config

package
v1.4.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2025 License: GPL-3.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Matcher             language.Matcher
	DefaultLanguageTags []language.Tag
)

Functions

func GetSkipConsent 

func GetSkipConsent(clientId string) (skip bool)

GetSkipConsent returns a boolean true, if the consent dialog shall be skipped for an OAuth-2 client.

func GetSkipTOTP 

func GetSkipTOTP(clientId string) (skip bool)

GetSkipTOTP returns a boolean true, if TOTP two-factor authentication shall be skipped for an OAuth-2 client.

func ReloadConfigFile 

func ReloadConfigFile() (err error)

ReloadConfigFile is a thread safe function to reload a ConfigFile object.

Types

type Backend 

type Backend struct {
	// contains filtered or unexported fields
}

Backend is a password Database container.

func (*Backend) Get 

func (b *Backend) Get() definitions.Backend

Get gets the name of a password Database.

func (*Backend) Set 

func (b *Backend) Set(value string) error

Set updates the backend of the Backend based on the provided value. It returns an error if the value is not valid. Valid values for the backend are "cache", "ldap" and "lua". If the value is valid, the backend field of Backend is updated accordingly. An error of type ErrWrongPassDB is returned if the value is not valid.

func (*Backend) String 

func (b *Backend) String() string

func (*Backend) Type 

func (b *Backend) Type() string

Type returns the name of the type.

type BackendServer 

type BackendServer struct {
	Protocol      string `mapstructure:"protocol" validate:"required,oneof=imap pop3 lmtp smtp sieve http"`
	Host          string `mapstructure:"host" validate:"required,hostname|ip"`
	DeepCheck     bool   `mapstructure:"deep_check"`
	RequestURI    string `mapstructure:"request_uri" validate:"omitempty,url_encoded"`
	TestUsername  string `mapstructure:"test_username" validate:"omitempty,excludesall= "`
	TestPassword  string `mapstructure:"test_password" validate:"omitempty,excludesall= "`
	Port          int    `mapstructure:"port" validate:"omitempty,min=1,max=65535"`
	TLS           bool   `mapstructure:"tls"`
	TLSSkipVerify bool   `mapstructure:"tls_skip_verify"`
	HAProxyV2     bool   `mapstructure:"haproxy_v2"`
}

func (*BackendServer) String 

func (n *BackendServer) String() string

type BackendServerMonitoring 

type BackendServerMonitoring struct {
	BackendServers []*BackendServer `mapstructure:"backend_servers" validate:"required,dive"`
}

func (*BackendServerMonitoring) String added in v1.3.5 

func (n *BackendServerMonitoring) String() string

type BasicAuth 

type BasicAuth struct {
	Enabled  bool   `mapstructure:"enabled"`
	Username string `mapstructure:"username" validate:"omitempty,excludesall= "`
	Password string `mapstructure:"password" validate:"omitempty,min=16,alphanumunicode,excludesall= "`
}

BasicAuth represents the configuration for basic HTTP authentication.

type BruteForceRule 

type BruteForceRule struct {
	Name           string        `mapstructure:"name" validate:"required"`
	Period         time.Duration `mapstructure:"period" validate:"required,gt=0,max=8760h"`
	CIDR           uint          `mapstructure:"cidr" validate:"required,min=1,max=128"`
	IPv4           bool
	IPv6           bool
	FailedRequests uint `mapstructure:"failed_requests" validate:"required,min=1"`
}

BruteForceRule is the definition of a brute force rule as defined in the configuration file. See the markdown documentation for a description of the field names.

func (*BruteForceRule) String added in v1.4.9 

func (b *BruteForceRule) String() string

type BruteForceSection 

type BruteForceSection struct {
	SoftWhitelist `mapstructure:"soft_whitelist"`
	IPWhitelist   []string         `mapstructure:"ip_whitelist" validate:"omitempty,dive,ip_addr|cidr"`
	Buckets       []BruteForceRule `mapstructure:"buckets" validate:"required,dive"`
	Learning      []*Feature       `mapstructure:"learning" validate:"omitempty,dive"`
}

func (*BruteForceSection) LearnFromFeature added in v1.3.5 

func (b *BruteForceSection) LearnFromFeature(input string) bool

LearnFromFeature checks if the given feature is present in the Learning slice of the BruteForceSection. It returns true if the feature is found, otherwise false.

func (*BruteForceSection) String 

func (b *BruteForceSection) String() string

type Cluster 

type Cluster struct {
	Addresses []string `mapstructure:"addresses" validate:"required,dive,hostname_port"`
	Username  string   `mapstructure:"username" validate:"omitempty,excludesall= "`
	Password  string   `mapstructure:"password" validate:"omitempty,excludesall= "`
}

Cluster represents the configuration for a Redis cluster setup.

type Config 

type Config struct {
	// SMTPBackendAddress is the address of the SMTP backend server.
	SMTPBackendAddress string

	// SMTPBackendPort is the port of the SMTP backend server.
	SMTPBackendPort int

	// IMAPBackendAddress is the address of the IMAP backend server.
	IMAPBackendAddress string

	// IMAPBackendPort is the port of the IMAP backend server.
	IMAPBackendPort int

	// POP3BackendAddress is the address of the POP3 backend server.
	POP3BackendAddress string

	// POP3BackendPort is the port of the IMAP POP3 server.
	POP3BackendPort int

	// WaitDelay is the time in seconds to wait between connection attempts.
	WaitDelay uint8

	// MaxLoginAttempts is the maximum number of login attempts.
	MaxLoginAttempts uint8

	// DevMode indicates whether the application is running in developer mode.
	DevMode bool

	// MaxActionWorkers is the maximum number of action workers that can be run simultaneously.
	MaxActionWorkers uint16

	// LocalCacheAuthTTL
	LocalCacheAuthTTL time.Duration
}

Config represents overall configuration settings for the application. 

var EnvConfig *Config //nolint:gochecknoglobals // System wide configuration

EnvConfig represents the environment configuration for the application It is a pointer to Config type

func NewConfig 

func NewConfig() *Config

NewConfig initializes a new Config struct and sets its values based on environment variables. It calls various methods to set specific configuration options and returns the new Config struct or an error if any configuration fails.

func (*Config) String 

func (c *Config) String() string

String returns the name of the Config object excluding the HTTPOptions.

type DNS 

type DNS struct {
	Resolver        string        `mapstructure:"resolver" validate:"omitempty,tcp_addr"`
	Timeout         time.Duration `mapstructure:"timeout" validate:"omitempty,gt=0,max=30s"`
	ResolveClientIP bool          `mapstructure:"resolve_client_ip"`
}

DNS represents the Domain Name System configuration settings, including resolver, timeout, and client IP resolution options.

type DbgModule 

type DbgModule struct {
	// contains filtered or unexported fields
}

DbgModule represents a debugging module configuration.

func (*DbgModule) Get 

func (d *DbgModule) Get() string

Get returns the name of the `DbgModule` instance. The name represents the current debug module. It can be used to identify the debug module when needed.

func (*DbgModule) GetModule 

func (d *DbgModule) GetModule() definitions.DbgModule

GetModule returns the `module` field of the `DbgModule` struct. It is used to retrieve the current debug module.

