Documentation
¶
Index ¶
- func GenerateCredentialID(provider ProviderType, name string) string
- func InitDefaultManager(configDir string, passphrase string) error
- func InitDefaultRepositoryAuthenticator(authManager AuthManager)
- type AuthManager
- type AuthProvider
- type AuthType
- type Authenticator
- type Authorizer
- type CredentialStore
- func (s *CredentialStore) DeleteCredentials(id string) error
- func (s *CredentialStore) GetCredentials(id string) (*Credentials, error)
- func (s *CredentialStore) ListCredentials() ([]*Credentials, error)
- func (s *CredentialStore) SaveCredentials(creds *Credentials) error
- func (s *CredentialStore) UpdateLastUsed(id string) error
- type Credentials
- type GenericAuthProvider
- type GitHubAuthProvider
- type GitLabAuthProvider
- type Manager
- func (m *Manager) Authenticate(ctx context.Context, creds *Credentials) (bool, error)
- func (m *Manager) DeleteCredentials(id string) error
- func (m *Manager) DeleteUser(id string) error
- func (m *Manager) GetCredentials(id string) (*Credentials, error)
- func (m *Manager) GetUser(id string) (*User, error)
- func (m *Manager) HasPermission(user *User, permission Permission) bool
- func (m *Manager) ListCredentials() ([]*Credentials, error)
- func (m *Manager) ListUsers() ([]*User, error)
- func (m *Manager) RefreshToken(ctx context.Context, creds *Credentials) error
- func (m *Manager) RegisterProvider(providerType ProviderType, provider AuthProvider)
- func (m *Manager) SaveCredentials(creds *Credentials) error
- func (m *Manager) SaveUser(user *User) error
- func (m *Manager) UpdateLastLogin(id string) error
- type Permission
- type ProviderType
- type RepositoryAuthenticator
- type Role
- type User
- type UserStore
- func (s *UserStore) DeleteUser(id string) error
- func (s *UserStore) GetUser(id string) (*User, error)
- func (s *UserStore) HasPermission(user *User, permission Permission) bool
- func (s *UserStore) ListUsers() ([]*User, error)
- func (s *UserStore) SaveUser(user *User) error
- func (s *UserStore) UpdateLastLogin(id string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateCredentialID ¶
func GenerateCredentialID(provider ProviderType, name string) string
GenerateCredentialID generates a unique ID for credentials
func InitDefaultManager ¶
InitDefaultManager initializes the default authentication manager
func InitDefaultRepositoryAuthenticator ¶
func InitDefaultRepositoryAuthenticator(authManager AuthManager)
InitDefaultRepositoryAuthenticator initializes the default repository authenticator
Types ¶
type AuthManager ¶
type AuthManager interface {
Authenticator
Authorizer
}
AuthManager combines authentication and authorization
type AuthProvider ¶
type AuthProvider interface {
// Authenticate authenticates with the provider
Authenticate(ctx context.Context, creds *Credentials) (bool, error)
// RefreshToken refreshes a token
RefreshToken(ctx context.Context, creds *Credentials) error
}
AuthProvider defines the interface for authentication providers
type AuthType ¶
type AuthType string
AuthType represents the type of authentication
const ( // BasicAuth represents username/password authentication BasicAuth AuthType = "basic" // TokenAuth represents token-based authentication TokenAuth AuthType = "token" // OAuthAuth represents OAuth authentication OAuthAuth AuthType = "oauth" // CertAuth represents certificate-based authentication CertAuth AuthType = "cert" // NoneAuth represents no authentication NoneAuth AuthType = "none" )
type Authenticator ¶
type Authenticator interface {
// Authenticate authenticates a user with the given credentials
Authenticate(ctx context.Context, creds *Credentials) (bool, error)
// GetCredentials gets credentials by ID
GetCredentials(id string) (*Credentials, error)
// SaveCredentials saves credentials
SaveCredentials(creds *Credentials) error
// DeleteCredentials deletes credentials by ID
DeleteCredentials(id string) error
// ListCredentials lists all credentials
ListCredentials() ([]*Credentials, error)
// RefreshToken refreshes a token if it's expired
RefreshToken(ctx context.Context, creds *Credentials) error
}
Authenticator defines the interface for authentication
type Authorizer ¶
type Authorizer interface {
// HasPermission checks if a user has a specific permission
HasPermission(user *User, permission Permission) bool
// GetUser gets a user by ID
GetUser(id string) (*User, error)
// SaveUser saves a user
SaveUser(user *User) error
// DeleteUser deletes a user by ID
DeleteUser(id string) error
// ListUsers lists all users
ListUsers() ([]*User, error)
}
Authorizer defines the interface for authorization
type CredentialStore ¶
type CredentialStore struct {
// contains filtered or unexported fields
}
CredentialStore manages secure storage of credentials
func NewCredentialStore ¶
func NewCredentialStore(filePath string, passphrase string) (*CredentialStore, error)
NewCredentialStore creates a new credential store
func (*CredentialStore) DeleteCredentials ¶
func (s *CredentialStore) DeleteCredentials(id string) error
DeleteCredentials deletes credentials by ID
func (*CredentialStore) GetCredentials ¶
func (s *CredentialStore) GetCredentials(id string) (*Credentials, error)
GetCredentials gets credentials by ID
func (*CredentialStore) ListCredentials ¶
func (s *CredentialStore) ListCredentials() ([]*Credentials, error)
ListCredentials lists all credentials
func (*CredentialStore) SaveCredentials ¶
func (s *CredentialStore) SaveCredentials(creds *Credentials) error
SaveCredentials saves credentials
func (*CredentialStore) UpdateLastUsed ¶
func (s *CredentialStore) UpdateLastUsed(id string) error
UpdateLastUsed updates the last used timestamp for credentials
type Credentials ¶
type Credentials struct {
// ID is a unique identifier for the credentials
ID string `json:"id"`
// Name is a human-readable name for the credentials
Name string `json:"name"`
// Type is the type of authentication
Type AuthType `json:"type"`
// Provider is the authentication provider
Provider ProviderType `json:"provider"`
// Username is the username for basic authentication
Username string `json:"username,omitempty"`
// Password is the password for basic authentication
// This field should be encrypted when stored
Password string `json:"password,omitempty"`
// Token is the token for token-based authentication
// This field should be encrypted when stored
Token string `json:"token,omitempty"`
// TokenExpiry is the expiry time for the token
TokenExpiry time.Time `json:"token_expiry,omitempty"`
// RefreshToken is the refresh token for OAuth authentication
// This field should be encrypted when stored
RefreshToken string `json:"refresh_token,omitempty"`
// ClientID is the client ID for OAuth authentication
ClientID string `json:"client_id,omitempty"`
// ClientSecret is the client secret for OAuth authentication
// This field should be encrypted when stored
ClientSecret string `json:"client_secret,omitempty"`
// CertPath is the path to the certificate file for certificate-based authentication
CertPath string `json:"cert_path,omitempty"`
// KeyPath is the path to the private key file for certificate-based authentication
KeyPath string `json:"key_path,omitempty"`
// CACertPath is the path to the CA certificate file for certificate-based authentication
CACertPath string `json:"ca_cert_path,omitempty"`
// Scopes is the list of scopes for OAuth authentication
Scopes []string `json:"scopes,omitempty"`
// CreatedAt is the time the credentials were created
CreatedAt time.Time `json:"created_at"`
// UpdatedAt is the time the credentials were last updated
UpdatedAt time.Time `json:"updated_at"`
// LastUsedAt is the time the credentials were last used
LastUsedAt time.Time `json:"last_used_at,omitempty"`
}
Credentials represents authentication credentials
type GenericAuthProvider ¶
type GenericAuthProvider struct{}
GenericAuthProvider implements authentication for generic repositories
func NewGenericAuthProvider ¶
func NewGenericAuthProvider() *GenericAuthProvider
NewGenericAuthProvider creates a new generic authentication provider
func (*GenericAuthProvider) Authenticate ¶
func (p *GenericAuthProvider) Authenticate(ctx context.Context, creds *Credentials) (bool, error)
Authenticate authenticates with a generic repository
func (*GenericAuthProvider) RefreshToken ¶
func (p *GenericAuthProvider) RefreshToken(ctx context.Context, creds *Credentials) error
RefreshToken refreshes a token for a generic repository
type GitHubAuthProvider ¶
type GitHubAuthProvider struct{}
GitHubAuthProvider implements authentication for GitHub
func NewGitHubAuthProvider ¶
func NewGitHubAuthProvider() *GitHubAuthProvider
NewGitHubAuthProvider creates a new GitHub authentication provider
func (*GitHubAuthProvider) Authenticate ¶
func (p *GitHubAuthProvider) Authenticate(ctx context.Context, creds *Credentials) (bool, error)
Authenticate authenticates with GitHub
func (*GitHubAuthProvider) RefreshToken ¶
func (p *GitHubAuthProvider) RefreshToken(ctx context.Context, creds *Credentials) error
RefreshToken refreshes a GitHub token
type GitLabAuthProvider ¶
type GitLabAuthProvider struct{}
GitLabAuthProvider implements authentication for GitLab
func NewGitLabAuthProvider ¶
func NewGitLabAuthProvider() *GitLabAuthProvider
NewGitLabAuthProvider creates a new GitLab authentication provider
func (*GitLabAuthProvider) Authenticate ¶
