auth

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2026 License: AGPL-3.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidPassword = errors.New("invalid password")
	ErrNoPasswordSet   = errors.New("no password set")
	ErrInvalidToken    = errors.New("invalid token")
)
View Source 
var PublicRoutes = []string{
	"/",
	"/auth/login",
	"/auth/status",
	"/health",
	"/health/live",
	"/health/ready",
	"/health/startup",
	"/ready",
	"/metrics",
	"/api/v1/buckets",
	"/api/v1/keys",
}

PublicRoutes are routes that don't require authentication

View Source 
var StaticPrefixes = []string{
	"/assets/",
	"/static/",
	"/share/",
	"/api/shares/access/",
	"/api/v1/",
	"/dl/",
}

StaticPrefixes are static asset prefixes that don't require authentication

Functions

func CleanupRevokedTokens added in v0.2.0 

func CleanupRevokedTokens()

CleanupRevokedTokens removes expired entries from the revocation list. Should be called periodically.

func EncryptionKey added in v0.2.0 

func EncryptionKey() []byte

EncryptionKey returns the 32-byte key used for encrypting secrets at rest. This is derived from the JWT secret which is randomly generated per process.

func GenerateSessionID 

func GenerateSessionID() string

GenerateSessionID generates a random session ID

func RevokeToken added in v0.2.0 

func RevokeToken(tokenString string)

RevokeToken extracts the JTI from a token and adds it to the revocation list.

func StartRevocationCleanup added in v0.2.0 

func StartRevocationCleanup() func()

StartRevocationCleanup starts a background goroutine to periodically clean up expired revoked tokens. Returns a stop function.

Types

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

AuthMiddleware handles authentication for protected routes

func NewAuthMiddleware 

func NewAuthMiddleware(ps *PasswordService) *AuthMiddleware

NewAuthMiddleware creates a new auth middleware

func (*AuthMiddleware) IsPublicRoute 

func (m *AuthMiddleware) IsPublicRoute(path string) bool

IsPublicRoute checks if the given path is a public route

func (*AuthMiddleware) Middleware 

func (m *AuthMiddleware) Middleware(next http.Handler) http.Handler

Middleware returns the middleware function for use in the server

func (*AuthMiddleware) RequireAuth 

func (m *AuthMiddleware) RequireAuth(next http.Handler) http.Handler

RequireAuth wraps a handler with authentication checking

type Claims 

type Claims struct {
	jwt.RegisteredClaims
}

Claims represents JWT claims

type PasswordService 

type PasswordService struct {
	// contains filtered or unexported fields
}

PasswordService handles password operations

func NewPasswordService 

func NewPasswordService(password string) *PasswordService

NewPasswordService creates a new password service

func (*PasswordService) GenerateToken 

func (ps *PasswordService) GenerateToken() (string, error)

GenerateToken creates a new JWT token with a unique JTI for revocation support

func (*PasswordService) IsEnabled 

func (ps *PasswordService) IsEnabled() bool

IsEnabled returns whether password authentication is enabled

func (*PasswordService) ValidatePassword 

func (ps *PasswordService) ValidatePassword(password string) bool

ValidatePassword checks if the provided password matches the stored hash

func (*PasswordService) ValidateToken 

func (ps *PasswordService) ValidateToken(tokenString string) bool

ValidateToken checks if the token is valid and not revoked

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.