Usage: 

module := d.GetModule()

Example: 

func main() {
  dbg := &DbgModule{}
  module := dbg.GetModule()
  fmt.Println(module) // Output: 0
}

func (*DbgModule) Set 

func (d *DbgModule) Set(value string) error

Set updates the debug module based on the provided value. It returns an error if the value is not valid. Valid values for the debug module are "none", "all", "auth", "hydra", "webauthn", "statistics", "whitelist", "ldap", "ldappool", "sql", "cache", "bf", "rbl", "action", "feature", and "lua". If the value is valid, the module and name fields are updated accordingly. An error of type ErrWrongDebugModule is returned if the value is not valid.

func (*DbgModule) String 

func (d *DbgModule) String() string

func (*DbgModule) Type 

func (d *DbgModule) Type() string

Type returns the type of the DbgModule, which is always "DebugModule".

type DefaultHTTPRequestHeader added in v1.3.0 

type DefaultHTTPRequestHeader struct {
	Username           string `mapstructure:"username" validate:"omitempty,printascii,excludesall= "`
	Password           string `mapstructure:"password" validate:"omitempty,printascii,excludesall= "`
	PasswordEncoded    string `mapstructure:"password_encoded" validate:"omitempty,printascii,excludesall= "`
	Protocol           string `mapstructure:"protocol" validate:"omitempty,printascii,excludesall= "`
	LoginAttempt       string `mapstructure:"login_attempt" validate:"omitempty,printascii,excludesall= "`
	AuthMethod         string `mapstructure:"auth_method" validate:"omitempty,printascii,excludesall= "`
	LocalIP            string `mapstructure:"local_ip" validate:"omitempty,printascii,excludesall= "`
	LocalPort          string `mapstructure:"local_port" validate:"omitempty,printascii,excludesall= "`
	ClientIP           string `mapstructure:"client_ip" validate:"omitempty,printascii,excludesall= "`
	ClientPort         string `mapstructure:"client_port" validate:"omitempty,printascii,excludesall= "`
	ClientHost         string `mapstructure:"client_host" validate:"omitempty,printascii,excludesall= "`
	ClientID           string `mapstructure:"client_id" validate:"omitempty,printascii,excludesall= "`
	SSL                string `mapstructure:"ssl" validate:"omitempty,printascii,excludesall= "`
	SSLSessionID       string `mapstructure:"ssl_session_id" validate:"omitempty,printascii,excludesall= "`
	SSLVerify          string `mapstructure:"ssl_verify" validate:"omitempty,printascii,excludesall= "`
	SSLSubject         string `mapstructure:"ssl_subject" validate:"omitempty,printascii,excludesall= "`
	SSLClientCN        string `mapstructure:"ssl_client_cn" validate:"omitempty,printascii,excludesall= "`
	SSLIssuer          string `mapstructure:"ssl_issuer" validate:"omitempty,printascii,excludesall= "`
	SSLClientNotBefore string `mapstructure:"ssl_client_not_before" validate:"omitempty,printascii,excludesall= "`
	SSLClientNotAfter  string `mapstructure:"ssl_client_not_after" validate:"omitempty,printascii,excludesall= "`
	SSLSubjectDN       string `mapstructure:"ssl_subject_dn" validate:"omitempty,printascii,excludesall= "`
	SSLIssuerDN        string `mapstructure:"ssl_issuer_dn" validate:"omitempty,printascii,excludesall= "`
	SSLClientSubjectDN string `mapstructure:"ssl_client_subject_dn" validate:"omitempty,printascii,excludesall= "`
	SSLClientIssuerDN  string `mapstructure:"ssl_client_issuer_dn" validate:"omitempty,printascii,excludesall= "`
	SSLCipher          string `mapstructure:"ssl_cipher" validate:"omitempty,printascii,excludesall= "`
	SSLProtocol        string `mapstructure:"ssl_protocol" validate:"omitempty,printascii,excludesall= "`
	SSLSerial          string `mapstructure:"ssl_serial" validate:"omitempty,printascii,excludesall= "`
	SSLFingerprint     string `mapstructure:"ssl_fingerprint" validate:"omitempty,printascii,excludesall= "`
}

DefaultHTTPRequestHeader represents the default headers to include in every HTTP request. This struct includes fields for authentication, SSL/TLS, and client/server metadata.

type Endpoint added in v1.4.9 

type Endpoint struct {
	AuthHeader    bool `mapstructure:"auth_header"`
	AuthJSON      bool `mapstructure:"auth_json"`
	AuthBasic     bool `mapstructure:"auth_basic"`
	AuthNginx     bool `mapstructure:"auth_nginx"`
	AuthSASLAuthd bool `mapstructure:"auth_saslauthd"`
	CustomHooks   bool `mapstructure:"custom_hooks"`
}

Endpoint defines a structure for configuring various types of authentication and custom hooks.

type Feature 

type Feature struct {
	// contains filtered or unexported fields
}

Feature is a container for Nauthilus features.

func (*Feature) Get 

func (f *Feature) Get() string

Get gets the name of a feature returned as string.

func (*Feature) Set 

func (f *Feature) Set(value string) error

Set updates the feature name based on the provided value. It returns an error if the value is not a valid feature name. Valid feature names are "tls_encryption", "rbl", "relay_domains", and "lua". If the value is valid, the name field of the Feature struct is updated accordingly. An error of type ErrWrongFeature is returned if the value is not valid.

func (*Feature) String 

func (f *Feature) String() string

func (*Feature) Type 

func (f *Feature) Type() string

Type returns the name of the type.

type File 

type File struct {
	Server                  *ServerSection           `mapstructure:"server" valdiate:"required"`
	RBLs                    *RBLSection              `mapstructure:"realtime_blackhole_lists" valdiate:"omitempty"`
	ClearTextList           []string                 `mapstructure:"cleartext_networks" valdiate:"omitempty,dive"`
	RelayDomains            *RelayDomainsSection     `mapstructure:"relay_domains" valdiate:"omitempty"`
	BackendServerMonitoring *BackendServerMonitoring `mapstructure:"backend_server_monitoring" valdiate:"omitempty"`
	BruteForce              *BruteForceSection       `mapstructure:"brute_force" valdiate:"omitempty"`
	Lua                     *LuaSection              `mapstructure:"lua" valdiate:"omitempty"`
	Oauth2                  *Oauth2Section           `mapstructure:"oauth2" valdiate:"omitempty"`
	LDAP                    *LDAPSection             `mapstructure:"ldap" valdiate:"omitempty"`
	Other                   map[string]any           `mapstructure:",remain"`
	Mu                      sync.Mutex
}

File represents a comprehensive configuration structure utilized to manage server settings, blackhole lists, brute force, Lua scripting, OAuth2, LDAP, and other miscellaneous configurations. It includes synchronization via a mutex. 

var LoadableConfig *File //nolint:gochecknoglobals // System wide configuration from nauthilus.yml file

