Documentation
¶
Index ¶
Constants ¶
View Source
const ( // CookieAccount refers to the user's account identifier. CookieAccount = "account" // CookieHaveTOTP indicates whether the user already has a TOTP secret. CookieHaveTOTP = "already_have_totp" // CookieTOTPURL holds the otpauth:// URL during TOTP registration. CookieTOTPURL = "totp_url" // CookieUserBackend records which backend authenticated the user (e.g. LDAP/Lua). CookieUserBackend = "user_backend" // CookieUniqueUserID stores a backend-specific unique user identifier. CookieUniqueUserID = "unique_userid" // CookieDisplayName stores a human-friendly display name for the user. CookieDisplayName = "display_name" // CookieLang stores the UI language preference selected during login/consent. CookieLang = "lang" // CookieUsername stores the supplied username during the login flow. CookieUsername = "username" // CookieAuthResult stores the authentication outcome (uint8 AuthResult). CookieAuthResult = "auth_result" // CookieSubject stores the OIDC subject if computed in-session. CookieSubject = "subject" // CookieRemember signals a "remember me" option for the session. CookieRemember = "remember" // CookieRegistration is used during WebAuthn device registration. CookieRegistration = "webauthn_registration" // CookieTOTPSecret temporarily holds a generated TOTP secret during flow. CookieTOTPSecret = "totp_secret" // CookieHome marks that the user reached the 2FA home page in the flow. CookieHome = "home" )
Cookie keys used by registration/login flows.
View Source
const ( // RoleAdmin represents the admin role with full access to all features RoleAdmin = "admin" // RoleSecurity represents the security role with access to security-related features RoleSecurity = "security" // RoleAuthenticate represents the role required to perform authentication requests RoleAuthenticate = "authenticate" // RoleUserInfo represents the user_info role for accessing user information RoleUserInfo = "user_info" // RoleListAccounts represents the list_accounts role for listing user accounts RoleListAccounts = "list_accounts" )
Role constants for JWT authentication
View Source
const ( // LogKeyGUID represents the session identifier used in log entries. LogKeyGUID = "session" // LogKeyMsg represents the message content in log entries. LogKeyMsg = "msg" // LogKeyError represents the log key for logging error messages or errors in the application. LogKeyError = "error" // LogKeyInstance represents instance identification in log entries. LogKeyInstance = "instance" // LogKeyProtocol represents the network protocol used, logged in log entries. LogKeyProtocol = "protocol" // LogKeyOIDCCID represents the log key for OpenID Connect Client ID. LogKeyOIDCCID = "oidc_cid" // LogKeyLocalIP represents the local IP address, logged in log entries. LogKeyLocalIP = "local_ip" // LogKeyPort identifies the port where an operation occurred. LogKeyPort = "port" // LogKeyTLSSecure represents whether a TLS secure connection is being used, logged in log entries. LogKeyTLSSecure = "tls_protocol" // LogKeyTLSCipher represents the cipher used in the TLS connection, logged in log entries. LogKeyTLSCipher = "tls_cipher" // LogKeyAuthMethod represents the authentication method used for a session. LogKeyAuthMethod = "auth_method" // LogKeyUsername represents the username being used for authentication during a session. LogKeyUsername = "username" // LogKeyClientIP represents the IP address of the client. LogKeyClientIP = "client_ip" // LogKeyClientPort represents the port number of the client. LogKeyClientPort = "client_port" // LogKeyClientHost represents the hostname of the client. LogKeyClientHost = "client_host" // LogKeyLoginAttempts represents the number of current password retry attempts. LogKeyLoginAttempts = "current_password_retries" // LogKeyUserAgent represents the user-agent string of the client. LogKeyUserAgent = "user_agent" // LogKeyClientID represents the unique client ID. LogKeyClientID = "client_id" // LogKeyClientName represents the client name. LogKeyClientName = "client_name" // LogKeyPasswordsAccountSeen represents the number of passwords seen for an account. LogKeyPasswordsAccountSeen = "account_passwords_seen" // LogKeyPasswordsTotalSeen represents the total number of passwords seen. LogKeyPasswordsTotalSeen = "total_passwords_seen" // LogKeyUsedPassdbBackend represents the backend used for password database operations. LogKeyUsedPassdbBackend = "passdb_backend" // LogKeyBruteForce indicates whether a brute force attempt has been detected. LogKeyBruteForce = "brute_force" // LogKeyBruteForceName represents the name of the bucket used for brute force detection. LogKeyBruteForceName = "brute_force_bucket" // LogKeyFeatureName represents the name of a feature for feature status logging. LogKeyFeatureName = "feature" // LogKeyStatusMessage represents a status message for an operation. LogKeyStatusMessage = "status_message" // LogKeyStatus represents the general status (like authentication) for logging. LogKeyStatus = "authenticated" // LogKeyAuthorized represents whether the request was authorized by filters (authz). LogKeyAuthorized = "authz" // LogKeyAuthenticatedBool is a boolean that reflects the backend authentication decision (authn). // This complements LogKeyStatus (string: ok/fail/tempfail) and is always present in final logs. LogKeyAuthenticatedBool = "authn" // LogKeyMode represents the mode of the operation. LogKeyMode = "mode" // LogKeyBackendName is the log entry key for specifying the name of the backend in use. LogKeyBackendName = "backend_name" // LogKeyRateLimitReason represents the reason for a 429 Too Many Requests response. LogKeyRateLimitReason = "ratelimit_reason" // LogKeySkip indicates whether an operation was skipped. LogKeySkip = "skip" // LogKeyUriPath represents the URI path of a request. LogKeyUriPath = "uri_path" // LogKeyAuthStatus represents the status of the authentication process. LogKeyAuthStatus = "status" // LogKeyAuthAccept indicates if the authentication was accepted. LogKeyAuthAccept = "accept" // LogKeyAuthReject indicates if the authentication was rejected. LogKeyAuthReject = "reject" // LogKeyAuthSubject represents the subject identifier in an authentication process. LogKeyAuthSubject = "subject" // LogKeyMethod represents the HTTP method for request logging. LogKeyMethod = "http_method" // LogKeyHTTPStatus represents the HTTP status code for logging. LogKeyHTTPStatus = "http_status" // LogKeyLatency represents the latency of a network operation for performance logging. LogKeyLatency = "latency" // LogKeyFilterLatency represents the latency of filter operations for performance logging. LogKeyFilterLatency = "filter_latency" // LogKeyRejectedFilters contains a comma-separated list of filters that rejected the request (action=true). LogKeyRejectedFilters = "filter_rejected_filters" // LogKeyFilterResults contains a compact mapping of filter name to result status: ok, fail, or unknown(n). LogKeyFilterResults = "filter_results" // LogKeyFeatureLatency represents the latency of feature operations for performance logging. LogKeyFeatureLatency = "feature_latency" // LogKeyStatsAlloc represents the stats for allocations logged. LogKeyStatsAlloc = "stats_alloc" // LogKeyStatsHeapAlloc represents the heap allocations in memory stats logging. LogKeyStatsHeapAlloc = "stats_heap_alloc" // LogKeyStatsHeapInUse represents heap memory currently in use for memory stats logging. LogKeyStatsHeapInUse = "stats_heap_in_use" // LogKeyStatsHeapIdle represents heap memory currently idling for memory stats logging. LogKeyStatsHeapIdle = "stats_heap_idle" // LogKeyStatsStackInUse represents stack memory currently in use for memory stats logging. LogKeyStatsStackInUse = "stats_stack_in_use" // LogKeyStatsStackSys