management

package
v0.1.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2026 License: GPL-3.0 Imports: 22 Imported by: 0

Documentation

Overview

Package management provides management API capabilities with optional authentication for the CBT engine.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrGitHubClientIDRequired is returned when GitHub OAuth is configured
	// without a client ID.
	ErrGitHubClientIDRequired = errors.New("github client_id is required")
	// ErrGitHubClientSecretRequired is returned when GitHub OAuth is
	// configured without a client secret.
	ErrGitHubClientSecretRequired = errors.New(
		"github client_secret is required",
	)
	// ErrGitHubCallbackURLRequired is returned when GitHub OAuth is
	// configured without a callback URL.
	ErrGitHubCallbackURLRequired = errors.New(
		"github callback_url is required",
	)
	// ErrGitHubAuthorizationRequired is returned when GitHub OAuth is
	// configured without org or allowed_users.
	ErrGitHubAuthorizationRequired = errors.New(
		"github requires at least one of org or allowed_users",
	)
)
View Source 
var (
	// ErrEmptyGitHubLogin is returned when the GitHub API returns an empty login.
	ErrEmptyGitHubLogin = errors.New("empty login in GitHub API response")
	// ErrUserNotAuthorized is returned when a user is not in the allowed
	// list or org.
	ErrUserNotAuthorized = errors.New("user is not authorized")
	// ErrUnexpectedGitHubStatus is returned when the GitHub API returns an
	// unexpected status code.
	ErrUnexpectedGitHubStatus = errors.New("unexpected GitHub API status")
)

Functions

func CombinedAuthMiddleware 

func CombinedAuthMiddleware(
	expectedPassword string,
	store *SessionStore,
) fiber.Handler

CombinedAuthMiddleware returns middleware that accepts either Bearer token or session cookie authentication. It tries password first, then session.

func PasswordAuthMiddleware 

func PasswordAuthMiddleware(expectedPassword string) fiber.Handler

PasswordAuthMiddleware returns middleware that validates a Bearer token against the expected password using constant-time comparison.

func SessionAuthMiddleware 

func SessionAuthMiddleware(store *SessionStore) fiber.Handler

SessionAuthMiddleware returns middleware that validates a session cookie against the Redis session store.

Types

type AuthConfig 

type AuthConfig struct {
	// Password is a simple bearer token. Empty means disabled.
	Password string `yaml:"password"` //nolint:gosec // configuration field name is intentional.
	// GitHub holds GitHub OAuth configuration. Nil means disabled.
	GitHub *GitHubConfig `yaml:"github"`
}

AuthConfig holds authentication configuration for the management API.

func (*AuthConfig) AuthRequired 

func (c *AuthConfig) AuthRequired() bool

AuthRequired reports whether any authentication method is configured.

func (*AuthConfig) GitHubEnabled 

func (c *AuthConfig) GitHubEnabled() bool

GitHubEnabled reports whether GitHub OAuth authentication is configured.

func (*AuthConfig) Methods 

func (c *AuthConfig) Methods() []string

Methods returns the list of enabled authentication method names.

func (*AuthConfig) PasswordEnabled 

func (c *AuthConfig) PasswordEnabled() bool

PasswordEnabled reports whether password authentication is configured.

func (*AuthConfig) Validate 

func (c *AuthConfig) Validate() error

Validate validates the authentication configuration.

type BaseConfigProvider 

type BaseConfigProvider interface {
	GetBaseConfig(modelID string) (json.RawMessage, error)
}

BaseConfigProvider returns original (pre-override) config for a model.

type Config 

type Config struct {
	Enabled bool       `yaml:"enabled"`
	Auth    AuthConfig `yaml:"auth"`
}

Config represents the management API configuration.

func (*Config) Validate 

func (c *Config) Validate() error

Validate validates the management configuration.

type FrontendConfig 

type FrontendConfig struct {
	ManagementEnabled bool     `json:"managementEnabled"`
	AuthMethods       []string `json:"authMethods"`
}

FrontendConfig holds configuration injected into the frontend.

type GitHubConfig 

type GitHubConfig struct {
	ClientID     string        `yaml:"client_id"`
	ClientSecret string        `yaml:"client_secret"` //nolint:gosec // configuration field name is intentional.
	CallbackURL  string        `yaml:"callback_url"`
	Org          string        `yaml:"org"`
	AllowedUsers []string      `yaml:"allowed_users"`
	SessionTTL   time.Duration `yaml:"session_ttl"`
}

GitHubConfig holds GitHub OAuth flow configuration.

func (*GitHubConfig) Validate 

func (c *GitHubConfig) Validate() error

Validate validates the GitHub OAuth configuration.

type GitHubHandler 

type GitHubHandler struct {
	// contains filtered or unexported fields
}

GitHubHandler manages the GitHub OAuth login flow.

func NewGitHubHandler 

func NewGitHubHandler(
	cfg *GitHubConfig,
	redisClient *redis.Client,
	sessionStore *SessionStore,
	log logrus.FieldLogger,
) *GitHubHandler

NewGitHubHandler creates a new GitHub OAuth handler.