LoadableConfig is a variable of type *File that represents the configuration file that can be loaded.

func NewConfigFile 

func NewConfigFile() (newCfg *File, err error)

NewConfigFile is the constructor for a ConfigFile object.

func (*File) GetAllProtocols 

func (f *File) GetAllProtocols() []string

GetAllProtocols returns a unique slice of strings (a Set) for all defined protocols in the database search sections.

func (*File) GetAuthMethod added in v1.3.0 

func (f *File) GetAuthMethod() string

GetAuthMethod returns the HTTP request header for the auth mechanism LOGIN or PLAIN

func (*File) GetBackendServer 

func (f *File) GetBackendServer(protocol string) *BackendServer

GetBackendServer retrieves the first BackendServer that matches the specified protocol from the File's backend servers. Returns nil if no matching server is found or if the File object is nil.

func (*File) GetBackendServerMonitoring 

func (f *File) GetBackendServerMonitoring() *BackendServerMonitoring

GetBackendServerMonitoring is a method on the File struct. It returns the BackendServerMonitoring field from the File struct.

func (*File) GetBackendServers 

func (f *File) GetBackendServers() []*BackendServer

GetBackendServers retrieves the list of backend servers for the File instance or returns an empty list if none are configured.

func (*File) GetBruteForceRules 

func (f *File) GetBruteForceRules() (rules []BruteForceRule)

GetBruteForceRules retrieves the list of brute force rules defined in the configuration file. If no rules are defined or the File instance is nil, it returns nil.

func (*File) GetClientHost added in v1.3.0 

func (f *File) GetClientHost() string

GetClientHost returns the HTTP request header used to retrieve an optional client hostname

func (*File) GetClientID added in v1.3.0 

func (f *File) GetClientID() string

GetClientID returns the HTTP request header used to retrieve an optional client ID

func (*File) GetClientIP added in v1.3.0 

func (f *File) GetClientIP() string

GetClientIP returns the HTTP request header that holds the client IP of the request

func (*File) GetClientPort added in v1.3.0 

func (f *File) GetClientPort() string

GetClientPort returns the HTTP request header that holds the client TCP port of the request

func (*File) GetConfig 

func (f *File) GetConfig(backend definitions.Backend) any

GetConfig retrieves the configuration for a given backend from the File receiver or returns nil if unavailable.

func (*File) GetLDAPConfigAuthIdlePoolSize 

func (f *File) GetLDAPConfigAuthIdlePoolSize() int

GetLDAPConfigAuthIdlePoolSize retrieves the authentication idle pool size for the LDAP configuration. It returns the default value if the configuration is nil or not properly set.

func (*File) GetLDAPConfigAuthPoolSize 

func (f *File) GetLDAPConfigAuthPoolSize() int

GetLDAPConfigAuthPoolSize returns the authentication pool size configured for an LDAP backend or a default value if not set.

func (*File) GetLDAPConfigBindDN 

func (f *File) GetLDAPConfigBindDN() string

GetLDAPConfigBindDN returns the BindDN value from the LDAP configuration if available, otherwise it returns an empty string.

func (*File) GetLDAPConfigBindPW 

func (f *File) GetLDAPConfigBindPW() string

GetLDAPConfigBindPW retrieves the BindPW (bind password) from the LDAP configuration if available, or returns an empty string.

func (*File) GetLDAPConfigLookupIdlePoolSize 

func (f *File) GetLDAPConfigLookupIdlePoolSize() int

GetLDAPConfigLookupIdlePoolSize returns the configured idle connection pool size for LDAP lookups or a default value if unset.

func (*File) GetLDAPConfigLookupPoolSize 

func (f *File) GetLDAPConfigLookupPoolSize() int

GetLDAPConfigLookupPoolSize returns the size of the LDAP lookup connection pool, or a default if no configuration exists.

func (*File) GetLDAPConfigSASLExternal 

func (f *File) GetLDAPConfigSASLExternal() bool

GetLDAPConfigSASLExternal checks if the LDAP configuration uses SASL External authentication and returns its status. It returns false if the File receiver or the LDAP configuration is nil, or if the type assertion fails.

func (*File) GetLDAPConfigServerURIs 

func (f *File) GetLDAPConfigServerURIs() []string

GetLDAPConfigServerURIs retrieves the LDAP server URIs from the configuration or returns "ldap://localhost" as a default value.

func (*File) GetLDAPConfigStartTLS 

func (f *File) GetLDAPConfigStartTLS() bool

GetLDAPConfigStartTLS determines if StartTLS is enabled for the LDAP configuration in the provided file. Returns false if the file or configuration is nil or not of type *LDAPConf.

func (*File) GetLDAPConfigTLSCAFile 

func (f *File) GetLDAPConfigTLSCAFile() string

GetLDAPConfigTLSCAFile retrieves the TLS CA file for the LDAP configuration if available, returning an empty string if not.

func (*File) GetLDAPConfigTLSClientCert 

func (f *File) GetLDAPConfigTLSClientCert() string

GetLDAPConfigTLSClientCert retrieves the TLS client certificate for the LDAP configuration. Returns an empty string if the file or configuration is nil, or if the assertion of the config type fails.

func (*File) GetLDAPConfigTLSClientKey 

func (f *File) GetLDAPConfigTLSClientKey() string

GetLDAPConfigTLSClientKey retrieves the TLS client key for the LDAP configuration. Returns an empty string if not set.

func (*File) GetLDAPConfigTLSSkipVerify 

func (f *File) GetLDAPConfigTLSSkipVerify() bool

GetLDAPConfigTLSSkipVerify retrieves the TLSSkipVerify value from the LDAP configuration in the file. Returns false if the file or configuration is nil or not of type *LDAPConf.

func (*File) GetLDAPSearchProtocol 

func (f *File) GetLDAPSearchProtocol(protocol string) (*LDAPSearchProtocol, error)

GetLDAPSearchProtocol retrieves the LDAPSearchProtocol configuration based on the specified protocol. If the protocol is not found, it falls back to the default protocol. Returns an error if the configuration or default protocol is missing.

func (*File) GetLocalIP added in v1.3.0 

func (f *File) GetLocalIP() string

GetLocalIP returns the HTTP request header that represents the local IP address for the server that accepts client requests

func (*File) GetLocalPort added in v1.3.0 

func (f *File) GetLocalPort() string

GetLocalPort returns the HTTP request header that represents the local TCP port for the server that accepts client requests

func (*File) GetLoginAttempt added in v1.3.0 

func (f *File) GetLoginAttempt() string

GetLoginAttempt returns the HTTP request header for login-attempts

func (*File) GetLuaInitScriptPath added in v1.3.0 

func (f *File) GetLuaInitScriptPath() string

GetLuaInitScriptPath returns the path to the Lua init script specified in the configuration. If the configuration or LuaConf is nil, it returns an empty string.

func (*File) GetLuaPackagePath 

func (f *File) GetLuaPackagePath() string

GetLuaPackagePath returns the Lua package path based on the file configuration or a default path if not specified.