func (p *GitLabAuthProvider) Authenticate(ctx context.Context, creds *Credentials) (bool, error)
Authenticate authenticates with GitLab
func (*GitLabAuthProvider) RefreshToken ¶
func (p *GitLabAuthProvider) RefreshToken(ctx context.Context, creds *Credentials) error
RefreshToken refreshes a GitLab token
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager implements the AuthManager interface
var DefaultManager *Manager
DefaultManager is the default authentication manager
func NewManager ¶
NewManager creates a new authentication manager
func (*Manager) Authenticate ¶
Authenticate authenticates a user with the given credentials
func (*Manager) DeleteCredentials ¶
DeleteCredentials deletes credentials by ID
func (*Manager) DeleteUser ¶
DeleteUser deletes a user by ID
func (*Manager) GetCredentials ¶
func (m *Manager) GetCredentials(id string) (*Credentials, error)
GetCredentials gets credentials by ID
func (*Manager) HasPermission ¶
func (m *Manager) HasPermission(user *User, permission Permission) bool
HasPermission checks if a user has a specific permission
func (*Manager) ListCredentials ¶
func (m *Manager) ListCredentials() ([]*Credentials, error)
ListCredentials lists all credentials
func (*Manager) RefreshToken ¶
func (m *Manager) RefreshToken(ctx context.Context, creds *Credentials) error
RefreshToken refreshes a token if it's expired
func (*Manager) RegisterProvider ¶
func (m *Manager) RegisterProvider(providerType ProviderType, provider AuthProvider)
RegisterProvider registers an authentication provider
func (*Manager) SaveCredentials ¶
func (m *Manager) SaveCredentials(creds *Credentials) error
SaveCredentials saves credentials
func (*Manager) UpdateLastLogin ¶
UpdateLastLogin updates the last login timestamp for a user
type Permission ¶
type Permission string
Permission represents a permission for role-based access control
const ( // ReadPermission allows reading operations ReadPermission Permission = "read" // WritePermission allows writing operations WritePermission Permission = "write" // DeletePermission allows deleting operations DeletePermission Permission = "delete" // AdminPermission allows administrative operations AdminPermission Permission = "admin" )
type ProviderType ¶
type ProviderType string
ProviderType represents the type of authentication provider
const ( // GitHubProvider represents GitHub authentication GitHubProvider ProviderType = "github" // GitLabProvider represents GitLab authentication GitLabProvider ProviderType = "gitlab" // GenericProvider represents a generic authentication provider GenericProvider ProviderType = "generic" )
type RepositoryAuthenticator ¶
type RepositoryAuthenticator struct {
// contains filtered or unexported fields
}
RepositoryAuthenticator authenticates repositories
var DefaultRepositoryAuthenticator *RepositoryAuthenticator
DefaultRepositoryAuthenticator is the default repository authenticator
func NewRepositoryAuthenticator ¶
func NewRepositoryAuthenticator(authManager AuthManager) *RepositoryAuthenticator
NewRepositoryAuthenticator creates a new repository authenticator
func (*RepositoryAuthenticator) AuthenticateRepository ¶
func (a *RepositoryAuthenticator) AuthenticateRepository(ctx context.Context, repo repository.Repository, credID string) error
AuthenticateRepository authenticates a repository with credentials
func (*RepositoryAuthenticator) AuthorizeRepositoryOperation ¶
func (a *RepositoryAuthenticator) AuthorizeRepositoryOperation(user *User, repo repository.Repository, operation Permission) error
AuthorizeRepositoryOperation authorizes a repository operation
type User ¶
type User struct {
// ID is a unique identifier for the user
ID string `json:"id"`
// Username is the username of the user
Username string `json:"username"`
// Role is the role of the user
Role Role `json:"role"`
// Permissions is the list of permissions for the user
Permissions []Permission `json:"permissions"`
// CreatedAt is the time the user was created
CreatedAt time.Time `json:"created_at"`
// UpdatedAt is the time the user was last updated
UpdatedAt time.Time `json:"updated_at"`
// LastLoginAt is the time the user last logged in
LastLoginAt time.Time `json:"last_login_at,omitempty"`
}
User represents a user of the system
type UserStore ¶
type UserStore struct {
// contains filtered or unexported fields
}
UserStore manages storage of users
func NewUserStore ¶
NewUserStore creates a new user store
func (*UserStore) DeleteUser ¶
DeleteUser deletes a user by ID
func (*UserStore) HasPermission ¶
func (s *UserStore) HasPermission(user *User, permission Permission) bool
HasPermission checks if a user has a specific permission
func (*UserStore) UpdateLastLogin ¶
UpdateLastLogin updates the last login timestamp for a user