represents system level stats about the program's stack. LogKeyStatsStackSys = "stats_stack_sys" // LogKeyStatsSys represents general system level stats about the program. LogKeyStatsSys = "stats_sys" // LogKeyStatsTotalAlloc represents total allocation in memory stats logging. LogKeyStatsTotalAlloc = "stats_total_alloc" // LogKeyStatsNumGC indicates the number of GC runs. LogKeyStatsNumGC = "stats_num_gc" // LogKeyStatsMallocs represents the number of allocations done by 'malloc' system call LogKeyStatsMallocs = "stats_mallocs" // LogKeyStatsFrees represents the number of deallocations done by 'free' system call LogKeyStatsFrees = "stats_frees" // LogKeyStatsHeapSys represents the heap stats of a system LogKeyStatsHeapSys = "stats_heap_sys" // LogKeyStatsHeapReleased represents the amount of heap memory released back to the OS LogKeyStatsHeapReleased = "stats_heap_released" // LogKeyStatsGCSys represents stats about the Go runtime's garbage collector LogKeyStatsGCSys = "stats_gc_sys" // LogKeyLDAPPoolName represents the name of the LDAP pool LogKeyLDAPPoolName = "pool" // LogKeyLoginSkip indicates whether login was skipped. LogKeyLoginSkip = "login_skip" // LogKeyLuaScripttimeout represents timeout setting for lua scripts LogKeyLuaScripttimeout = "lua_script_timeout" // LogKeyBackendServer represents the IP address of the backend server. LogKeyBackendServer = "backend_server" // NotAvailable is used when data for a particular field is not available. NotAvailable = "N/A" )
View Source
const ( // Localhost represents the hostname for the local machine. It is a constant with the value "localhost". Localhost = "localhost" // Localhost4 is a shorthand for IPv4 localhost address Localhost4 = "127.0.0.1" // Localhost6 is a shorthand for IPv6 localhost address Localhost6 = "::1" // HTTPAddress is the default address for the HTTP server HTTPAddress = "127.0.0.1:9080" // PasswordFail is the message when user authentication fails PasswordFail = "Invalid login or password" // TempFailDefault is the default temporary failure message TempFailDefault = "Temporary server problem, try again later" // TempFailNoTLS is the failure message when TLS encryption is required but not provided TempFailNoTLS = "TLS transport encryption required" // TempFailEmptyUser is the failure message when no username is provided TempFailEmptyUser = "No username given" // TempFailCode is the SMTP error code for a temporary failure TempFailCode = "451 4.3.0" // InstanceName is the name of the server instance InstanceName = "nauthilus" // DNSResolveTimeout is the default DNS resolver timeout. DNSResolveTimeout = 5 // SMTPBackendAddress is the default SMTP backend address SMTPBackendAddress = Localhost4 // SMTPBackendPort is the default SMTP backend port SMTPBackendPort = 5871 // IMAPBackendAddress is the default IMAP backend address IMAPBackendAddress = Localhost4 // IMAPBackendPort is the default IMAP backend port IMAPBackendPort = 9931 // POP3BackendAddress is the default POP3 backend address POP3BackendAddress = Localhost4 // POP3BackendPort is the default POP3 backend port POP3BackendPort = 9951 // WaitDelay is the default delay (in seconds) between reconnection attempts WaitDelay = 10 // MaxLoginAttempts is the maximum allowed number of login attempts MaxLoginAttempts = 15 // LDAPIdlePoolSize is the number of idle connections in LDAP connection pool LDAPIdlePoolSize = 2 // LDAPMaxRetries is the maximum number of retries for a failed LDAP operation LDAPMaxRetries = 9 // DurationMaxPeriod defines the maximum allowable time duration, set to a period of one year (24 * 365 * time.Hour). DurationMaxPeriod = 24 * 365 * time.Hour // RedisPosCacheTTL is the expiry time (in seconds) for positive cache entries in Redis RedisPosCacheTTL = 3600 // RedisNegCacheTTL is the expiry time (in seconds) for negative cache entries in Redis RedisNegCacheTTL = 3600 // StatsDelay is the delay (in seconds) between collecting statistical data StatsDelay = 60 // BackendServerMonitoringDelay is the delay (in seconds) between keep-alive checks BackendServerMonitoringDelay = 10 // LDAPConnectTimeout is the connection timeout (in seconds) for the LDAP server LDAPConnectTimeout = 30 // MaxChannelSize is the maximum size of message channels MaxChannelSize = 500 // MaxActionWorkers is the maximum number of action workers MaxActionWorkers = 10 // DefaultNumberOfWorkers defines the default number of workers to be used if no specific value is provided. DefaultNumberOfWorkers = 10 // MaxConcurrentRequests represents the maximum number of simultaneous connections allowed. MaxConcurrentRequests = 3000 // MaxPasswordHistoryEntries defines the maximum number of previous passwords to store for history and validation purposes. MaxPasswordHistoryEntries = 100 )
View Source
const ( // LogLevelNone is the iota constant representing no logs LogLevelNone = iota // LogLevelError is the iota constant for error logs LogLevelError // LogLevelWarn is the iota constant for warning logs LogLevelWarn // LogLevelNotice is the iota constant representing notice-level logs, typically used for normal but significant events. LogLevelNotice // LogLevelInfo is the iota constant for info logs LogLevelInfo // LogLevelDebug is the iota constant for debug logs LogLevelDebug )
View Source
const ( // BackendUnknownName refers to an unidentified backend BackendUnknownName = "unknown" // BackendCacheName represents a cache backend BackendCacheName = "cache" // BackendLDAPName indicates an LDAP backend BackendLDAPName = "ldap" // BackendLuaName refers to a Lua backend BackendLuaName = "lua" // BackendLocalCacheName refers to th elocal in memory localcache.LocalCache. BackendLocalCacheName = "memory" )
View Source
const ( // FeatureTLSEncryption is a constant for the string "tls_encryption" FeatureTLSEncryption = "tls_encryption" // FeatureRBL is a constant for the string "rbl" FeatureRBL = "rbl" // FeatureRelayDomains is a constant for the string "relay_domains" FeatureRelayDomains = "relay_domains" // FeatureLua is a constant for the string "lua" FeatureLua = "lua" // FeatureBackendServersMonitoring enables a custom backend list with fail-state monitoring FeatureBackendServersMonitoring = "backend_server_monitoring" // FeatureBruteForce enables the brute force protection system FeatureBruteForce = "brute_force" )
Supported features.
View Source
const ( // LabelSuccess represents a success label. LabelSuccess = "success" // LabelFailure represents a failure label. LabelFailure = "failure" )
Statistics label for the loin counter.
View Source
const ( // LogFormatDefault represents the strnig "default". LogFormatDefault = "default" // LogFormatJSON represents the sting "json". LogFormatJSON = "json" )
View Source
const ( // LogLevelNameNone represents disabled logging. LogLevelNameNone = "none" // LogLevelNameError represents the error logging level. LogLevelNameError = "error" // LogLevelNameWarn represents the warning logging level. LogLevelNameWarn = "warn" // LogLevelNameNotice represents the notice logging level. LogLevelNameNotice = "notice" // LogLevelNameInfo represents the info logging level. LogLevelNameInfo = "info" // LogLevelNameDebug represents the debug logging level. LogLevelNameDebug = "debug" )
Log level names and numeric offsets used across the application. Keep strings centralized to avoid typos and ensure consistent comparisons.
View Source
const ( // ProtoSMTP corresponds to the "smtp" protocol ProtoSMTP = "smtp" // ProtoIMAP corresponds to the "smtp" protocol ProtoIMAP = "imap" // ProtoPOP3 corresponds to the "smtp" protocol ProtoPOP3 = "pop3" // ProtoHTTP corresponds to the "http" protocol ProtoHTTP = "http" // ProtoDefault corresponds to the default protocol ProtoDefault = "default" )
Pre-definied protocols with a fixed semantic.