func (*File) GetLuaScriptPath 

func (f *File) GetLuaScriptPath() string

GetLuaScriptPath retrieves the backend Lua script file path from the configuration. Returns an empty string if unavailable.

func (*File) GetLuaSearchProtocol 

func (f *File) GetLuaSearchProtocol(protocol string) (*LuaSearchProtocol, error)

GetLuaSearchProtocol retrieves a LuaSearchProtocol configuration matching the specified protocol. Returns a default LuaSearchProtocol if the protocol cannot be found and protocol is set to ProtoDefault. Returns a DetailedError if the protocol cannot be found and no default is configured. Accepts a string representing the protocol to search for.

func (*File) GetPassword added in v1.3.0 

func (f *File) GetPassword() string

GetPassword returns the HTTP request header for the password

func (*File) GetPasswordEncoded added in v1.3.0 

func (f *File) GetPasswordEncoded() string

GetPasswordEncoded returns the HTTP request header to indicate if the password was encoded

func (*File) GetProtocol added in v1.3.0 

func (f *File) GetProtocol() string

GetProtocol returns the HTTP request header for the used protocol

func (*File) GetProtocols 

func (f *File) GetProtocols(backend definitions.Backend) any

GetProtocols retrieves protocol configurations for the specified backend type. Returns nil if the backend is not found or has no associated protocols.

func (*File) GetSSL added in v1.3.0 

func (f *File) GetSSL() string

GetSSL returns the HTTP request header used to indicate SSL security for the current client connection

func (*File) GetSSLCipher added in v1.3.0 

func (f *File) GetSSLCipher() string

GetSSLCipher retrieves the SSL cipher from the default HTTP request header of the server configuration. Returns an empty string if the File instance is nil.

func (*File) GetSSLClientCN added in v1.3.0 

func (f *File) GetSSLClientCN() string

GetSSLClientCN retrieves the SSL client common name (CN) from the default HTTP request header.

func (*File) GetSSLClientIssuerDN added in v1.3.0 

func (f *File) GetSSLClientIssuerDN() string

GetSSLClientIssuerDN returns the distinguished name (DN) of the SSL client issuer from the default HTTP request header.

func (*File) GetSSLClientNotAfter added in v1.3.0 

func (f *File) GetSSLClientNotAfter() string

GetSSLClientNotAfter retrieves the SSL client certificate's "not after" expiration date as a string. Returns an empty string if the File is nil.

func (*File) GetSSLClientNotBefore added in v1.3.0 

func (f *File) GetSSLClientNotBefore() string

GetSSLClientNotBefore retrieves the "SSLClientNotBefore" value from the default HTTP request header of the server. Returns an empty string if the File instance is nil.

func (*File) GetSSLClientSubjectDN added in v1.3.0 

func (f *File) GetSSLClientSubjectDN() string

GetSSLClientSubjectDN returns the SSL client subject distinguished name from the default HTTP request header. If the File receiver is nil, it returns an empty string.

func (*File) GetSSLFingerprint added in v1.3.0 

func (f *File) GetSSLFingerprint() string

GetSSLFingerprint retrieves the SSL fingerprint from the server's default HTTP request header. If the File is nil, it returns an empty string.

func (*File) GetSSLIssuer added in v1.3.0 

func (f *File) GetSSLIssuer() string

GetSSLIssuer retrieves the SSL certificate issuer from the default HTTP request header of the server configuration.

func (*File) GetSSLIssuerDN added in v1.3.0 

func (f *File) GetSSLIssuerDN() string

GetSSLIssuerDN retrieves the Distinguished Name (DN) of the SSL issuer from the default HTTP request header.

func (*File) GetSSLProtocol added in v1.3.0 

func (f *File) GetSSLProtocol() string

GetSSLProtocol retrieves the SSL protocol from the DefaultHTTPRequestHeader of the Server configuration.

func (*File) GetSSLSerial added in v1.3.0 

func (f *File) GetSSLSerial() string

GetSSLSerial retrieves the SSL serial number from the default HTTP request header of the server configuration. Returns an empty string if the File receiver is nil.

func (*File) GetSSLSessionID added in v1.3.0 

func (f *File) GetSSLSessionID() string

GetSSLSessionID retrieves the SSL session ID from the file's default HTTP request header. Returns an empty string if the file is nil.

func (*File) GetSSLSubject added in v1.3.0 

func (f *File) GetSSLSubject() string

GetSSLSubject retrieves the SSL subject from the default HTTP request header. Returns an empty string if the file is nil.

func (*File) GetSSLSubjectDN added in v1.3.0 

func (f *File) GetSSLSubjectDN() string

GetSSLSubjectDN returns the SSL subject distinguished name from the Server's default HTTP request header.

func (*File) GetSSLVerify added in v1.3.0 

func (f *File) GetSSLVerify() string

GetSSLVerify retrieves the SSL verification status from the default HTTP request header configuration. If the File receiver is nil, it returns an empty string.

func (*File) GetSection 

func (f *File) GetSection(backend definitions.Backend) any

GetSection retrieves the section corresponding to the provided backend type from the File. Returns nil if not found.

func (*File) GetServer 

func (f *File) GetServer() *ServerSection

GetServer retrieves the ServerSection from the File. Returns nil if the File is nil or if no Server is present.

func (*File) GetServerInsights 

func (f *File) GetServerInsights() *Insights

GetServerInsights is a method on the File struct. It returns the Insights field from the Server struct, which is accessed through the GetServer() method on the File struct. If the File struct does not have a Server, it returns nil.

func (*File) GetServerInsightsEnableBlockProfile 

func (f *File) GetServerInsightsEnableBlockProfile() bool

GetServerInsightsEnableBlockProfile checks if the block profiling feature is enabled in the server insights configuration.

func (*File) GetServerInsightsEnablePprof 

func (f *File) GetServerInsightsEnablePprof() bool

GetServerInsightsEnablePprof returns true if the ServerInsights configuration enables pprof; otherwise, returns false.

func (*File) GetUsername added in v1.3.0 

func (f *File) GetUsername() string

GetUsername returns the HTTP request header for the username

func (*File) HasFeature 

func (f *File) HasFeature(feature string) bool

HasFeature checks if the given feature exists in the LoadableConfig's Features list

func (*File) HaveLDAPBackend 

func (f *File) HaveLDAPBackend() bool

HaveLDAPBackend checks if the configuration includes an LDAP backend and returns true if it exists, otherwise false.

func (*File) HaveLua 

func (f *File) HaveLua() bool

HaveLua is a method on the File struct. It checks if the Lua field in the File struct is not nil. It returns a boolean value indicating whether Lua is present or not.

func (*File) HaveLuaActions 

func (f *File) HaveLuaActions() bool

HaveLuaActions is a method on the File struct. It checks if the File struct has Lua actions. It returns true if the File struct has Lua actions, otherwise returns false.

func (*File) HaveLuaFeatures 

func (f *File) HaveLuaFeatures() bool

HaveLuaFeatures is a method on the File struct. It checks if the File struct has Lua features. It returns true if there are Lua features, and false otherwise.

