Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidPassword = errors.New("invalid password") ErrNoPasswordSet = errors.New("no password set") ErrInvalidToken = errors.New("invalid token") )
var PublicRoutes = []string{
"/",
"/auth/login",
"/auth/status",
"/health",
"/health/live",
"/health/ready",
"/health/startup",
"/ready",
"/metrics",
"/api/v1/buckets",
"/api/v1/keys",
}
PublicRoutes are routes that don't require authentication
var StaticPrefixes = []string{
"/assets/",
"/static/",
"/share/",
"/api/shares/access/",
"/api/v1/",
"/dl/",
}
StaticPrefixes are static asset prefixes that don't require authentication
Functions ¶
func CleanupRevokedTokens ¶ added in v0.2.0
func CleanupRevokedTokens()
CleanupRevokedTokens removes expired entries from the revocation list. Should be called periodically.
func EncryptionKey ¶ added in v0.2.0
func EncryptionKey() []byte
EncryptionKey returns the 32-byte key used for encrypting secrets at rest.
func GenerateSessionID ¶
func GenerateSessionID() string
GenerateSessionID generates a random session ID
func InitJWTSecret ¶ added in v0.2.1
InitJWTSecret initialises the JWT signing key. It accepts an explicit secret (from -jwt-secret / BEAMDROP_JWT_SECRET).
Resolution order:
- If `secret` is non-empty, use it (must be ≥ 32 bytes).
- Else, try to load from <ConfigDir>/jwt_secret (~/.beamdrop/jwt_secret).
- Else, generate a random 32-byte key and persist it to that file.
This must be called once during startup, before any JWT operations.
func RevokeToken ¶ added in v0.2.0
func RevokeToken(tokenString string)
RevokeToken extracts the JTI from a token and adds it to the revocation list.
func StartRevocationCleanup ¶ added in v0.2.0
func StartRevocationCleanup() func()
StartRevocationCleanup starts a background goroutine to periodically clean up expired revoked tokens. Returns a stop function.
Types ¶
type AuthMiddleware ¶
type AuthMiddleware struct {
// contains filtered or unexported fields
}
AuthMiddleware handles authentication for protected routes
func NewAuthMiddleware ¶
func NewAuthMiddleware(ps *PasswordService) *AuthMiddleware
NewAuthMiddleware creates a new auth middleware
func (*AuthMiddleware) IsPublicRoute ¶
func (m *AuthMiddleware) IsPublicRoute(path string) bool
IsPublicRoute checks if the given path is a public route
func (*AuthMiddleware) Middleware ¶
func (m *AuthMiddleware) Middleware(next http.Handler) http.Handler
Middleware returns the middleware function for use in the server
func (*AuthMiddleware) RequireAuth ¶
func (m *AuthMiddleware) RequireAuth(next http.Handler) http.Handler
RequireAuth wraps a handler with authentication checking
type PasswordService ¶
type PasswordService struct {
// contains filtered or unexported fields
}
PasswordService handles password operations
func NewPasswordService ¶
func NewPasswordService(password string) *PasswordService
NewPasswordService creates a new password service
func (*PasswordService) GenerateToken ¶
func (ps *PasswordService) GenerateToken() (string, error)
GenerateToken creates a new JWT token with a unique JTI for revocation support
func (*PasswordService) IsEnabled ¶
func (ps *PasswordService) IsEnabled() bool
IsEnabled returns whether password authentication is enabled
func (*PasswordService) ValidatePassword ¶
func (ps *PasswordService) ValidatePassword(password string) bool
ValidatePassword checks if the provided password matches the stored hash
func (*PasswordService) ValidateToken ¶
func (ps *PasswordService) ValidateToken(tokenString string) bool
ValidateToken checks if the token is valid and not revoked
Source Files