storage

package
v0.20.0-pr1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2026 License: MIT Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultEntityConfigurationLifetime = 24 * time.Hour

DefaultEntityConfigurationLifetime is the default lifetime for entity configurations (24 hours)

View Source 
const DefaultSubordinateStatementLifetime = 600000 * time.Second

DefaultSubordinateStatementLifetime is the default lifetime for subordinate statements (600000 seconds)

Variables

View Source 
var DefaultSigningAlg = jwa.ES512()
View Source 
var SupportedDrivers = []DriverType{
	DriverSQLite,
	DriverMySQL,
	DriverPostgres,
}

Functions

func Connect 

func Connect(cfg Config) (*gorm.DB, error)

Connect establishes a connection to the database based on the configuration

func DSN 

func DSN(driver DriverType, conf DSNConf) (string, error)

DSN creates and returns a dsn connection string for the passed DriverType and DSNConf

func GetAuthorityHints 

func GetAuthorityHints(store model.AuthorityHintsStore) ([]string, error)

GetAuthorityHints returns the list of authority hints

func GetConstraints 

func GetConstraints(kvStorage model.KeyValueStore) (*oidfed.ConstraintSpecification, error)

GetConstraints returns the global subordinate statement constraints

func GetEntityConfigurationAdditionalClaims 

func GetEntityConfigurationAdditionalClaims(store model.AdditionalClaimsStore) (map[string]any, []string, error)

GetEntityConfigurationAdditionalClaims returns the entity configuration additional claims

func GetEntityConfigurationLifetime 

func GetEntityConfigurationLifetime(kvStorage model.KeyValueStore) (time.Duration, error)

GetEntityConfigurationLifetime returns the entity configuration lifetime

func GetKeyRotation 

func GetKeyRotation(kvStorage model.KeyValueStore) (c kms.KeyRotationConfig, err error)

GetKeyRotation returns the kms.KeyRotationConfig

func GetMetadata 

func GetMetadata(kvStorage model.KeyValueStore) (*oidfed.Metadata, error)

GetMetadata returns the entity configurtion metadata

func GetMetadataPolicyCrit 

func GetMetadataPolicyCrit(kvStorage model.KeyValueStore) ([]oidfed.PolicyOperatorName, error)

GetMetadataPolicyCrit returns the metadata policy crit operators

func GetRSAKeyLen 

func GetRSAKeyLen(kvStorage model.KeyValueStore) (int, error)

GetRSAKeyLen returns the RSA key length

func GetSigningAlg 

func GetSigningAlg(kvStorage model.KeyValueStore) (jwa.SignatureAlgorithm, error)

GetSigningAlg returns the signing algorithm

func GetSubordinateStatementLifetime 

func GetSubordinateStatementLifetime(kvStorage model.KeyValueStore) (time.Duration, error)

GetSubordinateStatementLifetime returns the subordinate statement lifetime

func LoadStorageBackends 

func LoadStorageBackends(cfg Config) (model.Backends, error)

LoadStorageBackends initializes a warehouse and returns grouped backends.

func MigrateStats 

func MigrateStats(db *gorm.DB) error

MigrateStats migrates the stats-related tables. This is called separately when stats collection is enabled.

func MigrateStatsFromBackends 

func MigrateStatsFromBackends(backends model.Backends) error

MigrateStatsFromBackends migrates stats tables using a StatsStorage backend. This is a convenience function for when you only have access to Backends.

func SetConstraints 

func SetConstraints(kvStorage model.KeyValueStore, cs *oidfed.ConstraintSpecification) error

SetConstraints sets the global subordinate statement constraints

func SetEntityConfigurationLifetime 

func SetEntityConfigurationLifetime(kvStorage model.KeyValueStore, d time.Duration) error

SetEntityConfigurationLifetime sets the entity configuration lifetime in seconds

func SetKeyRotation 

func SetKeyRotation(kvStorage model.KeyValueStore, keyRotation kms.KeyRotationConfig) error

SetKeyRotation sets the kms.KeyRotationConfig

func SetMetadata 

func SetMetadata(kvStorage model.KeyValueStore, m *oidfed.Metadata) error

SetMetadata sets the entity configuration metadata

func SetMetadataPolicyCrit 

func SetMetadataPolicyCrit(kvStorage model.KeyValueStore, ops []oidfed.PolicyOperatorName) error

SetMetadataPolicyCrit sets the metadata policy crit operators

func SetRSAKeyLen 

func SetRSAKeyLen(kvStorage model.KeyValueStore, rsaKeyLen int) error

SetRSAKeyLen sets the RSA key length

func SetSigningAlg 

func SetSigningAlg(kvStorage model.KeyValueStore, alg SigningAlgWithNbf) error

SetSigningAlg sets the signing algorithm

Types

type AdditionalClaimsStorage 

type AdditionalClaimsStorage struct {
	// contains filtered or unexported fields
}

AdditionalClaimsStorage is the GORM implementation for model.AdditionalClaimsStore.

func (*AdditionalClaimsStorage) Create 

func (s *AdditionalClaimsStorage) Create(item model.AddAdditionalClaim) (
	*model.EntityConfigurationAdditionalClaim, error,
)

func (*AdditionalClaimsStorage) Delete 

func (s *AdditionalClaimsStorage) Delete(ident string) error

func (*AdditionalClaimsStorage) Get 

func (s *AdditionalClaimsStorage) Get(ident string) (*model.EntityConfigurationAdditionalClaim, error)

func (*AdditionalClaimsStorage) List 

func (s *AdditionalClaimsStorage) List() ([]model.EntityConfigurationAdditionalClaim, error)

func (*AdditionalClaimsStorage) Set 

func (s *AdditionalClaimsStorage) Set(items []model.AddAdditionalClaim) (
	[]model.EntityConfigurationAdditionalClaim, error,
)

func (*AdditionalClaimsStorage) Update 

func (s *AdditionalClaimsStorage) Update(
	ident string, item model.AddAdditionalClaim,
) (*model.EntityConfigurationAdditionalClaim, error)