func (*File) HaveLuaFilters 

func (f *File) HaveLuaFilters() bool

HaveLuaFilters is a method on the File struct. It checks if the File struct has Lua filters. It returns true if there are Lua filters, and false otherwise.

func (*File) HaveLuaHooks added in v1.3.9 

func (f *File) HaveLuaHooks() bool

HaveLuaHooks returns true if the File instance has Lua hooks associated with it, otherwise returns false.

func (*File) HaveLuaInit added in v1.3.0 

func (f *File) HaveLuaInit() bool

HaveLuaInit checks if the Lua initialization script path is set in the configuration. It first confirms that the File instance supports Lua by invoking HaveLua method. Then, it retrieves the Lua configuration using GetConfig with the definitions.BackendLua constant. If the retrieved configuration is of type *LuaConf and the InitScriptPath is not empty, it returns true. Otherwise, it returns false.

func (*File) HaveServer 

func (f *File) HaveServer() bool

HaveServer is a method on the File struct. It returns true if the Server field in the File struct is not nil, indicating that a server exists.

func (*File) LDAPHavePoolOnly 

func (f *File) LDAPHavePoolOnly() bool

LDAPHavePoolOnly checks if the LDAP configuration is set to use the `PoolOnly` mode. Returns false if any element is nil.

func (*File) RetrieveGetterMap 

func (f *File) RetrieveGetterMap() map[definitions.Backend]GetterHandler

RetrieveGetterMap returns a map associating each supported backend with its corresponding GetterHandler implementation. This method initializes a new map for the backends, and populates it by checking if certain backend sections exist. If the provided File object is nil, it returns nil.

type Frontend added in v1.1.0 

type Frontend struct {
	Enabled            bool   `mapstructure:"enabled"`
	CSRFSecret         string `mapstructure:"csrf_secret" validate:"omitempty,len=32,alphanumunicode,excludesall= "`
	CookieStoreAuthKey string `mapstructure:"cookie_store_auth_key" validate:"omitempty,len=32,alphanumunicode,excludesall= "`
	CookieStoreEncKey  string `mapstructure:"cookie_store_encryption_key" validate:"omitempty,alphanumunicode,excludesall= ,validateCookieStoreEncKey"`
}

Frontend represents configuration options for the frontend of the application.

type GetterHandler 

type GetterHandler interface {
	GetConfig() any
	GetProtocols() any
}

GetterHandler is an interface that provides methods to retrieve configuration and protocol information.

type HTTPClient added in v1.3.0 

type HTTPClient struct {
	MaxConnsPerHost     int           `mapstructure:"max_connections_per_host" validate:"omitempty,gte=1"`
	MaxIdleConns        int           `mapstructure:"max_idle_connections" validate:"omitempty,gte=1"`
	MaxIdleConnsPerHost int           `mapstructure:"max_idle_connections_per_host" validate:"omitempty,gte=0"`
	IdleConnTimeout     time.Duration `mapstructure:"idle_connection_timeout" validate:"omitempty,gte=0"`
	Proxy               string        `mapstructure:"proxy"`
}

type IdTokenClaims 

type IdTokenClaims struct {
	// Scope: profile.
	Name              string `mapstructure:"name" validate:"omitempty,printascii,excludesall= "`
	GivenName         string `mapstructure:"given_name" validate:"omitempty,printascii,excludesall= "`
	FamilyName        string `mapstructure:"family_name" validate:"omitempty,printascii,excludesall= "`
	MiddleName        string `mapstructure:"middle_name" validate:"omitempty,printascii,excludesall= "`
	NickName          string `mapstructure:"nickname" validate:"omitempty,printascii,excludesall= "`
	PreferredUserName string `mapstructure:"preferred_username" validate:"omitempty,printascii,excludesall= "`
	Profile           string `mapstructure:"profile" validate:"omitempty,printascii,excludesall= "`
	Website           string `mapstructure:"website" validate:"omitempty,printascii,excludesall= "`
	Picture           string `mapstructure:"picture" validate:"omitempty,printascii,excludesall= "`
	Gender            string `mapstructure:"gender" validate:"omitempty,printascii,excludesall= "`
	Birthdate         string `mapstructure:"birthdate" validate:"omitempty,printascii,excludesall= "`
	ZoneInfo          string `mapstructure:"zoneinfo" validate:"omitempty,printascii,excludesall= "`
	Locale            string `mapstructure:"locale" validate:"omitempty,printascii,excludesall= "`
	UpdatedAt         string `mapstructure:"updated_at" validate:"omitempty,printascii,excludesall= "`

	// Scope: email.
	Email         string `mapstructure:"email" validate:"omitempty,printascii,excludesall= "`
	EmailVerified string `mapstructure:"email_verified" validate:"omitempty,printascii,excludesall= "`

	// Scope: phone.
	PhoneNumber         string `mapstructure:"phone_number" validate:"omitempty,printascii,excludesall= "`
	PhoneNumberVerified string `mapstructure:"phone_number_verified" validate:"omitempty,printascii,excludesall= "`

	// Scope: address.
	Address string `mapstructure:"address" validate:"omitempty,printascii,excludesall= "`

	// Scope: groups.
	Groups string `mapstructure:"groups" validate:"omitempty,printascii,excludesall= "`

	// Scope: user defined.
	CustomClaims map[string]any `mapstructure:",remain"`
}

func (*IdTokenClaims) String 

func (i *IdTokenClaims) String() string

type Insights 

type Insights struct {
	EnablePprof        bool `mapstructure:"enable_pprof"`
	EnableBlockProfile bool `mapstructure:"enable_block_profile"`
}

Insights is a configuration structure for enabling profiling and block profiling capabilities.

type LDAPAttributeMapping 

type LDAPAttributeMapping struct {
	AccountField      string `mapstructure:"account_field" validate:"required"` // Webauthn is not implemented, yet.
	TOTPSecretField   string `mapstructure:"totp_secret_field" validate:"omitempty"`
	TOTPRecoveryField string `mapstructure:"totp_recovery_field" validate:"omitempty"`
	DisplayNameField  string `mapstructure:"display_name_field" validate:"omitempty"`
	CredentialObject  string `mapstructure:"credential_object" validate:"omitempty"`
	CredentialIDField string `mapstructure:"credential_id_field" validate:"omitempty"`
	PublicKeyField    string `mapstructure:"public_key_field" validate:"omitempty"`
	UniqueUserIDField string `mapstructure:"unique_user_id_field" validate:"omitempty"`
	AAGUIDField       string `mapstructure:"aaguid_field" validate:"omitempty"`
	SignCountField    string `mapstructure:"sign_count_field" validate:"omitempty"`
}

type LDAPConf 

type LDAPConf struct {
	PoolOnly      bool `mapstructure:"pool_only"`
	StartTLS      bool
	TLSSkipVerify bool `mapstructure:"tls_skip_verify"`
	SASLExternal  bool `mapstructure:"sasl_external"`