func (*GitHubHandler) HandleCallback 

func (h *GitHubHandler) HandleCallback(c fiber.Ctx) error

HandleCallback processes the GitHub OAuth callback, exchanges the code for a token, validates the user, creates a session, and redirects to the root.

func (*GitHubHandler) HandleLogin 

func (h *GitHubHandler) HandleLogin(c fiber.Ctx) error

HandleLogin initiates the GitHub OAuth flow by generating CSRF state and PKCE verifier, storing them in Redis, and redirecting to GitHub.

func (*GitHubHandler) HandleLogout 

func (h *GitHubHandler) HandleLogout(c fiber.Ctx) error

HandleLogout deletes the session and clears the cookie.

type Handlers 

type Handlers struct {
	// contains filtered or unexported fields
}

Handlers implements management action endpoints.

func NewHandlers 

func NewHandlers(
	adminService admin.Service,
	modelsService models.Service,
	coord coordinator.Service,
	log logrus.FieldLogger,
) *Handlers

NewHandlers creates a new management Handlers instance.

func (*Handlers) ClearAllConfigOverrides 

func (h *Handlers) ClearAllConfigOverrides(c fiber.Ctx) error

ClearAllConfigOverrides removes all live overrides.

func (*Handlers) Consolidate 

func (h *Handlers) Consolidate(c fiber.Ctx) error

Consolidate triggers historical data consolidation for a model.

func (*Handlers) DeleteBounds 

func (h *Handlers) DeleteBounds(c fiber.Ctx) error

DeleteBounds removes external model bounds from Redis cache.

func (*Handlers) DeleteConfigOverride 

func (h *Handlers) DeleteConfigOverride(c fiber.Ctx) error

DeleteConfigOverride removes the live override for a model (reverts to base config).

func (*Handlers) DeletePeriod 

func (h *Handlers) DeletePeriod(c fiber.Ctx) error

DeletePeriod removes tracking rows overlapping a position range and optionally cascades the deletion to all transitive incremental dependents.

func (*Handlers) GetConfigOverride 

func (h *Handlers) GetConfigOverride(c fiber.Ctx) error

GetConfigOverride returns the live override for a specific model, along with the original base config snapshot for comparison.

func (*Handlers) ListConfigOverrides 

func (h *Handlers) ListConfigOverrides(c fiber.Ctx) error

ListConfigOverrides returns all live overrides.

func (*Handlers) SetBaseConfigProvider 

func (h *Handlers) SetBaseConfigProvider(p BaseConfigProvider)

SetBaseConfigProvider sets the provider used to retrieve original config snapshots.

func (*Handlers) SetConfigOverride 

func (h *Handlers) SetConfigOverride(c fiber.Ctx) error

SetConfigOverride creates or updates a live override for a model.

func (*Handlers) TriggerRefreshBounds 

func (h *Handlers) TriggerRefreshBounds(c fiber.Ctx) error

TriggerRefreshBounds enqueues a full external scan via the coordinator.

func (*Handlers) TriggerScheduledRun 

func (h *Handlers) TriggerScheduledRun(c fiber.Ctx) error

TriggerScheduledRun enqueues an immediate run for a scheduled transformation.

func (*Handlers) UpdateBounds 

func (h *Handlers) UpdateBounds(c fiber.Ctx) error

UpdateBounds overwrites external model bounds in Redis cache.

type Service 

type Service interface {
	// RegisterRoutes registers management routes on the given router.
	RegisterRoutes(router fiber.Router)
	// GetFrontendConfig returns the configuration to inject into the frontend.
	GetFrontendConfig() FrontendConfig
	// SetBaseConfigProvider sets the provider for original config snapshots.
	SetBaseConfigProvider(p BaseConfigProvider)
}

Service defines the management service interface.

func NewService 

func NewService(
	cfg *Config,
	adminService admin.Service,
	modelsService models.Service,
	coord coordinator.Service,
	redisClient *redis.Client,
	log logrus.FieldLogger,
) Service

NewService creates a new management Service.

type SessionData 

type SessionData struct {
	Username  string `json:"username"`
	AuthMode  string `json:"auth_mode"`
	CreatedAt int64  `json:"created_at"`
}

SessionData holds the data associated with an authenticated session.

type SessionStore 

type SessionStore struct {
	// contains filtered or unexported fields
}

SessionStore manages sessions backed by Redis.

func NewSessionStore 

func NewSessionStore(client *redis.Client, ttl time.Duration) *SessionStore

NewSessionStore creates a new Redis-backed session store.

func (*SessionStore) Create 

func (s *SessionStore) Create(
	ctx context.Context,
	data *SessionData,
) (string, error)

Create generates a new session ID, stores the data in Redis, and returns the session ID.

func (*SessionStore) Delete 

func (s *SessionStore) Delete(ctx context.Context, id string) error

Delete removes a session from Redis.

func (*SessionStore) Get 

func (s *SessionStore) Get(
	ctx context.Context,
	id string,
) (*SessionData, error)

Get retrieves session data for the given session ID. Returns nil if the session does not exist or has expired.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.