type Argon2idParams 

type Argon2idParams struct {
	// Time is the Argon2id time parameter.
	// Env: LH_API_ADMIN_PASSWORD_HASHING_TIME
	Time uint32 `envconfig:"TIME"`
	// MemoryKiB is the Argon2id memory in KiB.
	// Env: LH_API_ADMIN_PASSWORD_HASHING_MEMORY_KIB
	MemoryKiB uint32 `envconfig:"MEMORY_KIB"`
	// Parallelism is the Argon2id parallelism.
	// Env: LH_API_ADMIN_PASSWORD_HASHING_PARALLELISM
	Parallelism uint8 `envconfig:"PARALLELISM"`
	// KeyLen is the Argon2id key length.
	// Env: LH_API_ADMIN_PASSWORD_HASHING_KEY_LEN
	KeyLen uint32 `envconfig:"KEY_LEN"`
	// SaltLen is the Argon2id salt length.
	// Env: LH_API_ADMIN_PASSWORD_HASHING_SALT_LEN
	SaltLen uint32 `envconfig:"SALT_LEN"`
}

Argon2idParams configures Argon2id hashing parameters.

Environment variables (with prefix LH_API_ADMIN_PASSWORD_HASHING_):

  • LH_API_ADMIN_PASSWORD_HASHING_TIME: Argon2id time parameter
  • LH_API_ADMIN_PASSWORD_HASHING_MEMORY_KIB: Argon2id memory in KiB
  • LH_API_ADMIN_PASSWORD_HASHING_PARALLELISM: Argon2id parallelism
  • LH_API_ADMIN_PASSWORD_HASHING_KEY_LEN: Argon2id key length
  • LH_API_ADMIN_PASSWORD_HASHING_SALT_LEN: Argon2id salt length

type AuthorityHintsStorage 

type AuthorityHintsStorage struct {
	// contains filtered or unexported fields
}

AuthorityHintsStorage provides CRUD access to AuthorityHint records implementing model.AuthorityHintStore.

func (*AuthorityHintsStorage) Create 

func (s *AuthorityHintsStorage) Create(hint model.AddAuthorityHint) (*model.AuthorityHint, error)

func (*AuthorityHintsStorage) Delete 

func (s *AuthorityHintsStorage) Delete(ident string) error

func (*AuthorityHintsStorage) Get 

func (s *AuthorityHintsStorage) Get(ident string) (*model.AuthorityHint, error)

func (*AuthorityHintsStorage) List 

func (s *AuthorityHintsStorage) List() ([]model.AuthorityHint, error)

func (*AuthorityHintsStorage) Update 

func (s *AuthorityHintsStorage) Update(ident string, update model.AddAuthorityHint) (*model.AuthorityHint, error)

type Config 

type Config struct {
	// Driver is the database driver type
	Driver DriverType `yaml:"driver"`
	// DSN is the data source name (connection string)
	// For SQLite, this is the database file path
	// For MySQL, this is the connection string: user:pass@tcp(127.0.0.1:3306)/dbname?charset=utf8mb4&parseTime=True&loc=Local
	// For PostgreSQL, this is the connection string: host=localhost user=gorm password=gorm dbname=gorm port=9920 sslmode=disable TimeZone=Asia/Shanghai
	DSN string `yaml:"dsn"`
	// DataDir is the directory where database files are stored (for SQLite)
	DataDir string `yaml:"data_dir"`
	// Debug enables debug logging
	Debug bool `yaml:"debug"`
	// UsersHash defines parameters for hashing admin user passwords
	UsersHash Argon2idParams
}

Config represents the database configuration

type DBPublicKeyStorage 

type DBPublicKeyStorage struct {
	// contains filtered or unexported fields
}

DBPublicKeyStorage implements public.PublicKeyStorage backed by the database.

func NewDBPublicKeyStorage 

func NewDBPublicKeyStorage(db *gorm.DB, typeID string) *DBPublicKeyStorage

NewDBPublicKeyStorage creates a DB-backed PublicKeyStorage.

func NewDBPublicKeyStorageFromStorage 

func NewDBPublicKeyStorageFromStorage(
	db *gorm.DB, typeID string,
	src public.PublicKeyStorage,
) (
	*DBPublicKeyStorage, error,
)

NewDBPublicKeyStorageFromStorage creates a new DBPublicKeyStorage and populates it from the passed PublicKeyStorage implementation.

func (*DBPublicKeyStorage) Add 

func (D *DBPublicKeyStorage) Add(entry public.PublicKeyEntry) error

Add inserts a new key if the KID is unused.

func (*DBPublicKeyStorage) AddAll 

func (D *DBPublicKeyStorage) AddAll(list []public.PublicKeyEntry) error

AddAll adds multiple keys.

func (*DBPublicKeyStorage) Delete 

func (D *DBPublicKeyStorage) Delete(kid string) error

Delete removes a key by kid (from both current and historical stores).

func (*DBPublicKeyStorage) Get 

func (D *DBPublicKeyStorage) Get(kid string) (*public.PublicKeyEntry, error)

Get returns a single entry by kid from current or historical store.

func (*DBPublicKeyStorage) GetActive 

func (D *DBPublicKeyStorage) GetActive() (out public.PublicKeyEntryList, err error)

GetActive returns keys that are currently usable.

func (*DBPublicKeyStorage) GetAll 

func (D *DBPublicKeyStorage) GetAll() (out public.PublicKeyEntryList, err error)

GetAll returns all keys, including revoked and expired ones.

func (*DBPublicKeyStorage) GetExpired 

func (D *DBPublicKeyStorage) GetExpired() (out public.PublicKeyEntryList, err error)

GetExpired returns keys whose exp is in the past.

func (*DBPublicKeyStorage) GetHistorical 

func (D *DBPublicKeyStorage) GetHistorical() (out public.PublicKeyEntryList, err error)

GetHistorical returns revoked and expired keys.

func (*DBPublicKeyStorage) GetRevoked 

func (D *DBPublicKeyStorage) GetRevoked() (out public.PublicKeyEntryList, err error)

GetRevoked returns all revoked keys.