	LookupPoolSize     int `mapstructure:"lookup_pool_size" validate:"min=1"`
	LookupIdlePoolSize int `mapstructure:"lookup_idle_pool_size" validate:"min=0"`
	AuthPoolSize       int `mapstructure:"auth_pool_size" validate:"min=1"`
	AuthIdlePoolSize   int `mapstructure:"auth_idle_pool_size" validate:"min=0"`

	BindDN        string `mapstructure:"bind_dn" validate:"omitempty,printascii"`
	BindPW        string `mapstructure:"bind_pw" validate:"omitempty"`
	TLSCAFile     string `mapstructure:"tls_ca_cert" validate:"omitempty,file"`
	TLSClientCert string `mapstructure:"tls_client_cert" validate:"omitempty,file"`
	TLSClientKey  string `mapstructure:"tls_client_key" validate:"omitempty,file"`

	ServerURIs []string `mapstructure:"server_uri" validate:"required,dive,uri"`
}

func (*LDAPConf) String 

func (l *LDAPConf) String() string

type LDAPFilter 

type LDAPFilter struct {
	User                string `mapstructure:"user" validate:"omitempty"`
	ListAccounts        string `mapstructure:"list_accounts" validate:"omitempty"`
	WebAuthnCredentials string `mapstructure:"webauthn_credentials" validate:"omitempty"`
}

type LDAPScope 

type LDAPScope struct {
	// contains filtered or unexported fields
}

LDAPScope is the search scope for an LDAP server.

func (*LDAPScope) Get 

func (l *LDAPScope) Get() int

Get returns the numeric LDAP search scope.

func (*LDAPScope) Set 

func (l *LDAPScope) Set(value string) error

Set sets the numeric LDAP search scope by its string representation.

func (*LDAPScope) String 

func (l *LDAPScope) String() string

func (*LDAPScope) Type 

func (l *LDAPScope) Type() string

Type returns the name of the type.

type LDAPSearchProtocol 

type LDAPSearchProtocol struct {
	Protocols []string `mapstructure:"protocol" validate:"required"`
	CacheName string   `mapstructure:"cache_name" validate:"required,printascii,excludesall= "`
	BaseDN    string   `mapstructure:"base_dn" validate:"required,printascii"`
	Scope     string   `mapstructure:"scope" validate:"omitempty,oneof=base one sub"`

	LDAPFilter           `mapstructure:"filter" validate:"required"`
	LDAPAttributeMapping `mapstructure:"mapping" validate:"required"`

	// LDAP result attributes
	Attributes []string `mapstructure:"attribute" validate:"required,dive,printascii,excludesall= "`
}

func (*LDAPSearchProtocol) GetAccountField 

func (p *LDAPSearchProtocol) GetAccountField() (string, error)

GetAccountField returns the LDAP attribute for an account. It returns a DetailedError, if no value has been configured.

func (*LDAPSearchProtocol) GetAttributes 

func (p *LDAPSearchProtocol) GetAttributes() ([]string, error)

GetAttributes returns a list of attributes that are requested from the LDAP server. It returns a DetailedError, if no value has been configured.

func (*LDAPSearchProtocol) GetBaseDN 

func (p *LDAPSearchProtocol) GetBaseDN() (string, error)

GetBaseDN returns the base DN that is used for each specific protocol. It returns a DetailedError, if no value has been configured.

func (*LDAPSearchProtocol) GetCacheName 

func (p *LDAPSearchProtocol) GetCacheName() (string, error)

GetCacheName returns the Redis cache domain. It returns a DetailedError, if no value has been configured.

func (*LDAPSearchProtocol) GetListAccountsFilter 

func (p *LDAPSearchProtocol) GetListAccountsFilter() (string, error)

GetListAccountsFilter returns an LDAP filter which is used to find all user accounts. It returns a DetailedError, if no value has been configured.

func (*LDAPSearchProtocol) GetScope 

func (p *LDAPSearchProtocol) GetScope() (*LDAPScope, error)

GetScope returns an LDAP search scope. If no scope was defined, it automatically sets the subtree scope. If a scope has been defined and is unknown, it returns a DetailedError.

func (*LDAPSearchProtocol) GetUserFilter 

func (p *LDAPSearchProtocol) GetUserFilter() (string, error)

GetUserFilter returns an LDAP search filter to find a user. It returns a DetailedError, if no value has been configured.

type LDAPSection 

type LDAPSection struct {
	Config *LDAPConf            `mapstructure:"config" validate:"required"`
	Search []LDAPSearchProtocol `mapstructure:"search" validate:"omitempty,dive"`
}

func (*LDAPSection) GetConfig 

func (l *LDAPSection) GetConfig() any

func (*LDAPSection) GetProtocols 

func (l *LDAPSection) GetProtocols() any

func (*LDAPSection) String 

func (l *LDAPSection) String() string

type Log 

type Log struct {
	JSON       bool         `mapstructure:"json"`
	Color      bool         `mapstructure:"color"`
	Level      Verbosity    `mapstructure:"level"`
	DbgModules []*DbgModule `mapstructure:"debug_modules" validate:"omitempty,dive"`
}

Log represents the configuration for logging.

type LuaAction 

type LuaAction struct {
	ActionType string `mapstructure:"type" validate:"required,oneof=brute_force rbl tls_encryption relay_domains lua post"`
	ScriptName string `mapstructure:"name" validate:"required"`
	ScriptPath string `mapstructure:"script_path" validate:"required,file"`
}

func (*LuaAction) GetAction 

func (l *LuaAction) GetAction() (string, string, string)

GetAction returns the ActionType, ScriptName, and ScriptPath of a LuaAction. It is a method of the LuaAction struct. The ActionType field represents the type of the Lua action. The ScriptName field represents the name of the Lua script. The ScriptPath field represents the path to the Lua script file. It returns these values as strings.

func (*LuaAction) String 

func (l *LuaAction) String() string

type LuaConf 

type LuaConf struct {
	PackagePath       string `mapstructure:"package_path"`
	BackendScriptPath string `mapstructure:"backend_script_path" validate:"omitempty,file"`
	InitScriptPath    string `mapstructure:"init_script_path" validate:"omitempty,file"`
}

func (*LuaConf) String 

func (l *LuaConf) String() string

type LuaFeature 

type LuaFeature struct {
	Name       string `mapstructure:"name" validate:"required"`
	ScriptPath string `mapstructure:"script_path" validate:"required,file"`
}

func (*LuaFeature) String 

func (l *LuaFeature) String() string

type LuaFilter 

type LuaFilter struct {
	Name       string `mapstructure:"name" validate:"required"`
	ScriptPath string `mapstructure:"script_path" validate:"required,file"`
}

func (*LuaFilter) String 

func (l *LuaFilter) String() string

type LuaHooks added in v1.3.9 

type LuaHooks struct {
	Location   string `mapstructure:"http_location" validate:"required,printascii,excludesall= "`
	Method     string `mapstructure:"http_method" validate:"required,oneof=GET POST PUT DELETE PATCH"`
	ScriptPath string `mapstructure:"script_path" validate:"required,file"`
}

func (*LuaHooks) String added in v1.3.9 

func (l *LuaHooks) String() string

type LuaSearchProtocol 

type LuaSearchProtocol struct {
	Protocols []string `mapstructure:"protocol"`
	CacheName string   `mapstructure:"cache_name" validate:"required,printascii,excludesall= "`
}

func (*LuaSearchProtocol) GetCacheName 

func (l *LuaSearchProtocol) GetCacheName() (string, error)

