Documentation
¶
Index ¶
- Constants
- Variables
- type ChangePasswordRequest
- type CreateAPIKeyRequest
- type CreateAPIKeyResponse
- type CreateDatabaseRequest
- type CreateGrantRequest
- type CreateUserRequest
- type DatabaseLimitedResponse
- type DatabaseResponse
- type LoginRequest
- type LoginResponse
- type MeResponse
- type PreLoginPasswordChangeRequest
- type RateLimiter
- type Server
- type SessionResponse
- type UpdateDatabaseRequest
- type UpdateUserRequest
- type UserResponse
Constants ¶
const ( // Credential failures FailureReasonInvalidUsername = "invalid_username" // Username not found FailureReasonInvalidPassword = "invalid_password" // Wrong password FailureReasonPasswordChangeReq = "password_change_required" // Initial password not changed // Token failures FailureReasonTokenInvalid = "token_invalid" // Malformed or unknown token FailureReasonTokenExpired = "token_expired" // Token past expiration FailureReasonTokenRevoked = "token_revoked" // Token was revoked // Account status FailureReasonUserDisabled = "user_disabled" // Account disabled by admin FailureReasonUserDeleted = "user_deleted" // Account was deleted )
REST API failure reasons
const ( ErrCodePasswordChangeRequired = "password_change_required" ErrCodeAuthRateLimited = "auth_rate_limited" )
Error codes for API responses
Variables ¶
var (
ErrInvalidUID = errors.New("invalid UID")
)
API errors.
Functions ¶
This section is empty.
Types ¶
type ChangePasswordRequest ¶
type ChangePasswordRequest struct {
Username string `json:"username"`
CurrentPassword string `json:"current_password" binding:"required"`
NewPassword string `json:"new_password" binding:"required"`
}
ChangePasswordRequest represents the request body for authenticated password change Requires re-authentication via username/password (not Bearer token) Username is optional when changing your own password (inferred from :uid param)
type CreateAPIKeyRequest ¶
type CreateAPIKeyRequest struct {
Name string `json:"name" binding:"required"`
ExpiresAt *time.Time `json:"expires_at"`
}
CreateAPIKeyRequest represents the request to create an API key
type CreateAPIKeyResponse ¶
type CreateAPIKeyResponse struct {
ID uuid.UUID `json:"id"`
Name string `json:"name"`
Key string `json:"key"` // Only returned once!
KeyPrefix string `json:"key_prefix"`
ExpiresAt *time.Time `json:"expires_at"`
CreatedAt time.Time `json:"created_at"`
}
CreateAPIKeyResponse represents the response when creating an API key
type CreateDatabaseRequest ¶
type CreateDatabaseRequest struct {
Name string `json:"name" binding:"required"`
Description string `json:"description"`
Host string `json:"host" binding:"required"`
Port int `json:"port"`
DatabaseName string `json:"database_name" binding:"required"`
Username string `json:"username" binding:"required"`
Password string `json:"password" binding:"required"`
SSLMode string `json:"ssl_mode"`
}
CreateDatabaseRequest represents the request to create a database
type CreateGrantRequest ¶
type CreateGrantRequest struct {
UserID uuid.UUID `json:"user_id" binding:"required"`
DatabaseID uuid.UUID `json:"database_id" binding:"required"`
Controls []string `json:"controls"` // Array of controls: read_only, block_copy, block_ddl
StartsAt time.Time `json:"starts_at" binding:"required"`
ExpiresAt time.Time `json:"expires_at" binding:"required"`
MaxQueryCounts *int64 `json:"max_query_counts"`
MaxBytesTransferred *int64 `json:"max_bytes_transferred"`
}
CreateGrantRequest represents the request to create a grant
type CreateUserRequest ¶
type CreateUserRequest struct {
Username string `json:"username" binding:"required"`
Password string `json:"password" binding:"required"`
Roles []string `json:"roles"`
}
CreateUserRequest represents the request to create a user
type DatabaseLimitedResponse ¶
type DatabaseLimitedResponse struct {
UID uuid.UUID `json:"uid"`
Name string `json:"name"`
Description string `json:"description"`
}
DatabaseLimitedResponse represents a database with limited info (non-admin)
type DatabaseResponse ¶
type DatabaseResponse struct {
UID uuid.UUID `json:"uid"`
Name string `json:"name"`
Description string `json:"description"`
Host string `json:"host,omitempty"`
Port int `json:"port,omitempty"`
DatabaseName string `json:"database_name,omitempty"`
Username string `json:"username,omitempty"`
SSLMode string `json:"ssl_mode,omitempty"`
CreatedBy *uuid.UUID `json:"created_by,omitempty"`
}
DatabaseResponse represents a database with full details (admin only)
type LoginRequest ¶
type LoginRequest struct {
Username string `json:"username" binding:"required"`
Password string `json:"password" binding:"required"`
}
LoginRequest represents the request body for login
type LoginResponse ¶
type LoginResponse struct {
Token string `json:"token"`
ExpiresAt string `json:"expires_at"`
User UserResponse `json:"user"`
}
LoginResponse represents the response for a successful login
type MeResponse ¶
type MeResponse struct {
UID string `json:"uid"`
Username string `json:"username"`
Roles []string `json:"roles"`
PasswordChangeRequired bool `json:"password_change_required"`
Session SessionResponse `json:"session"`
}
MeResponse represents the response for /auth/me
type PreLoginPasswordChangeRequest ¶
type PreLoginPasswordChangeRequest struct {
Username string `json:"username" binding:"required"`
CurrentPassword string `json:"current_password" binding:"required"`
NewPassword string `json:"new_password" binding:"required"`
}
PreLoginPasswordChangeRequest represents the request body for pre-login password change
type RateLimiter ¶
type RateLimiter struct {
// contains filtered or unexported fields
}
RateLimiter implements a sliding window rate limiter
func NewRateLimiter ¶
func NewRateLimiter(cfg config.RateLimitConfig) *RateLimiter
NewRateLimiter creates a new rate limiter with the given configuration
func (*RateLimiter) Middleware ¶
func (rl *RateLimiter) Middleware() gin.HandlerFunc
Middleware returns a Gin middleware for rate limiting
func (*RateLimiter) PostAuthMiddleware ¶
func (rl *RateLimiter) PostAuthMiddleware() gin.HandlerFunc
PostAuthMiddleware is a rate limiter middleware that runs after authentication It uses the authenticated user ID for rate limiting
func (*RateLimiter) PreAuthMiddleware ¶
func (rl *RateLimiter) PreAuthMiddleware() gin.HandlerFunc
PreAuthMiddleware is a rate limiter middleware that runs before authentication It rate limits by IP for unauthenticated requests
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server represents the REST API server.
func NewServer ¶
func NewServer(dataStore *store.Store, encryptionKey []byte, logger *slog.Logger, cfg *config.Config) *Server
NewServer creates a new API server.
type SessionResponse ¶
type SessionResponse struct {
ExpiresAt string `json:"expires_at"`
CreatedAt string `json:"created_at"`
}
SessionResponse represents session info in me response
type UpdateDatabaseRequest ¶
type UpdateDatabaseRequest struct {
Description *string `json:"description"`
Host *string `json:"host"`
Port *int `json:"port"`
DatabaseName *string `json:"database_name"`
Username *string `json:"username"`
Password *string `json:"password"`
SSLMode *string `json:"ssl_mode"`
}
UpdateDatabaseRequest represents the request to update a database
type UpdateUserRequest ¶
UpdateUserRequest represents the request to update a user
Source Files