func (*DBPublicKeyStorage) GetValid 

func (D *DBPublicKeyStorage) GetValid() (out public.PublicKeyEntryList, err error)

GetValid returns keys that are valid now or in the future.

func (*DBPublicKeyStorage) Load 

func (D *DBPublicKeyStorage) Load() error

Load is a no-op for DB storage.

func (*DBPublicKeyStorage) Revoke 

func (D *DBPublicKeyStorage) Revoke(kid, reason string) error

Revoke marks a key as revoked and moves it to historical storage.

func (*DBPublicKeyStorage) Update 

func (D *DBPublicKeyStorage) Update(kid string, data public.UpdateablePublicKeyMetadata) error

Update updates editable metadata for a key.

type DSNConf 

type DSNConf struct {
	// User is the database username.
	// Env: LH_STORAGE_USER
	User string `yaml:"user" envconfig:"USER"`
	// Password is the database password.
	// Env: LH_STORAGE_PASSWORD
	Password string `yaml:"password" envconfig:"PASSWORD"`
	// Host is the database host.
	// Env: LH_STORAGE_HOST
	Host string `yaml:"host" envconfig:"HOST"`
	// Port is the database port.
	// Env: LH_STORAGE_PORT
	Port int `yaml:"port" envconfig:"PORT"`
	// DB is the database name.
	// Env: LH_STORAGE_DB
	DB string `yaml:"db" envconfig:"DB"`
}

DSNConf provides configuration options for database connection strings. It contains common connection parameters used across different database drivers including MySQL and PostgreSQL. When used with the DSN function, this struct helps generate proper connection strings based on the selected driver type.

Environment variables (with prefix LH_STORAGE_):

  • LH_STORAGE_USER: Database username
  • LH_STORAGE_PASSWORD: Database password
  • LH_STORAGE_HOST: Database host
  • LH_STORAGE_PORT: Database port
  • LH_STORAGE_DB: Database name

type DriverType 

type DriverType string

DriverType represents the type of database driver 

const (
	// DriverSQLite is the SQLite driver
	DriverSQLite DriverType = "sqlite"
	// DriverMySQL is the MySQL driver
	DriverMySQL DriverType = "mysql"
	// DriverPostgres is the PostgreSQL driver
	DriverPostgres DriverType = "postgres"
)

func ParseDriverType 

func ParseDriverType(s string) (DriverType, error)

ParseDriverType parses a string to a DriverType. Returns an error if the string doesn't match a supported driver.

type IssuedTrustMarkInstanceStorage 

type IssuedTrustMarkInstanceStorage struct {
	// contains filtered or unexported fields
}

IssuedTrustMarkInstanceStorage provides GORM-based storage for issued trust mark instances.

func NewIssuedTrustMarkInstanceStorage 

func NewIssuedTrustMarkInstanceStorage(db *gorm.DB) *IssuedTrustMarkInstanceStorage

NewIssuedTrustMarkInstanceStorage creates a new IssuedTrustMarkInstanceStorage.

func (*IssuedTrustMarkInstanceStorage) Create 

func (s *IssuedTrustMarkInstanceStorage) Create(instance *model.IssuedTrustMarkInstance) error

Create records a new issued trust mark instance.

func (*IssuedTrustMarkInstanceStorage) DeleteExpired 

func (s *IssuedTrustMarkInstanceStorage) DeleteExpired(retentionDays int) (int64, error)

DeleteExpired removes expired instances older than the given retention period. Returns the number of deleted records.

func (*IssuedTrustMarkInstanceStorage) FindSubjectID 

func (s *IssuedTrustMarkInstanceStorage) FindSubjectID(trustMarkType, entityID string) (uint, error)

FindSubjectID looks up the TrustMarkSubjectID for a given trust mark type and entity. This is used to link issued instances to their subject records.

func (*IssuedTrustMarkInstanceStorage) GetByJTI 

func (s *IssuedTrustMarkInstanceStorage) GetByJTI(jti string) (*model.IssuedTrustMarkInstance, error)

GetByJTI retrieves an instance by its JTI (JWT ID).

func (*IssuedTrustMarkInstanceStorage) GetStatus 

func (s *IssuedTrustMarkInstanceStorage) GetStatus(jti string) (model.TrustMarkInstanceStatus, error)

GetStatus returns the status of a trust mark instance. Status is determined by: revoked flag, expiration time, and existence.

func (*IssuedTrustMarkInstanceStorage) HasActiveInstance 

func (s *IssuedTrustMarkInstanceStorage) HasActiveInstance(trustMarkType, entityID string) (bool, error)

HasActiveInstance checks if an entity has a valid (non-revoked, non-expired) trust mark instance for the given trust mark type.

func (*IssuedTrustMarkInstanceStorage) ListActiveSubjects 

func (s *IssuedTrustMarkInstanceStorage) ListActiveSubjects(trustMarkType string) ([]string, error)

ListActiveSubjects returns distinct entity IDs that have valid (non-revoked, non-expired) trust marks for the given trust mark type. Used by the trust marked entities listing endpoint.

func (*IssuedTrustMarkInstanceStorage) ListBySubject 

func (s *IssuedTrustMarkInstanceStorage) ListBySubject(trustMarkType, entityID string) ([]model.IssuedTrustMarkInstance, error)

ListBySubject returns all instances for a given trust mark type and subject.

func (*IssuedTrustMarkInstanceStorage) Revoke 

func (s *IssuedTrustMarkInstanceStorage) Revoke(jti string) error

Revoke marks a trust mark instance as revoked.

func (*IssuedTrustMarkInstanceStorage) RevokeBySubjectID 

func (s *IssuedTrustMarkInstanceStorage) RevokeBySubjectID(subjectID uint) (int64, error)

RevokeBySubjectID revokes all instances for a given TrustMarkSubjectID. Returns the number of revoked instances.

type KeyValueStorage 

type KeyValueStorage struct {
	// contains filtered or unexported fields
}

KeyValueStorage implements model.KeyValueStore using GORM.

func (*KeyValueStorage) Delete 

func (s *KeyValueStorage) Delete(scope, key string) error

Delete removes a (scope, key) pair. No error if it's missing.