View Source
const ( // RedisBruteForceHashKey represents the key used for brute force attempts in Redis. RedisBruteForceHashKey = "bruteforce" // RedisUserHashKey represents the key used for user data in Redis. RedisUserHashKey = "user" // RedisMetricsCounterHashKey represents the key used for a metrics counter in Redis. RedisMetricsCounterHashKey = "counter" // RedisPwHashKey represents the key used for password history in Redis. RedisPwHashKey = "pw_hist" // RedisPwHistTotalKey represents the key used for storing total counts for password history scopes in Redis. // The full key is constructed similarly to pw_hist but with this different prefix and the same suffix. // Example: <prefix> + RedisPwHistTotalKey + ":<account>:<ip>" or ":<ip>" RedisPwHistTotalKey = "pw_hist_total" // RedisPWHistIPsKey represents the key used for storing password history associated with IPs in Redis. RedisPWHistIPsKey = "pw_hist_ips" // RedisAffectedAccountsKey represents the key used for storing affected user accounts in Redis. RedisAffectedAccountsKey = "affected_accounts" // RedisActiveBruteForceKeys represents the key used for storing active brute force keys in Redis. RedisActiveBruteForceKeys = "active_brute_force_keys" // RedisBFTolerationPrefix represents the prefix used for toleration buckets in Redis. RedisBFTolerationPrefix = "bf:tr:" // RedisUserPositiveCachePrefix is the prefix used for positive user cache entries in Redis. RedisUserPositiveCachePrefix = "UCP:" // RedisBFColdStartPrefix represents the prefix used for cold-start grace in Redis. RedisBFColdStartPrefix = "bf:cold:" // RedisBFSeedPrefix represents the prefix used for brute-force seeds in Redis. RedisBFSeedPrefix = "bf:seed:" // RedisBFRWPAllowPrefix represents the prefix used for repeating wrong password allowance in Redis. RedisBFRWPAllowPrefix = "bf:rwp:allow:" )
View Source
const ( // CatAuth is a constant for the "generic" category. CatAuth = "auth" // CatCache is a constant for the "cache" category. CatCache = "cache" // CatBruteForce is a constant for the "bruteforce" category. CatBruteForce = "bruteforce" // CatConfig is a constant representing the "config" category. CatConfig = "config" // ServNginx is a constant for the "nginx" service. ServNginx = "nginx" // ServSaslauthd is a constant for the "saslauthd" service. ServSaslauthd = "saslauthd" // ServHeader is a constant for the "header" service. ServHeader = "header" // ServBasic is a constant for the "basicauth" service. ServBasic = "basic" // ServJSON is a constant for the "json" service. ServJSON = "json" // ServFlush is a constant for the "flush" service. ServFlush = "flush" // ServList is a constant for the "list" service. ServList = "list" // ServLoad is a constant representing the "load" service category. ServLoad = "load" )
View Source
const ( // CtxGUIDKey is used as a key to store the session's unique identifier in session.Store CtxGUIDKey = "guid" // CtxAdditionalFeaturesKey is the key used to store additional features in the lualib.Context CtxAdditionalFeaturesKey = "additional_features" // CtxCSRFTokenKey is used as a key to store the session's CSRF token in session.Store CtxCSRFTokenKey = "csrf" // CtxLocalizedKey is used as a key to store the session's localization data in session.Store CtxLocalizedKey = "localizer" // CtxClientIPKey is used as a key to store the session's client IP address in session.Store CtxClientIPKey = "client_ip" // CtxDataExchangeKey is used as a key to store the session's data exchange information in session.Store CtxDataExchangeKey = "data_exchange" // CtxLocalCacheAuthKey is used as a key to store an Authentication structure for an authenticated user. CtxLocalCacheAuthKey = "local_cache_auth" // CtxJWTClaimsKey is used as a key to store JWT claims in the context. CtxJWTClaimsKey = "jwt_claims" // CtxRequestStartTimeKey is used as a key to store the request start time in the context. CtxRequestStartTimeKey = "request_start_time" // CtxCurrentConnectionsKey is used as a key to store the current number of connections in the context. CtxCurrentConnectionsKey = "current_connections" // CtxMaxConnectionsKey is used as a key to store the maximum number of connections in the context. CtxMaxConnectionsKey = "max_connections" // CtxRequestDurationKey is used as a key to store the request duration in the context. CtxRequestDurationKey = "request_duration" // CtxFailureKey is used as a key to store failure status in the context. CtxFailureKey = "failure" // CtxMessageKey is used as a key to store message information in the context. CtxMessageKey = "message" // CtxResponseWrittenKey marks that a Lua response has been written for this request. CtxResponseWrittenKey = "response_written" // CtxAccountKey stores the resolved account name for the current request in gin.Context. // Keep this limited to the plain account string as agreed; additional fields are intentionally omitted. CtxAccountKey = "account" // CtxRateLimitReasonKey is used as a key to store the reason for a 429 Too Many Requests response in the context. CtxRateLimitReasonKey = "ratelimit_reason" )
View Source
const ( // LDAPPoolUnknown represents an unknown LDAP pool value LDAPPoolUnknown = iota // LDAPPoolLookup is used to specify an LDAP pool for lookups LDAPPoolLookup // LDAPPoolAuth is used to specify an LDAP pool for authentication LDAPPoolAuth )
View Source
const ( // DbgNoneName is the debug identifier for 'none' DbgNoneName = "none" // DbgAllName is the debug identifier for 'all' DbgAllName = "all" // DbgAuthName is the debug identifier for authentication DbgAuthName = "auth" // DbgWebAuthnName is the debug identifier for web authentication DbgWebAuthnName = "webauthn" // DbgStatsName is the debug identifier for statistics DbgStatsName = "statistics" // DbgWhitelistName is the debug identifier for whitelist DbgWhitelistName = "whitelist" // DbgLDAPName is the debug identifier for LDAP DbgLDAPName = "ldap" // DbgLDAPPoolName is the debug identifier for LDAP pool DbgLDAPPoolName = "ldappool" // DbgCacheName is the debug identifier for cache DbgCacheName = "cache" // DbgBfName is the debug identifier for brute force DbgBfName = "brute_force" // DbgRBLName is the debug identifier for RBL DbgRBLName = "rbl" // DbgActionName is the debug identifier for action DbgActionName = "action" // DbgFeatureName is the debug identifier for feature DbgFeatureName = "feature" // DbgLuaName is the debug identifier for Lua DbgLuaName = "lua" // DbgFilterName is the debug identifier for filter DbgFilterName = "filter" // DbgTolerateName represents the debug mode for tolerating certain conditions or operations during execution. DbgTolerateName = "tolerate" // DbgJWTName is the debug identifier for JWT DbgJWTName = "jwt" // DbgHTTPName is the debug identifier for HTTP DbgHTTPName = "http" // DbgAccountName is the debug identifier for account tracing DbgAccountName = "account" )
View Source
const ( // LuaActionBruteForceName is used to represent a brute force action in Lua LuaActionBruteForceName = "brute_force" // LuaActionRBLName is used to represent a Real-time Blackhole List action in Lua LuaActionRBLName = "rbl" // LuaActionTLSName is used to represent a Transport Layer Security encryption action in Lua LuaActionTLSName = "tls_encryption" // LuaActionRelayDomainsName is used to manage relay domains action in Lua LuaActionRelayDomainsName = "relay_domains" // LuaActionLuaName is used for executing a generic Lua action LuaActionLuaName = "lua" // LuaActionPostName is used for a posting an action in Lua LuaActionPostName = "post" )
View Source
const ( // LuaBackendResultTypeName represents the constant name used as the Lua type name for the nauthilus_backend_result type. LuaBackendResultTypeName = "nauthilus_backend_result" // LuaBackendServerTypeName represents the constant name used as the Lua type name for the nauthilus_backend_server type. LuaBackendServerTypeName = "nauthilus_backend_server" )
View Source
