auth

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2026 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateCredentialID

func GenerateCredentialID(provider ProviderType, name string) string

GenerateCredentialID generates a unique ID for credentials

func InitDefaultManager

func InitDefaultManager(configDir string, passphrase string) error

InitDefaultManager initializes the default authentication manager

func InitDefaultRepositoryAuthenticator

func InitDefaultRepositoryAuthenticator(authManager AuthManager)

InitDefaultRepositoryAuthenticator initializes the default repository authenticator

Types

type AuthManager

type AuthManager interface {
	Authenticator
	Authorizer
}

AuthManager combines authentication and authorization

type AuthProvider

type AuthProvider interface {
	// Authenticate authenticates with the provider
	Authenticate(ctx context.Context, creds *Credentials) (bool, error)

	// RefreshToken refreshes a token
	RefreshToken(ctx context.Context, creds *Credentials) error
}

AuthProvider defines the interface for authentication providers

type AuthType

type AuthType string

AuthType represents the type of authentication

const (
	// BasicAuth represents username/password authentication
	BasicAuth AuthType = "basic"
	// TokenAuth represents token-based authentication
	TokenAuth AuthType = "token"
	// OAuthAuth represents OAuth authentication
	OAuthAuth AuthType = "oauth"
	// CertAuth represents certificate-based authentication
	CertAuth AuthType = "cert"
	// NoneAuth represents no authentication
	NoneAuth AuthType = "none"
)

type Authenticator

type Authenticator interface {
	// Authenticate authenticates a user with the given credentials
	Authenticate(ctx context.Context, creds *Credentials) (bool, error)

	// GetCredentials gets credentials by ID
	GetCredentials(id string) (*Credentials, error)

	// SaveCredentials saves credentials
	SaveCredentials(creds *Credentials) error

	// DeleteCredentials deletes credentials by ID
	DeleteCredentials(id string) error

	// ListCredentials lists all credentials
	ListCredentials() ([]*Credentials, error)

	// RefreshToken refreshes a token if it's expired
	RefreshToken(ctx context.Context, creds *Credentials) error
}

Authenticator defines the interface for authentication

type Authorizer

type Authorizer interface {
	// HasPermission checks if a user has a specific permission
	HasPermission(user *User, permission Permission) bool

	// GetUser gets a user by ID
	GetUser(id string) (*User, error)

	// SaveUser saves a user
	SaveUser(user *User) error

	// DeleteUser deletes a user by ID
	DeleteUser(id string) error

	// ListUsers lists all users
	ListUsers() ([]*User, error)
}

Authorizer defines the interface for authorization

type CredentialStore

type CredentialStore struct {
	// contains filtered or unexported fields
}

CredentialStore manages secure storage of credentials

func NewCredentialStore

func NewCredentialStore(filePath string, passphrase string) (*CredentialStore, error)

NewCredentialStore creates a new credential store

func (*CredentialStore) DeleteCredentials

func (s *CredentialStore) DeleteCredentials(id string) error

DeleteCredentials deletes credentials by ID

func (*CredentialStore) GetCredentials

func (s *CredentialStore) GetCredentials(id string) (*Credentials, error)

GetCredentials gets credentials by ID

func (*CredentialStore) ListCredentials

func (s *CredentialStore) ListCredentials() ([]*Credentials, error)

ListCredentials lists all credentials

func (*CredentialStore) SaveCredentials

func (s *CredentialStore) SaveCredentials(creds *Credentials) error

SaveCredentials saves credentials

func (*CredentialStore) UpdateLastUsed

func (s *CredentialStore) UpdateLastUsed(id string) error

UpdateLastUsed updates the last used timestamp for credentials

type Credentials

type Credentials struct {
	// ID is a unique identifier for the credentials
	ID string `json:"id"`

	// Name is a human-readable name for the credentials
	Name string `json:"name"`

	// Type is the type of authentication
	Type AuthType `json:"type"`

	// Provider is the authentication provider
	Provider ProviderType `json:"provider"`

	// Username is the username for basic authentication
	Username string `json:"username,omitempty"`

	// Password is the password for basic authentication
	// This field should be encrypted when stored
	Password string `json:"password,omitempty"`

	// Token is the token for token-based authentication
	// This field should be encrypted when stored
	Token string `json:"token,omitempty"`

	// TokenExpiry is the expiry time for the token
	TokenExpiry time.Time `json:"token_expiry,omitempty"`

	// RefreshToken is the refresh token for OAuth authentication
	// This field should be encrypted when stored
	RefreshToken string `json:"refresh_token,omitempty"`