func (*KeyValueStorage) Get 

func (s *KeyValueStorage) Get(scope, key string) (datatypes.JSON, error)

Get returns the JSON value for a (scope, key). If not found, returns nil, nil.

func (*KeyValueStorage) GetAs 

func (s *KeyValueStorage) GetAs(scope, key string, out any) (bool, error)

GetAs retrieves and unmarshals the value for (scope, key) into out. out must be a pointer to the target type. Returns (false, nil) if not found.

func (*KeyValueStorage) Set 

func (s *KeyValueStorage) Set(scope, key string, value datatypes.JSON) error

Set upserts the JSON value for a (scope, key).

func (*KeyValueStorage) SetAny 

func (s *KeyValueStorage) SetAny(scope, key string, v any) error

SetAny marshals v to JSON and stores it at (scope, key).

type PublishedTrustMarksStorage 

type PublishedTrustMarksStorage struct {
	// contains filtered or unexported fields
}

PublishedTrustMarksStorage provides CRUD access to PublishedTrustMark records implementing model.PublishedTrustMarksStore.

func (*PublishedTrustMarksStorage) Create 

func (s *PublishedTrustMarksStorage) Create(add model.AddTrustMark) (*model.PublishedTrustMark, error)

Create creates a new trust mark entry after validating the input.

func (*PublishedTrustMarksStorage) Delete 

func (s *PublishedTrustMarksStorage) Delete(ident string) error

Delete removes a trust mark entry.

func (*PublishedTrustMarksStorage) Get 

func (s *PublishedTrustMarksStorage) Get(ident string) (*model.PublishedTrustMark, error)

Get retrieves a trust mark by ID or trust_mark_type.

func (*PublishedTrustMarksStorage) List 

func (s *PublishedTrustMarksStorage) List() ([]model.PublishedTrustMark, error)

List returns all published trust marks.

func (*PublishedTrustMarksStorage) Patch 

func (s *PublishedTrustMarksStorage) Patch(ident string, patch model.UpdateTrustMark) (*model.PublishedTrustMark, error)

Patch partially updates a trust mark entry (only non-nil fields).

func (*PublishedTrustMarksStorage) Update 

func (s *PublishedTrustMarksStorage) Update(ident string, update model.AddTrustMark) (*model.PublishedTrustMark, error)

Update replaces a trust mark entry entirely.

type SigningAlgWithNbf 

type SigningAlgWithNbf struct {
	SigningAlg string
	Nbf        *unixtime.Unixtime
}

SigningAlgWithNbf is a signing algorithm with a not-before time used for database storage

type StatsStorage 

type StatsStorage struct {
	// contains filtered or unexported fields
}

StatsStorage implements the StatsStorageBackend interface using GORM.

func NewStatsStorage 

func NewStatsStorage(db *gorm.DB) *StatsStorage

NewStatsStorage creates a new stats storage instance.

func (*StatsStorage) AggregateDailyStats 

func (s *StatsStorage) AggregateDailyStats(date time.Time) error

AggregateDailyStats aggregates detailed logs into daily statistics.

func (*StatsStorage) ExportCSV 

func (s *StatsStorage) ExportCSV(from, to time.Time, w io.Writer) error

ExportCSV exports request logs to CSV format.

func (*StatsStorage) ExportJSON 

func (s *StatsStorage) ExportJSON(from, to time.Time, w io.Writer) error

ExportJSON exports request logs to JSON format (newline-delimited JSON).

func (*StatsStorage) GetDailyStats 

func (s *StatsStorage) GetDailyStats(from, to time.Time) ([]stats.DailyStats, error)

GetDailyStats returns aggregated daily statistics for the given time range.

func (*StatsStorage) GetLatencyPercentiles 

func (s *StatsStorage) GetLatencyPercentiles(from, to time.Time, endpoint string) (*stats.LatencyStats, error)

GetLatencyPercentiles calculates latency percentiles for the given time range.

func (*StatsStorage) GetSummary 

func (s *StatsStorage) GetSummary(from, to time.Time) (*stats.Summary, error)

GetSummary returns overall statistics for the given time range.

func (*StatsStorage) GetTimeSeries 

func (s *StatsStorage) GetTimeSeries(from, to time.Time, endpoint string, interval stats.Interval) ([]stats.TimeSeriesPoint, error)

GetTimeSeries returns time series data for the given time range.

func (*StatsStorage) GetTopClients 

func (s *StatsStorage) GetTopClients(from, to time.Time, limit int) ([]stats.TopEntry, error)

GetTopClients returns the top client IPs by request count.

func (*StatsStorage) GetTopCountries 

func (s *StatsStorage) GetTopCountries(from, to time.Time, limit int) ([]stats.TopEntry, error)

GetTopCountries returns the top countries by request count.

func (*StatsStorage) GetTopEndpoints 

func (s *StatsStorage) GetTopEndpoints(from, to time.Time, limit int) ([]stats.TopEntry, error)

GetTopEndpoints returns the top endpoints by request count.

func (*StatsStorage) GetTopQueryParams 

func (s *StatsStorage) GetTopQueryParams(from, to time.Time, endpoint string, limit int) ([]stats.TopEntry, error)

GetTopQueryParams returns the top query parameter values for an endpoint.

func (*StatsStorage) GetTopUserAgents 

func (s *StatsStorage) GetTopUserAgents(from, to time.Time, limit int) ([]stats.TopEntry, error)

GetTopUserAgents returns the top user agents by request count.

func (*StatsStorage) InsertBatch 

func (s *StatsStorage) InsertBatch(entries []*stats.RequestLog) error

InsertBatch inserts multiple request logs in a single batch operation.

func (*StatsStorage) PurgeAggregatedStats 

func (s *StatsStorage) PurgeAggregatedStats(before time.Time) (int64, error)

PurgeAggregatedStats deletes daily stats older than the given time.

func (*StatsStorage) PurgeDetailedLogs 

func (s *StatsStorage) PurgeDetailedLogs(before time.Time) (int64, error)

PurgeDetailedLogs deletes request logs older than the given time.