GetCacheName returns the Redis cache domain. It returns a DetailedError, if no value has been configured.

type LuaSection 

type LuaSection struct {
	Actions  []LuaAction         `mapstructure:"actions" validate:"omitempty,dive"`
	Features []LuaFeature        `mapstructure:"features" validate:"omitempty,dive"`
	Filters  []LuaFilter         `mapstructure:"filters" validate:"omitempty,dive"`
	Hooks    []LuaHooks          `mapstructure:"custom_hooks" validate:"omitempty,dive"`
	Config   *LuaConf            `mapstructure:"config" validate:"omitempty"`
	Search   []LuaSearchProtocol `mapstructure:"search" validate:"omitempty,dive"`
}

func (*LuaSection) GetConfig 

func (l *LuaSection) GetConfig() any

func (*LuaSection) GetProtocols 

func (l *LuaSection) GetProtocols() any

func (*LuaSection) String 

func (l *LuaSection) String() string

type Master 

type Master struct {
	Address  string `mapstructure:"address" validate:"omitempty,hostname_port"`
	Username string `mapstructure:"username" validate:"omitempty,excludesall= "`
	Password string `mapstructure:"password" validate:"omitempty,excludesall= "`
}

Master represents the configuration for the master Redis instance. Includes fields for address, username, and password for the master instance.

type MasterUser 

type MasterUser struct {
	Enabled   bool   `mapstructure:"enabled"`
	Delimiter string `mapstructure:"delimiter" validate:"omitempty,len=1,printascii"`
}

MasterUser represents a user configuration with flags for enabling and setting delimiters.

type OIDCCustomClaim 

type OIDCCustomClaim struct {
	Name string
	Type string
}

type Oauth2Client 

type Oauth2Client struct {
	SkipConsent bool          `mapstructure:"skip_consent"`
	SkipTOTP    bool          `mapstructure:"skip_totp"`
	ClientName  string        `mapstructure:"name" validate:"required"`
	ClientId    string        `mapstructure:"client_id" validate:"required"`
	Subject     string        `mapstructure:"subject" validate:"required,alphanumunicode,excludesall= "`
	Claims      IdTokenClaims `mapstructure:"claims" validate:"required"`
}

type Oauth2CustomScope 

type Oauth2CustomScope struct {
	Name        string            `mapstructure:"name" validate:"required,alphanumunicode,excludesall= "`
	Description string            `mapstructure:"description" validate:"required"`
	Claims      []OIDCCustomClaim `mapstructure:"claims" validate:"required,dive"`
	Other       map[string]any    `mapstructure:",remain"`
}

type Oauth2Section 

type Oauth2Section struct {
	CustomScopes []Oauth2CustomScope `mapstructure:"custom_scopes" validate:"omitempty,dive"`
	Clients      []Oauth2Client      `mapstructure:"clients" validate:"omitempty,dive"`
}

func (*Oauth2Section) String 

func (o *Oauth2Section) String() string

type PrometheusTimer added in v1.1.0 

type PrometheusTimer struct {
	Enabled bool     `mapstructure:"enabled"`
	Labels  []string `` /* 138-byte string literal not displayed */
}

PrometheusTimer is a configuration structure for enabling and setting labels for Prometheus metrics timers.

type Protocol 

type Protocol struct {
	// contains filtered or unexported fields
}

Protocol is the protocol used between a remote client and a server. This server sets the protocol in an HTTP request header "Auth-Protocol" (Nginx protocol).

func NewProtocol 

func NewProtocol(protocol string) *Protocol

NewProtocol creates a new Protocol object with the given protocol string. It initializes the name field of the Protocol object.

Example usage: protocol := NewProtocol("http")

func (*Protocol) Get 

func (p *Protocol) Get() string

Get returns the string for a protocol.

func (*Protocol) Set 

func (p *Protocol) Set(value string)

Set sets the name of the protocol.

func (*Protocol) String 

func (p *Protocol) String() string

func (*Protocol) Type 

func (p *Protocol) Type() string

Type returns the name of the type.

type RBL 

type RBL struct {
	Name         string `mapstructure:"name" validate:"required"`
	RBL          string `mapstructure:"rbl" validate:"required,hostname"`
	IPv4         bool
	IPv6         bool
	AllowFailure bool   `mapstructure:"allow_failure"`
	ReturnCode   string `mapstructure:"return_code" validate:"required,ip4_addr"`
	Weight       int    `mapstructure:"weight" validate:"omitempty,min=-100,max=100"`
}

type RBLSection 

type RBLSection struct {
	SoftWhitelist `mapstructure:"soft_whitelist"`
	Lists         []RBL    `mapstructure:"lists" validate:"required,dive"`
	Threshold     int      `mapstructure:"threshold" validate:"omitempty,min=0,max=100"`
	IPWhiteList   []string `mapstructure:"ip_whitelist" validate:"omitempty,dive,ip_addr|cidr"`
}

func (*RBLSection) String 

func (r *RBLSection) String() string

type Redis 

type Redis struct {
	DatabaseNmuber int           `mapstructure:"database_number" validate:"omitempty,gte=0,lte=15"`
	Prefix         string        `mapstructure:"prefix" validate:"omitempty,printascii,excludesall= "`
	PasswordNonce  string        `mapstructure:"password_nonce" validate:"omitempty,min=16,alphanumunicode,excludesall= "`
	PoolSize       int           `mapstructure:"pool_size" validate:"omitempty,gte=1"`
	IdlePoolSize   int           `mapstructure:"idle_pool_size" validate:"omitempty,gte=0"`
	TLS            TLS           `mapstructure:"tls" validate:"omitempty"`
	PosCacheTTL    time.Duration `mapstructure:"positive_cache_ttl" validate:"omitempty,max=8760h"`
	NegCacheTTL    time.Duration `mapstructure:"negative_cache_ttl" validate:"omitempty,max=8760h"`
	Master         Master        `mapstructure:"master" validate:"omitempty"`
	Replica        Replica       `mapstructure:"replica" validate:"omitempty"`
	Sentinels      Sentinels     `mapstructure:"sentinels" validate:"omitempty"`
	Cluster        Cluster       `mapstructure:"cluster" validate:"omitempty"`
}

Redis represents the configuration settings for a Redis instance, including master, replica, sentinel, and cluster setups.

type RelayDomainsSection 

type RelayDomainsSection struct {
	SoftWhitelist `mapstructure:"soft_whitelist"`
	StaticDomains []string `mapstructure:"static" validate:"required,dive,hostname"`
}

func (*RelayDomainsSection) String 

func (r *RelayDomainsSection) String() string

type Replica 

type Replica struct {
	Address string `mapstructure:"address" validate:"omitempty,hostname_port"`
}

Replica represents the configuration for a Redis replica instance.

type Sentinels 

type Sentinels struct {
	Master    string   `mapstructure:"master" validate:"required,printascii,excludesall= "`
	Addresses []string `mapstructure:"addresses" validate:"required,dive,hostname_port"`
	Username  string   `mapstructure:"username" validate:"omitempty,excludesall= "`
	Password  string   `mapstructure:"password" validate:"omitempty,excludesall= "`
}

Sentinels represents the configuration for Redis Sentinel.

type ServerSection 

type ServerSection struct {
	Address                   string                   `mapstructure:"address" validate:"omitempty,tcp_addr"`
	MaxConcurrentRequests     int32                    `mapstructure:"max_concurrent_requests" validate:"required,gte=1"`
	MaxPasswordHistoryEntries int32                    `mapstructure:"max_password_history_entries" validate:"omitempty,gte=1"`
	HTTP3                     bool                     `mapstructure:"http3"`
	HAproxyV2                 bool                     `mapstructure:"haproxy_v2"`
	DisabledEndpoints         Endpoint                 `mapstructure:"disabled_endpoints" validate:"omitempty"`
	TLS                       TLS                      `mapstructure:"tls" validate:"omitempty"`
	BasicAuth                 BasicAuth                `mapstructure:"basic_auth" validate:"omitempty"`
	InstanceName              string                   `mapstructure:"instance_name" validate:"omitempty,max=255,printascii"`
	Log                       Log                      `mapstructure:"log" validate:"omitempty"`
	Backends                  []*Backend               `mapstructure:"backends" validate:"omitempty,dive"`
	Features                  []*Feature               `mapstructure:"features" validate:"omitempty,dive"`
	BruteForceProtocols       []*Protocol              `mapstructure:"brute_force_protocols" validate:"omitempty,dive"`
	HydraAdminUrl             string                   `mapstructure:"ory_hydra_admin_url" validate:"omitempty,http_url"`
	DNS                       DNS                      `mapstructure:"dns" validate:"omitempty"`
	Insights                  Insights                 `mapstructure:"insights" validate:"omitempty"`
	Redis                     Redis                    `mapstructure:"redis" vslidate:"required"`
	MasterUser                MasterUser               `mapstructure:"master_user" validate:"omitempty"`
	Frontend                  Frontend                 `mapstructure:"frontend" validate:"omitempty"`
	PrometheusTimer           PrometheusTimer          `mapstructure:"prometheus_timer" validate:"omitempty"`
	DefaultHTTPRequestHeader  DefaultHTTPRequestHeader `mapstructure:"default_http_request_header" validate:"omitempty"`
	HTTPClient                HTTPClient               `mapstructure:"http_client" validate:"omitempty"`
}

ServerSection represents the configuration for a server, including network settings, TLS, logging, backends, features, protocol handling, and integrations with other systems such as Redis and Prometheus.

type SoftWhitelist added in v1.4.0 

type SoftWhitelist map[string][]string

SoftWhitelist is a type that represents a map linking a string key to a slice of string values. Typically used to associate users with a list of CIDR networks.

func NewSoftWhitelist added in v1.4.0 

func NewSoftWhitelist() SoftWhitelist

NewSoftWhitelist creates and returns a new instance of SoftWhitelist initialized as an empty map of string slices.

func (SoftWhitelist) Delete added in v1.4.0 

func (s SoftWhitelist) Delete(username, network string)

Delete removes the specified network from the user's whitelist in the SoftWhitelist. If the network is the only entry, the user is removed from the whitelist. The function does nothing if the whitelist is nil or if the user does not exist.

func (SoftWhitelist) Get added in v1.4.0 

func (s SoftWhitelist) Get(username string) []string

Get retrieves the list of networks associated with the specified username from the SoftWhitelist. If the SoftWhitelist is nil or the username does not exist, it returns nil.

func (SoftWhitelist) HasSoftWhitelist added in v1.4.0 

func (s SoftWhitelist) HasSoftWhitelist() bool

HasSoftWhitelist checks if the SoftWhitelist is non-nil and contains at least one entry.

func (SoftWhitelist) Set added in v1.4.0 

func (s SoftWhitelist) Set(username, network string)

Set adds a specified network to a user's whitelist if the network is valid and the username is not empty.

func (SoftWhitelist) String added in v1.4.0 

func (s SoftWhitelist) String() string

type SoftWhitelistProvider added in v1.4.0 

type SoftWhitelistProvider interface {
	// HasSoftWhitelist checks if there is at least one entry in the soft whitelist, returning true if it exists, otherwise false.
	HasSoftWhitelist() bool

	// Get retrieves the list of networks associated with the given username from the soft whitelist.
	Get(username string) []string

	// Set adds a specified network to a user's whitelist if the network is valid and the username is not empty.
	Set(username, network string)

	// Delete removes a specified network from the user's soft whitelist identified by the provided username.
	Delete(username, network string)
}

SoftWhitelistProvider defines the methods for managing a soft whitelist of networks associated with usernames. The interface allows checking the existence of a whitelist, retrieving, setting, and deleting networks.

type StringSet 

type StringSet map[string]any

StringSet is a storage container that ensures unique keys.

func NewStringSet 

func NewStringSet() StringSet

NewStringSet constructs a new StringSet

func (*StringSet) GetStringSlice 

func (s *StringSet) GetStringSlice() (result []string)

GetStringSlice returns all values for a StringSet as a slice of strings.

func (*StringSet) Set 

func (s *StringSet) Set(value string)

Set adds an element to the StringSet

func (*StringSet) String added in v1.3.5 

func (s *StringSet) String() string

type TLS 

type TLS struct {
	Enabled              bool   `mapstructure:"enabled"`
	Cert                 string `mapstructure:"cert" validate:"omitempty,file"`
	Key                  string `mapstructure:"key" validate:"omitempty,file"`
	HTTPClientSkipVerify bool   `mapstructure:"http_client_skip_verify"`
}

TLS represents the configuration for enabling TLS and managing certificates.

type Verbosity 

type Verbosity struct {
	// contains filtered or unexported fields
}

Verbosity is a type that represents the verbosity details.

func (*Verbosity) Get 

func (v *Verbosity) Get() string

Get returns the name of the log level as string.

func (*Verbosity) Level 

func (v *Verbosity) Level() int

Level returns the verbosity level of the Verbosity instance.

func (*Verbosity) Set 

func (v *Verbosity) Set(value string) error

Set updates the verbosity level and name based on the provided value. It returns an error if the value is not valid. Valid values for the verbosity level are "none", "error", "warn", "info", and "debug". If the value is valid, the verboseLevel and name fields are updated accordingly. An error of type ErrWrongVerboseLevel is returned if the value is not valid.

func (*Verbosity) String 

func (v *Verbosity) String() string

func (*Verbosity) Type 

func (v *Verbosity) Type() string

Type returns the type of the Verbosity struct.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.