auth

package
v12.0.403 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2026 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Package auth provides email services for user invitations.

Package auth provides authentication and authorization handlers for the PDVD backend.

Package auth provides authentication handlers for Fiber.

Package auth provides invitation management logic.

Package auth provides invitation management handlers for user onboarding.

Package auth provides authentication and authorization middleware for Fiber applications.

Package auth provides authentication and authorization utilities.

Package auth provides RBAC handlers for Fiber.

Package auth provides authentication and authorization utilities.

Package auth provides authentication and authorization types for the REST API.

Package auth provides authentication and authorization utilities.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AcceptInvitation added in v12.0.233 

func AcceptInvitation(ctx context.Context, db database.DBConnection, token, password string) (*model.User, error)

AcceptInvitation accepts an invitation and activates the user

func AcceptInvitationHandler added in v12.0.233 

func AcceptInvitationHandler(db database.DBConnection) fiber.Handler

AcceptInvitationHandler handles activation and immediate login

func ApplyRBACConfig added in v12.0.240 

func ApplyRBACConfig(db database.DBConnection, config *RBACConfig) (int, int, int, []error)

ApplyRBACConfig applies the RBAC configuration to the database

func ApplyRBACConfigFromFile added in v12.0.240 

func ApplyRBACConfigFromFile(db database.DBConnection, filepath string) (int, int, int, []error)

ApplyRBACConfigFromFile loads and applies RBAC configuration from a file

func ApplyRBACFromBody added in v12.0.233 

func ApplyRBACFromBody(db database.DBConnection, emailConfig *EmailConfig) fiber.Handler

ApplyRBACFromBody applies RBAC config from request body (YAML only)

func ApplyRBACFromFile added in v12.0.233 

func ApplyRBACFromFile(db database.DBConnection, emailConfig *EmailConfig) fiber.Handler

ApplyRBACFromFile applies RBAC config from filesystem

func ApplyRBACFromUpload added in v12.0.233 

func ApplyRBACFromUpload(db database.DBConnection, emailConfig *EmailConfig) fiber.Handler

ApplyRBACFromUpload applies RBAC config from uploaded file

func BootstrapAdmin 

func BootstrapAdmin(db database.DBConnection) error

BootstrapAdmin creates a default admin user if no users exist in the database

func ChangePassword added in v12.0.240 

func ChangePassword(db database.DBConnection) fiber.Handler

ChangePassword handles password change

func CheckPasswordHash 

func CheckPasswordHash(password, hash string) bool

CheckPasswordHash compares a password with a hash

func CleanupExpiredInvitations added in v12.0.233 

func CleanupExpiredInvitations(ctx context.Context, db database.DBConnection) (int, error)

CleanupExpiredInvitations removes expired invitations

func CreateInvitation added in v12.0.233 

func CreateInvitation(ctx context.Context, db database.DBConnection, emailConfig *EmailConfig, username, email, role string) (*model.Invitation, error)

CreateInvitation creates a new user invitation and sends email

func CreateUser added in v12.0.240 

func CreateUser(db database.DBConnection) fiber.Handler

CreateUser creates a new user

func DeleteUser added in v12.0.240 

func DeleteUser(db database.DBConnection) fiber.Handler

DeleteUser deletes a user

func EnsureDefaultRoles added in v12.0.240 

func EnsureDefaultRoles(db database.DBConnection) error

EnsureDefaultRoles ensures the default roles exist in the database

func ExportRBACConfigToFile added in v12.0.240 

func ExportRBACConfigToFile(db database.DBConnection, filepath string) error

ExportRBACConfigToFile exports the current RBAC configuration to a YAML file

func ForgotPassword 

func ForgotPassword(_ database.DBConnection) fiber.Handler

ForgotPassword handles password reset requests

func GenerateJWT 

func GenerateJWT(username string) (string, error)

GenerateJWT generates a JWT token for a user UPDATED: Removed role and orgs arguments

func GenerateRandomString 

func GenerateRandomString(length int) (string, error)

GenerateRandomString generates a secure random string of the specified length.

func GenerateSecureToken added in v12.0.240 

func GenerateSecureToken(length int) (string, error)

GenerateSecureToken generates a cryptographically secure random token Used for invitation tokens, password reset tokens, etc.

func GetInvitation added in v12.0.233 

func GetInvitation(ctx context.Context, db database.DBConnection, token string) (*model.Invitation, error)

GetInvitation retrieves an invitation by token

func GetInvitationHandler added in v12.0.233 

func GetInvitationHandler(db database.DBConnection) fiber.Handler

GetInvitationHandler handles GET /api/v1/invitation/:token

func GetJWTExpirationTime added in v12.0.240 

func GetJWTExpirationTime() time.Duration

GetJWTExpirationTime returns the configured JWT expiration duration

func GetRBACConfig added in v12.0.233 

func GetRBACConfig(db database.DBConnection) fiber.Handler

GetRBACConfig exports current RBAC configuration from DB to YAML

func GetUser added in v12.0.240 

func GetUser(db database.DBConnection) fiber.Handler

GetUser retrieves a user by username

func GetUserOrgs added in v12.0.240 

func GetUserOrgs(ctx context.Context, db database.DBConnection, username string) ([]string, error)

GetUserOrgs returns the list of orgs a user can access

func GitHubCallback added in v12.0.306 

func GitHubCallback(db database.DBConnection) fiber.Handler

GitHubCallback handles the callback from GitHub

func GitHubLogin added in v12.0.306 

func GitHubLogin(c *fiber.Ctx) error

GitHubLogin initiates the GitHub App Installation flow

func HandleRBACApply added in v12.0.240 

func HandleRBACApply(db database.DBConnection) fiber.Handler

HandleRBACApply handles POST /api/v1/rbac/apply

func HandleRBACValidate added in v12.0.240 

func HandleRBACValidate(_ database.DBConnection) fiber.Handler

HandleRBACValidate handles POST /api/v1/rbac/validate

func HashPassword 

func HashPassword(password string) (string, error)

HashPassword generates a bcrypt hash of the password

func IsStrongPassword added in v12.0.240 

func IsStrongPassword(password string) bool

IsStrongPassword validates password strength Requires at least 8 characters

func ListPendingInvitationsHandler added in v12.0.233 

func ListPendingInvitationsHandler(db database.DBConnection) fiber.Handler

ListPendingInvitationsHandler handles GET /api/v1/admin/invitations (admin only)

func ListUsers added in v12.0.240 

func ListUsers(db database.DBConnection) fiber.Handler

ListUsers lists all users

func Login 

func Login(db database.DBConnection) fiber.Handler

Login handles user login and sets auth cookie

func Logout 

func Logout() fiber.Handler

Logout clears the auth cookie

func Me 

func Me(db database.DBConnection) fiber.Handler

Me returns current authenticated user info with strict GitHub validation

func OptionalAuth added in v12.0.233 

func OptionalAuth(db database.DBConnection) fiber.Handler

OptionalAuth identifies the user if a token is present but does not block guests. This allows a single endpoint to serve both public and private data based on status. UPDATED: Now requires DB connection to look up user details.

func RefreshJWT added in v12.0.240 

func RefreshJWT(oldTokenString string) (string, error)

RefreshJWT generates a new token with extended expiration for an existing valid token

func RefreshToken added in v12.0.240 

func RefreshToken(_ database.DBConnection) fiber.Handler

RefreshToken refreshes JWT token

func RequireAuth added in v12.0.233 

func RequireAuth(db database.DBConnection) fiber.Handler

RequireAuth middleware validates JWT token from cookie and blocks guests. UPDATED: Now requires DB connection to look up user details (Role/Orgs) not present in JWT.

func RequireRole added in v12.0.233 

func RequireRole(allowedRoles ...string) fiber.Handler

RequireRole middleware checks if user has one of the required roles

func ResendInvitation added in v12.0.233 

func ResendInvitation(ctx context.Context, db database.DBConnection, emailConfig *EmailConfig, token string) error

ResendInvitation resends an invitation email

func ResendInvitationHandler added in v12.0.233 

func ResendInvitationHandler(db database.DBConnection, emailConfig *EmailConfig) fiber.Handler

ResendInvitationHandler handles POST /api/v1/invitation/:token/resend

func SendInvitationEmail added in v12.0.233 

func SendInvitationEmail(config *EmailConfig, username, email, token, role string) error

SendInvitationEmail sends an invitation email to a new user

func SendPasswordResetEmail added in v12.0.233 

func SendPasswordResetEmail(config *EmailConfig, email, token string) error

SendPasswordResetEmail sends a password reset email

func SetAuthCookie added in v12.0.233 

func SetAuthCookie(c *fiber.Ctx, token string)