const ( // LuaFnCtxSet represents the function name for "context_set" in Lua LuaFnCtxSet = "context_set" // LuaFnCtxGet represents the function name for "context_get" in Lua LuaFnCtxGet = "context_get" // LuaFnCtxDelete represents the function name for "context_delete" in Lua LuaFnCtxDelete = "context_delete" // LuaFnAddCustomLog represents the function name for "custom_log_add" in Lua LuaFnAddCustomLog = "custom_log_add" // LuaFnBackendVerifyPassword represents the function name for "nauthilus_backend_verify_password" in Lua LuaFnBackendVerifyPassword = "nauthilus_backend_verify_password" // LuaFnBackendListAccounts represents the function name for "nauthilus_backend_list_accounts" in Lua LuaFnBackendListAccounts = "nauthilus_backend_list_accounts" // LuaFnBackendAddTOTPSecret represents the function name for "nauthilus_backend_add_totp" in Lua LuaFnBackendAddTOTPSecret = "nauthilus_backend_add_totp" // LuaModMail represents the module name for "nauthilus_mail" in Lua LuaModMail = "nauthilus_mail" // LuaModPassword represents the module name for "nauthilus_password" in Lua LuaModPassword = "nauthilus_password" // LuaModRedis is the constant representing the module name "nauthilus_redis" in Lua LuaModRedis = "nauthilus_redis" // LuaModMisc is the constant representing the module "nauthilus_misc" in Lua LuaModMisc = "nauthilus_misc" // LuaModContext represents the module name "nauthilus_context" in Lua LuaModContext = "nauthilus_context" // LuaModLDAP is a constant representing the name of the Lua module for LDAP integration LuaModLDAP = "nauthilus_ldap" // LuaModBackend is a constant that holds the name of the Lua module for the Nauthilus backend. LuaModBackend = "nauthilus_backend" // LuaModHTTPRequest is a constant representing the value "nauthilus_http_request". LuaModHTTPRequest = "nauthilus_http_request" // LuaModHTTPResponse is a constant representing the value "nauthilus_http_response". LuaModHTTPResponse = "nauthilus_http_response" // LuaModPrometheus is a constant that identifies the Prometheus module for monitoring and metrics collection. LuaModPrometheus = "nauthilus_prometheus" // LuaModSoftWhitelist is a constant that represents the module name for soft whitelist functionality in the application. LuaModSoftWhitelist = "nauthilus_soft_whitelist" // LuaModBruteForce is a constant representing the module name for handling brute force prevention functionalities. LuaModBruteForce = "nauthilus_brute_force" // LuaModDNS represents the module identifier for DNS-related Lua functionality. LuaModDNS = "nauthilus_dns" // LuaModCache represents the module name for the in-process cache exposed to Lua LuaModCache = "nauthilus_cache" // LuaModPsnet is a constant representing the module name "nauthilus_psnet". LuaModPsnet = "nauthilus_psnet" // LuaModOpenTelemetry is the module name exposed to Lua for OpenTelemetry helpers. LuaModOpenTelemetry = "nauthilus_opentelemetry" // LuaUDTracer is the userdata type name for an OpenTelemetry Tracer in Lua. LuaUDTracer = "nauthilus_otel_tracer_ud" // LuaUDSpan is the userdata type name for an OpenTelemetry Span in Lua. LuaUDSpan = "nauthilus_otel_span_ud" // LuaFnCallFeature represents the function name for "nauthilus_call_feature" in Lua LuaFnCallFeature = "nauthilus_call_feature" // LuaFnCallAction represents the function name for "nauthilus_call_action" in Lua LuaFnCallAction = "nauthilus_call_action" // LuaFnCallFilter represents the function name for "nauthilus_call_filter" in Lua LuaFnCallFilter = "nauthilus_call_filter" // LuaFnRunHook represents the constant string "nauthilus_run_callback". LuaFnRunHook = "nauthilus_run_hook" // LuaFnGetBackendServers represents the Lua function name "get_backend_servers" that retrieves the backend servers. LuaFnGetBackendServers = "get_backend_servers" // LuaFnSelectBackendServer represents the constant used as the key for the Lua function "select_backend_server". LuaFnSelectBackendServer = "select_backend_server" // LuaFnSetStatusMessage represents the Lua function name for setting the status message of a Lua request. LuaFnSetStatusMessage = "status_message_set" // LuaFnGetAllHTTPRequestHeaders represents the function name for "get_all_http_request_headers" in Lua LuaFnGetAllHTTPRequestHeaders = "get_all_http_request_headers" // LuaFnGetHTTPRequestHeader represents the function name for "get_http_request_header" in Lua LuaFnGetHTTPRequestHeader = "get_http_request_header" // LuaFnGetHTTPRequestBody represents the function name for "get_http_request_body" in Lua LuaFnGetHTTPRequestBody = "get_http_request_body" // LuaFnGetHTTPMethod represents a constant for retrieving the HTTP method of a request in a Lua script. LuaFnGetHTTPMethod = "get_http_method" // LuaFnGetHTTPQueryParam retrieves the value of a specific query parameter from the HTTP request. LuaFnGetHTTPQueryParam = "get_http_query_param" // LuaFnGetHTTPPath retrieves the HTTP path from the incoming request. LuaFnGetHTTPPath = "get_http_path" // LuaFnSetHTTPResponseHeader sets an HTTP response header (replaces existing values) LuaFnSetHTTPResponseHeader = "set_http_response_header" // LuaFnAddHTTPResponseHeader adds a value to an HTTP response header LuaFnAddHTTPResponseHeader = "add_http_response_header" // LuaFnRemoveHTTPResponseHeader removes an HTTP response header LuaFnRemoveHTTPResponseHeader = "remove_http_response_header" // LuaFnSetHTTPStatus allows Lua to set the HTTP status code for the current response LuaFnSetHTTPStatus = "set_http_status" // LuaFnWriteHTTPResponseBody allows Lua to write raw data to the HTTP response body LuaFnWriteHTTPResponseBody = "write_http_response_body" // LuaFnSetHTTPContentType allows Lua to set the Content-Type header more ergonomically LuaFnSetHTTPContentType = "set_http_content_type" // LuaFnHTTPString maps to Gin's ctx.String(status, body) LuaFnHTTPString = "string" // LuaFnHTTPHTML maps to Gin's ctx.HTML(status, html) LuaFnHTTPHTML = "html" // LuaFnHTTPData maps to Gin's ctx.Data(status, contentType, data) LuaFnHTTPData = "data" // LuaFnHTTPRedirect maps to Gin's ctx.Redirect(status, location) LuaFnHTTPRedirect = "redirect" // LuaFnRedisRegisterRedisPool defines the name of the function to register a Redis connection pool. LuaFnRedisRegisterRedisPool = "register_redis_pool" // LuaFnRedisGetRedisConnection defines the name of the function to retrieve a Redis connection. LuaFnRedisGetRedisConnection = "get_redis_connection" // LuaFnRedisPing is a constant representing the Redis ping function. LuaFnRedisPing = "redis_ping" // LuaFnRedisGet represents the function name for "redis_get_str" in Lua LuaFnRedisGet = "redis_get" // LuaFnRedisSet represents the function name for "redis_set_str" in Lua LuaFnRedisSet = "redis_set" // LuaFnRedisIncr represents a constant string identifier for the Lua function redis_incr. LuaFnRedisIncr = "redis_incr" // LuaFnRedisDel represents the function name for "redis_det" in Lua LuaFnRedisDel = "redis_del" // LuaFnRedisExpire represents the function name for "redis_expire" in Lua LuaFnRedisExpire = "redis_expire" // LuaFnRedisExists represents the constant used to check if a key exists in the Redis database. LuaFnRedisExists = "redis_exists" // LuaFnRedisHGet represents the function name for "redis_hget" in Lua. LuaFnRedisHGet = "redis_hget" // LuaFnRedisHSet represents the function name for "redis_hset" in Lua LuaFnRedisHSet = "redis_hset" // LuaFnRedisHDel represents the function name for "redis_hdel" in Lua LuaFnRedisHDel = "redis_hdel" // LuaFnRedisHLen represents the function name for "redis_hlen" in Lua. LuaFnRedisHLen = "redis_hlen" // LuaFnRedisHGetAll represents the function name for "redis_hgetall" in Lua LuaFnRedisHGetAll = "redis_hgetall" // LuaFnRedisHMGet represents the function name for "redis_hmget" in Lua LuaFnRedisHMGet = "redis_hmget" // LuaFnRedisHIncrBy represents the function name for "redis_hincrby" in Lua. LuaFnRedisHIncrBy = "redis_hincrby" // LuaFnRedisHIncrByFloat represents the function name for "redis_hincrbyfloat" in Lua. LuaFnRedisHIncrByFloat = "redis_hincrbyfloat" // LuaFnRedisHExists represents the Lua function name for checking if a field exists in a Redis hash. LuaFnRedisHExists = "redis_hexists" // LuaFnRedisRename represebts the Lua function name "redis_rename" to rename an existing Redis key. LuaFnRedisRename = "redis_rename" // LuaFnRedisSAdd represents the Lua function name for adding one or more members to a set in Redis. LuaFnRedisSAdd = "redis_sadd" // LuaFnRedisSIsMember represents the name of the Redis function "SISMEMBER" used to check if a member exists in a set. LuaFnRedisSIsMember = "redis_sismember" // LuaFnRedisSMembers represents the Redis command "SMEMBERS" which returns all the members // of a set stored at the specified key. LuaFnRedisSMembers = "redis_smembers" // LuaFnRedisSRem represents a Lua function that removes one or more members from a set in Redis. LuaFnRedisSRem = "redis_srem" // LuaFnRedisSCard represents a Lua function that returns the number of elements in a Redis set. LuaFnRedisSCard = "redis_scard" // LuaFnRedisRunScript is the constant used to denote the operation for running a Lua script in Redis. LuaFnRedisRunScript = "redis_run_script" // LuaFnRedisUploadScript represents the function name for uploading a script in Redis. LuaFnRedisUploadScript = "redis_upload_script" // LuaFnRedisZAdd represents the Lua function used for the Redis ZADD command for sorted sets. LuaFnRedisZAdd = "redis_zadd" // LuaFNRedisZRange represents the Lua function name for retrieving a range of elements from a Redis sorted set. LuaFNRedisZRange = "redis_zrange" // LuaFnRedisZRevRange represents the Lua function name for retrieving a reversed range of members from a Redis sorted set. LuaFnRedisZRevRange = "redis_zrevrange" // LuaFnRedisZRangeByScore provides functionality to retrieve elements from a Redis sorted set by their score range. LuaFnRedisZRangeByScore = "redis_zrangebyscore" // LuaFnRedisZRem represents the Redis ZREM command for removing one or more members from a sorted set. LuaFnRedisZRem = "redis_zrem" // LuaFnRedisZRemRangeByScore is a Lua function constant used to remove range of members in a sorted set by their score. LuaFnRedisZRemRangeByScore = "redis_zremrangebyscore" // LuaFnRedisRedisZRemRangeByRank defines the Lua script name for removing elements by rank in a Redis sorted set. LuaFnRedisRedisZRemRangeByRank = "redis_zremrangebyrank" // LuaFnRedisZRank is a constant defining the Redis command "ZRank" for retrieving the rank of a member in a sorted set. LuaFnRedisZRank = "redis_zrank" // LuaFnRedisZCount is a constant defining the Redis command "ZCount" for counting the number of members in a sorted set with scores between min and max. LuaFnRedisZCount = "redis_zcount" // LuaFnRedisZScore is a constant defining the Redis command "ZScore" for retrieving the score of a member in a sorted set. LuaFnRedisZScore = "redis_zscore" // LuaFnRedisRedisZRevRank represents the Lua function name for retrieving the reverse rank of a member in a sorted set. LuaFnRedisRedisZRevRank = "redis_zrevrank" // LuaFnRedisZIncrBy is a constant defining the Redis command "ZIncrBy" for incrementing the score of a member in a sorted set. LuaFnRedisZIncrBy = "redis_zincrby" // LuaFnRedisLPush is a constant defining the Redis command "LPUSH" for adding one or more values to the beginning of a list. LuaFnRedisLPush = "redis_lpush" // LuaFnRedisRPush is a constant defining the Redis command "RPUSH" for adding one or more values to the end of a list. LuaFnRedisRPush = "redis_rpush" // LuaFnRedisLPop is a constant defining the Redis command "LPOP" for removing and returning the first element of a list. LuaFnRedisLPop = "redis_lpop" // LuaFnRedisRPop is a constant defining the Redis command "RPOP" for removing and returning the last element of a list. LuaFnRedisRPop = "redis_rpop" // LuaFnRedisLRange is a constant defining the Redis command "LRANGE" for getting a range of elements from a list. LuaFnRedisLRange = "redis_lrange" // LuaFnRedisLLen is a constant defining the Redis command "LLEN" for getting the length of a list. LuaFnRedisLLen = "redis_llen" // LuaFnRedisMGet is a constant defining the Redis command "MGET" for getting the values of multiple keys. LuaFnRedisMGet = "redis_mget" // LuaFnRedisMSet is a constant defining the Redis command "MSET" for setting multiple key-value pairs. LuaFnRedisMSet = "redis_mset" // LuaFnRedisKeys is a constant defining the Redis command "KEYS" for finding all keys matching a pattern. LuaFnRedisKeys = "redis_keys" // LuaFnRedisScan is a constant defining the Redis command "SCAN" for incrementally iterating over keys. LuaFnRedisScan = "redis_scan" // LuaFnRedisPipeline exposes Redis pipelining to Lua to batch multiple commands in a single round-trip. LuaFnRedisPipeline = "redis_pipeline" // LuaFnRedisPFAdd represents the Lua function name for the Redis HyperLogLog PFADD command. Added in version 1.8.4 LuaFnRedisPFAdd = "redis_pfadd" // LuaFnRedisPFCount represents the Lua function name for the Redis HyperLogLog PFCOUNT command. Added in version 1.8.4 LuaFnRedisPFCount = "redis_pfcount" // LuaFnRedisPFMerge represents the Lua function name for the Redis HyperLogLog PFMERGE command. Added in version 1.8.4 LuaFnRedisPFMerge = "redis_pfmerge" // LuaFnApplyBackendResult applies changes to the backend result from a former authentication process. LuaFnApplyBackendResult = "apply_backend_result" // LuaFnRemoveFromBackendResult represents the function to remove an attribute from the backend result set. LuaFnRemoveFromBackendResult = "remove_from_backend_result" // LuaFnCheckBackendConnection represents the Lua function name for checking the backend connection. LuaFnCheckBackendConnection = "check_backend_connection" // LuaFnLDAPSearch represents the name of the Lua function used to do an LDAP search request. LuaFnLDAPSearch = "ldap_search" // LuaFnLDAPModify is a constant representing the Lua function for modifying LDAP entries. LuaFnLDAPModify = "ldap_modify" // LuaFnLDAPEndpoint represents the Lua function name for configuring or retrieving the LDAP endpoint details. LuaFnLDAPEndpoint = "ldap_endpoint" // LuaFnSendMail represents the name of the Lua function used to send e simple text email. LuaFnSendMail = "send_mail" // LuaFnComparePasswords is a constant representing the name of a Lua function // used to compare passwords. LuaFnComparePasswords = "compare_passwords" // LuaFnCheckPasswordPolicy represents the constant for the Lua function "check_password_policy". LuaFnCheckPasswordPolicy = "check_password_policy" // LuaFnGetCountryName is a constant that represents the name of the Lua function "get_country_name". LuaFnGetCountryName = "get_country_name" // LuaFnWaitRandom represents the constant value for the Lua function name "wait_random". LuaFnWaitRandom = "wait_random" // LuaFnScopedIP exposes IP scoping (network normalization) to Lua via nauthilus_misc.scoped_ip(ctx, ip). LuaFnScopedIP = "scoped_ip" // LuaFnGeneratePasswordHash is the function name for generating a Redis-compatible password hash // used by Nauthilus (util.GetHash(util.PreparePassword(password))). LuaFnGeneratePasswordHash = "generate_password_hash" // LuaFnCreateSummaryVec represents the identifier for creating a Prometheus SummaryVec. LuaFnCreateSummaryVec = "create_summary_vec" // LuaFnCreateCounterVec represents the identifier for creating a Prometheus CounterVec. LuaFnCreateCounterVec = "create_counter_vec" // LuaFnCreateHistogramVec is a constant representing the Lua function name for creating a HistogramVec in Prometheus. LuaFnCreateHistogramVec = "create_histogram_vec" // LuaFnCreateGaugeVec is a constant that holds the identifier for creating a gauge vector in Lua scripts. LuaFnCreateGaugeVec = "create_gauge_vec" // LuaFnStartSummaryTimer specifies the identifier for starting a Prometheus timer. LuaFnStartSummaryTimer = "start_summary_timer" // LuaFnStartHistogramTimer represents the function name for starting a histogram timer in Lua scripts. LuaFnStartHistogramTimer = "start_histogram_timer" // LuaFnStopTimer defines the identifier for stopping a Prometheus timer. LuaFnStopTimer = "stop_timer" // LuaFnIncrementCounter represents the identifier for incrementing a Prometheus counter. LuaFnIncrementCounter = "increment_counter" // LuaFNAddGauge is a constant representing the Lua function name for adding a gauge value. LuaFNAddGauge = "add_gauge" // LuaFnSubGauge is used to decrement the value of a gauge metric in Prometheus. LuaFnSubGauge = "sub_gauge" // LuaFnSetGauge sets the value of a gauge metric. LuaFnSetGauge = "set_gauge" // LuaFnIncrementGauge is a constant representing the name of the Lua function used to increment a gauge metric. LuaFnIncrementGauge = "increment_gauge" // LuaFnDecrementGauge is used to decrement a gauge in Prometheus. LuaFnDecrementGauge = "decrement_gauge" // LuaFnTouchCounter is used to pre-create a CounterVec child without incrementing (expose zero series). LuaFnTouchCounter = "touch_counter" // LuaFnRegisterConnectionTarget is used to register a connection target in the system. LuaFnRegisterConnectionTarget = "register_connection_target" // LuaFnGetConnectionTarget retrieves the target connection within the Lua scripting environment. LuaFnGetConnectionTarget = "get_connection_target" // LuaFnSoftWhitelistSet is a constant representing the function name for setting a soft whitelist in the system. LuaFnSoftWhitelistSet = "soft_whitelist_set" // LuaFnSoftWhitelistGet represents the function name for retrieving a soft whitelist in the system. LuaFnSoftWhitelistGet = "soft_whitelist_get" // LuaFnSoftWhitelistDelete is a constant representing the operation to delete an entry from the soft whitelist. LuaFnSoftWhitelistDelete = "soft_whitelist_delete" // LuaFnBfSetCustomTolerations represents the function name for setting custom tolerations. LuaFnBfSetCustomTolerations = "set_custom_tolerations" // LuaFnBfSetCustomToleration represents a Lua function for setting a toleration. LuaFnBfSetCustomToleration = "set_custom_toleration" // LuaFnBfGetCusotmTolerations defines the Lua function name used to retrieve tolerations. LuaFnBfGetCusotmTolerations = "get_custom_tolerations" // LuaFnBfDeleteCustomToleration represents the function name for deleting a specific toleration. LuaFnBfDeleteCustomToleration = "delete_custom_toleration" // LuaFnBfGetTolerateMap represents the Lua function name for retrieving a tolerate-map. LuaFnBfGetTolerateMap = "get_tolerate_map" // LuaFnBfIsIPAddressBlocked determines if a given IP address is blocked due to brute force or other security rules. LuaFnBfIsIPAddressBlocked = "is_ip_address_blocked" // LuaFnDNSResolve represents the Lua function name for resolving DNS queries. LuaFnDNSResolve = "resolve" )
View Source
const ( // LuaDefaultTable represents the default table name in Lua LuaDefaultTable = "nauthilus_builtin" // LuaSuccess represents the success status in Lua LuaSuccess = "success" // LuaFail represents the fail status in Lua LuaFail = "fail" // LuaFeatureTriggerNo represents the feature trigger no option in Lua LuaFeatureTriggerNo = "FEATURE_TRIGGER_NO" // LuaFeatureTriggerYes represents the feature trigger yes option in Lua LuaFeatureTriggerYes = "FEATURE_TRIGGER_YES" // LuaFeatureAbortNo represents the features abort no option in Lua LuaFeatureAbortNo = "FEATURES_ABORT_NO" // LuaFeatureAbortYes represents the features abort yes option in Lua LuaFeatureAbortYes = "FEATURES_ABORT_YES" // LuaFeatureResultOk represents the feature result ok status in Lua LuaFeatureResultOk = "FEATURE_RESULT_OK" // LuaFeatureResultFail represents the feature result fail status in Lua LuaFeatureResultFail = "FEATURE_RESULT_FAIL" // LuaActionResultOk represents the action result ok status in Lua LuaActionResultOk = "ACTION_RESULT_OK" // LuaActionResultFail represents the action result fail status in Lua LuaActionResultFail = "ACTION_RESULT_FAIL" // LuaBackendResultOk represents the backend result ok status in Lua LuaBackendResultOk = "BACKEND_RESULT_OK" // LuaBackendResultFail represents the backend result fail status in Lua LuaBackendResultFail = "BACKEND_RESULT_FAIL" // LuaFilterAccept represents the filter accept option in Lua LuaFilterAccept = "FILTER_ACCEPT" // LuaFilterREJECT represents the filter reject option in Lua LuaFilterREJECT = "FILTER_REJECT" // LuaFilterResultOk represents the filter result ok status in Lua LuaFilterResultOk = "FILTER_RESULT_OK" // LuaFilterResultFail represents the filter result fail status in Lua LuaFilterResultFail = "FILTER_RESULT_FAIL" )
View Source
const ( //LuaLiteralString is a Lua "string" type LuaLiteralString = "string" // LuaLiteralTable is a Lua "table" type LuaLiteralTable = "table" )
View Source
const ( // TypeString represents a string type TypeString = "string" // TypeNumber represents a number type (float64) TypeNumber = "number" // TypeBoolean represents a boolean type TypeBoolean = "bool" // TypeNil represents the nil value type TypeNil = "nil" )
View Source
const ( // LuaRequestDebug is for debugging purposes. LuaRequestDebug = "debug" // LuaRequestLogFormat indicates wheteher to log in JSON or standard format. LuaRequestLogFormat = "log_format" // LuaRequestLogLevel is a constant that represents the log level configuration used. LuaRequestLogLevel = "log_level" // LuaRequestNoAuth indicates no authorization required. LuaRequestNoAuth = "no_auth" // LuaRequestService indicates the type of service. LuaRequestService = "service" // LuaRequestRepeating signifies that the request is repeating. LuaRequestRepeating = "repeating" // LuaRequestAuthenticated indicates that the request is authenticated. LuaRequestAuthenticated = "authenticated" // LuaRequestUserFound is for when a user is found. LuaRequestUserFound = "user_found" // LuaRequestBruteForceCounter keeps track of the number of attempts. LuaRequestBruteForceCounter = "brute_force_counter" // LuaRequestBruteForceBucket is for the bucket of brute force attempts. LuaRequestBruteForceBucket = "brute_force_bucket" // LuaRequestFeature indicates the feature type of the request. LuaRequestFeature = "feature" // LuaRequestSession indicates the session of the request. LuaRequestSession = "session" // LuaRequestClientIP signifies the client IP of the request. LuaRequestClientIP = "client_ip" // LuaRequestClientPort signifies the client port of the request. LuaRequestClientPort = "client_port" // LuaRequestClientNet indicates the client network. LuaRequestClientNet = "client_net" // LuaRequestClientHost indicates the client host. LuaRequestClientHost = "client_hostname" // LuaRequestClientID signifies the client ID of the request. LuaRequestClientID = "client_id" // LuaRequestLocalIP signifies the local IP of the request. LuaRequestLocalIP = "local_ip" // LuaRequestLocalPort signifies the local port of the request. LuaRequestLocalPort = "local_port" // LuaRequestUsername signifies the username of the user making the request. LuaRequestUsername = "username" // LuaRequestAccount signifies the account of the user making the request. LuaRequestAccount = "account" // LuaRequestAccountField is a constant representing the key for the account field in a Lua request. LuaRequestAccountField = "account_field" // LuaRequestUniqueUserID signifies the unique user ID of the user making the request. LuaRequestUniqueUserID = "unique_user_id" // LuaRequestDisplayName signifies the display name of the user making the request. LuaRequestDisplayName = "display_name" // LuaRequestPassword signifies the password of the user making the request. LuaRequestPassword = "password" // LuaRequestProtocol signifies the protocol of the request. LuaRequestProtocol = "protocol" // LuaRequestUserAgent signifies the user agent of the request. LuaRequestUserAgent = "user_agent" // LuaRequestXSSL indicates the SSL of the request. LuaRequestXSSL = "ssl" // LuaRequestXSSSLSessionID signifies the SSL session ID of the request. LuaRequestXSSSLSessionID = "ssl_session_id" // LuaRequestXSSLClientVerify checks the SSL client verification. LuaRequestXSSLClientVerify = "ssl_client_verify" // LuaRequestXSSLClientDN signifies the SSL client distinguished name. LuaRequestXSSLClientDN = "ssl_client_dn" // LuaRequestXSSLClientCN signifies the SSL client common name. LuaRequestXSSLClientCN = "ssl_client_cn" // LuaRequestXSSLIssuer signifies the SSL issuer of the client. LuaRequestXSSLIssuer = "ssl_issuer" // LuaRequestXSSLClientNotBefore indicates the SSL client start date. LuaRequestXSSLClientNotBefore = "ssl_client_not_before" // LuaRequestXSSLClientNotAfter indicates the SSL client expiry date. LuaRequestXSSLClientNotAfter = "ssl_client_not_after" // LuaRequestXSSLSubjectDN indicates the SSL subject distinguished name. LuaRequestXSSLSubjectDN = "ssl_subject_dn" // LuaRequestXSSLIssuerDN indicates the SSL issuer distinguished name. LuaRequestXSSLIssuerDN = "ssl_issuer_dn" // LuaRequestXSSLClientSubjectDN indicates the SSL client subject distinguished name. LuaRequestXSSLClientSubjectDN = "ssl_client_subject_dn" // LuaRequestXSSLClientIssuerDN indicates the SSL client issuer distinguished name. LuaRequestXSSLClientIssuerDN = "ssl_client_issuer_dn" // LuaRequestXSSLProtocol indicates the SSL protocol used. LuaRequestXSSLProtocol = "ssl_protocol" // LuaRequestXSSLCipher indicates the SSL cipher used. LuaRequestXSSLCipher = "ssl_cipher" // LuaRequestSSLSerial represents the SSL serial number in the request context. LuaRequestSSLSerial = "ssl_serial" // LuaRequestSSLFingerprint is a constant that represents an SSL fingerprint identifier in a Lua request. LuaRequestSSLFingerprint = "ssl_fingerprint" // LuaRequestTOTPSecret signifies the TOTP secret of the user. LuaRequestTOTPSecret = "totp_secret" // LuaRequestStatusMessage represents the status message of a request. LuaRequestStatusMessage = "status_message" // LuaRequestOIDCCID represents the OpenID Connect Client ID used for authentication. LuaRequestOIDCCID = "oidc_cid" // LuaRequestLatency represents the request latency in milliseconds. LuaRequestLatency = "latency" // LuaRequestHTTPStatus represents the HTTP status code. LuaRequestHTTPStatus = "http_status" // LuaRequestMethod represents the authentication method used. LuaRequestMethod = "method" // LuaRequestRedisPrefix represents the redis prefix used for keys. LuaRequestRedisPrefix = "redis_prefix" )
View Source
const ( // LuaBackendResultAuthenticated represents the result of an authentication operation. // It is a constant string with the value "authenticated". LuaBackendResultAuthenticated = "authenticated" // LuaBackendResultUserFound represents the result of finding a user in a Lua backend operation. // It is a constant string with the value "user_found". LuaBackendResultUserFound = "user_found" // LuaBackendResultAccountField represents the account field in a Lua backend result. LuaBackendResultAccountField = "account_field" // LuaBackendResultTOTPSecretField represents the field name for the TOTP secret in a Lua backend result. LuaBackendResultTOTPSecretField = "totp_secret_field" // LuaBackendResultTOTPRecoveryField represents the field name for the TOTP recovery field in a Lua backend result. LuaBackendResultTOTPRecoveryField = "totp_recovery_field" // LuaBAckendResultUniqueUserIDField represents the field name for the unique user ID in a Lua backend result. LuaBAckendResultUniqueUserIDField = "unique_user_id_field" // LuaBackendResultDisplayNameField represents the field name for the display name in a Lua backend result. LuaBackendResultDisplayNameField = "display_name_field" // LuaBackendResultAttributes represents the field name for the attributes in a Lua backend result. LuaBackendResultAttributes = "attributes" )
View Source
const ( // PromAccount represents the label used for Prometheus metrics related to user accounts. PromAccount = "account" // PromAction is a string constant representing the action Prometheus label value. PromAction = "action" // PromBackend is a constant string representing the Prometheus backend label. PromBackend = "backend" // PromBruteForce is a constant representing the "brute_force" metric in a Prometheus monitoring system. PromBruteForce = "brute_force" // PromFeature is a constant representing the feature metric used in Prometheus monitoring. PromFeature = "feature" // PromFilter is a constant string representing the label used for Prometheus metrics related to filtering. PromFilter = "filter" // PromRequest is a constant string that represents the label for Prometheus metrics related to HTTP requests. PromRequest = "request" // PromStoreTOTP is a constant representing the label used for storing TOTP secrets in the Prometheus metrics. PromStoreTOTP = "store_totp" // PromPostAction represents the constant value "post_action". PromPostAction = "post_action" // PromDNS is a constant string representing the "dns" metric in a Prometheus monitoring system. PromDNS = "dns" // PromAuth is a constant string representing the authentication flow label for Prometheus timers. PromAuth = "auth" )
View Source
const ( // DNSResolvePTR is a constant string representing the value "resolve". It is used in the context of DNS resolution. DNSResolvePTR = "ptr" // Whitelisted is a constant string representing the status of a client being whitelisted. Whitelisted = "Client is whitelisted" // SoftWhitelisted is a constant string indicating a username is soft whitelisted. This implies a less strict whitelist check. SoftWhitelisted = "Username is whitelisted" + "" // NoTLS represents a constant string indicating that the client does not have transport security. NoTLS = "Client has no transport security" )
View Source
const ( // LuaFnCacheSet represents the function name for setting a cache entry LuaFnCacheSet = "cache_set" // LuaFnCacheGet represents the function name for getting a cache entry LuaFnCacheGet = "cache_get" // LuaFnCacheDelete represents the function name for deleting a cache entry LuaFnCacheDelete = "cache_delete" // LuaFnCacheExists represents the function name for checking if a cache entry exists LuaFnCacheExists = "cache_exists" // LuaFnCacheUpdate represents the function name for atomically updating a cache entry LuaFnCacheUpdate = "cache_update" // LuaFnCacheKeys represents the function name for listing cache keys LuaFnCacheKeys = "cache_keys" // LuaFnCacheSize represents the function name for retrieving current cache size LuaFnCacheSize = "cache_size" // LuaFnCacheFlush represents the function name for flushing the cache LuaFnCacheFlush = "cache_flush" // LuaFnCachePush represents the function name for pushing a value into a list under a key LuaFnCachePush = "cache_push" // LuaFnCachePopAll represents the function name for popping all values from a list under a key LuaFnCachePopAll = "cache_pop_all" )
Cache module function names
View Source
const ( // CtxServiceKey is a context key used to store and retrieve the service name within Gin HTTP request contexts. CtxServiceKey = "service" // CtxCategoryKey is a context key used to store and retrieve the category name within Gin HTTP request contexts. CtxCategoryKey = "category" )
View Source
const ( // RedisBFBurstPrefix is the Redis key prefix for brute-force burst gating keys RedisBFBurstPrefix = "bf:burst:" // RedisBFBlocksChannel is the Pub/Sub channel used to broadcast brute-force blocks. RedisBFBlocksChannel = "bf:blocks" )
View Source
const BackendMonitoringReloadTimeout = 2 * time.Second
BackendMonitoringReloadTimeout defines the maximum time budget for restarting backend monitoring during reload.
It is intentionally short because backend monitoring is best-effort and should not block the overall reload.
View Source
const DbgHydraName = "hydra"
DbgHydraName is the human-readable name for the Hydra debug module. Keeping the name available allows configuration to include "hydra" without build errors.
View Source
const DefaultBackendName = "__meta_default__"
DefaultBackendName specifies the default name used for the backend in channel and pool creation procedures.
View Source
const DistinguishedName = "dn"
DistinguishedName represents the distinguished name attribute used in LDAP operations.
View Source
const FxShutdownStatsFlushTimeout = 2 * time.Second
FxShutdownStatsFlushTimeout defines the best-effort time budget for `core.SaveStatsToRedis(...)` during shutdown.
View Source
const FxShutdownTelemetryTimeout = 2 * time.Second
FxShutdownTelemetryTimeout defines the best-effort time budget for telemetry shutdown.
View Source
const FxShutdownWaitTimeout = 3 * time.Second
FxShutdownWaitTimeout defines the best-effort budget for shutdown waits in `registerRuntimeLifecycle`.
It is intentionally shorter than FxStopTimeout to avoid consuming the full shutdown budget.
View Source
const FxStopTimeout = 10 * time.Second
FxStopTimeout defines the total time budget for `fx.App.Stop(...)` in `server/main.go`.
View Source
const ImageCopyright = "Logo (c) by Roessner-Network-Solutions"
ImageCopyright represents the copyright statement for a logo.
View Source
const InvalidCode = "The TOTP code is invalid"
InvalidCode represents the error message for an invalid TOTP code.
View Source
const LDAPPoolExhausted = -1
LDAPPoolExhausted represents the state where no LDAP connections are available in the connection pool.
View Source
const LDAPSingleValue = 0
LDAPSingleValue represents the index used to access the single value of an attribute in the LDAP response.
View Source
const LogKeyLeadership = "leadership"
LogKeyLeadership is the log attribute name for recording singleflight role (leader/follower) in large logs.
View Source
const LuaCtxBuiltin = "__lua_ctx_builtin__"
LuaCtxBuiltin is a builtin map for static features that have been triggered
View Source
const LuaLDAPReplyTimeout = 5 * time.Second
LuaLDAPReplyTimeout caps the time a Lua-initiated LDAP call may wait for an LDAP reply.
This prevents HTTP requests from hanging indefinitely when Lua filters perform LDAP calls and the underlying LDAP workers are unavailable or stuck.
View Source
const LuaMaxExecutionTime = 120
LuaMaxExecutionTime represents the maximum execution time in seconds for Lua scripts. It is set to 120 seconds. Example usage:
viper.SetDefault("lua_script_timeout", global.LuaMaxExecutionTime)
View Source
const LuaPackagePath = "/usr/local/share/nauthilus/lua/?.lua"
LuaPackagePath represents the path to search for Lua modules.
View Source
const (
// MetaUserAccount is a constant string used as a meta key for referencing a user account in various contexts.
MetaUserAccount = "__nauthilus_meta_user_account__"
)
View Source
const MsgClientClosedRequest = "Client Closed Request"
MsgClientClosedRequest is a human-readable message for client-closed requests.
View Source
const ProtoOryHydra = "ory-hydra"
ProtoOryHydra corresponds to the "ory-hydra" protocol. It remains defined in non-hydra builds to keep references compiling.
View Source
const ReisPromPoolName = "pool_name"
ReisPromPoolName is a constant string used for labeling Redis pool metrics in Prometheus.
View Source
const ReloadOperationTimeout = 30 * time.Second
ReloadOperationTimeout defines the maximum time budget for one reload operation.
View Source
const RestartOperationTimeout = 30 * time.Second
RestartOperationTimeout defines the maximum time budget for one restart operation.
View Source
const RestartRedisReadyTimeout = 10 * time.Second
RestartRedisReadyTimeout defines the best-effort time budget for Redis readiness during an in-process restart.
It is intentionally shorter than RestartOperationTimeout to avoid keeping HTTP down for the full restart budget when Redis is temporarily unavailable.
View Source
const ServOryHydra = "ory_hydra"
ServOryHydra is the service identifier for Ory Hydra related flows. It remains defined in non-hydra builds for API parity.
View Source
const (
// SessionName constant is for the name of the session
SessionName = "Nauthilus_session"
)
Keys for the encrypted session cookie. SessionName remains available in all builds; other cookie constants are gated under hydra.
View Source
const SingleflightWaitCap = 800 * time.Millisecond
SingleflightWaitCap defines the maximum time a follower waits for an in-process singleflight result when no request deadline is present. It is intentionally short to collapse parallel MUA bursts without adding noticeable latency.
View Source
const SliceWithOneElement = 0
SliceWithOneElement is a constant representing the index used to access a single element from a slice or array. It is used in various places throughout the code to retrieve a single element from a slice or array, assuming that the slice or array contains only one element.
View Source
const SlogNoticeLevelOffset = 2
SlogNoticeLevelOffset defines the custom slog level value used for NOTICE relative to slog.LevelInfo. slog uses LevelInfo (0), LevelWarn (4), LevelError (8). We place NOTICE between info and warn at +2.
View Source
const StatusClientClosedRequest = 499
StatusClientClosedRequest is a non-standard HTTP status used by some proxies (e.g. Nginx) to indicate the client closed the connection before the server could send a response. Useful for logging/metrics when ctx.Request.Context() is canceled.
View Source
const TwoFAv1Root = "/2fa/v1"
TwoFAv1Root is the root path for the two-factor authentication (2FA) version 1 endpoints.
Variables ¶
This section is empty.
Functions ¶
func SetDbgModuleMapping ¶ added in v1.12.0
func SetDbgModuleMapping(mapping *DbgModuleMapping)
SetDbgModuleMapping sets the global debug module mapping used for resolving debug module identifiers and constants.
Types ¶
type AuthResult ¶
type AuthResult uint8
AuthResult is the numeric result of a password check done by handlePassword()
const ( // AuthResultUnset is the unset state for authentication. AuthResultUnset AuthResult = iota // AuthResultOK denotes successful authentication. AuthResultOK // AuthResultFail denotes unsuccessful/failure in authentication. AuthResultFail // AuthResultTempFail denotes a temporary failure in authentication. AuthResultTempFail // AuthResultEmptyUsername denotes a failure due to an empty username. AuthResultEmptyUsername // AuthResultEmptyPassword denotes a failure due to an empty password. AuthResultEmptyPassword // AuthResultFeatureRBL represents a status linked with a Real-time Blackhole List feature. AuthResultFeatureRBL // AuthResultFeatureTLS represents a status linked with a Transport Layer Security feature. AuthResultFeatureTLS // AuthResultFeatureRelayDomain represents a status linked with a relay domain feature. AuthResultFeatureRelayDomain // AuthResultFeatureLua denotes a status linked with a Lua scripting feature. AuthResultFeatureLua )
Authentication results.
type Backend ¶
type Backend uint8
Backend is a numeric identifier for a database backend.
const ( // BackendUnknown represents an unknown backend BackendUnknown Backend = iota // BackendCache represents a Cache backend BackendCache // BackendLDAP represents an LDAP backend BackendLDAP // BackendLua represents a Lua backend BackendLua // BackendLocalCache represents the local in-memory cache localcache.LocalCache BackendLocalCache )
type CacheNameBackend ¶
type CacheNameBackend uint8
CacheNameBackend is a numeric identifier for a cache name backend.
const ( // CacheAll refers to the enum value for all cache backends CacheAll CacheNameBackend = iota // CacheLDAP refers to the enum value for LDAP cache backend CacheLDAP // CacheLua refers to the enum value for Lua cache backend CacheLua )
type DbgModule ¶
type DbgModule uint8
DbgModule represents a debug module identifier.
const ( // DbgNone is used when no debugging module is selected. DbgNone DbgModule = iota // DbgAll is used for indicating all debugging modules. DbgAll // DbgAuth is the debugging module for authentication processes. DbgAuth // DbgWebAuthn is the debugging module for WebAuthn related processes. DbgWebAuthn // DbgStats used for debugging statistical computations. DbgStats // DbgWhitelist for whitelist related debugging. DbgWhitelist // DbgLDAP is the debugging module for LDAP (Lightweight Directory Access Protocol) related debugging. DbgLDAP // DbgLDAPPool is the dedicated module for debugging LDAP connection pooling issues. DbgLDAPPool // DbgCache is suitable for cache mechanism debugging. DbgCache // DbgBf is used while debugging Bloom filter related operations. DbgBf // DbgRBL is for real-time blacklist related debugging. DbgRBL // DbgAction is for debugging related to any actions performed in the system. DbgAction // DbgFeature is for debugging toggling or usage of features. DbgFeature // DbgLua is for Lua scripting related debugging. DbgLua // DbgFilter is used for debugging issues related to filter operations. DbgFilter // DbgTolerate represents the debug module for operations related to tolerance or error allowances. DbgTolerate // DbgJWT represents the debug module for JWT-related operations. DbgJWT // DbgHTTP represents the debug module for HTTP-related operations. DbgHTTP // DbgAccount represents the debug module for tracing how/where the // per-request account value was determined and set. DbgAccount )
type DbgModuleMapping ¶ added in v1.12.0
type DbgModuleMapping struct {
// StrToMod maps string identifiers to DbgModule constants for resolving debug module references.
StrToMod map[string]DbgModule
// ModToStr maps DbgModule constants to their corresponding string identifiers.
ModToStr map[DbgModule]string
}
DbgModuleMapping provides mappings between string identifiers and DbgModule constants for debug module resolution.
func GetDbgModuleMapping ¶ added in v1.12.0
func GetDbgModuleMapping() *DbgModuleMapping
GetDbgModuleMapping returns the global DbgModuleMapping instance.
func NewDbgModuleMapping ¶ added in v1.12.0
func NewDbgModuleMapping() *DbgModuleMapping
NewDbgModuleMapping initializes and returns a DbgModuleMapping with default mappings between string identifiers and modules.
type LDAPCommand ¶
type LDAPCommand uint8
LDAPCommand represents the LDAP operation like search, add or modify.
const ( // LDAPSearch is a constant representing a command used for LDAP search LDAPSearch LDAPCommand = iota // LDAPModify is a constant representing a command used for LDAP modification LDAPModify )
type LDAPState ¶
type LDAPState uint8
LDAPState is the tri-state flag for the LDAPPool
const ( // LDAPStateClosed represents the state of an LDAP when it's not connected LDAPStateClosed LDAPState = iota // LDAPStateFree represents the state of an LDAP connection that is available for use LDAPStateFree // LDAPStateBusy represents the state of an LDAP connection that is currently in use LDAPStateBusy )
Tri-state for LDAP connections.
type LDAPSubCommand ¶ added in v1.5.5
type LDAPSubCommand uint8
const ( // LDAPModifyUnknown represents an undefined or uninitialized LDAP subcommand in modification operations. LDAPModifyUnknown LDAPSubCommand = iota // LDAPModifyAdd represents a subcommand for adding attributes or values in an LDAP modify operation. LDAPModifyAdd // LDAPModifyDelete represents a subcommand for deleting attributes or values in an LDAP modify operation. LDAPModifyDelete // LDAPModifyReplace represents a subcommand for replacing attributes or values in an LDAP modify operation. LDAPModifyReplace )
type LuaAction ¶
type LuaAction uint8
LuaAction represents a numeric identifier for a Lua action.
const ( // LuaActionNone indicates a placeholder for when no action is to be taken LuaActionNone LuaAction = iota // LuaActionBruteForce identifies an action related to the Brute Force attack prevention LuaActionBruteForce // LuaActionRBL is the action associated with Real-time Blackhole List (RBL) operations LuaActionRBL // LuaActionTLS is linked with Transport Layer Security (TLS) actions LuaActionTLS // LuaActionRelayDomains actions are related to domain relays LuaActionRelayDomains // LuaActionLua denotes actions scripted in Lua LuaActionLua // LuaActionPost indicates post processing actions LuaActionPost )
type LuaCommand ¶
type LuaCommand uint8
LuaCommand is a numeric identifier for a Lua command.
const ( // LuaCommandPassDB represents the command for passing database in Lua LuaCommandPassDB LuaCommand = iota // LuaCommandListAccounts represents the command for listing accounts in Lua LuaCommandListAccounts // LuaCommandAddMFAValue represents the command for adding a Multi-Factor Authentication value in Lua LuaCommandAddMFAValue )
type Monitoring ¶
type Monitoring uint8
Monitoring is a numeric identifier for various monitoring flags in the Authentication struct.
const ( // MonInMemory is a constant of type Monitoring that represents the flag for in-memory monitoring. MonInMemory Monitoring = iota // MonCache represents the flag for caching in monitoring. MonCache )
type PasswordOption ¶
type PasswordOption uint8
PasswordOption is a password encoding type.
const ( // ENCUNKNOWN represents an unknown or undefined password encoding option. ENCUNKNOWN PasswordOption = iota // ENCB64 represents the base64 password encoding option for hashed passwords. ENCB64 // ENCHEX represents the hexadecimal password encoding option for hashed passwords. ENCHEX )
Source Files
Click to show internal directories.
Click to hide internal directories.