type Storage 

type Storage struct {
	// contains filtered or unexported fields
}

Storage is a GORM-based storage implementation

func NewStorage 

func NewStorage(config Config) (*Storage, error)

NewStorage creates a new GORM-based storage

func (*Storage) AdditionalClaimsStorage 

func (s *Storage) AdditionalClaimsStorage() *AdditionalClaimsStorage

func (*Storage) AuthorityHintsStorage 

func (s *Storage) AuthorityHintsStorage() *AuthorityHintsStorage

AuthorityHintsStorage returns a AuthorityHintsStorage

func (*Storage) Backends 

func (s *Storage) Backends() model.Backends

Backends returns all storage backends with transaction support.

func (*Storage) DBPublicKeyStorage 

func (s *Storage) DBPublicKeyStorage(typeID string) *DBPublicKeyStorage

DBPublicKeyStorage returns a DBPublicKeyStorage

func (*Storage) KeyValue 

func (s *Storage) KeyValue() *KeyValueStorage

KeyValue provides an accessor for scoped key-value storage.

func (*Storage) SubordinateEventsStorage 

func (s *Storage) SubordinateEventsStorage() *SubordinateEventsStorage

SubordinateEventsStorage returns a SubordinateEventsStorage

func (*Storage) SubordinateStorage 

func (s *Storage) SubordinateStorage() *SubordinateStorage

SubordinateStorage returns a SubordinateStorageBackend

func (*Storage) TrustMarkIssuersStorage 

func (s *Storage) TrustMarkIssuersStorage() *TrustMarkIssuersStorage

TrustMarkIssuersStorage returns a TrustMarkIssuersStorage

func (*Storage) TrustMarkOwnersStorage 

func (s *Storage) TrustMarkOwnersStorage() *TrustMarkOwnersStorage

TrustMarkOwnersStorage returns a TrustMarkOwnersStorage

func (*Storage) TrustMarkSpecStorage 

func (s *Storage) TrustMarkSpecStorage() *TrustMarkSpecStorage

TrustMarkSpecStorage returns a TrustMarkSpecStorage

func (*Storage) TrustMarkTypesStorage 

func (s *Storage) TrustMarkTypesStorage() *TrustMarkTypesStorage

TrustMarkTypesStorage returns a TrustMarkTypesStorage

func (*Storage) TrustMarkedEntitiesStorage 

func (s *Storage) TrustMarkedEntitiesStorage() *TrustMarkedEntitiesStorage

TrustMarkedEntitiesStorage returns a TrustMarkedEntitiesStorage

func (*Storage) UsersStorage 

func (s *Storage) UsersStorage() *UsersStorage

UsersStorage returns a UsersStorage

type SubordinateEventsStorage 

type SubordinateEventsStorage struct {
	// contains filtered or unexported fields
}

SubordinateEventsStorage implements the SubordinateEventStore interface using GORM.

func NewSubordinateEventsStorage 

func NewSubordinateEventsStorage(db *gorm.DB) *SubordinateEventsStorage

NewSubordinateEventsStorage creates a new SubordinateEventsStorage.

func (*SubordinateEventsStorage) Add 

func (s *SubordinateEventsStorage) Add(event model.SubordinateEvent) error

Add creates a new event record.

func (*SubordinateEventsStorage) DeleteBySubordinateID 

func (s *SubordinateEventsStorage) DeleteBySubordinateID(subordinateID uint) error

DeleteBySubordinateID removes all events for a subordinate.

func (*SubordinateEventsStorage) GetBySubordinateID 

func (s *SubordinateEventsStorage) GetBySubordinateID(
	subordinateID uint, opts model.EventQueryOpts,
) ([]model.SubordinateEvent, int64, error)

GetBySubordinateID returns events for a subordinate with optional filtering and pagination. Returns the events, total count (for pagination), and any error.

type SubordinateStorage 

type SubordinateStorage struct {
	// contains filtered or unexported fields
}

SubordinateStorage implements the SubordinateStorageBackend interface

func (*SubordinateStorage) Add 

func (s *SubordinateStorage) Add(info model.ExtendedSubordinateInfo) error

Add stores a model.ExtendedSubordinateInfo

func (*SubordinateStorage) CreateAdditionalClaim 

func (s *SubordinateStorage) CreateAdditionalClaim(
	subordinateDBID string, claim model.AddAdditionalClaim,
) (*model.SubordinateAdditionalClaim, error)

CreateAdditionalClaim creates a single additional claim for a subordinate.

func (*SubordinateStorage) Delete 

func (s *SubordinateStorage) Delete(entityID string) error

Delete removes a subordinate

func (*SubordinateStorage) DeleteAdditionalClaim 

func (s *SubordinateStorage) DeleteAdditionalClaim(subordinateDBID string, claimID string) error

DeleteAdditionalClaim deletes an additional claim for a subordinate.

func (*SubordinateStorage) DeleteByDBID 

func (s *SubordinateStorage) DeleteByDBID(id string) error

DeleteByDBID removes a subordinate by primary key ID

func (*SubordinateStorage) Get 

func (s *SubordinateStorage) Get(entityID string) (*model.ExtendedSubordinateInfo, error)

Get retrieves a subordinate by entity ID

func (*SubordinateStorage) GetAdditionalClaim 

func (s *SubordinateStorage) GetAdditionalClaim(
	subordinateDBID string, claimID string,
) (*model.SubordinateAdditionalClaim, error)

GetAdditionalClaim retrieves a single additional claim by ID for a subordinate.

func (*SubordinateStorage) GetAll 

func (s *SubordinateStorage) GetAll() ([]model.BasicSubordinateInfo, error)

GetAll returns all subordinates

func (*SubordinateStorage) GetByAnyEntityType 

func (s *SubordinateStorage) GetByAnyEntityType(entityTypes []string) ([]model.BasicSubordinateInfo, error)

func (*SubordinateStorage) GetByDBID 

func (s *SubordinateStorage) GetByDBID(id string) (*model.ExtendedSubordinateInfo, error)

GetByDBID retrieves a subordinate by DB primary key

func (*SubordinateStorage) GetByEntityTypes 

func (s *SubordinateStorage) GetByEntityTypes(entityTypes []string) ([]model.BasicSubordinateInfo, error)

func (*SubordinateStorage) GetByStatus 

func (s *SubordinateStorage) GetByStatus(status model.Status) ([]model.BasicSubordinateInfo, error)

GetByStatus returns all subordinates with a specific status

func (*SubordinateStorage) GetByStatusAndAnyEntityType 

func (s *SubordinateStorage) GetByStatusAndAnyEntityType(
	status model.Status, entityTypes []string,
) ([]model.BasicSubordinateInfo, error)

GetByStatusOrEntityTypes returns subordinates matching status and any of the entity types

func (*SubordinateStorage) GetByStatusAndEntityTypes 

func (s *SubordinateStorage) GetByStatusAndEntityTypes(
	status model.Status, entityTypes []string,
) ([]model.BasicSubordinateInfo, error)

GetByStatusAndEntityTypes returns subordinates matching both the specified status and all entity types

func (*SubordinateStorage) ListAdditionalClaims 

func (s *SubordinateStorage) ListAdditionalClaims(subordinateDBID string) ([]model.SubordinateAdditionalClaim, error)

ListAdditionalClaims returns all additional claims for a subordinate.

func (*SubordinateStorage) Load 

func (*SubordinateStorage) Load() error

Load is a no-op for GORM storage

func (*SubordinateStorage) SetAdditionalClaims 

func (s *SubordinateStorage) SetAdditionalClaims(
	subordinateDBID string, claims []model.AddAdditionalClaim,
) ([]model.SubordinateAdditionalClaim, error)

SetAdditionalClaims replaces all additional claims for a subordinate.

func (*SubordinateStorage) Update 

func (s *SubordinateStorage) Update(entityID string, info model.ExtendedSubordinateInfo) error

Update updates the subordinate info by entityID

func (*SubordinateStorage) UpdateAdditionalClaim 

func (s *SubordinateStorage) UpdateAdditionalClaim(
	subordinateDBID string, claimID string, claim model.AddAdditionalClaim,
) (*model.SubordinateAdditionalClaim, error)

UpdateAdditionalClaim updates an existing additional claim for a subordinate.

func (*SubordinateStorage) UpdateJWKSByDBID 

func (s *SubordinateStorage) UpdateJWKSByDBID(id string, jwks model.JWKS) (*model.JWKS, error)

UpdateJWKSByDBID updates the JWKS for a subordinate by DB primary key. If the subordinate has no JWKS yet, one is created and linked. Returns the updated JWKS with correct ID.

func (*SubordinateStorage) UpdateStatus 

func (s *SubordinateStorage) UpdateStatus(entityID string, status model.Status) error

UpdateStatus updates the status of a subordinate by entityID

func (*SubordinateStorage) UpdateStatusByDBID 

func (s *SubordinateStorage) UpdateStatusByDBID(id string, status model.Status) error

UpdateStatusByDBID updates status by DB primary key

type TrustMarkConfigProvider 

type TrustMarkConfigProvider struct {
	// contains filtered or unexported fields
}

TrustMarkConfigProvider manages EntityConfigurationTrustMarkConfig instances for the entity configuration. It loads from the PublishedTrustMarksStore, converts to library types, and caches the configs for reuse. The configs maintain refresh state (backoff, last tried time) so they need to persist between entity configuration requests.

func NewTrustMarkConfigProvider 

func NewTrustMarkConfigProvider(
	store model.PublishedTrustMarksStore,
	entityID string,
	trustMarkEndpoint string,
	trustMarkSigner func() *jwx.TrustMarkSigner,
) *TrustMarkConfigProvider

NewTrustMarkConfigProvider creates a new TrustMarkConfigProvider. Parameters:

  • store: The storage backend for published trust marks
  • entityID: The entity ID of this lighthouse instance
  • trustMarkEndpoint: The trust mark endpoint URL (used for self-referential refresh)
  • trustMarkSigner: A function that returns the current TrustMarkSigner (to support key rotation)

func (*TrustMarkConfigProvider) GetConfigs 

func (p *TrustMarkConfigProvider) GetConfigs() ([]*oidfed.EntityConfigurationTrustMarkConfig, error)

GetConfigs returns the trust mark configurations for inclusion in the entity configuration. Configs are cached and reused to maintain refresh state. Returns nil (not an error) if the store is nil or no trust marks are configured.

func (*TrustMarkConfigProvider) Invalidate 

func (p *TrustMarkConfigProvider) Invalidate()

Invalidate clears the cached configs, forcing a reload on the next GetConfigs call. This should be called when trust marks are added, updated, or deleted via the admin API.

func (*TrustMarkConfigProvider) SetTrustMarkEndpoint 

func (p *TrustMarkConfigProvider) SetTrustMarkEndpoint(endpoint string)

SetTrustMarkEndpoint updates the trust mark endpoint URL. This is called when the trust mark endpoint is configured after provider creation.

type TrustMarkIssuersStorage 

type TrustMarkIssuersStorage struct {
	// contains filtered or unexported fields
}

TrustMarkIssuersStorage provides CRUD and relation management for global issuers

func (*TrustMarkIssuersStorage) AddType 

func (s *TrustMarkIssuersStorage) AddType(ident string, typeID uint) ([]uint, error)

func (*TrustMarkIssuersStorage) Create 

func (s *TrustMarkIssuersStorage) Create(req model.AddTrustMarkIssuer) (*model.TrustMarkIssuer, error)

func (*TrustMarkIssuersStorage) Delete 

func (s *TrustMarkIssuersStorage) Delete(ident string) error

func (*TrustMarkIssuersStorage) DeleteType 

func (s *TrustMarkIssuersStorage) DeleteType(ident string, typeID uint) ([]uint, error)

func (*TrustMarkIssuersStorage) Get 

func (s *TrustMarkIssuersStorage) Get(ident string) (*model.TrustMarkIssuer, error)

func (*TrustMarkIssuersStorage) List 

func (s *TrustMarkIssuersStorage) List() ([]model.TrustMarkIssuer, error)

func (*TrustMarkIssuersStorage) SetTypes 

func (s *TrustMarkIssuersStorage) SetTypes(ident string, typeIdents []string) ([]uint, error)

func (*TrustMarkIssuersStorage) Types 

func (s *TrustMarkIssuersStorage) Types(ident string) ([]uint, error)

func (*TrustMarkIssuersStorage) Update 

func (s *TrustMarkIssuersStorage) Update(ident string, req model.AddTrustMarkIssuer) (*model.TrustMarkIssuer, error)

type TrustMarkOwnersStorage 

type TrustMarkOwnersStorage struct {
	// contains filtered or unexported fields
}

TrustMarkOwnersStorage provides CRUD and relation management for global owners

func (*TrustMarkOwnersStorage) AddType 

func (s *TrustMarkOwnersStorage) AddType(ident string, typeID uint) ([]uint, error)

func (*TrustMarkOwnersStorage) Create 

func (s *TrustMarkOwnersStorage) Create(req model.AddTrustMarkOwner) (*model.TrustMarkOwner, error)

func (*TrustMarkOwnersStorage) Delete 

func (s *TrustMarkOwnersStorage) Delete(ident string) error

func (*TrustMarkOwnersStorage) DeleteType 

func (s *TrustMarkOwnersStorage) DeleteType(ident string, typeID uint) ([]uint, error)

func (*TrustMarkOwnersStorage) Get 

func (s *TrustMarkOwnersStorage) Get(ident string) (*model.TrustMarkOwner, error)

func (*TrustMarkOwnersStorage) List 

func (s *TrustMarkOwnersStorage) List() ([]model.TrustMarkOwner, error)

func (*TrustMarkOwnersStorage) SetTypes 

func (s *TrustMarkOwnersStorage) SetTypes(ident string, typeIdents []string) ([]uint, error)

func (*TrustMarkOwnersStorage) Types 

func (s *TrustMarkOwnersStorage) Types(ident string) ([]uint, error)

func (*TrustMarkOwnersStorage) Update 

func (s *TrustMarkOwnersStorage) Update(ident string, req model.AddTrustMarkOwner) (*model.TrustMarkOwner, error)

type TrustMarkSpecStorage 

type TrustMarkSpecStorage struct {
	// contains filtered or unexported fields
}

TrustMarkSpecStorage provides CRUD for TrustMarkSpec entities

func (*TrustMarkSpecStorage) ChangeSubjectStatus 

func (s *TrustMarkSpecStorage) ChangeSubjectStatus(specIdent, subjectIdent string, status model.Status) (*model.TrustMarkSubject, error)

ChangeSubjectStatus changes the status of a TrustMarkSubject. If the new status is blocked or inactive, all associated trust mark instances are revoked.

func (*TrustMarkSpecStorage) Create 

func (s *TrustMarkSpecStorage) Create(spec *model.TrustMarkSpec) (*model.TrustMarkSpec, error)

Create creates a new TrustMarkSpec

func (*TrustMarkSpecStorage) CreateSubject 

func (s *TrustMarkSpecStorage) CreateSubject(specIdent string, subject *model.TrustMarkSubject) (*model.TrustMarkSubject, error)

CreateSubject creates a new TrustMarkSubject for a TrustMarkSpec. If a soft-deleted subject with the same entity_id exists, it will be restored.

func (*TrustMarkSpecStorage) Delete 

func (s *TrustMarkSpecStorage) Delete(ident string) error

Delete deletes a TrustMarkSpec

func (*TrustMarkSpecStorage) DeleteSubject 

func (s *TrustMarkSpecStorage) DeleteSubject(specIdent, subjectIdent string) error

DeleteSubject deletes a TrustMarkSubject and revokes all associated trust mark instances.

func (*TrustMarkSpecStorage) Get 

func (s *TrustMarkSpecStorage) Get(ident string) (*model.TrustMarkSpec, error)

Get returns a TrustMarkSpec by ID or trust_mark_type

func (*TrustMarkSpecStorage) GetByType 

func (s *TrustMarkSpecStorage) GetByType(trustMarkType string) (*model.TrustMarkSpec, error)

GetByType returns a TrustMarkSpec by trust_mark_type

func (*TrustMarkSpecStorage) GetSubject 

func (s *TrustMarkSpecStorage) GetSubject(specIdent, subjectIdent string) (*model.TrustMarkSubject, error)

GetSubject returns a TrustMarkSubject by ID or entity_id

func (*TrustMarkSpecStorage) List 

func (s *TrustMarkSpecStorage) List() ([]model.TrustMarkSpec, error)

List returns all TrustMarkSpecs

func (*TrustMarkSpecStorage) ListSubjects 

func (s *TrustMarkSpecStorage) ListSubjects(specIdent string, status *model.Status) ([]model.TrustMarkSubject, error)

ListSubjects returns all TrustMarkSubjects for a TrustMarkSpec

func (*TrustMarkSpecStorage) Patch 

func (s *TrustMarkSpecStorage) Patch(ident string, updates map[string]any) (*model.TrustMarkSpec, error)

Patch partially updates a TrustMarkSpec

func (*TrustMarkSpecStorage) Update 

func (s *TrustMarkSpecStorage) Update(ident string, spec *model.TrustMarkSpec) (*model.TrustMarkSpec, error)

Update updates an existing TrustMarkSpec (full replacement)

func (*TrustMarkSpecStorage) UpdateSubject 

func (s *TrustMarkSpecStorage) UpdateSubject(specIdent, subjectIdent string, subject *model.TrustMarkSubject) (*model.TrustMarkSubject, error)

UpdateSubject updates an existing TrustMarkSubject

type TrustMarkTypesStorage 

type TrustMarkTypesStorage struct {
	// contains filtered or unexported fields
}

TrustMarkTypesStorage provides CRUD and relations for TrustMarkType, owner and issuers.

func (*TrustMarkTypesStorage) AddIssuer 

func (s *TrustMarkTypesStorage) AddIssuer(ident string, issuer model.AddTrustMarkIssuer) (
	[]model.TrustMarkIssuer, error,
)

func (*TrustMarkTypesStorage) Create 

func (s *TrustMarkTypesStorage) Create(req model.AddTrustMarkType) (*model.TrustMarkType, error)

func (*TrustMarkTypesStorage) CreateOwner 

func (s *TrustMarkTypesStorage) CreateOwner(ident string, req model.AddTrustMarkOwner) (*model.TrustMarkOwner, error)

func (*TrustMarkTypesStorage) Delete 

func (s *TrustMarkTypesStorage) Delete(ident string) error

func (*TrustMarkTypesStorage) DeleteIssuerByID 

func (s *TrustMarkTypesStorage) DeleteIssuerByID(ident string, issuerID uint) ([]model.TrustMarkIssuer, error)

func (*TrustMarkTypesStorage) DeleteOwner 

func (s *TrustMarkTypesStorage) DeleteOwner(ident string) error

func (*TrustMarkTypesStorage) Get 

func (s *TrustMarkTypesStorage) Get(ident string) (*model.TrustMarkType, error)

func (*TrustMarkTypesStorage) GetOwner 

func (s *TrustMarkTypesStorage) GetOwner(ident string) (*model.TrustMarkOwner, error)

Owner management

func (*TrustMarkTypesStorage) IssuersByType 

func (s *TrustMarkTypesStorage) IssuersByType() (oidfed.AllowedTrustMarkIssuers, error)

IssuersByType returns a map of trust_mark_type -> []issuer (entity IDs) for all types.

func (*TrustMarkTypesStorage) List 

func (s *TrustMarkTypesStorage) List() ([]model.TrustMarkType, error)

func (*TrustMarkTypesStorage) ListIssuers 

func (s *TrustMarkTypesStorage) ListIssuers(ident string) ([]model.TrustMarkIssuer, error)

Issuers management

func (*TrustMarkTypesStorage) OwnersByType 

func (s *TrustMarkTypesStorage) OwnersByType() (oidfed.TrustMarkOwners, error)

OwnersByType returns a map of trust_mark_type -> TrustMarkOwner for all types that have an owner.

func (*TrustMarkTypesStorage) SetIssuers 

func (s *TrustMarkTypesStorage) SetIssuers(ident string, in []model.AddTrustMarkIssuer) (
	[]model.TrustMarkIssuer, error,
)

func (*TrustMarkTypesStorage) Update 

func (s *TrustMarkTypesStorage) Update(ident string, req model.AddTrustMarkType) (*model.TrustMarkType, error)

func (*TrustMarkTypesStorage) UpdateOwner 

func (s *TrustMarkTypesStorage) UpdateOwner(ident string, req model.AddTrustMarkOwner) (*model.TrustMarkOwner, error)

type TrustMarkedEntitiesStorage 

type TrustMarkedEntitiesStorage struct {
	// contains filtered or unexported fields
}

TrustMarkedEntitiesStorage implements the TrustMarkedEntitiesStorageBackend interface

func (*TrustMarkedEntitiesStorage) Active 

func (s *TrustMarkedEntitiesStorage) Active(trustMarkType string) ([]string, error)

Active returns all active entities for a trust mark type

func (*TrustMarkedEntitiesStorage) Approve 

func (s *TrustMarkedEntitiesStorage) Approve(trustMarkType, entityID string) error

Approve marks a trust mark as active for an entity

func (*TrustMarkedEntitiesStorage) Block 

func (s *TrustMarkedEntitiesStorage) Block(trustMarkType, entityID string) error

Block marks a trust mark as blocked for an entity

func (*TrustMarkedEntitiesStorage) Blocked 

func (s *TrustMarkedEntitiesStorage) Blocked(trustMarkType string) ([]string, error)

Blocked returns all blocked entities for a trust mark type

func (*TrustMarkedEntitiesStorage) Delete 

func (s *TrustMarkedEntitiesStorage) Delete(trustMarkType, entityID string) error

Delete removes a trust mark for an entity

func (*TrustMarkedEntitiesStorage) HasTrustMark 

func (s *TrustMarkedEntitiesStorage) HasTrustMark(trustMarkType, entityID string) (bool, error)

HasTrustMark checks if an entity has an active trust mark

func (*TrustMarkedEntitiesStorage) Load 

func (*TrustMarkedEntitiesStorage) Load() error

Load is a no-op for GORM storage

func (*TrustMarkedEntitiesStorage) Pending 

func (s *TrustMarkedEntitiesStorage) Pending(trustMarkType string) ([]string, error)

Pending returns all pending entities for a trust mark type

func (*TrustMarkedEntitiesStorage) Request 

func (s *TrustMarkedEntitiesStorage) Request(trustMarkType, entityID string) error

Request marks a trust mark as pending for an entity

func (*TrustMarkedEntitiesStorage) TrustMarkedStatus 

func (s *TrustMarkedEntitiesStorage) TrustMarkedStatus(trustMarkType, entityID string) (model.Status, error)

TrustMarkedStatus returns the status of a trust mark for an entity

type UsersStorage 

type UsersStorage struct {
	// contains filtered or unexported fields
}

UsersStorage implements UsersStore using GORM

func (*UsersStorage) Authenticate 

func (s *UsersStorage) Authenticate(username, password string) (*model.User, error)

Authenticate validates username/password and auto-upgrades hash if params changed

func (*UsersStorage) Count 

func (s *UsersStorage) Count() (int64, error)

Count returns the number of users present in the store

func (*UsersStorage) Create 

func (s *UsersStorage) Create(username, password, displayName string) (*model.User, error)

Create creates a user with an Argon2id-hashed password

func (*UsersStorage) Delete 

func (s *UsersStorage) Delete(username string) error

Delete deletes a user by username

func (*UsersStorage) Get 

func (s *UsersStorage) Get(username string) (*model.User, error)

Get returns a user by username

func (*UsersStorage) List 

func (s *UsersStorage) List() ([]model.User, error)

List returns all users (without password hashes)

func (*UsersStorage) Update 

func (s *UsersStorage) Update(username string, displayName *string, newPassword *string, disabled *bool) (*model.User, error)

Update updates display name / password / disabled

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.