SetAuthCookie sets the authentication cookie for a user session.

func SetJWTSecret added in v12.0.240 

func SetJWTSecret(secret string)

SetJWTSecret sets the JWT secret (call this on startup with env var)

func Signup added in v12.0.274 

func Signup(db database.DBConnection, emailConfig *EmailConfig) fiber.Handler

Signup handles public user registration requests via GitOps flow

func SyncRBACFromFile added in v12.0.240 

func SyncRBACFromFile(db database.DBConnection, filepath string) error

SyncRBACFromFile is a convenience function that combines load, validate, and apply

func UpdateUser added in v12.0.240 

func UpdateUser(db database.DBConnection) fiber.Handler

UpdateUser updates a user

func UserHasOrgAccess added in v12.0.240 

func UserHasOrgAccess(ctx context.Context, db database.DBConnection, username, org string) (bool, error)

UserHasOrgAccess checks if a user has access to a specific org

func ValidatePasswordStrength added in v12.0.240 

func ValidatePasswordStrength(password string) error

ValidatePasswordStrength validates password meets security requirements Returns error with specific requirement that failed

func ValidateRBAC added in v12.0.242 

func ValidateRBAC(_ database.DBConnection) fiber.Handler

ValidateRBAC validates RBAC config without applying changes

func ValidateRBACConfig added in v12.0.240 

func ValidateRBACConfig(config *RBACConfig) error

ValidateRBACConfig validates the RBAC configuration

Types

type AcceptInvitationRequest added in v12.0.233 

type AcceptInvitationRequest struct {
	Password        string `json:"password"`
	PasswordConfirm string `json:"password_confirm"`
	Token           string `json:"token"`
}

AcceptInvitationRequest defines the activation body

type Claims added in v12.0.240 

type Claims struct {
	Username string `json:"username"`
	jwt.RegisteredClaims
}

Claims represents JWT claims UPDATED: Kept only Username (Subject) to minimize payload size. Role and Orgs are now fetched from the database in the middleware.

func ValidateJWT 

func ValidateJWT(tokenString string) (*Claims, error)

ValidateJWT validates a JWT token and returns the claims

type CtxKey added in v12.0.291 

type CtxKey string

CtxKey defines a type for context keys to ensure type safety and avoid collisions. 

const (
	UserKey CtxKey = "username"
	RoleKey CtxKey = "role"
	OrgsKey CtxKey = "orgs"
)

Exported context keys for user authentication data

type EmailConfig added in v12.0.233 

type EmailConfig struct {
	SMTPHost     string
	SMTPPort     string
	SMTPUsername string
	SMTPPassword string
	FromEmail    string
	FromName     string
	BaseURL      string // Base URL for invitation links
}

EmailConfig holds email service configuration

func LoadEmailConfig added in v12.0.233 

func LoadEmailConfig() *EmailConfig

LoadEmailConfig loads email configuration from environment

type ForgotPasswordRequest 

type ForgotPasswordRequest struct {
	Email string `json:"email"`
}

ForgotPasswordRequest handles the invite/reset flow

type InvitationEmailData added in v12.0.233 

type InvitationEmailData struct {
	Username       string
	Email          string
	Role           string
	InvitationLink string
	ExpiresIn      string
	SupportEmail   string
}

InvitationEmailData holds data for invitation email template

type LoginRequest 

type LoginRequest struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

LoginRequest defines the body for Basic Auth login

type OrgDefinition added in v12.0.242 

type OrgDefinition struct {
	Name        string            `yaml:"name"`
	DisplayName string            `yaml:"display_name,omitempty"`
	Description string            `yaml:"description,omitempty"`
	Metadata    map[string]string `yaml:"metadata,omitempty"`
	Members     []OrgMember       `yaml:"members,omitempty"` // Added Members list
}

OrgDefinition represents an organization configuration

type OrgMember added in v12.0.274 

type OrgMember struct {
	Username string `yaml:"username"`
	Role     string `yaml:"role"`
}

OrgMember represents a user member within an organization

type PeriobolosConfig added in v12.0.233 

type PeriobolosConfig struct {
	Orgs  []OrgDefinition  `yaml:"orgs,omitempty"`
	Users []PeriobolosUser `yaml:"users"`
	Roles []RoleDefinition `yaml:"roles,omitempty"`
}

PeriobolosConfig represents the RBAC configuration structure compatible with Peribolos-style YAML

func LoadPeriobolosConfig added in v12.0.233 

func LoadPeriobolosConfig(yamlContent string) (*PeriobolosConfig, error)

LoadPeriobolosConfig parses RBAC configuration from YAML content

type PeriobolosUser added in v12.0.233 

type PeriobolosUser struct {
	Username     string `yaml:"username"`
	Email        string `yaml:"email"`
	AuthProvider string `yaml:"auth_provider,omitempty"`
}

PeriobolosUser represents a user configuration in the RBAC system

type RBACApplyRequest added in v12.0.240 

type RBACApplyRequest struct {
	Config string `json:"config"` // YAML config as string
	DryRun bool   `json:"dry_run,omitempty"`
}

RBACApplyRequest represents the request body for applying RBAC config

type RBACApplyResponse added in v12.0.240 

type RBACApplyResponse struct {
	Success      bool     `json:"success"`
	Message      string   `json:"message"`
	UsersCreated int      `json:"users_created,omitempty"`
	UsersUpdated int      `json:"users_updated,omitempty"`
	RolesCreated int      `json:"roles_created,omitempty"`
	Errors       []string `json:"errors,omitempty"`
}

RBACApplyResponse represents the response from applying RBAC config

type RBACConfig added in v12.0.240 

type RBACConfig struct {
	Users []UserConfig `yaml:"users"`
	Roles []RoleConfig `yaml:"roles"`
}

RBACConfig represents the top-level RBAC configuration

func ExportRBACConfig added in v12.0.240 

func ExportRBACConfig(db database.DBConnection) (*RBACConfig, error)

ExportRBACConfig exports the current RBAC configuration to YAML

func LoadRBACConfig added in v12.0.240 

func LoadRBACConfig(filepath string) (*RBACConfig, error)

LoadRBACConfig loads RBAC configuration from a YAML file

func LoadRBACConfigFromString added in v12.0.240 

func LoadRBACConfigFromString(yamlContent string) (*RBACConfig, error)

LoadRBACConfigFromString loads RBAC configuration from a YAML string

type RBACResult added in v12.0.233 

type RBACResult struct {
	OrgsCreated []string          `json:"orgs_created"`
	OrgsUpdated []string          `json:"orgs_updated"`
	Created     []string          `json:"created"`
	Updated     []string          `json:"updated"`
	Removed     []string          `json:"removed"`
	Invited     []string          `json:"invited"`
	Invitations map[string]string `json:"invitations,omitempty"`
}

RBACResult contains the outcome of applying RBAC configuration

func ApplyRBAC added in v12.0.233 

func ApplyRBAC(db database.DBConnection, config *PeriobolosConfig, emailConfig *EmailConfig) (*RBACResult, error)

ApplyRBAC implements Option 2: Org-Centric Sync with normalized org names

type RoleConfig added in v12.0.240 

type RoleConfig struct {
	Name        string   `yaml:"name"`
	Permissions []string `yaml:"permissions"`
	Description string   `yaml:"description,omitempty"`
}

RoleConfig represents a role in the RBAC configuration

type RoleDefinition added in v12.0.242 

type RoleDefinition struct {
	Name        string   `yaml:"name"`
	Description string   `yaml:"description,omitempty"`
	Permissions []string `yaml:"permissions,omitempty"`
}

RoleDefinition represents a role configuration with associated permissions

type UserConfig added in v12.0.240 

type UserConfig struct {
	Username     string   `yaml:"username"`
	Email        string   `yaml:"email,omitempty"`
	Role         string   `yaml:"role"`
	Orgs         []string `yaml:"orgs,omitempty"`
	Password     string   `yaml:"password,omitempty"`
	PasswordHash string   `yaml:"password_hash,omitempty"`
	IsActive     *bool    `yaml:"is_active,omitempty"`
	AuthProvider string   `yaml:"auth_provider,omitempty"`
	ExternalID   string   `yaml:"external_id,omitempty"`
}

UserConfig represents a user in the RBAC configuration

type UserResponse 

type UserResponse struct {
	Username string `json:"username"`
	Role     string `json:"role"`
}

UserResponse defines the session info returned to the frontend

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.