	// ClientID is the client ID for OAuth authentication
	ClientID string `json:"client_id,omitempty"`

	// ClientSecret is the client secret for OAuth authentication
	// This field should be encrypted when stored
	ClientSecret string `json:"client_secret,omitempty"`

	// CertPath is the path to the certificate file for certificate-based authentication
	CertPath string `json:"cert_path,omitempty"`

	// KeyPath is the path to the private key file for certificate-based authentication
	KeyPath string `json:"key_path,omitempty"`

	// CACertPath is the path to the CA certificate file for certificate-based authentication
	CACertPath string `json:"ca_cert_path,omitempty"`

	// Scopes is the list of scopes for OAuth authentication
	Scopes []string `json:"scopes,omitempty"`

	// CreatedAt is the time the credentials were created
	CreatedAt time.Time `json:"created_at"`

	// UpdatedAt is the time the credentials were last updated
	UpdatedAt time.Time `json:"updated_at"`

	// LastUsedAt is the time the credentials were last used
	LastUsedAt time.Time `json:"last_used_at,omitempty"`
}

Credentials represents authentication credentials

type GenericAuthProvider

type GenericAuthProvider struct{}

GenericAuthProvider implements authentication for generic repositories

func NewGenericAuthProvider

func NewGenericAuthProvider() *GenericAuthProvider

NewGenericAuthProvider creates a new generic authentication provider

func (*GenericAuthProvider) Authenticate

func (p *GenericAuthProvider) Authenticate(ctx context.Context, creds *Credentials) (bool, error)

Authenticate authenticates with a generic repository

func (*GenericAuthProvider) RefreshToken

func (p *GenericAuthProvider) RefreshToken(ctx context.Context, creds *Credentials) error

RefreshToken refreshes a token for a generic repository

type GitHubAuthProvider

type GitHubAuthProvider struct{}

GitHubAuthProvider implements authentication for GitHub

func NewGitHubAuthProvider

func NewGitHubAuthProvider() *GitHubAuthProvider

NewGitHubAuthProvider creates a new GitHub authentication provider

func (*GitHubAuthProvider) Authenticate

func (p *GitHubAuthProvider) Authenticate(ctx context.Context, creds *Credentials) (bool, error)

Authenticate authenticates with GitHub

func (*GitHubAuthProvider) RefreshToken

func (p *GitHubAuthProvider) RefreshToken(ctx context.Context, creds *Credentials) error

RefreshToken refreshes a GitHub token

type GitLabAuthProvider

type GitLabAuthProvider struct{}

GitLabAuthProvider implements authentication for GitLab

func NewGitLabAuthProvider

func NewGitLabAuthProvider() *GitLabAuthProvider

NewGitLabAuthProvider creates a new GitLab authentication provider

func (*GitLabAuthProvider) Authenticate

func (p *GitLabAuthProvider) Authenticate(ctx context.Context, creds *Credentials) (bool, error)

Authenticate authenticates with GitLab

func (*GitLabAuthProvider) RefreshToken

func (p *GitLabAuthProvider) RefreshToken(ctx context.Context, creds *Credentials) error

RefreshToken refreshes a GitLab token

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager implements the AuthManager interface

var DefaultManager *Manager

DefaultManager is the default authentication manager

func NewManager

func NewManager(configDir string, passphrase string) (*Manager, error)

NewManager creates a new authentication manager

func (*Manager) Authenticate

func (m *Manager) Authenticate(ctx context.Context, creds *Credentials) (bool, error)

Authenticate authenticates a user with the given credentials

func (*Manager) DeleteCredentials

func (m *Manager) DeleteCredentials(id string) error

DeleteCredentials deletes credentials by ID

func (*Manager) DeleteUser

func (m *Manager) DeleteUser(id string) error

DeleteUser deletes a user by ID

func (*Manager) GetCredentials

func (m *Manager) GetCredentials(id string) (*Credentials, error)

GetCredentials gets credentials by ID

func (*Manager) GetUser

func (m *Manager) GetUser(id string) (*User, error)

GetUser gets a user by ID

func (*Manager) HasPermission

func (m *Manager) HasPermission(user *User, permission Permission) bool

HasPermission checks if a user has a specific permission

func (*Manager) ListCredentials

func (m *Manager) ListCredentials() ([]*Credentials, error)

ListCredentials lists all credentials

func (*Manager) ListUsers

func (m *Manager) ListUsers() ([]*User, error)

