request	body		auth.AuthHandler.ForgotPassword.request	true	"Email"
@Success		200		{object}	handler.GenericDataResponse[string]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/auth/forgot-password [post]

func (*AuthHandler) GetJWK ¶

func (h *AuthHandler) GetJWK(ctx echo.Context) error

GetJWK godoc

@Summary		Get JWK
@Description	Get JSON Web Key (JWK) representation of the JWT public key
@Tags			Auth
@Accept			json
@Produce		json
@Success		200	{object}	authn.JWK
@Failure		500	{object}	api.Error
@Router			/auth/publickey [get]

func (*AuthHandler) GetOAuth2Token ¶

func (h *AuthHandler) GetOAuth2Token(ctx echo.Context) error

GetOAuth2Token godoc

@Summary		Get OAuth2 token
@Description	Get OAuth2 token using username and password
@Tags			Auth
@Accept			x-www-form-urlencoded
@Produce		json
@Param			username	formData	string	true	"Username (email)"
@Param			password	formData	string	true	"Password"
@Success		200			{object}	auth.AuthHandler.GetOAuth2Token.response
@Failure		400			{object}	api.Error
@Failure		401			{object}	api.Error
@Failure		500			{object}	api.Error
@Router			/auth/token [post]

func (*AuthHandler) GetPublicKeyPEM ¶

func (h *AuthHandler) GetPublicKeyPEM(ctx echo.Context) error

GetPublicKeyPEM returns a plaintext representation of the JWT public key in PEM format.

func (*AuthHandler) LoginUser ¶

func (h *AuthHandler) LoginUser(ctx echo.Context) error

LoginUser godoc

@Summary		Login user
@Description	Login user and returns a JWT token and sets a cookie with the token
@Tags			Auth
@Accept			json
@Produce		json
@Param			loginRequest	body		auth.AuthHandler.LoginUser.loginRequest	true	"Login Data"
@Success		200				{object}	handler.GenericDataResponse[auth.AuthHandler.LoginUser.response]
@Failure		400				{object}	api.Error
@Failure		401				{object}	handler.GenericDataResponse[auth.AuthHandler.LoginUser.errorResponse]
@Failure		500				{object}	api.Error
@Router			/auth/login [post]

func (*AuthHandler) PasswordReset ¶ added in v0.6.4

func (h *AuthHandler) PasswordReset(ctx echo.Context) error

PasswordReset godoc

@Summary		Reset password
@Description	Resets password using a valid JWT token
@Tags			Auth
@Accept			json
@Produce		json
@Param			request	body		auth.AuthHandler.PasswordReset.request	true	"Reset data"
@Success		200		{object}	handler.GenericDataResponse[string]
@Failure		400		{object}	api.Error
@Failure		401		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/auth/password-reset [post]

func (*AuthHandler) Register ¶

func (h *AuthHandler) Register(api *echo.Group)

type ProviderInfo ¶ added in v0.5.0

type ProviderInfo struct {
	Name        string `json:"name"`
	DisplayName string `json:"displayName"`
	Enabled     bool   `json:"enabled"`
	IconURL     string `json:"iconUrl,omitempty"`
}

type SSOHandler ¶ added in v0.5.0

type SSOHandler struct {
	// contains filtered or unexported fields
}

func NewSSOHandler ¶ added in v0.5.0

func NewSSOHandler(
	logger *zap.SugaredLogger,
	db *gorm.DB,
	cfg *config.Config,
	ssoSvc *sso.Service,
	metrics *api.PrometheusMetrics,
) *SSOHandler

func (*SSOHandler) Callback ¶ added in v0.5.0

func (h *SSOHandler) Callback(ctx echo.Context) error

func (*SSOHandler) InitiateLogin ¶ added in v0.5.0

func (h *SSOHandler) InitiateLogin(ctx echo.Context) error

func (*SSOHandler) ListProviders ¶ added in v0.5.0

func (h *SSOHandler) ListProviders(ctx echo.Context) error

func (*SSOHandler) Register ¶ added in v0.5.0

func (h *SSOHandler) Register(api *echo.Group)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL