auth

package
v1.0.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2026 License: MPL-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyDestAuth 

func ApplyDestAuth(req *http.Request, cfg *config.HTTPAuthConfig)

func BuildTLSConfig 

func BuildTLSConfig(cfg *config.TLSConfig) (*tls.Config, error)

func BuildTLSConfigFromMap 

func BuildTLSConfigFromMap(cfg *config.TLSMapConfig) (*tls.Config, error)

func DialTLS 

func DialTLS(dialer *net.Dialer, network, addr string, cfg *tls.Config) (net.Conn, error)

func FetchOAuth2ClientCredentials 

func FetchOAuth2ClientCredentials(tokenURL, clientID, clientSecret string, scopes []string) (string, error)

FetchOAuth2ClientCredentials obtains an access token from the token endpoint using the client_credentials grant type.

func NewLDAPAuthMiddleware 

func NewLDAPAuthMiddleware(provider *LDAPProvider) func(http.Handler) http.Handler

func NewOIDCAuthMiddleware 

func NewOIDCAuthMiddleware(provider *OIDCProvider, disableLoginPage bool) func(http.Handler) http.Handler

Types

type APIKeyAuth 

type APIKeyAuth struct {
	Key        string
	Header     string
	QueryParam string
}

func (*APIKeyAuth) Authenticate 

func (a *APIKeyAuth) Authenticate(r *http.Request) (bool, string, error)

type AWSSecretsProvider 

type AWSSecretsProvider struct {
	// contains filtered or unexported fields
}

func NewAWSSecretsProvider 

func NewAWSSecretsProvider(cfg *config.AWSSecretsManagerConfig) (*AWSSecretsProvider, error)

func (*AWSSecretsProvider) Get 

func (a *AWSSecretsProvider) Get(key string) (string, error)

type AuditEntry 

type AuditEntry struct {
	Timestamp time.Time      `json:"timestamp"`
	Event     string         `json:"event"`
	User      string         `json:"user"`
	Details   map[string]any `json:"details,omitempty"`
	SourceIP  string         `json:"source_ip,omitempty"`
}

type AuditLogger 

type AuditLogger struct {
	// contains filtered or unexported fields
}

func NewAuditLogger 

func NewAuditLogger(cfg *config.AuditConfig, logger *slog.Logger) *AuditLogger

func (*AuditLogger) Close 

func (al *AuditLogger) Close() error

func (*AuditLogger) GetEntries 

func (al *AuditLogger) GetEntries(limit int) []AuditEntry

func (*AuditLogger) Log 

func (al *AuditLogger) Log(event, user string, details map[string]any)

func (*AuditLogger) SetStore 

func (al *AuditLogger) SetStore(store AuditStore)

type AuditQueryOpts 

type AuditQueryOpts struct {
	Event  string
	User   string
	Since  time.Time
	Before time.Time
	Limit  int
	Offset int
}

type AuditStore 

type AuditStore interface {
	Save(entry *AuditEntry) error
	Query(opts AuditQueryOpts) ([]AuditEntry, error)
	Close() error
}

type Authenticator 

type Authenticator interface {
	Authenticate(r *http.Request) (bool, string, error)
}

func NewAuthenticator 

func NewAuthenticator(cfg *config.AuthConfig) (Authenticator, error)

type BasicAuth 

type BasicAuth struct {
	Username string
	Password string
}

func (*BasicAuth) Authenticate 

func (b *BasicAuth) Authenticate(r *http.Request) (bool, string, error)

type BearerAuth 

type BearerAuth struct {
	Token string
}

func (*BearerAuth) Authenticate 

func (b *BearerAuth) Authenticate(r *http.Request) (bool, string, error)

type EnvSecretsProvider 

type EnvSecretsProvider struct{}

func (*EnvSecretsProvider) Get 

func (e *EnvSecretsProvider) Get(key string) (string, error)

type GCPSecretsProvider 

type GCPSecretsProvider struct {
	// contains filtered or unexported fields
}

func NewGCPSecretsProvider 

func NewGCPSecretsProvider(cfg *config.GCPSecretManagerConfig) (*GCPSecretsProvider, error)

func (*GCPSecretsProvider) Get 

func (g *GCPSecretsProvider) Get(key string) (string, error)

type LDAPProvider 

type LDAPProvider struct {
	// contains filtered or unexported fields
}

func NewLDAPProvider 

func NewLDAPProvider(cfg *config.LDAPConfig, rbac *RBACManager, logger *slog.Logger) *LDAPProvider

func (*LDAPProvider) Authenticate 

func (lp *LDAPProvider) Authenticate(r *http.Request) (bool, string, error)

func (*LDAPProvider) GetUserGroups 

func (lp *LDAPProvider) GetUserGroups(username string) ([]string, error)

func (*LDAPProvider) GetUserRole 

func (lp *LDAPProvider) GetUserRole(username string) (string, error)

type MTLSAuth 

type MTLSAuth struct{}

func (*MTLSAuth) Authenticate 

func (m *MTLSAuth) Authenticate(r *http.Request) (bool, string, error)

type MemoryAuditStore 

type MemoryAuditStore struct {
	// contains filtered or unexported fields
}

func NewMemoryAuditStore 

func NewMemoryAuditStore() *MemoryAuditStore

func (*MemoryAuditStore) Close 

func (m *MemoryAuditStore) Close() error

func (*MemoryAuditStore) Query 

func (m *MemoryAuditStore) Query(opts AuditQueryOpts) ([]AuditEntry, error)

func (*MemoryAuditStore) Save 

func (m *MemoryAuditStore) Save(entry *AuditEntry) error

type NoopAuth 

type NoopAuth struct{}

func (*NoopAuth) Authenticate 

func (n *NoopAuth) Authenticate(r *http.Request) (bool, string, error)

type OIDCProvider 

type OIDCProvider struct {
	// contains filtered or unexported fields
}

func NewOIDCProvider 

func NewOIDCProvider(cfg *config.OIDCConfig, rbac *RBACManager, logger *slog.Logger) (*OIDCProvider, error)

func (*OIDCProvider) Authenticate 

func (op *OIDCProvider) Authenticate(r *http.Request) (bool, string, error)

func (*OIDCProvider) GetUserInfo 

func (op *OIDCProvider) GetUserInfo(r *http.Request) (map[string]any, error)

func (*OIDCProvider) HandleCallback 

func (op *OIDCProvider) HandleCallback(w http.ResponseWriter, r *http.Request)

func (*OIDCProvider) HandleLogin 

func (op *OIDCProvider) HandleLogin(w http.ResponseWriter, r *http.Request)

func (*OIDCProvider) HandleLogout 

func (op *OIDCProvider) HandleLogout(w http.ResponseWriter, r *http.Request)

type PostgresAuditStore 

type PostgresAuditStore struct {
	// contains filtered or unexported fields
}

func NewPostgresAuditStore 

func NewPostgresAuditStore(dsn, tablePrefix string) (*PostgresAuditStore, error)

func (*PostgresAuditStore) Close 

func (p *PostgresAuditStore) Close() error

func (*PostgresAuditStore) Query 

func (p *PostgresAuditStore) Query(opts AuditQueryOpts) ([]AuditEntry, error)

func (*PostgresAuditStore) Save 

func (p *PostgresAuditStore) Save(entry *AuditEntry) error

type RBACManager 

type RBACManager struct {
	// contains filtered or unexported fields
}

func NewRBACManager 

func NewRBACManager(roles []config.RoleConfig) *RBACManager

func (*RBACManager) GetRole 

func (rm *RBACManager) GetRole(name string) (*Role, error)

func (*RBACManager) HasPermission 

func (rm *RBACManager) HasPermission(roleName, permission string) bool

func (*RBACManager) ListRoles 

func (rm *RBACManager) ListRoles() []string

type Role 

type Role struct {
	Name        string
	Permissions map[string]bool
}

type SecretsProvider 

type SecretsProvider interface {
	Get(key string) (string, error)
}

func NewSecretsProvider 

func NewSecretsProvider(cfg *config.SecretsConfig) (SecretsProvider, error)

type Session 

type Session struct {
	User      string
	Email     string
	Roles     []string
	ExpiresAt time.Time
	Claims    map[string]any
}

type SessionStore 

type SessionStore struct {
	// contains filtered or unexported fields
}

func NewSessionStore 

func NewSessionStore() *SessionStore

func (*SessionStore) Cleanup 

func (ss *SessionStore) Cleanup()

func (*SessionStore) Delete 

func (ss *SessionStore) Delete(id string)

func (*SessionStore) Get 

func (ss *SessionStore) Get(id string) (*Session, bool)

func (*SessionStore) Set 

func (ss *SessionStore) Set(id string, session *Session)

type VaultSecretsProviderReal 

type VaultSecretsProviderReal struct {
	// contains filtered or unexported fields
}

func NewVaultSecretsProvider 

func NewVaultSecretsProvider(cfg *config.VaultConfig) (*VaultSecretsProviderReal, error)

func (*VaultSecretsProviderReal) Get 

func (v *VaultSecretsProviderReal) Get(key string) (string, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.