ListUsers lists all users

func (*Manager) RefreshToken

func (m *Manager) RefreshToken(ctx context.Context, creds *Credentials) error

RefreshToken refreshes a token if it's expired

func (*Manager) RegisterProvider

func (m *Manager) RegisterProvider(providerType ProviderType, provider AuthProvider)

RegisterProvider registers an authentication provider

func (*Manager) SaveCredentials

func (m *Manager) SaveCredentials(creds *Credentials) error

SaveCredentials saves credentials

func (*Manager) SaveUser

func (m *Manager) SaveUser(user *User) error

SaveUser saves a user

func (*Manager) UpdateLastLogin

func (m *Manager) UpdateLastLogin(id string) error

UpdateLastLogin updates the last login timestamp for a user

type Permission

type Permission string

Permission represents a permission for role-based access control

const (
	// ReadPermission allows reading operations
	ReadPermission Permission = "read"
	// WritePermission allows writing operations
	WritePermission Permission = "write"
	// DeletePermission allows deleting operations
	DeletePermission Permission = "delete"
	// AdminPermission allows administrative operations
	AdminPermission Permission = "admin"
)

type ProviderType

type ProviderType string

ProviderType represents the type of authentication provider

const (
	// GitHubProvider represents GitHub authentication
	GitHubProvider ProviderType = "github"
	// GitLabProvider represents GitLab authentication
	GitLabProvider ProviderType = "gitlab"
	// GenericProvider represents a generic authentication provider
	GenericProvider ProviderType = "generic"
)

type RepositoryAuthenticator

type RepositoryAuthenticator struct {
	// contains filtered or unexported fields
}

RepositoryAuthenticator authenticates repositories

var DefaultRepositoryAuthenticator *RepositoryAuthenticator

DefaultRepositoryAuthenticator is the default repository authenticator

func NewRepositoryAuthenticator

func NewRepositoryAuthenticator(authManager AuthManager) *RepositoryAuthenticator

NewRepositoryAuthenticator creates a new repository authenticator

func (*RepositoryAuthenticator) AuthenticateRepository

func (a *RepositoryAuthenticator) AuthenticateRepository(ctx context.Context, repo repository.Repository, credID string) error

AuthenticateRepository authenticates a repository with credentials

func (*RepositoryAuthenticator) AuthorizeRepositoryOperation

func (a *RepositoryAuthenticator) AuthorizeRepositoryOperation(user *User, repo repository.Repository, operation Permission) error

AuthorizeRepositoryOperation authorizes a repository operation

type Role

type Role string

Role represents a role for role-based access control

const (
	// AdminRole has full access to all operations
	AdminRole Role = "admin"
	// UserRole has limited access to operations
	UserRole Role = "user"
	// ReadOnlyRole has read-only access to operations
	ReadOnlyRole Role = "readonly"
)

type User

type User struct {
	// ID is a unique identifier for the user
	ID string `json:"id"`

	// Username is the username of the user
	Username string `json:"username"`

	// Role is the role of the user
	Role Role `json:"role"`

	// Permissions is the list of permissions for the user
	Permissions []Permission `json:"permissions"`

	// CreatedAt is the time the user was created
	CreatedAt time.Time `json:"created_at"`

	// UpdatedAt is the time the user was last updated
	UpdatedAt time.Time `json:"updated_at"`

	// LastLoginAt is the time the user last logged in
	LastLoginAt time.Time `json:"last_login_at,omitempty"`
}

User represents a user of the system

type UserStore

type UserStore struct {
	// contains filtered or unexported fields
}

UserStore manages storage of users

func NewUserStore

func NewUserStore(filePath string) (*UserStore, error)

NewUserStore creates a new user store

func (*UserStore) DeleteUser

func (s *UserStore) DeleteUser(id string) error

DeleteUser deletes a user by ID

func (*UserStore) GetUser

func (s *UserStore) GetUser(id string) (*User, error)

GetUser gets a user by ID

func (*UserStore) HasPermission

func (s *UserStore) HasPermission(user *User, permission Permission) bool

HasPermission checks if a user has a specific permission

func (*UserStore) ListUsers

func (s *UserStore) ListUsers() ([]*User, error)

ListUsers lists all users

func (*UserStore) SaveUser

func (s *UserStore) SaveUser(user *User) error

SaveUser saves a user

func (*UserStore) UpdateLastLogin

func (s *UserStore) UpdateLastLogin(id string) error

UpdateLastLogin updates the last login timestamp for a user

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL