Documentation
¶
Overview ¶
Package access provides access control and security auditing functionality
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides temporary stub implementations to fix compilation ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality ¶
Package access provides access control and security auditing functionality
Index ¶
- Constants
- Variables
- func CreateMFAContext(ctx context.Context, userID string, method common.AuthMethod, status MFAStatus) context.Context
- func GetMFAMethod(ctx context.Context) (common.AuthMethod, error)
- func GetMFAUserID(ctx context.Context) (string, error)
- func IsMFACompleted(ctx context.Context) bool
- func IsMFARequired(ctx context.Context) bool
- func NewInMemoryAuditLoggerAdapter() interfaces.AuditLogger
- func NewInMemoryIncidentStoreAdapter() interfaces.IncidentStore
- func NewInMemoryVulnerabilityStoreAdapter() interfaces.VulnerabilityStore
- func WithMFAMethod(ctx context.Context, method common.AuthMethod) context.Context
- func WithMFAStatus(ctx context.Context, status MFAStatus) context.Context
- func WithMFAUserID(ctx context.Context, userID string) context.Context
- func WithUserID(ctx context.Context, userID string) context.Context
- type AccessControlConfig
- type AccessControlIntegration
- func (a *AccessControlIntegration) AssignRoleToUser(ctx context.Context, userID, roleID string) error
- func (a *AccessControlIntegration) AuthorizeAccess(ctx context.Context, sessionID, resource, action string) error
- func (a *AccessControlIntegration) DisableMFA(ctx context.Context, userID, method string) error
- func (a *AccessControlIntegration) EnableMFA(ctx context.Context, userID, method string) error
- func (a *AccessControlIntegration) GetUserPermissions(ctx context.Context, userID string) ([]*rbac.Permission, error)
- func (a *AccessControlIntegration) GetUserRoles(ctx context.Context, userID string) ([]*rbac.Role, error)
- func (a *AccessControlIntegration) Login(ctx context.Context, username, password, ip, userAgent string) (*Session, error)
- func (a *AccessControlIntegration) Logout(ctx context.Context, sessionID string) error
- func (a *AccessControlIntegration) ResetMFA(ctx context.Context, userID string) error
- func (a *AccessControlIntegration) RevokeRoleFromUser(ctx context.Context, userID, roleID string) error
- func (a *AccessControlIntegration) VerifyMFA(ctx context.Context, sessionID, method, code string) error
- type AccessControlManager
- func (m *AccessControlManager) ChangePassword(ctx context.Context, id, currentPassword, newPassword, updatedBy string) error
- func (m *AccessControlManager) Close(ctx context.Context) error
- func (m *AccessControlManager) CreateIncident(ctx context.Context, title, description string, severity AuditSeverity, ...) (*SecurityIncident, error)
- func (m *AccessControlManager) CreateUser(ctx context.Context, username, email, password string, roles []string, ...) (*User, error)
- func (m *AccessControlManager) CreateVulnerability(ctx context.Context, title, description string, severity AuditSeverity, ...) (*Vulnerability, error)
- func (m *AccessControlManager) DeleteUser(ctx context.Context, id, deletedBy string) error
- func (m *AccessControlManager) DisableMFA(ctx context.Context, id string, method common.AuthMethod, disabledBy string) error
- func (m *AccessControlManager) EnableMFA(ctx context.Context, id string, method common.AuthMethod, enabledBy string) error
- func (m *AccessControlManager) GetIncident(ctx context.Context, id string) (*SecurityIncident, error)
- func (m *AccessControlManager) GetRBACManager() RBACManager
- func (m *AccessControlManager) GetUser(ctx context.Context, id string) (*User, error)
- func (m *AccessControlManager) GetUserByUsername(ctx context.Context, username string) (*User, error)
- func (m *AccessControlManager) GetUserManager() UserManager
- func (m *AccessControlManager) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)
- func (m *AccessControlManager) HasPermission(ctx context.Context, user *User, permission Permission) bool
- func (m *AccessControlManager) HasRole(ctx context.Context, user *User, role rbac.Role) bool
- func (m *AccessControlManager) Initialize(ctx context.Context) error
- func (m *AccessControlManager) ListIncidents(ctx context.Context, filter *IncidentFilter) ([]*SecurityIncident, error)
- func (m *AccessControlManager) ListUsers(ctx context.Context) ([]*User, error)
- func (m *AccessControlManager) ListVulnerabilities(ctx context.Context, filter *VulnerabilityFilter) ([]*Vulnerability, error)
- func (m *AccessControlManager) LockUser(ctx context.Context, id, lockedBy string, reason string) error
- func (m *AccessControlManager) LogAudit(ctx context.Context, log *AuditLog) error
- func (m *AccessControlManager) Login(ctx context.Context, username, password string, ipAddress, userAgent string) (*Session, error)
- func (m *AccessControlManager) Logout(ctx context.Context, sessionID string) error
- func (m *AccessControlManager) QueryAuditLogs(ctx context.Context, filter *AuditLogFilter) ([]*AuditLog, error)
- func (m *AccessControlManager) RefreshSession(ctx context.Context, refreshToken string) (*Session, error)
- func (m *AccessControlManager) ResetPassword(ctx context.Context, id, newPassword, resetBy string) error
- func (m *AccessControlManager) UnlockUser(ctx context.Context, id, unlockedBy string) error
- func (m *AccessControlManager) UpdateIncidentStatus(ctx context.Context, id string, status IncidentStatus, ...) error
- func (m *AccessControlManager) UpdateUser(ctx context.Context, id, username, email string, roles []string, active bool, ...) (*User, error)
- func (m *AccessControlManager) UpdateVulnerabilityStatus(ctx context.Context, id string, status VulnerabilityStatus, ...) error
- func (m *AccessControlManager) ValidateSession(ctx context.Context, token string) (bool, error)
- func (m *AccessControlManager) VerifyMFA(ctx context.Context, sessionID, code string) error
- type AccessControlSystem
- func (s *AccessControlSystem) Audit() *AuditManager
- func (s *AccessControlSystem) Auth() *AuthManager
- func (a *AccessControlSystem) Close() error
- func (s *AccessControlSystem) CreateUser(ctx context.Context, username, email, password string, roles []string) (*User, error)
- func (a *AccessControlSystem) DeleteUser(ctx context.Context, userID string) error
- func (a *AccessControlSystem) DisableMFA(ctx context.Context, userID string, method common.AuthMethod) error
- func (a *AccessControlSystem) EnableMFA(ctx context.Context, userID string, method common.AuthMethod) error
- func (s *AccessControlSystem) GetAllUsers(ctx context.Context) ([]*User, error)
- func (s *AccessControlSystem) GetUserByID(ctx context.Context, id string) (*User, error)
- func (s *AccessControlSystem) GetUserByUsername(ctx context.Context, username string) (*User, error)
- func (s *AccessControlSystem) Initialize(ctx context.Context) error
- func (s *AccessControlSystem) MFA() mfa.MFAManager
- func (s *AccessControlSystem) RBAC() *simpleRBACManager
- func (s *AccessControlSystem) Security() *simpleSecurityManager
- func (a *AccessControlSystem) UpdateUser(ctx context.Context, user *User) error
- func (a *AccessControlSystem) UpdateUserPassword(ctx context.Context, userID, currentPassword, newPassword string) error
- type AccessControlSystemImpl
- func (a *AccessControlSystemImpl) Close() error
- func (a *AccessControlSystemImpl) GetAuditLogger() AuditLogger
- func (a *AccessControlSystemImpl) GetAuthManager() AuthManager
- func (a *AccessControlSystemImpl) GetRBACManager() RBACManager
- func (a *AccessControlSystemImpl) GetSecurityManager() SecurityManager
- func (a *AccessControlSystemImpl) GetUserManager() UserManager
- func (a *AccessControlSystemImpl) Initialize() error
- type AuditAction
- type AuditConfig
- type AuditEventFilter
- type AuditLog
- type AuditLogFilter
- type AuditLogger
- type AuditLoggerConfig
- type AuditLoggerImpl
- func (l *AuditLoggerImpl) CleanupOldLogs(ctx context.Context) (int, error)
- func (l *AuditLoggerImpl) Close() error
- func (l *AuditLoggerImpl) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)
- func (l *AuditLoggerImpl) Initialize(ctx context.Context) error
- func (l *AuditLoggerImpl) LogAudit(ctx context.Context, log *models.AuditLog) error
- type AuditManager
- func (m *AuditManager) Close() error
- func (m *AuditManager) GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)
- func (m *AuditManager) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)
- func (m *AuditManager) LogAudit(ctx context.Context, log *AuditLog) error
- type AuditSeverity
- type AuditStore
- type AuthConfig
- type AuthManager
- func (m *AuthManager) Close() error
- func (m *AuthManager) CreateUser(ctx context.Context, username, email, password string, roles []string) (*User, error)
- func (m *AuthManager) DeleteUser(ctx context.Context, userID string) error
- func (m *AuthManager) DisableMFA(ctx context.Context, userID string, method common.AuthMethod) error
- func (m *AuthManager) EnableMFA(ctx context.Context, userID string, method common.AuthMethod) error
- func (m *AuthManager) GetAllUsers(ctx context.Context) ([]*User, error)
- func (m *AuthManager) GetUserByEmail(ctx context.Context, email string) (*User, error)
- func (m *AuthManager) GetUserByID(ctx context.Context, id string) (*User, error)
- func (m *AuthManager) GetUserByUsername(ctx context.Context, username string) (*User, error)
- func (m *AuthManager) HasRole(ctx context.Context, userID string, role string) (bool, error)
- func (m *AuthManager) Initialize(ctx context.Context) error
- func (m *AuthManager) Login(ctx context.Context, username, password, ipAddress, userAgent string) (*Session, error)
- func (m *AuthManager) Logout(ctx context.Context, sessionID string) error
- func (m *AuthManager) RefreshSession(ctx context.Context, refreshToken string) (*Session, error)
- func (m *AuthManager) UpdateSession(ctx context.Context, sessionID string, updates map[string]interface{}) error
- func (m *AuthManager) UpdateUser(ctx context.Context, user *User) error
- func (m *AuthManager) UpdateUserPassword(ctx context.Context, userID, currentPassword, newPassword string) error
- func (m *AuthManager) ValidateSession(ctx context.Context, token string) (*Session, error)
- func (m *AuthManager) VerifyMFA(ctx context.Context, sessionID, code string) error
- func (m *AuthManager) VerifySession(ctx context.Context, token string) (bool, error)
- type AuthManagerImpl
- func (m *AuthManagerImpl) ChangePassword(ctx context.Context, userID, oldPassword, newPassword string) error
- func (m *AuthManagerImpl) Close() error
- func (m *AuthManagerImpl) Initialize(ctx context.Context) error
- func (m *AuthManagerImpl) Login(ctx context.Context, username, password string) (*models.Session, error)
- func (m *AuthManagerImpl) Logout(ctx context.Context, sessionID string) error
- func (m *AuthManagerImpl) RefreshSession(ctx context.Context, sessionID string) (*models.Session, error)
- func (m *AuthManagerImpl) ResetPassword(ctx context.Context, userID, newPassword string) error
- func (m *AuthManagerImpl) ValidateSession(ctx context.Context, sessionID string) (*models.Session, error)
- type BasicInMemorySessionStore
- func (s *BasicInMemorySessionStore) CleanupExpiredSessions(ctx context.Context) error
- func (s *BasicInMemorySessionStore) CreateSession(ctx context.Context, session *Session) error
- func (s *BasicInMemorySessionStore) DeleteSession(ctx context.Context, sessionID string) error
- func (s *BasicInMemorySessionStore) DeleteUserSessions(ctx context.Context, userID string) error
- func (s *BasicInMemorySessionStore) GetSession(ctx context.Context, sessionID string) (*Session, error)
- func (s *BasicInMemorySessionStore) ListUserSessions(ctx context.Context, userID string) ([]*Session, error)
- func (s *BasicInMemorySessionStore) UpdateSession(ctx context.Context, session *Session) error
- type BasicInMemoryUserStore
- func (s *BasicInMemoryUserStore) CreateUser(ctx context.Context, user *User) error
- func (s *BasicInMemoryUserStore) DeleteUser(ctx context.Context, userID string) error
- func (s *BasicInMemoryUserStore) GetUserByEmail(ctx context.Context, email string) (*User, error)
- func (s *BasicInMemoryUserStore) GetUserByID(ctx context.Context, userID string) (*User, error)
- func (s *BasicInMemoryUserStore) GetUserByUsername(ctx context.Context, username string) (*User, error)
- func (s *BasicInMemoryUserStore) ListUsers(ctx context.Context) ([]*User, error)
- func (s *BasicInMemoryUserStore) UpdateUser(ctx context.Context, user *User) error
- type BasicSecurityManager
- func (m *BasicSecurityManager) Close() error
- func (m *BasicSecurityManager) CreateIncident(ctx context.Context, title, description string, severity AuditSeverity, ...) (*SecurityIncident, error)
- func (m *BasicSecurityManager) CreateVulnerability(ctx context.Context, title, description string, severity AuditSeverity, ...) (*Vulnerability, error)
- func (m *BasicSecurityManager) GetIncident(ctx context.Context, id string) (*SecurityIncident, error)
- func (m *BasicSecurityManager) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)
- func (m *BasicSecurityManager) ListIncidents(ctx context.Context, filter *LocalIncidentFilter) ([]*SecurityIncident, error)
- func (m *BasicSecurityManager) ListVulnerabilities(ctx context.Context, filter *LocalVulnerabilityFilter) ([]*Vulnerability, error)
- func (m *BasicSecurityManager) ProcessSecurityAuditLog(ctx context.Context, log *AuditLog) error
- func (m *BasicSecurityManager) UpdateIncidentStatus(ctx context.Context, id string, status IncidentStatus, ...) error
- func (m *BasicSecurityManager) UpdateVulnerabilityStatus(ctx context.Context, id string, status VulnerabilityStatus, ...) error
- type Config
- type ContextBoundary
- type ContextBoundaryType
- type EnhancedContextBoundaryEnforcer
- func (e *EnhancedContextBoundaryEnforcer) AddBoundary(boundary ContextBoundary)
- func (e *EnhancedContextBoundaryEnforcer) EnforceBoundaries(ctx context.Context) error
- func (e *EnhancedContextBoundaryEnforcer) Middleware(next http.Handler) http.Handler
- func (e *EnhancedContextBoundaryEnforcer) RequireMFA() ContextBoundary
- func (e *EnhancedContextBoundaryEnforcer) RequirePermission(permission string) ContextBoundary
- func (e *EnhancedContextBoundaryEnforcer) RequireRole(role string) ContextBoundary
- func (e *EnhancedContextBoundaryEnforcer) RequireSession() ContextBoundary
- func (e *EnhancedContextBoundaryEnforcer) RequireUser(userID string) ContextBoundary
- func (e *EnhancedContextBoundaryEnforcer) SetAuthManager(authManager *AuthManager)
- func (e *EnhancedContextBoundaryEnforcer) SetRBACManager(rbacManager *RBACManagerImpl)
- func (e *EnhancedContextBoundaryEnforcer) SetSessionManager(sessionManager *SessionManager)
- type Factory
- type FactoryImpl
- func (f *FactoryImpl) CreateAccessControlSystem() (*AccessControlSystem, error)
- func (f *FactoryImpl) CreateAuditLogger() (AuditLogger, error)
- func (f *FactoryImpl) CreateAuthManager() (AuthManager, error)
- func (f *FactoryImpl) CreateDatabaseAccessControlSystem(dbDriver, dbDSN string) (*AccessControlSystem, error)
- func (f *FactoryImpl) CreateInMemoryAccessControlSystem() (*AccessControlSystem, error)
- func (f *FactoryImpl) CreateRBACManager() (RBACManager, error)
- func (f *FactoryImpl) CreateSecurityManager() (*BasicSecurityManager, error)
- func (f *FactoryImpl) CreateSecurityManagerAdapter(legacyManager interface{}) interfaces.SecurityManager
- func (f *FactoryImpl) CreateSessionStoreAdapter(legacyStore interface{}) interfaces.SessionStore
- func (f *FactoryImpl) CreateUserManager() (UserManager, error)
- func (f *FactoryImpl) CreateUserStoreAdapter(legacyStore interface{}) interfaces.UserStore
- type FileAuditLogger
- func (l *FileAuditLogger) Close(ctx context.Context) error
- func (l *FileAuditLogger) GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)
- func (l *FileAuditLogger) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)
- func (l *FileAuditLogger) Initialize(ctx context.Context) error
- func (l *FileAuditLogger) LogAudit(ctx context.Context, log *AuditLog) error
- type InMemoryAuditLogger
- func (l *InMemoryAuditLogger) Close(ctx context.Context) error
- func (l *InMemoryAuditLogger) GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)
- func (l *InMemoryAuditLogger) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)
- func (l *InMemoryAuditLogger) Initialize(ctx context.Context) error
- func (l *InMemoryAuditLogger) LogAudit(ctx context.Context, log *AuditLog) error
- type InMemoryAuditLoggerAdapter
- func (l *InMemoryAuditLoggerAdapter) Close() error
- func (l *InMemoryAuditLoggerAdapter) ExportEvents(ctx context.Context, filter map[string]interface{}, format string) (string, error)
- func (l *InMemoryAuditLoggerAdapter) GetAuditLogByID(ctx context.Context, id string) (*models.AuditLog, error)
- func (l *InMemoryAuditLoggerAdapter) GetEventByID(ctx context.Context, id string) (*models.AuditLog, error)
- func (l *InMemoryAuditLoggerAdapter) ListAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)
- func (l *InMemoryAuditLoggerAdapter) LogAudit(ctx context.Context, log *models.AuditLog) error
- func (l *InMemoryAuditLoggerAdapter) LogEvent(ctx context.Context, event *models.AuditLog) error
- func (l *InMemoryAuditLoggerAdapter) QueryEvents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)
- type InMemoryAuditLoggerWithTypes
- func (l *InMemoryAuditLoggerWithTypes) Close() error
- func (l *InMemoryAuditLoggerWithTypes) GetAuditLogByID(ctx context.Context, id string) (*common.AuditLog, error)
- func (l *InMemoryAuditLoggerWithTypes) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*common.AuditLog, int, error)
- func (l *InMemoryAuditLoggerWithTypes) Initialize(ctx context.Context) error
- func (l *InMemoryAuditLoggerWithTypes) LogAudit(ctx context.Context, log *common.AuditLog) error
- type InMemoryAuditStore
- func (s *InMemoryAuditStore) Close() error
- func (s *InMemoryAuditStore) DeleteAuditLog(ctx context.Context, id string) error
- func (s *InMemoryAuditStore) DeleteAuditLogsBefore(ctx context.Context, before time.Time) (int, error)
- func (s *InMemoryAuditStore) GetAuditLog(ctx context.Context, id string) (*models.AuditLog, error)
- func (s *InMemoryAuditStore) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)
- func (s *InMemoryAuditStore) StoreAuditLog(ctx context.Context, log *models.AuditLog) error
- type InMemoryIncidentStore
- func (s *InMemoryIncidentStore) Close() error
- func (s *InMemoryIncidentStore) CreateIncident(ctx context.Context, incident *common.SecurityIncident) error
- func (s *InMemoryIncidentStore) DeleteIncident(ctx context.Context, id string) error
- func (s *InMemoryIncidentStore) GetIncidentByID(ctx context.Context, id string) (*common.SecurityIncident, error)
- func (s *InMemoryIncidentStore) ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*common.SecurityIncident, int, error)
- func (s *InMemoryIncidentStore) UpdateIncident(ctx context.Context, incident *common.SecurityIncident) error
- type InMemoryIncidentStoreAdapter
- func (s *InMemoryIncidentStoreAdapter) Close() error
- func (s *InMemoryIncidentStoreAdapter) CreateIncident(ctx context.Context, incident *models.SecurityIncident) error
- func (s *InMemoryIncidentStoreAdapter) DeleteIncident(ctx context.Context, id string) error
- func (s *InMemoryIncidentStoreAdapter) GetIncidentByID(ctx context.Context, id string) (*models.SecurityIncident, error)
- func (s *InMemoryIncidentStoreAdapter) ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)
- func (s *InMemoryIncidentStoreAdapter) UpdateIncident(ctx context.Context, incident *models.SecurityIncident) error
- type InMemoryIncidentStoreModels
- func (s *InMemoryIncidentStoreModels) CreateIncident(ctx context.Context, incident *models.SecurityIncident) error
- func (s *InMemoryIncidentStoreModels) GetIncidentByID(ctx context.Context, incidentID string) (*models.SecurityIncident, error)
- func (s *InMemoryIncidentStoreModels) ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)
- func (s *InMemoryIncidentStoreModels) UpdateIncident(ctx context.Context, incident *models.SecurityIncident) error
- type InMemoryRoleStore
- func (s *InMemoryRoleStore) AddPermissionToRole(ctx context.Context, role, permission string) error
- func (s *InMemoryRoleStore) AddRoleToUser(ctx context.Context, userID, role string) error
- func (s *InMemoryRoleStore) GetAllPermissions(ctx context.Context) ([]string, error)
- func (s *InMemoryRoleStore) GetAllRoles(ctx context.Context) ([]string, error)
- func (s *InMemoryRoleStore) GetRolePermissions(ctx context.Context, role string) ([]string, error)
- func (s *InMemoryRoleStore) GetUserRoles(ctx context.Context, userID string) ([]string, error)
- func (s *InMemoryRoleStore) RemovePermissionFromRole(ctx context.Context, role, permission string) error
- func (s *InMemoryRoleStore) RemoveRoleFromUser(ctx context.Context, userID, role string) error
- type InMemorySessionStore
- func (s *InMemorySessionStore) CleanExpiredSessions(ctx context.Context) error
- func (s *InMemorySessionStore) Close() error
- func (s *InMemorySessionStore) CreateSession(ctx context.Context, session *Session) error
- func (s *InMemorySessionStore) DeleteSession(ctx context.Context, id string) error
- func (s *InMemorySessionStore) GetSession(ctx context.Context, id string) (*Session, error)
- func (s *InMemorySessionStore) GetUserSessions(ctx context.Context, userID string) ([]*Session, error)
- func (s *InMemorySessionStore) UpdateSession(ctx context.Context, session *Session) error
- type InMemoryUserStore
- func (s *InMemoryUserStore) Close() error
- func (s *InMemoryUserStore) CreateUser(ctx context.Context, user *User) error
- func (s *InMemoryUserStore) DeleteUser(ctx context.Context, id string) error
- func (s *InMemoryUserStore) GetUserByEmail(ctx context.Context, email string) (*User, error)
- func (s *InMemoryUserStore) GetUserByID(ctx context.Context, id string) (*User, error)
- func (s *InMemoryUserStore) GetUserByUsername(ctx context.Context, username string) (*User, error)
- func (s *InMemoryUserStore) ListUsers(ctx context.Context) ([]*User, error)
- func (s *InMemoryUserStore) UpdateUser(ctx context.Context, user *User) error
- type InMemoryVulnerabilityStore
- func (s *InMemoryVulnerabilityStore) Close() error
- func (s *InMemoryVulnerabilityStore) CreateVulnerability(ctx context.Context, vulnerability *common.Vulnerability) error
- func (s *InMemoryVulnerabilityStore) DeleteVulnerability(ctx context.Context, id string) error
- func (s *InMemoryVulnerabilityStore) GetVulnerabilityByID(ctx context.Context, id string) (*common.Vulnerability, error)
- func (s *InMemoryVulnerabilityStore) ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*common.Vulnerability, int, error)
- func (s *InMemoryVulnerabilityStore) UpdateVulnerability(ctx context.Context, vulnerability *common.Vulnerability) error
- type InMemoryVulnerabilityStoreAdapter
- func (s *InMemoryVulnerabilityStoreAdapter) Close() error
- func (s *InMemoryVulnerabilityStoreAdapter) CreateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error
- func (s *InMemoryVulnerabilityStoreAdapter) DeleteVulnerability(ctx context.Context, id string) error
- func (s *InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByCVE(ctx context.Context, cve string) (*models.Vulnerability, error)
- func (s *InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByID(ctx context.Context, id string) (*models.Vulnerability, error)
- func (s *InMemoryVulnerabilityStoreAdapter) ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)
- func (s *InMemoryVulnerabilityStoreAdapter) UpdateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error
- type InMemoryVulnerabilityStoreModels
- func (s *InMemoryVulnerabilityStoreModels) CreateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error
- func (s *InMemoryVulnerabilityStoreModels) GetVulnerabilityByID(ctx context.Context, vulnerabilityID string) (*models.Vulnerability, error)
- func (s *InMemoryVulnerabilityStoreModels) ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)
- func (s *InMemoryVulnerabilityStoreModels) UpdateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error
- type IncidentFilter
- type IncidentStatus
- type IncidentStore
- type LegacyAuditLogger
- type LegacyAuthManager
- func (m *LegacyAuthManager) CreateUser(ctx context.Context, username, email, password string, roles []string) (*User, error)
- func (m *LegacyAuthManager) DisableMFA(ctx context.Context, userID string, method common.AuthMethod) error
- func (m *LegacyAuthManager) EnableMFA(ctx context.Context, userID string, method common.AuthMethod) error
- func (m *LegacyAuthManager) Login(ctx context.Context, username, password string, ipAddress, userAgent string) (*Session, error)
- func (m *LegacyAuthManager) Logout(ctx context.Context, sessionID string) error
- func (m *LegacyAuthManager) RefreshSession(ctx context.Context, sessionID, refreshToken string, ...) (*Session, error)
- func (m *LegacyAuthManager) UpdateUserPassword(ctx context.Context, userID, currentPassword, newPassword string) error
- func (m *LegacyAuthManager) ValidateSession(ctx context.Context, sessionID, token string, ipAddress, userAgent string) (*User, error)
- func (m *LegacyAuthManager) VerifyMFA(ctx context.Context, sessionID, code string) error
- type LegacyAuthManagerInterface
- type LocalInMemoryIncidentStore
- func (s *LocalInMemoryIncidentStore) CreateIncident(ctx context.Context, incident *SecurityIncident) error
- func (s *LocalInMemoryIncidentStore) DeleteIncident(ctx context.Context, id string) error
- func (s *LocalInMemoryIncidentStore) GetIncident(ctx context.Context, id string) (*SecurityIncident, error)
- func (s *LocalInMemoryIncidentStore) ListIncidents(ctx context.Context, filter *LocalIncidentFilter) ([]*SecurityIncident, error)
- func (s *LocalInMemoryIncidentStore) UpdateIncident(ctx context.Context, incident *SecurityIncident) error
- type LocalInMemoryVulnerabilityStore
- func (s *LocalInMemoryVulnerabilityStore) CreateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
- func (s *LocalInMemoryVulnerabilityStore) DeleteVulnerability(ctx context.Context, id string) error
- func (s *LocalInMemoryVulnerabilityStore) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)
- func (s *LocalInMemoryVulnerabilityStore) ListVulnerabilities(ctx context.Context, filter *LocalVulnerabilityFilter) ([]*Vulnerability, error)
- func (s *LocalInMemoryVulnerabilityStore) UpdateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
- type LocalIncidentFilter
- type LocalVulnerabilityFilter
- type LoginResult
- type MFAContextKey
- type MFAMiddleware
- func (m *MFAMiddleware) ConditionalMFA(condition MFARequiredFunc, next http.Handler) http.Handler
- func (m *MFAMiddleware) MFAByPath(paths []string, next http.Handler) http.Handler
- func (m *MFAMiddleware) MFAByRole(roles []string, next http.Handler) http.Handler
- func (m *MFAMiddleware) MFAVerifyHandler(w http.ResponseWriter, r *http.Request)
- func (m *MFAMiddleware) OptionalMFA(next http.Handler) http.Handler
- func (m *MFAMiddleware) RequireMFA(next http.Handler) http.Handler
- type MFARequiredFunc
- type MFAStatus
- type MultiAuditLogger
- func (l *MultiAuditLogger) Close(ctx context.Context) error
- func (l *MultiAuditLogger) GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)
- func (l *MultiAuditLogger) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)
- func (l *MultiAuditLogger) Initialize(ctx context.Context) error
- func (l *MultiAuditLogger) LogAudit(ctx context.Context, log *AuditLog) error
- type PasswordPolicy
- type Permission
- type PersistentSessionStore
- type RBACConfig
- type RBACConfigSettings
- type RBACManager
- type RBACManagerAdapter
- func (a *RBACManagerAdapter) AddRoleToUser(userID string, role string) error
- func (a *RBACManagerAdapter) Close() error
- func (a *RBACManagerAdapter) GetUserPermissions(userID string) ([]string, error)
- func (a *RBACManagerAdapter) GetUserRoles(userID string) ([]string, error)
- func (a *RBACManagerAdapter) HasPermission(userID string, permission string) (bool, error)
- func (a *RBACManagerAdapter) HasRole(userID string, role string) (bool, error)
- func (a *RBACManagerAdapter) RemoveRoleFromUser(userID string, role string) error
- type RBACManagerImpl
- func (m *RBACManagerImpl) AddRoleToUser(ctx context.Context, userID string, role string) error
- func (m *RBACManagerImpl) Close() error
- func (m *RBACManagerImpl) GetUserPermissions(ctx context.Context, userID string) ([]string, error)
- func (m *RBACManagerImpl) GetUserRoles(ctx context.Context, userID string) ([]string, error)
- func (m *RBACManagerImpl) HasPermission(ctx context.Context, userID string, permission string) (bool, error)
- func (m *RBACManagerImpl) HasRole(ctx context.Context, userID string, role string) (bool, error)
- func (m *RBACManagerImpl) Initialize(ctx context.Context) error
- func (m *RBACManagerImpl) RemoveRoleFromUser(ctx context.Context, userID string, role string) error
- type RequestContext
- type Role
- type RoleName
- type RoleStore
- type SecurityConfig
- type SecurityIncident
- type SecurityIncidentConfig
- type SecurityManager
- type SecurityManagerAdapter
- func (a *SecurityManagerAdapter) Close() error
- func (a *SecurityManagerAdapter) CloseIncident(incidentID, resolution string) error
- func (a *SecurityManagerAdapter) GetIncident(incidentID string) (*models.SecurityIncident, error)
- func (a *SecurityManagerAdapter) GetVulnerability(vulnerabilityID string) (*models.Vulnerability, error)
- func (a *SecurityManagerAdapter) ListIncidents(filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)
- func (a *SecurityManagerAdapter) ListVulnerabilities(filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)
- func (a *SecurityManagerAdapter) MitigateVulnerability(vulnerabilityID, mitigation string) error
- func (a *SecurityManagerAdapter) ReportIncident(title, description string, severity models.SecurityIncidentSeverity) (*models.SecurityIncident, error)
- func (a *SecurityManagerAdapter) ReportVulnerability(title, description string, severity models.VulnerabilitySeverity) (*models.Vulnerability, error)
- func (a *SecurityManagerAdapter) ResolveVulnerability(vulnerabilityID string) error
- func (a *SecurityManagerAdapter) UpdateIncident(incident *models.SecurityIncident) error
- func (a *SecurityManagerAdapter) UpdateVulnerability(vulnerability *models.Vulnerability) error
- type Session
- type SessionFilter
- type SessionManager
- func (m *SessionManager) CreateSession(ctx context.Context, userID, ipAddress, userAgent string, mfaCompleted bool) (*Session, error)
- func (m *SessionManager) GetSessionFromContext(ctx context.Context) (*Session, error)
- func (m *SessionManager) GetUserSessions(ctx context.Context, userID string) ([]*Session, error)
- func (m *SessionManager) InvalidateSession(ctx context.Context, sessionID string) error
- func (m *SessionManager) InvalidateUserSessions(ctx context.Context, userID string) error
- func (m *SessionManager) RefreshSession(ctx context.Context, sessionID, refreshToken string) (*Session, error)
- func (m *SessionManager) Stop()
- func (m *SessionManager) ValidateSession(ctx context.Context, sessionID, token string, ipAddress, userAgent string) (*Session, error)
- type SessionPolicy
- type SessionStore
- type SimpleInMemorySessionStore
- func (s *SimpleInMemorySessionStore) CleanExpiredSessions(ctx context.Context) error
- func (s *SimpleInMemorySessionStore) CreateSession(ctx context.Context, session *Session) error
- func (s *SimpleInMemorySessionStore) DeleteSession(ctx context.Context, id string) error
- func (s *SimpleInMemorySessionStore) GetSession(ctx context.Context, id string) (*Session, error)
- func (s *SimpleInMemorySessionStore) GetUserSessions(ctx context.Context, userID string) ([]*Session, error)
- func (s *SimpleInMemorySessionStore) UpdateSession(ctx context.Context, session *Session) error
- type SimpleRBACManager
- func (m *SimpleRBACManager) AddPermission(permission Permission, description string) error
- func (m *SimpleRBACManager) AddPermissionToRole(role string, permission Permission) error
- func (m *SimpleRBACManager) AddRole(role string, description string) error
- func (m *SimpleRBACManager) AddRolePermission(ctx context.Context, role string, permission Permission) error
- func (m *SimpleRBACManager) AssignPermission(ctx context.Context, user *User, permission Permission) error
- func (m *SimpleRBACManager) AssignRole(ctx context.Context, user *User, role string) error
- func (m *SimpleRBACManager) Authorize(ctx context.Context, user *User, permission Permission) error
- func (m *SimpleRBACManager) CreateRole(ctx context.Context, role string, permissions []Permission) error
- func (m *SimpleRBACManager) DeleteRole(ctx context.Context, role string) error
- func (m *SimpleRBACManager) GetAllRoles(ctx context.Context) []string
- func (m *SimpleRBACManager) GetRolePermissions(ctx context.Context, role string) ([]Permission, error)
- func (m *SimpleRBACManager) GetUserPermissions(ctx context.Context, user *User) []Permission
- func (m *SimpleRBACManager) HasPermission(user *User, permission string) bool
- func (m *SimpleRBACManager) HasPermissionWithContext(ctx context.Context, user *User, permission Permission) bool
- func (m *SimpleRBACManager) HasRole(user *User, role string) bool
- func (m *SimpleRBACManager) HasRoleWithContext(ctx context.Context, user *User, role string) bool
- func (m *SimpleRBACManager) RemoveRolePermission(ctx context.Context, role string, permission Permission) error
- func (m *SimpleRBACManager) RequireAllPermissions(permissions ...Permission) func(ctx context.Context, user *User) error
- func (m *SimpleRBACManager) RequireAllRoles(roles ...string) func(ctx context.Context, user *User) error
- func (m *SimpleRBACManager) RequireAnyPermission(permissions ...Permission) func(ctx context.Context, user *User) error
- func (m *SimpleRBACManager) RequireAnyRole(roles ...string) func(ctx context.Context, user *User) error
- func (m *SimpleRBACManager) RequirePermission(permission Permission) func(ctx context.Context, user *User) error
- func (m *SimpleRBACManager) RequireRole(role string) func(ctx context.Context, user *User) error
- func (m *SimpleRBACManager) RevokePermission(ctx context.Context, user *User, permission Permission) error
- func (m *SimpleRBACManager) RevokeRole(ctx context.Context, user *User, role string) error
- type StubUserManager
- func (s *StubUserManager) Close() error
- func (s *StubUserManager) CreateUser(user *models.User) error
- func (s *StubUserManager) DeleteUser(userID string) error
- func (s *StubUserManager) GetUser(userID string) (*models.User, error)
- func (s *StubUserManager) GetUserByEmail(email string) (*models.User, error)
- func (s *StubUserManager) GetUserByUsername(username string) (*models.User, error)
- func (s *StubUserManager) ListUsers(filter map[string]interface{}, offset, limit int) ([]*models.User, int, error)
- func (s *StubUserManager) UpdateUser(user *models.User) error
- type TypesIncidentStore
- type TypesRBACManager
- func (m *TypesRBACManager) AddPermissionToRole(ctx context.Context, role string, permission string) error
- func (m *TypesRBACManager) AddPermissionToUser(ctx context.Context, user *User, permission string) error
- func (m *TypesRBACManager) AddRole(ctx context.Context, role string) error
- func (m *TypesRBACManager) AddRoleToUser(ctx context.Context, user *User, role string) error
- func (m *TypesRBACManager) GetRolePermissions(ctx context.Context, role string) ([]string, error)
- func (m *TypesRBACManager) GetRoles(ctx context.Context) []string
- func (m *TypesRBACManager) GetUserPermissions(ctx context.Context, user *User) ([]string, error)
- func (m *TypesRBACManager) Initialize(ctx context.Context) error
- func (m *TypesRBACManager) RemovePermissionFromRole(ctx context.Context, role string, permission string) error
- func (m *TypesRBACManager) RemovePermissionFromUser(ctx context.Context, user *User, permission string) error
- func (m *TypesRBACManager) RemoveRole(ctx context.Context, role string) error
- func (m *TypesRBACManager) RemoveRoleFromUser(ctx context.Context, user *User, role string) error
- func (m *TypesRBACManager) RoleHasPermission(ctx context.Context, role string, permission string) (bool, error)
- func (m *TypesRBACManager) UserHasPermission(ctx context.Context, user *User, permission string) (bool, error)
- type TypesVulnerabilityStore
- type User
- type UserFilter
- type UserManager
- type UserStore
- type Vulnerability
- type VulnerabilityConfig
- type VulnerabilityFilter
- type VulnerabilityStatus
- type VulnerabilityStore
Constants ¶
const ( RoleAdmin = "admin" RoleUser = "user" RoleManager = "manager" RoleOperator = "operator" RoleAuditor = "auditor" RoleGuest = "guest" RoleAutomation = "automation" )
Role constants
const ( PermissionAll = "*" // System permissions PermissionSystemAdmin = "system.admin" PermissionSystemConfig = "system.config" PermissionSystemView = "system.view" PermissionSystemMonitor = "system.monitor" PermissionSystemAudit = "system.audit" PermissionSystemBackup = "system.backup" PermissionSystemRestore = "system.restore" // User permissions PermissionUserView = "user.view" PermissionUserCreate = "user.create" PermissionUserRead = "user.read" PermissionUserUpdate = "user.update" PermissionUserDelete = "user.delete" PermissionUserRoleAssign = "user.role.assign" PermissionUserManageRoles = "user.manage.roles" // Role permissions PermissionRoleView = "role.view" PermissionRoleCreate = "role.create" PermissionRoleUpdate = "role.update" PermissionRoleDelete = "role.delete" // Template permissions PermissionTemplateView = "template.view" PermissionTemplateCreate = "template.create" PermissionTemplateRead = "template.read" PermissionTemplateUpdate = "template.update" PermissionTemplateDelete = "template.delete" PermissionTemplateExecute = "template.execute" PermissionTemplateApprove = "template.approve" PermissionTemplateUse = "template.use" // Security permissions PermissionSecurityView = "security.view" PermissionSecurityConfig = "security.config" PermissionSecurityTest = "security.test" PermissionSecurityIncident = "security.incident" PermissionSecurityAudit = "security.audit" PermissionSecurityVulnerability = "security.vulnerability" PermissionSecurityScan = "security.scan" // Audit permissions PermissionAuditView = "audit.view" // Vulnerability permissions PermissionVulnerabilityView = "vulnerability.view" // Prompt permissions PermissionPromptView = "prompt.view" PermissionPromptUse = "prompt.use" // Test permissions PermissionTestExecute = "test.execute" // Report permissions PermissionReportView = "report.view" PermissionReportCreate = "report.create" PermissionReportRead = "report.read" PermissionReportUpdate = "report.update" PermissionReportDelete = "report.delete" PermissionReportExport = "report.export" PermissionReportGenerate = "report.generate" )
Permission constants
Variables ¶
var ( ErrInvalidCredentials = interfaces.ErrInvalidCredentials ErrUserNotFound = interfaces.ErrUserNotFound ErrUserLocked = interfaces.ErrUserLocked ErrUserInactive = interfaces.ErrUserInactive ErrMFARequired = interfaces.ErrMFARequired ErrInvalidMFACode = interfaces.ErrInvalidMFACode ErrSessionExpired = interfaces.ErrSessionExpired ErrInvalidToken = interfaces.ErrInvalidToken )
Common errors - using the ones defined in interfaces package
var ( // ErrInvalidCredentials is already defined in auth.go // ErrMFARequired is already defined in auth.go ErrMFAVerificationFailed = errors.New("multi-factor authentication verification failed") // ErrUserNotFound is already defined in auth.go // ErrSessionExpired is already defined in auth.go ErrInvalidSession = errors.New("invalid session") )
Common errors
var ( // ErrUnauthorized is already declared in integration.go ErrInvalidRole = errors.New("invalid role") ErrInvalidPermission = errors.New("invalid permission") ErrRoleAlreadyExists = errors.New("role already exists") ErrRoleNotFound = errors.New("role not found") ErrPermissionNotFound = errors.New("permission not found") )
Common errors
var AllPermissions = []string{ PermissionSystemAdmin, PermissionSystemConfig, PermissionSystemView, PermissionSystemMonitor, PermissionSystemAudit, PermissionSystemBackup, PermissionSystemRestore, PermissionUserView, PermissionUserCreate, PermissionUserRead, PermissionUserUpdate, PermissionUserDelete, PermissionUserRoleAssign, PermissionUserManageRoles, PermissionRoleView, PermissionRoleCreate, PermissionRoleUpdate, PermissionRoleDelete, PermissionTemplateView, PermissionTemplateCreate, PermissionTemplateRead, PermissionTemplateUpdate, PermissionTemplateDelete, PermissionTemplateExecute, PermissionTemplateApprove, PermissionTemplateUse, PermissionSecurityView, PermissionSecurityConfig, PermissionSecurityTest, PermissionSecurityIncident, PermissionSecurityAudit, PermissionSecurityVulnerability, PermissionSecurityScan, PermissionAuditView, PermissionVulnerabilityView, PermissionPromptView, PermissionPromptUse, PermissionTestExecute, PermissionReportView, PermissionReportCreate, PermissionReportRead, PermissionReportUpdate, PermissionReportDelete, PermissionReportExport, PermissionReportGenerate, }
AllPermissions contains all defined permissions
Functions ¶
func CreateMFAContext ¶
func CreateMFAContext(ctx context.Context, userID string, method common.AuthMethod, status MFAStatus) context.Context
CreateMFAContext creates a new context with MFA information
func GetMFAMethod ¶
func GetMFAMethod(ctx context.Context) (common.AuthMethod, error)
GetMFAMethod gets MFA method from context
func GetMFAUserID ¶
GetMFAUserID gets user ID from MFA context
func IsMFACompleted ¶
IsMFACompleted checks if MFA has been completed in the context
func IsMFARequired ¶
IsMFARequired checks if MFA is required in the context
func NewInMemoryAuditLoggerAdapter ¶
func NewInMemoryAuditLoggerAdapter() interfaces.AuditLogger
NewInMemoryAuditLoggerAdapter creates a new in-memory audit logger adapter
func NewInMemoryIncidentStoreAdapter ¶
func NewInMemoryIncidentStoreAdapter() interfaces.IncidentStore
NewInMemoryIncidentStoreAdapter creates a new in-memory incident store adapter
func NewInMemoryVulnerabilityStoreAdapter ¶
func NewInMemoryVulnerabilityStoreAdapter() interfaces.VulnerabilityStore
NewInMemoryVulnerabilityStoreAdapter creates a new in-memory vulnerability store adapter
func WithMFAMethod ¶
WithMFAMethod adds MFA method to context
func WithMFAStatus ¶
WithMFAStatus adds MFA status to context
func WithMFAUserID ¶
WithMFAUserID adds user ID to MFA context
Types ¶
type AccessControlConfig ¶
type AccessControlConfig struct {
// EnableRBAC enables role-based access control
EnableRBAC bool `json:"enable_rbac"`
// EnableMFA enables multi-factor authentication
EnableMFA bool `json:"enable_mfa"`
// MFARequiredRoles specifies roles that require MFA
MFARequiredRoles []string `json:"mfa_required_roles"`
// PasswordPolicy defines password requirements
PasswordPolicy PasswordPolicy `json:"password_policy"`
// SessionPolicy defines session management settings
SessionPolicy SessionPolicy `json:"session_policy"`
// AuditConfig defines audit logging settings
AuditConfig AuditConfig `json:"audit_config"`
// SecurityIncidentConfig defines security incident management settings
SecurityIncidentConfig SecurityIncidentConfig `json:"security_incident_config"`
// VulnerabilityConfig defines vulnerability management settings
VulnerabilityConfig VulnerabilityConfig `json:"vulnerability_config"`
// RBACConfig defines RBAC-specific settings
RBACConfig RBACConfigSettings `json:"rbac_config"`
// RolePermissions maps roles to their permissions
RolePermissions map[string][]string `json:"role_permissions,omitempty"`
}
AccessControlConfig represents the configuration for the access control system
func DefaultAccessControlConfig ¶
func DefaultAccessControlConfig() *AccessControlConfig
DefaultAccessControlConfig returns the default access control configuration
func DefaultAccessControlConfigV2 ¶
func DefaultAccessControlConfigV2() *AccessControlConfig
DefaultAccessControlConfigV2 returns the default access control configuration (version 2)
type AccessControlIntegration ¶
type AccessControlIntegration struct {
// contains filtered or unexported fields
}
AccessControlIntegration integrates RBAC, MFA, and audit logging
func NewAccessControlIntegration ¶
func NewAccessControlIntegration( rbacManager rbac.RBACManager, mfaManager mfa.MFAManager, auditManager audit.AuditManager, userStore UserStore, sessionStore SessionStore, ) *AccessControlIntegration
NewAccessControlIntegration creates a new access control integration
func (*AccessControlIntegration) AssignRoleToUser ¶
func (a *AccessControlIntegration) AssignRoleToUser(ctx context.Context, userID, roleID string) error
AssignRoleToUser assigns a role to a user
func (*AccessControlIntegration) AuthorizeAccess ¶
func (a *AccessControlIntegration) AuthorizeAccess(ctx context.Context, sessionID, resource, action string) error
AuthorizeAccess checks if a user has permission to access a resource
func (*AccessControlIntegration) DisableMFA ¶
func (a *AccessControlIntegration) DisableMFA(ctx context.Context, userID, method string) error
DisableMFA disables MFA for a user
func (*AccessControlIntegration) EnableMFA ¶
func (a *AccessControlIntegration) EnableMFA(ctx context.Context, userID, method string) error
EnableMFA enables MFA for a user
func (*AccessControlIntegration) GetUserPermissions ¶
func (a *AccessControlIntegration) GetUserPermissions(ctx context.Context, userID string) ([]*rbac.Permission, error)
GetUserPermissions gets all permissions assigned to a user
func (*AccessControlIntegration) GetUserRoles ¶
func (a *AccessControlIntegration) GetUserRoles(ctx context.Context, userID string) ([]*rbac.Role, error)
GetUserRoles gets all roles assigned to a user
func (*AccessControlIntegration) Login ¶
func (a *AccessControlIntegration) Login(ctx context.Context, username, password, ip, userAgent string) (*Session, error)
Login authenticates a user and creates a session
func (*AccessControlIntegration) Logout ¶
func (a *AccessControlIntegration) Logout(ctx context.Context, sessionID string) error
Logout invalidates a session
func (*AccessControlIntegration) ResetMFA ¶
func (a *AccessControlIntegration) ResetMFA(ctx context.Context, userID string) error
ResetMFA resets all MFA methods for a user
func (*AccessControlIntegration) RevokeRoleFromUser ¶
func (a *AccessControlIntegration) RevokeRoleFromUser(ctx context.Context, userID, roleID string) error
RevokeRoleFromUser revokes a role from a user
type AccessControlManager ¶
type AccessControlManager struct {
// contains filtered or unexported fields
}
AccessControlManager is the main entry point for the access control system
func NewAccessControlManager ¶
func NewAccessControlManager(config *AccessControlConfig) (*AccessControlManager, error)
NewAccessControlManager creates a new access control manager
func (*AccessControlManager) ChangePassword ¶
func (m *AccessControlManager) ChangePassword(ctx context.Context, id, currentPassword, newPassword, updatedBy string) error
ChangePassword changes a user's password
func (*AccessControlManager) Close ¶
func (m *AccessControlManager) Close(ctx context.Context) error
Close closes the access control system
func (*AccessControlManager) CreateIncident ¶
func (m *AccessControlManager) CreateIncident(ctx context.Context, title, description string, severity AuditSeverity, reportedBy string, auditLogIDs []string, metadata map[string]interface{}) (*SecurityIncident, error)
CreateIncident creates a new security incident
func (*AccessControlManager) CreateUser ¶
func (m *AccessControlManager) CreateUser(ctx context.Context, username, email, password string, roles []string, createdBy string) (*User, error)
CreateUser creates a new user
func (*AccessControlManager) CreateVulnerability ¶
func (m *AccessControlManager) CreateVulnerability(ctx context.Context, title, description string, severity AuditSeverity, affectedSystem, cve, reportedBy string, metadata map[string]interface{}) (*Vulnerability, error)
CreateVulnerability creates a new vulnerability
func (*AccessControlManager) DeleteUser ¶
func (m *AccessControlManager) DeleteUser(ctx context.Context, id, deletedBy string) error
DeleteUser deletes a user
func (*AccessControlManager) DisableMFA ¶
func (m *AccessControlManager) DisableMFA(ctx context.Context, id string, method common.AuthMethod, disabledBy string) error
DisableMFA disables multi-factor authentication for a user
func (*AccessControlManager) EnableMFA ¶
func (m *AccessControlManager) EnableMFA(ctx context.Context, id string, method common.AuthMethod, enabledBy string) error
EnableMFA enables multi-factor authentication for a user
func (*AccessControlManager) GetIncident ¶
func (m *AccessControlManager) GetIncident(ctx context.Context, id string) (*SecurityIncident, error)
GetIncident retrieves a security incident by ID
func (*AccessControlManager) GetRBACManager ¶
func (m *AccessControlManager) GetRBACManager() RBACManager
GetRBACManager returns the RBAC manager
func (*AccessControlManager) GetUserByUsername ¶
func (m *AccessControlManager) GetUserByUsername(ctx context.Context, username string) (*User, error)
GetUserByUsername retrieves a user by username
func (*AccessControlManager) GetUserManager ¶
func (m *AccessControlManager) GetUserManager() UserManager
GetUserManager returns the user manager
func (*AccessControlManager) GetVulnerability ¶
func (m *AccessControlManager) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)
GetVulnerability retrieves a vulnerability by ID
func (*AccessControlManager) HasPermission ¶
func (m *AccessControlManager) HasPermission(ctx context.Context, user *User, permission Permission) bool
HasPermission checks if a user has a specific permission
func (*AccessControlManager) Initialize ¶
func (m *AccessControlManager) Initialize(ctx context.Context) error
Initialize initializes the access control system
func (*AccessControlManager) ListIncidents ¶
func (m *AccessControlManager) ListIncidents(ctx context.Context, filter *IncidentFilter) ([]*SecurityIncident, error)
ListIncidents lists security incidents based on filters
func (*AccessControlManager) ListUsers ¶
func (m *AccessControlManager) ListUsers(ctx context.Context) ([]*User, error)
ListUsers lists all users
func (*AccessControlManager) ListVulnerabilities ¶
func (m *AccessControlManager) ListVulnerabilities(ctx context.Context, filter *VulnerabilityFilter) ([]*Vulnerability, error)
ListVulnerabilities lists vulnerabilities based on filters
func (*AccessControlManager) LockUser ¶
func (m *AccessControlManager) LockUser(ctx context.Context, id, lockedBy string, reason string) error
LockUser locks a user account
func (*AccessControlManager) LogAudit ¶
func (m *AccessControlManager) LogAudit(ctx context.Context, log *AuditLog) error
LogAudit logs an audit event
func (*AccessControlManager) Login ¶
func (m *AccessControlManager) Login(ctx context.Context, username, password string, ipAddress, userAgent string) (*Session, error)
Login authenticates a user and creates a new session
func (*AccessControlManager) Logout ¶
func (m *AccessControlManager) Logout(ctx context.Context, sessionID string) error
Logout logs out a user by invalidating their session
func (*AccessControlManager) QueryAuditLogs ¶
func (m *AccessControlManager) QueryAuditLogs(ctx context.Context, filter *AuditLogFilter) ([]*AuditLog, error)
QueryAuditLogs queries audit logs
func (*AccessControlManager) RefreshSession ¶
func (m *AccessControlManager) RefreshSession(ctx context.Context, refreshToken string) (*Session, error)
RefreshSession refreshes a session and returns a new token
func (*AccessControlManager) ResetPassword ¶
func (m *AccessControlManager) ResetPassword(ctx context.Context, id, newPassword, resetBy string) error
ResetPassword resets a user's password (admin function)
func (*AccessControlManager) UnlockUser ¶
func (m *AccessControlManager) UnlockUser(ctx context.Context, id, unlockedBy string) error
UnlockUser unlocks a user account
func (*AccessControlManager) UpdateIncidentStatus ¶
func (m *AccessControlManager) UpdateIncidentStatus(ctx context.Context, id string, status IncidentStatus, assignedTo, updatedBy string) error
UpdateIncidentStatus updates the status of a security incident
func (*AccessControlManager) UpdateUser ¶
func (m *AccessControlManager) UpdateUser(ctx context.Context, id, username, email string, roles []string, active bool, updatedBy string) (*User, error)
UpdateUser updates an existing user
func (*AccessControlManager) UpdateVulnerabilityStatus ¶
func (m *AccessControlManager) UpdateVulnerabilityStatus(ctx context.Context, id string, status VulnerabilityStatus, assignedTo, remediationPlan, updatedBy string) error
UpdateVulnerabilityStatus updates the status of a vulnerability
func (*AccessControlManager) ValidateSession ¶
ValidateSession validates a session and returns whether it's valid
type AccessControlSystem ¶
type AccessControlSystem struct {
// contains filtered or unexported fields
}
AccessControlSystem is the main entry point for the access control system
func NewAccessControlSystem ¶
func NewAccessControlSystem(config *AccessControlConfig) (*AccessControlSystem, error)
NewAccessControlSystem creates a new access control system
func NewAccessControlSystemWithStores ¶
func NewAccessControlSystemWithStores( config *AccessControlConfig, userStore UserStore, sessionStore SessionStore, auditLogger AuditLogger, incidentStore IncidentStore, vulnerabilityStore VulnerabilityStore, ) (*AccessControlSystem, error)
NewAccessControlSystemWithStores creates a new access control system with the provided stores
func (*AccessControlSystem) Audit ¶
func (s *AccessControlSystem) Audit() *AuditManager
Audit returns the audit manager
func (*AccessControlSystem) Auth ¶
func (s *AccessControlSystem) Auth() *AuthManager
Auth returns the auth manager
func (*AccessControlSystem) Close ¶
func (a *AccessControlSystem) Close() error
Close closes the access control system and releases any resources
func (*AccessControlSystem) CreateUser ¶
func (s *AccessControlSystem) CreateUser(ctx context.Context, username, email, password string, roles []string) (*User, error)
CreateUser creates a new user
func (*AccessControlSystem) DeleteUser ¶
func (a *AccessControlSystem) DeleteUser(ctx context.Context, userID string) error
DeleteUser deletes a user
func (*AccessControlSystem) DisableMFA ¶
func (a *AccessControlSystem) DisableMFA(ctx context.Context, userID string, method common.AuthMethod) error
DisableMFA disables multi-factor authentication for a user
func (*AccessControlSystem) EnableMFA ¶
func (a *AccessControlSystem) EnableMFA(ctx context.Context, userID string, method common.AuthMethod) error
EnableMFA enables multi-factor authentication for a user
func (*AccessControlSystem) GetAllUsers ¶
func (s *AccessControlSystem) GetAllUsers(ctx context.Context) ([]*User, error)
GetAllUsers returns all users in the system
func (*AccessControlSystem) GetUserByID ¶
GetUserByID retrieves a user by ID
func (*AccessControlSystem) GetUserByUsername ¶
func (s *AccessControlSystem) GetUserByUsername(ctx context.Context, username string) (*User, error)
GetUserByUsername retrieves a user by username
func (*AccessControlSystem) Initialize ¶
func (s *AccessControlSystem) Initialize(ctx context.Context) error
Initialize initializes the access control system
func (*AccessControlSystem) MFA ¶
func (s *AccessControlSystem) MFA() mfa.MFAManager
MFA returns the multi-factor authentication manager
func (*AccessControlSystem) RBAC ¶
func (s *AccessControlSystem) RBAC() *simpleRBACManager
RBAC returns the RBAC manager
func (*AccessControlSystem) Security ¶
func (s *AccessControlSystem) Security() *simpleSecurityManager
Security returns the security manager
func (*AccessControlSystem) UpdateUser ¶
func (a *AccessControlSystem) UpdateUser(ctx context.Context, user *User) error
UpdateUser updates an existing user
func (*AccessControlSystem) UpdateUserPassword ¶
func (a *AccessControlSystem) UpdateUserPassword(ctx context.Context, userID, currentPassword, newPassword string) error
UpdateUserPassword updates a user's password
type AccessControlSystemImpl ¶
type AccessControlSystemImpl struct {
// contains filtered or unexported fields
}
AccessControlSystemImpl implements the AccessControlSystem interface
func (*AccessControlSystemImpl) Close ¶
func (a *AccessControlSystemImpl) Close() error
Close closes the access control system
func (*AccessControlSystemImpl) GetAuditLogger ¶
func (a *AccessControlSystemImpl) GetAuditLogger() AuditLogger
GetAuditLogger returns the audit logger
func (*AccessControlSystemImpl) GetAuthManager ¶
func (a *AccessControlSystemImpl) GetAuthManager() AuthManager
GetAuthManager returns the authentication manager
func (*AccessControlSystemImpl) GetRBACManager ¶
func (a *AccessControlSystemImpl) GetRBACManager() RBACManager
GetRBACManager returns the RBAC manager
func (*AccessControlSystemImpl) GetSecurityManager ¶
func (a *AccessControlSystemImpl) GetSecurityManager() SecurityManager
GetSecurityManager returns the security manager
func (*AccessControlSystemImpl) GetUserManager ¶
func (a *AccessControlSystemImpl) GetUserManager() UserManager
GetUserManager returns the user manager
func (*AccessControlSystemImpl) Initialize ¶
func (a *AccessControlSystemImpl) Initialize() error
Initialize initializes the access control system
type AuditAction ¶
type AuditAction string
AuditAction represents the type of action being audited
const ( AuditActionLogin AuditAction = "login" AuditActionLogout AuditAction = "logout" AuditActionCreate AuditAction = "create" AuditActionRead AuditAction = "read" AuditActionUpdate AuditAction = "update" AuditActionDelete AuditAction = "delete" AuditActionExecute AuditAction = "execute" AuditActionAuthorize AuditAction = "authorize" AuditActionSystem AuditAction = "system" AuditActionSecurity AuditAction = "security" )
Audit actions
type AuditConfig ¶
type AuditConfig struct {
EnabledSeverities []AuditSeverity `json:"enabled_severities"`
LogFilePath string `json:"log_file_path"`
RetentionDays int `json:"retention_days"`
}
AuditConfig defines configuration for audit logging
func DefaultAuditConfig ¶
func DefaultAuditConfig() *AuditConfig
DefaultAuditConfig returns the default audit configuration
func (*AuditConfig) IsEnabled ¶
func (c *AuditConfig) IsEnabled(severity AuditSeverity) bool
IsEnabled checks if logging is enabled for a severity level
type AuditEventFilter ¶
type AuditEventFilter struct {
UserID string `json:"user_id,omitempty"`
Action string `json:"action,omitempty"`
Resource string `json:"resource,omitempty"`
ResourceID string `json:"resource_id,omitempty"`
Severity string `json:"severity,omitempty"`
IPAddress string `json:"ip_address,omitempty"`
CreatedAfter string `json:"created_after,omitempty"`
CreatedBefore string `json:"created_before,omitempty"`
SortBy string `json:"sort_by,omitempty"`
SortOrder string `json:"sort_order,omitempty"`
Offset int `json:"offset,omitempty"`
Limit int `json:"limit,omitempty"`
}
AuditEventFilter defines filters for querying audit events
type AuditLog ¶
type AuditLog struct {
ID string `json:"id,omitempty"`
Timestamp time.Time `json:"timestamp"`
UserID string `json:"user_id,omitempty"`
Username string `json:"username,omitempty"`
Action AuditAction `json:"action"`
Resource string `json:"resource"`
ResourceID string `json:"resource_id,omitempty"`
Description string `json:"description"`
IPAddress string `json:"ip_address,omitempty"`
UserAgent string `json:"user_agent,omitempty"`
Severity AuditSeverity `json:"severity"`
Status string `json:"status"`
SessionID string `json:"session_id,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
Changes map[string]interface{} `json:"changes,omitempty"`
}
AuditLog represents a security audit log entry
type AuditLogFilter ¶
type AuditLogFilter struct {
UserID string `json:"user_id,omitempty"`
Username string `json:"username,omitempty"`
Action AuditAction `json:"action,omitempty"`
Resource string `json:"resource,omitempty"`
ResourceID string `json:"resource_id,omitempty"`
IPAddress string `json:"ip_address,omitempty"`
Severity AuditSeverity `json:"severity,omitempty"`
Status string `json:"status,omitempty"`
SessionID string `json:"session_id,omitempty"`
StartTime time.Time `json:"start_time,omitempty"`
EndTime time.Time `json:"end_time,omitempty"`
Limit int `json:"limit,omitempty"`
Offset int `json:"offset,omitempty"`
}
AuditLogFilter defines filters for querying audit logs
type AuditLogger ¶
type AuditLogger interface {
// Initialize initializes the audit logger
Initialize(ctx context.Context) error
// LogAudit logs an audit event
LogAudit(ctx context.Context, log *AuditLog) error
// GetAuditLogs retrieves audit logs
GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)
// GetAuditLogByID retrieves an audit log by ID
GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)
// Close closes the logger
Close(ctx context.Context) error
}
AuditLogger defines the interface for audit logging
type AuditLoggerConfig ¶
type AuditLoggerConfig struct {
// Logging configuration
LogToConsole bool
LogToFile bool
LogFile string
LogFormat string
// Retention configuration
RetentionDays int
}
AuditLoggerConfig contains configuration for the audit logger implementation
type AuditLoggerImpl ¶
type AuditLoggerImpl struct {
// contains filtered or unexported fields
}
AuditLoggerImpl implements the AuditLogger interface
func NewAuditLogger ¶
func NewAuditLogger(auditStore AuditStore, config *AuditLoggerConfig) *AuditLoggerImpl
NewAuditLogger creates a new audit logger
func (*AuditLoggerImpl) CleanupOldLogs ¶
func (l *AuditLoggerImpl) CleanupOldLogs(ctx context.Context) (int, error)
CleanupOldLogs deletes audit logs older than the retention period
func (*AuditLoggerImpl) Close ¶
func (l *AuditLoggerImpl) Close() error
Close closes the audit logger
func (*AuditLoggerImpl) GetAuditLogs ¶
func (l *AuditLoggerImpl) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)
GetAuditLogs gets audit logs
func (*AuditLoggerImpl) Initialize ¶
func (l *AuditLoggerImpl) Initialize(ctx context.Context) error
Initialize initializes the audit logger
type AuditManager ¶
type AuditManager struct {
// contains filtered or unexported fields
}
AuditManager manages audit logging
func NewAuditManager ¶
func NewAuditManager(logger AuditLogger, config *AuditConfig) (*AuditManager, error)
NewAuditManager creates a new audit manager
func (*AuditManager) GetAuditLogByID ¶
GetAuditLogByID retrieves an audit log by ID
func (*AuditManager) GetAuditLogs ¶
func (m *AuditManager) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)
GetAuditLogs retrieves audit logs
type AuditSeverity ¶
type AuditSeverity string
AuditSeverity represents the severity level of an audit event
const ( AuditSeverityInfo AuditSeverity = "info" AuditSeverityLow AuditSeverity = "low" AuditSeverityMedium AuditSeverity = "medium" AuditSeverityHigh AuditSeverity = "high" AuditSeverityCritical AuditSeverity = "critical" AuditSeverityError AuditSeverity = "error" )
Audit severity levels
type AuditStore ¶
type AuditStore interface {
// StoreAuditLog stores an audit log
StoreAuditLog(ctx context.Context, log *models.AuditLog) error
// GetAuditLog retrieves an audit log by ID
GetAuditLog(ctx context.Context, id string) (*models.AuditLog, error)
// GetAuditLogs retrieves audit logs with optional filtering
GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)
// DeleteAuditLog deletes an audit log
DeleteAuditLog(ctx context.Context, id string) error
// DeleteAuditLogsBefore deletes audit logs before a specific time
DeleteAuditLogsBefore(ctx context.Context, before time.Time) (int, error)
// Close closes the audit store
Close() error
}
AuditStore defines the interface for storing and retrieving audit logs
type AuthConfig ¶
type AuthConfig struct {
// Session configuration
SessionTimeout time.Duration
SessionMaxInactive time.Duration
// Password configuration
PasswordMinLength int
PasswordRequireUpper bool
PasswordRequireLower bool
PasswordRequireNumber bool
PasswordRequireSpecial bool
PasswordMaxAge time.Duration
// MFA configuration
MFAEnabled bool
MFAMethods []string
}
AuthConfig contains configuration for the auth manager
type AuthManager ¶
type AuthManager struct {
// contains filtered or unexported fields
}
AuthManager handles authentication and user management
func NewAuthManager ¶
func NewAuthManager( userStore UserStore, sessionStore SessionStore, auditLogger AuditLogger, mfaManager mfa.MFAManager, config *AuthConfig, ) (*AuthManager, error)
NewAuthManager creates a new authentication manager
func (*AuthManager) CreateUser ¶
func (m *AuthManager) CreateUser(ctx context.Context, username, email, password string, roles []string) (*User, error)
CreateUser creates a new user
func (*AuthManager) DeleteUser ¶
func (m *AuthManager) DeleteUser(ctx context.Context, userID string) error
DeleteUser deletes a user
func (*AuthManager) DisableMFA ¶
func (m *AuthManager) DisableMFA(ctx context.Context, userID string, method common.AuthMethod) error
DisableMFA disables multi-factor authentication for a user
func (*AuthManager) EnableMFA ¶
func (m *AuthManager) EnableMFA(ctx context.Context, userID string, method common.AuthMethod) error
EnableMFA enables multi-factor authentication for a user
func (*AuthManager) GetAllUsers ¶
func (m *AuthManager) GetAllUsers(ctx context.Context) ([]*User, error)
GetAllUsers returns all users
func (*AuthManager) GetUserByEmail ¶
GetUserByEmail retrieves a user by email
func (*AuthManager) GetUserByID ¶
GetUserByID retrieves a user by ID
func (*AuthManager) GetUserByUsername ¶
GetUserByUsername retrieves a user by username
func (*AuthManager) Initialize ¶
func (m *AuthManager) Initialize(ctx context.Context) error
Initialize initializes the authentication manager
func (*AuthManager) Login ¶
func (m *AuthManager) Login(ctx context.Context, username, password, ipAddress, userAgent string) (*Session, error)
Login authenticates a user and creates a session
func (*AuthManager) Logout ¶
func (m *AuthManager) Logout(ctx context.Context, sessionID string) error
Logout ends a user session
func (*AuthManager) RefreshSession ¶
RefreshSession refreshes a session using the refresh token
func (*AuthManager) UpdateSession ¶
func (m *AuthManager) UpdateSession(ctx context.Context, sessionID string, updates map[string]interface{}) error
UpdateSession updates a session
func (*AuthManager) UpdateUser ¶
func (m *AuthManager) UpdateUser(ctx context.Context, user *User) error
UpdateUser updates an existing user
func (*AuthManager) UpdateUserPassword ¶
func (m *AuthManager) UpdateUserPassword(ctx context.Context, userID, currentPassword, newPassword string) error
UpdateUserPassword updates a user's password
func (*AuthManager) ValidateSession ¶
ValidateSession validates a session token and returns the session
func (*AuthManager) VerifyMFA ¶
func (m *AuthManager) VerifyMFA(ctx context.Context, sessionID, code string) error
VerifyMFA verifies a multi-factor authentication code
func (*AuthManager) VerifySession ¶
VerifySession verifies a session token
type AuthManagerImpl ¶
type AuthManagerImpl struct {
// contains filtered or unexported fields
}
AuthManagerImpl implements the AuthManager interface
func NewAuthManagerImpl ¶
func NewAuthManagerImpl(userStore interfaces.UserStore, sessionStore interfaces.SessionStore, auditLogger AuditLogger, config *AuthConfig) *AuthManagerImpl
NewAuthManagerImpl creates a new auth manager implementation
func (*AuthManagerImpl) ChangePassword ¶
func (m *AuthManagerImpl) ChangePassword(ctx context.Context, userID, oldPassword, newPassword string) error
ChangePassword changes a user's password
func (*AuthManagerImpl) Close ¶
func (m *AuthManagerImpl) Close() error
Close closes the auth manager
func (*AuthManagerImpl) Initialize ¶
func (m *AuthManagerImpl) Initialize(ctx context.Context) error
Initialize initializes the auth manager
func (*AuthManagerImpl) Login ¶
func (m *AuthManagerImpl) Login(ctx context.Context, username, password string) (*models.Session, error)
Login authenticates a user
func (*AuthManagerImpl) Logout ¶
func (m *AuthManagerImpl) Logout(ctx context.Context, sessionID string) error
Logout logs out a user
func (*AuthManagerImpl) RefreshSession ¶
func (m *AuthManagerImpl) RefreshSession(ctx context.Context, sessionID string) (*models.Session, error)
RefreshSession refreshes a session
func (*AuthManagerImpl) ResetPassword ¶
func (m *AuthManagerImpl) ResetPassword(ctx context.Context, userID, newPassword string) error
ResetPassword resets a user's password
func (*AuthManagerImpl) ValidateSession ¶
func (m *AuthManagerImpl) ValidateSession(ctx context.Context, sessionID string) (*models.Session, error)
ValidateSession validates a session
type BasicInMemorySessionStore ¶
type BasicInMemorySessionStore struct {
// contains filtered or unexported fields
}
BasicInMemorySessionStore is an in-memory implementation of SessionStore
func NewBasicInMemorySessionStore ¶
func NewBasicInMemorySessionStore() *BasicInMemorySessionStore
NewBasicInMemorySessionStore creates a new basic in-memory session store
func (*BasicInMemorySessionStore) CleanupExpiredSessions ¶
func (s *BasicInMemorySessionStore) CleanupExpiredSessions(ctx context.Context) error
CleanupExpiredSessions cleans up expired sessions
func (*BasicInMemorySessionStore) CreateSession ¶
func (s *BasicInMemorySessionStore) CreateSession(ctx context.Context, session *Session) error
CreateSession creates a new session
func (*BasicInMemorySessionStore) DeleteSession ¶
func (s *BasicInMemorySessionStore) DeleteSession(ctx context.Context, sessionID string) error
DeleteSession deletes a session
func (*BasicInMemorySessionStore) DeleteUserSessions ¶
func (s *BasicInMemorySessionStore) DeleteUserSessions(ctx context.Context, userID string) error
DeleteUserSessions deletes all sessions for a user
func (*BasicInMemorySessionStore) GetSession ¶
func (s *BasicInMemorySessionStore) GetSession(ctx context.Context, sessionID string) (*Session, error)
GetSession retrieves a session by ID
func (*BasicInMemorySessionStore) ListUserSessions ¶
func (s *BasicInMemorySessionStore) ListUserSessions(ctx context.Context, userID string) ([]*Session, error)
ListUserSessions lists all sessions for a user
func (*BasicInMemorySessionStore) UpdateSession ¶
func (s *BasicInMemorySessionStore) UpdateSession(ctx context.Context, session *Session) error
UpdateSession updates an existing session
type BasicInMemoryUserStore ¶
type BasicInMemoryUserStore struct {
// contains filtered or unexported fields
}
BasicInMemoryUserStore is an in-memory implementation of UserStore
func NewBasicInMemoryUserStore ¶
func NewBasicInMemoryUserStore() *BasicInMemoryUserStore
NewBasicInMemoryUserStore creates a new basic in-memory user store
func (*BasicInMemoryUserStore) CreateUser ¶
func (s *BasicInMemoryUserStore) CreateUser(ctx context.Context, user *User) error
CreateUser creates a new user
func (*BasicInMemoryUserStore) DeleteUser ¶
func (s *BasicInMemoryUserStore) DeleteUser(ctx context.Context, userID string) error
DeleteUser deletes a user
func (*BasicInMemoryUserStore) GetUserByEmail ¶
GetUserByEmail retrieves a user by email
func (*BasicInMemoryUserStore) GetUserByID ¶
GetUserByID retrieves a user by ID
func (*BasicInMemoryUserStore) GetUserByUsername ¶
func (s *BasicInMemoryUserStore) GetUserByUsername(ctx context.Context, username string) (*User, error)
GetUserByUsername retrieves a user by username
func (*BasicInMemoryUserStore) ListUsers ¶
func (s *BasicInMemoryUserStore) ListUsers(ctx context.Context) ([]*User, error)
ListUsers lists all users
func (*BasicInMemoryUserStore) UpdateUser ¶
func (s *BasicInMemoryUserStore) UpdateUser(ctx context.Context, user *User) error
UpdateUser updates an existing user
type BasicSecurityManager ¶
type BasicSecurityManager struct {
// contains filtered or unexported fields
}
BasicSecurityManager manages security incidents and vulnerabilities
func NewBasicSecurityManager ¶
func NewBasicSecurityManager(config *AccessControlConfig, incidentStore IncidentStore, vulnerabilityStore VulnerabilityStore, auditLogger AuditLogger) *BasicSecurityManager
NewBasicSecurityManager creates a new basic security manager
func NewSecurityManager ¶
func NewSecurityManager(config *AccessControlConfig, incidentStore IncidentStore, vulnerabilityStore VulnerabilityStore, auditLogger AuditLogger) *BasicSecurityManager
NewSecurityManager creates a new security manager
func (*BasicSecurityManager) Close ¶
func (m *BasicSecurityManager) Close() error
Close closes the security manager
func (*BasicSecurityManager) CreateIncident ¶
func (m *BasicSecurityManager) CreateIncident(ctx context.Context, title, description string, severity AuditSeverity, reportedBy string, auditLogIDs []string, metadata map[string]interface{}) (*SecurityIncident, error)
CreateIncident creates a new security incident
func (*BasicSecurityManager) CreateVulnerability ¶
func (m *BasicSecurityManager) CreateVulnerability(ctx context.Context, title, description string, severity AuditSeverity, affectedSystem, cve, reportedBy string, metadata map[string]interface{}) (*Vulnerability, error)
CreateVulnerability creates a new vulnerability
func (*BasicSecurityManager) GetIncident ¶
func (m *BasicSecurityManager) GetIncident(ctx context.Context, id string) (*SecurityIncident, error)
GetIncident retrieves a security incident by ID
func (*BasicSecurityManager) GetVulnerability ¶
func (m *BasicSecurityManager) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)
GetVulnerability retrieves a vulnerability by ID
func (*BasicSecurityManager) ListIncidents ¶
func (m *BasicSecurityManager) ListIncidents(ctx context.Context, filter *LocalIncidentFilter) ([]*SecurityIncident, error)
ListIncidents lists security incidents based on filters
func (*BasicSecurityManager) ListVulnerabilities ¶
func (m *BasicSecurityManager) ListVulnerabilities(ctx context.Context, filter *LocalVulnerabilityFilter) ([]*Vulnerability, error)
ListVulnerabilities lists vulnerabilities based on filters
func (*BasicSecurityManager) ProcessSecurityAuditLog ¶
func (m *BasicSecurityManager) ProcessSecurityAuditLog(ctx context.Context, log *AuditLog) error
ProcessSecurityAuditLog processes an audit log for security incidents
func (*BasicSecurityManager) UpdateIncidentStatus ¶
func (m *BasicSecurityManager) UpdateIncidentStatus(ctx context.Context, id string, status IncidentStatus, assignedTo, updatedBy string) error
UpdateIncidentStatus updates the status of a security incident
func (*BasicSecurityManager) UpdateVulnerabilityStatus ¶
func (m *BasicSecurityManager) UpdateVulnerabilityStatus(ctx context.Context, id string, status VulnerabilityStatus, assignedTo, remediationPlan, updatedBy string) error
UpdateVulnerabilityStatus updates the status of a vulnerability
type Config ¶
type Config struct {
// Database configuration
DBDriver string
DBDSN string
// In-memory mode
InMemory bool
// Logging configuration
LogLevel string
LogFormat string
LogFile string
// Security configuration
PasswordMinLength int
PasswordRequireUpper bool
PasswordRequireLower bool
PasswordRequireNumber bool
PasswordRequireSpecial bool
PasswordMaxAge int
// Session configuration
SessionTimeout int
SessionMaxInactive int
// MFA configuration
MFAEnabled bool
MFAMethods []string
}
Config contains configuration for the factory
type ContextBoundary ¶
type ContextBoundary struct {
Type ContextBoundaryType
Value string
Required bool
Validation func(ctx context.Context, value string) bool
}
ContextBoundary represents a security boundary that must be enforced
type ContextBoundaryType ¶
type ContextBoundaryType string
ContextBoundaryType represents the type of boundary being enforced
const ( // BoundaryTypeSession represents a session boundary BoundaryTypeSession ContextBoundaryType = "session" // BoundaryTypeUser represents a user boundary BoundaryTypeUser ContextBoundaryType = "user" // BoundaryTypeRole represents a role boundary BoundaryTypeRole ContextBoundaryType = "role" // BoundaryTypePermission represents a permission boundary BoundaryTypePermission ContextBoundaryType = "permission" // BoundaryTypeMFA represents an MFA boundary BoundaryTypeMFA ContextBoundaryType = "mfa" )
type EnhancedContextBoundaryEnforcer ¶
type EnhancedContextBoundaryEnforcer struct {
// contains filtered or unexported fields
}
EnhancedContextBoundaryEnforcer enforces security boundaries for requests
func NewEnhancedContextBoundaryEnforcer ¶
func NewEnhancedContextBoundaryEnforcer() *EnhancedContextBoundaryEnforcer
NewEnhancedContextBoundaryEnforcer creates a new boundary enforcer
func (*EnhancedContextBoundaryEnforcer) AddBoundary ¶
func (e *EnhancedContextBoundaryEnforcer) AddBoundary(boundary ContextBoundary)
AddBoundary adds a new boundary to enforce
func (*EnhancedContextBoundaryEnforcer) EnforceBoundaries ¶
func (e *EnhancedContextBoundaryEnforcer) EnforceBoundaries(ctx context.Context) error
EnforceBoundaries enforces all boundaries for a request
func (*EnhancedContextBoundaryEnforcer) Middleware ¶
func (e *EnhancedContextBoundaryEnforcer) Middleware(next http.Handler) http.Handler
Middleware creates an HTTP middleware that enforces boundaries
func (*EnhancedContextBoundaryEnforcer) RequireMFA ¶
func (e *EnhancedContextBoundaryEnforcer) RequireMFA() ContextBoundary
RequireMFA creates a boundary that requires MFA completion
func (*EnhancedContextBoundaryEnforcer) RequirePermission ¶
func (e *EnhancedContextBoundaryEnforcer) RequirePermission(permission string) ContextBoundary
RequirePermission creates a boundary that requires a specific permission
func (*EnhancedContextBoundaryEnforcer) RequireRole ¶
func (e *EnhancedContextBoundaryEnforcer) RequireRole(role string) ContextBoundary
RequireRole creates a boundary that requires a specific role
func (*EnhancedContextBoundaryEnforcer) RequireSession ¶
func (e *EnhancedContextBoundaryEnforcer) RequireSession() ContextBoundary
RequireSession creates a boundary that requires a valid session
func (*EnhancedContextBoundaryEnforcer) RequireUser ¶
func (e *EnhancedContextBoundaryEnforcer) RequireUser(userID string) ContextBoundary
RequireUser creates a boundary that requires a specific user
func (*EnhancedContextBoundaryEnforcer) SetAuthManager ¶
func (e *EnhancedContextBoundaryEnforcer) SetAuthManager(authManager *AuthManager)
SetAuthManager sets the auth manager for the boundary enforcer
func (*EnhancedContextBoundaryEnforcer) SetRBACManager ¶
func (e *EnhancedContextBoundaryEnforcer) SetRBACManager(rbacManager *RBACManagerImpl)
SetRBACManager sets the RBAC manager for the boundary enforcer
func (*EnhancedContextBoundaryEnforcer) SetSessionManager ¶
func (e *EnhancedContextBoundaryEnforcer) SetSessionManager(sessionManager *SessionManager)
SetSessionManager sets the session manager for the boundary enforcer
type Factory ¶
type Factory interface {
// CreateAccessControlSystem creates a new access control system
CreateAccessControlSystem() (AccessControlSystem, error)
// CreateSecurityManager creates a new security manager
CreateSecurityManager() (SecurityManager, error)
// CreateUserManager creates a new user manager
CreateUserManager() (UserManager, error)
// CreateAuthManager creates a new auth manager
CreateAuthManager() (LegacyAuthManagerInterface, error)
// CreateRBACManager creates a new RBAC manager
CreateRBACManager() (RBACManager, error)
// CreateAuditLogger creates a new audit logger
CreateAuditLogger() (LegacyAuditLogger, error)
}
Factory creates access control system components
type FactoryImpl ¶
type FactoryImpl struct {
// contains filtered or unexported fields
}
FactoryImpl implements the Factory interface
func NewAccessControlFactory ¶
func NewAccessControlFactory(config *Config) *FactoryImpl
NewAccessControlFactory creates a new access control factory (alias for NewFactory)
func (*FactoryImpl) CreateAccessControlSystem ¶
func (f *FactoryImpl) CreateAccessControlSystem() (*AccessControlSystem, error)
CreateAccessControlSystem creates a new access control system
func (*FactoryImpl) CreateAuditLogger ¶
func (f *FactoryImpl) CreateAuditLogger() (AuditLogger, error)
CreateAuditLogger creates a new audit logger
func (*FactoryImpl) CreateAuthManager ¶
func (f *FactoryImpl) CreateAuthManager() (AuthManager, error)
CreateAuthManager creates a new auth manager
func (*FactoryImpl) CreateDatabaseAccessControlSystem ¶
func (f *FactoryImpl) CreateDatabaseAccessControlSystem(dbDriver, dbDSN string) (*AccessControlSystem, error)
CreateDatabaseAccessControlSystem creates a database-backed access control system
func (*FactoryImpl) CreateInMemoryAccessControlSystem ¶
func (f *FactoryImpl) CreateInMemoryAccessControlSystem() (*AccessControlSystem, error)
CreateInMemoryAccessControlSystem creates an in-memory access control system
func (*FactoryImpl) CreateRBACManager ¶
func (f *FactoryImpl) CreateRBACManager() (RBACManager, error)
CreateRBACManager creates a new RBAC manager
func (*FactoryImpl) CreateSecurityManager ¶
func (f *FactoryImpl) CreateSecurityManager() (*BasicSecurityManager, error)
CreateSecurityManager creates a new security manager
func (*FactoryImpl) CreateSecurityManagerAdapter ¶
func (f *FactoryImpl) CreateSecurityManagerAdapter(legacyManager interface{}) interfaces.SecurityManager
CreateSecurityManagerAdapter creates a new security manager adapter
func (*FactoryImpl) CreateSessionStoreAdapter ¶
func (f *FactoryImpl) CreateSessionStoreAdapter(legacyStore interface{}) interfaces.SessionStore
CreateSessionStoreAdapter creates a new session store adapter
func (*FactoryImpl) CreateUserManager ¶
func (f *FactoryImpl) CreateUserManager() (UserManager, error)
CreateUserManager creates a new user manager
func (*FactoryImpl) CreateUserStoreAdapter ¶
func (f *FactoryImpl) CreateUserStoreAdapter(legacyStore interface{}) interfaces.UserStore
CreateUserStoreAdapter creates a new user store adapter
type FileAuditLogger ¶
type FileAuditLogger struct {
// contains filtered or unexported fields
}
FileAuditLogger is a file-based implementation of AuditLogger
func NewFileAuditLogger ¶
func NewFileAuditLogger(filePath string) *FileAuditLogger
NewFileAuditLogger creates a new file-based audit logger
func (*FileAuditLogger) Close ¶
func (l *FileAuditLogger) Close(ctx context.Context) error
Close closes the file audit logger
func (*FileAuditLogger) GetAuditLogByID ¶
GetAuditLogByID retrieves an audit log by ID
func (*FileAuditLogger) GetAuditLogs ¶
func (l *FileAuditLogger) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)
GetAuditLogs retrieves audit logs
func (*FileAuditLogger) Initialize ¶
func (l *FileAuditLogger) Initialize(ctx context.Context) error
Initialize initializes the file audit logger
type InMemoryAuditLogger ¶
type InMemoryAuditLogger struct {
// contains filtered or unexported fields
}
InMemoryAuditLogger is a simple in-memory implementation of AuditLogger
func NewInMemoryAuditLogger ¶
func NewInMemoryAuditLogger() *InMemoryAuditLogger
NewInMemoryAuditLogger creates a new in-memory audit logger
func (*InMemoryAuditLogger) Close ¶
func (l *InMemoryAuditLogger) Close(ctx context.Context) error
Close closes the audit logger
func (*InMemoryAuditLogger) GetAuditLogByID ¶
GetAuditLogByID retrieves an audit log by ID
func (*InMemoryAuditLogger) GetAuditLogs ¶
func (l *InMemoryAuditLogger) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)
GetAuditLogs retrieves audit logs
func (*InMemoryAuditLogger) Initialize ¶
func (l *InMemoryAuditLogger) Initialize(ctx context.Context) error
Initialize initializes the audit logger
type InMemoryAuditLoggerAdapter ¶
type InMemoryAuditLoggerAdapter struct {
// contains filtered or unexported fields
}
InMemoryAuditLoggerAdapter is an in-memory implementation of interfaces.AuditLogger
func (*InMemoryAuditLoggerAdapter) Close ¶
func (l *InMemoryAuditLoggerAdapter) Close() error
Close closes the audit logger
func (*InMemoryAuditLoggerAdapter) ExportEvents ¶
func (l *InMemoryAuditLoggerAdapter) ExportEvents(ctx context.Context, filter map[string]interface{}, format string) (string, error)
ExportEvents exports audit events to a file
func (*InMemoryAuditLoggerAdapter) GetAuditLogByID ¶
func (l *InMemoryAuditLoggerAdapter) GetAuditLogByID(ctx context.Context, id string) (*models.AuditLog, error)
GetAuditLogByID retrieves an audit log by ID
func (*InMemoryAuditLoggerAdapter) GetEventByID ¶
func (l *InMemoryAuditLoggerAdapter) GetEventByID(ctx context.Context, id string) (*models.AuditLog, error)
GetEventByID retrieves an audit event by ID (alias for GetAuditLogByID to satisfy interface)
func (*InMemoryAuditLoggerAdapter) ListAuditLogs ¶
func (l *InMemoryAuditLoggerAdapter) ListAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)
ListAuditLogs lists audit logs with optional filtering
type InMemoryAuditLoggerWithTypes ¶
type InMemoryAuditLoggerWithTypes struct {
// contains filtered or unexported fields
}
InMemoryAuditLoggerWithTypes is a simple in-memory implementation of AuditLogger using common.AuditLog
func NewInMemoryAuditLoggerWithTypes ¶
func NewInMemoryAuditLoggerWithTypes() *InMemoryAuditLoggerWithTypes
NewInMemoryAuditLoggerWithTypes creates a new in-memory audit logger with types
func (*InMemoryAuditLoggerWithTypes) Close ¶
func (l *InMemoryAuditLoggerWithTypes) Close() error
Close closes the logger
func (*InMemoryAuditLoggerWithTypes) GetAuditLogByID ¶
func (l *InMemoryAuditLoggerWithTypes) GetAuditLogByID(ctx context.Context, id string) (*common.AuditLog, error)
GetAuditLogByID retrieves an audit log by ID
func (*InMemoryAuditLoggerWithTypes) GetAuditLogs ¶
func (l *InMemoryAuditLoggerWithTypes) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*common.AuditLog, int, error)
GetAuditLogs retrieves audit logs
func (*InMemoryAuditLoggerWithTypes) Initialize ¶
func (l *InMemoryAuditLoggerWithTypes) Initialize(ctx context.Context) error
Initialize initializes the audit logger
type InMemoryAuditStore ¶
type InMemoryAuditStore struct {
// contains filtered or unexported fields
}
InMemoryAuditStore is an in-memory implementation of the AuditStore interface
func NewInMemoryAuditStore ¶
func NewInMemoryAuditStore() *InMemoryAuditStore
NewInMemoryAuditStore creates a new in-memory audit store
func (*InMemoryAuditStore) Close ¶
func (s *InMemoryAuditStore) Close() error
Close closes the audit store
func (*InMemoryAuditStore) DeleteAuditLog ¶
func (s *InMemoryAuditStore) DeleteAuditLog(ctx context.Context, id string) error
DeleteAuditLog deletes an audit log
func (*InMemoryAuditStore) DeleteAuditLogsBefore ¶
func (s *InMemoryAuditStore) DeleteAuditLogsBefore(ctx context.Context, before time.Time) (int, error)
DeleteAuditLogsBefore deletes audit logs before a specific time
func (*InMemoryAuditStore) GetAuditLog ¶
GetAuditLog retrieves an audit log by ID
func (*InMemoryAuditStore) GetAuditLogs ¶
func (s *InMemoryAuditStore) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)
GetAuditLogs retrieves audit logs with optional filtering
func (*InMemoryAuditStore) StoreAuditLog ¶
StoreAuditLog stores an audit log
type InMemoryIncidentStore ¶
type InMemoryIncidentStore struct {
// contains filtered or unexported fields
}
InMemoryIncidentStore is a simple in-memory implementation of IncidentStore
func NewInMemoryIncidentStore ¶
func NewInMemoryIncidentStore() *InMemoryIncidentStore
NewInMemoryIncidentStore creates a new in-memory incident store
func (*InMemoryIncidentStore) Close ¶
func (s *InMemoryIncidentStore) Close() error
Close closes the store
func (*InMemoryIncidentStore) CreateIncident ¶
func (s *InMemoryIncidentStore) CreateIncident(ctx context.Context, incident *common.SecurityIncident) error
CreateIncident creates a new security incident
func (*InMemoryIncidentStore) DeleteIncident ¶
func (s *InMemoryIncidentStore) DeleteIncident(ctx context.Context, id string) error
DeleteIncident deletes a security incident by ID
func (*InMemoryIncidentStore) GetIncidentByID ¶
func (s *InMemoryIncidentStore) GetIncidentByID(ctx context.Context, id string) (*common.SecurityIncident, error)
GetIncidentByID retrieves a security incident by ID
func (*InMemoryIncidentStore) ListIncidents ¶
func (s *InMemoryIncidentStore) ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*common.SecurityIncident, int, error)
ListIncidents lists security incidents
func (*InMemoryIncidentStore) UpdateIncident ¶
func (s *InMemoryIncidentStore) UpdateIncident(ctx context.Context, incident *common.SecurityIncident) error
UpdateIncident updates an existing security incident
type InMemoryIncidentStoreAdapter ¶
type InMemoryIncidentStoreAdapter struct {
// contains filtered or unexported fields
}
InMemoryIncidentStoreAdapter is an in-memory implementation of interfaces.IncidentStore
func (*InMemoryIncidentStoreAdapter) Close ¶
func (s *InMemoryIncidentStoreAdapter) Close() error
Close closes the incident store
func (*InMemoryIncidentStoreAdapter) CreateIncident ¶
func (s *InMemoryIncidentStoreAdapter) CreateIncident(ctx context.Context, incident *models.SecurityIncident) error
CreateIncident creates a new security incident
func (*InMemoryIncidentStoreAdapter) DeleteIncident ¶
func (s *InMemoryIncidentStoreAdapter) DeleteIncident(ctx context.Context, id string) error
DeleteIncident deletes a security incident
func (*InMemoryIncidentStoreAdapter) GetIncidentByID ¶
func (s *InMemoryIncidentStoreAdapter) GetIncidentByID(ctx context.Context, id string) (*models.SecurityIncident, error)
GetIncidentByID retrieves a security incident by ID
func (*InMemoryIncidentStoreAdapter) ListIncidents ¶
func (s *InMemoryIncidentStoreAdapter) ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)
ListIncidents lists security incidents with optional filtering
func (*InMemoryIncidentStoreAdapter) UpdateIncident ¶
func (s *InMemoryIncidentStoreAdapter) UpdateIncident(ctx context.Context, incident *models.SecurityIncident) error
UpdateIncident updates a security incident
type InMemoryIncidentStoreModels ¶
type InMemoryIncidentStoreModels struct {
// contains filtered or unexported fields
}
InMemoryIncidentStoreModels is an in-memory implementation of the IncidentStore interface using models
func (*InMemoryIncidentStoreModels) CreateIncident ¶
func (s *InMemoryIncidentStoreModels) CreateIncident(ctx context.Context, incident *models.SecurityIncident) error
CreateIncident creates a new security incident
func (*InMemoryIncidentStoreModels) GetIncidentByID ¶
func (s *InMemoryIncidentStoreModels) GetIncidentByID(ctx context.Context, incidentID string) (*models.SecurityIncident, error)
GetIncidentByID retrieves a security incident by ID
func (*InMemoryIncidentStoreModels) ListIncidents ¶
func (s *InMemoryIncidentStoreModels) ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)
ListIncidents lists security incidents with optional filtering
func (*InMemoryIncidentStoreModels) UpdateIncident ¶
func (s *InMemoryIncidentStoreModels) UpdateIncident(ctx context.Context, incident *models.SecurityIncident) error
UpdateIncident updates a security incident
type InMemoryRoleStore ¶
type InMemoryRoleStore struct {
// contains filtered or unexported fields
}
InMemoryRoleStore is an in-memory implementation of the RoleStore interface
func NewInMemoryRoleStore ¶
func NewInMemoryRoleStore() *InMemoryRoleStore
NewInMemoryRoleStore creates a new in-memory role store
func (*InMemoryRoleStore) AddPermissionToRole ¶
func (s *InMemoryRoleStore) AddPermissionToRole(ctx context.Context, role, permission string) error
AddPermissionToRole adds a permission to a role
func (*InMemoryRoleStore) AddRoleToUser ¶
func (s *InMemoryRoleStore) AddRoleToUser(ctx context.Context, userID, role string) error
AddRoleToUser adds a role to a user
func (*InMemoryRoleStore) GetAllPermissions ¶
func (s *InMemoryRoleStore) GetAllPermissions(ctx context.Context) ([]string, error)
GetAllPermissions gets all permissions
func (*InMemoryRoleStore) GetAllRoles ¶
func (s *InMemoryRoleStore) GetAllRoles(ctx context.Context) ([]string, error)
GetAllRoles gets all roles
func (*InMemoryRoleStore) GetRolePermissions ¶
GetRolePermissions gets the permissions for a role
func (*InMemoryRoleStore) GetUserRoles ¶
GetUserRoles gets a user's roles
func (*InMemoryRoleStore) RemovePermissionFromRole ¶
func (s *InMemoryRoleStore) RemovePermissionFromRole(ctx context.Context, role, permission string) error
RemovePermissionFromRole removes a permission from a role
func (*InMemoryRoleStore) RemoveRoleFromUser ¶
func (s *InMemoryRoleStore) RemoveRoleFromUser(ctx context.Context, userID, role string) error
RemoveRoleFromUser removes a role from a user
type InMemorySessionStore ¶
type InMemorySessionStore struct {
// contains filtered or unexported fields
}
InMemorySessionStore is a simple in-memory implementation of SessionStore
func NewInMemorySessionStore ¶
func NewInMemorySessionStore() *InMemorySessionStore
NewInMemorySessionStore creates a new in-memory session store
func (*InMemorySessionStore) CleanExpiredSessions ¶
func (s *InMemorySessionStore) CleanExpiredSessions(ctx context.Context) error
CleanExpiredSessions removes all expired sessions
func (*InMemorySessionStore) Close ¶
func (s *InMemorySessionStore) Close() error
Close closes the session store
func (*InMemorySessionStore) CreateSession ¶
func (s *InMemorySessionStore) CreateSession(ctx context.Context, session *Session) error
CreateSession creates a new session
func (*InMemorySessionStore) DeleteSession ¶
func (s *InMemorySessionStore) DeleteSession(ctx context.Context, id string) error
DeleteSession deletes a session by ID
func (*InMemorySessionStore) GetSession ¶
GetSession retrieves a session by ID
func (*InMemorySessionStore) GetUserSessions ¶
func (s *InMemorySessionStore) GetUserSessions(ctx context.Context, userID string) ([]*Session, error)
GetUserSessions retrieves all sessions for a user
func (*InMemorySessionStore) UpdateSession ¶
func (s *InMemorySessionStore) UpdateSession(ctx context.Context, session *Session) error
UpdateSession updates an existing session
type InMemoryUserStore ¶
type InMemoryUserStore struct {
// contains filtered or unexported fields
}
InMemoryUserStore is a simple in-memory implementation of UserStore
func NewInMemoryUserStore ¶
func NewInMemoryUserStore() *InMemoryUserStore
NewInMemoryUserStore creates a new in-memory user store
func (*InMemoryUserStore) Close ¶
func (s *InMemoryUserStore) Close() error
Close closes the user store
func (*InMemoryUserStore) CreateUser ¶
func (s *InMemoryUserStore) CreateUser(ctx context.Context, user *User) error
CreateUser creates a new user
func (*InMemoryUserStore) DeleteUser ¶
func (s *InMemoryUserStore) DeleteUser(ctx context.Context, id string) error
DeleteUser deletes a user by ID
func (*InMemoryUserStore) GetUserByEmail ¶
GetUserByEmail retrieves a user by email
func (*InMemoryUserStore) GetUserByID ¶
GetUserByID retrieves a user by ID
func (*InMemoryUserStore) GetUserByUsername ¶
GetUserByUsername retrieves a user by username
func (*InMemoryUserStore) ListUsers ¶
func (s *InMemoryUserStore) ListUsers(ctx context.Context) ([]*User, error)
ListUsers lists all users
func (*InMemoryUserStore) UpdateUser ¶
func (s *InMemoryUserStore) UpdateUser(ctx context.Context, user *User) error
UpdateUser updates an existing user
type InMemoryVulnerabilityStore ¶
type InMemoryVulnerabilityStore struct {
// contains filtered or unexported fields
}
InMemoryVulnerabilityStore is a simple in-memory implementation of VulnerabilityStore
func NewInMemoryVulnerabilityStore ¶
func NewInMemoryVulnerabilityStore() *InMemoryVulnerabilityStore
NewInMemoryVulnerabilityStore creates a new in-memory vulnerability store
func (*InMemoryVulnerabilityStore) Close ¶
func (s *InMemoryVulnerabilityStore) Close() error
Close closes the store
func (*InMemoryVulnerabilityStore) CreateVulnerability ¶
func (s *InMemoryVulnerabilityStore) CreateVulnerability(ctx context.Context, vulnerability *common.Vulnerability) error
CreateVulnerability creates a new vulnerability
func (*InMemoryVulnerabilityStore) DeleteVulnerability ¶
func (s *InMemoryVulnerabilityStore) DeleteVulnerability(ctx context.Context, id string) error
DeleteVulnerability deletes a vulnerability by ID
func (*InMemoryVulnerabilityStore) GetVulnerabilityByID ¶
func (s *InMemoryVulnerabilityStore) GetVulnerabilityByID(ctx context.Context, id string) (*common.Vulnerability, error)
GetVulnerabilityByID retrieves a vulnerability by ID
func (*InMemoryVulnerabilityStore) ListVulnerabilities ¶
func (s *InMemoryVulnerabilityStore) ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*common.Vulnerability, int, error)
ListVulnerabilities lists vulnerabilities
func (*InMemoryVulnerabilityStore) UpdateVulnerability ¶
func (s *InMemoryVulnerabilityStore) UpdateVulnerability(ctx context.Context, vulnerability *common.Vulnerability) error
UpdateVulnerability updates an existing vulnerability
type InMemoryVulnerabilityStoreAdapter ¶
type InMemoryVulnerabilityStoreAdapter struct {
// contains filtered or unexported fields
}
InMemoryVulnerabilityStoreAdapter is an in-memory implementation of interfaces.VulnerabilityStore
func (*InMemoryVulnerabilityStoreAdapter) Close ¶
func (s *InMemoryVulnerabilityStoreAdapter) Close() error
Close closes the vulnerability store
func (*InMemoryVulnerabilityStoreAdapter) CreateVulnerability ¶
func (s *InMemoryVulnerabilityStoreAdapter) CreateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error
CreateVulnerability creates a new vulnerability
func (*InMemoryVulnerabilityStoreAdapter) DeleteVulnerability ¶
func (s *InMemoryVulnerabilityStoreAdapter) DeleteVulnerability(ctx context.Context, id string) error
DeleteVulnerability deletes a vulnerability
func (*InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByCVE ¶
func (s *InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByCVE(ctx context.Context, cve string) (*models.Vulnerability, error)
GetVulnerabilityByCVE retrieves a vulnerability by CVE ID
func (*InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByID ¶
func (s *InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByID(ctx context.Context, id string) (*models.Vulnerability, error)
GetVulnerabilityByID retrieves a vulnerability by ID
func (*InMemoryVulnerabilityStoreAdapter) ListVulnerabilities ¶
func (s *InMemoryVulnerabilityStoreAdapter) ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)
ListVulnerabilities lists vulnerabilities with optional filtering
func (*InMemoryVulnerabilityStoreAdapter) UpdateVulnerability ¶
func (s *InMemoryVulnerabilityStoreAdapter) UpdateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error
UpdateVulnerability updates a vulnerability
type InMemoryVulnerabilityStoreModels ¶
type InMemoryVulnerabilityStoreModels struct {
// contains filtered or unexported fields
}
InMemoryVulnerabilityStoreModels is an in-memory implementation of the VulnerabilityStore interface using models
func (*InMemoryVulnerabilityStoreModels) CreateVulnerability ¶
func (s *InMemoryVulnerabilityStoreModels) CreateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error
CreateVulnerability creates a new security vulnerability
func (*InMemoryVulnerabilityStoreModels) GetVulnerabilityByID ¶
func (s *InMemoryVulnerabilityStoreModels) GetVulnerabilityByID(ctx context.Context, vulnerabilityID string) (*models.Vulnerability, error)
GetVulnerabilityByID retrieves a security vulnerability by ID
func (*InMemoryVulnerabilityStoreModels) ListVulnerabilities ¶
func (s *InMemoryVulnerabilityStoreModels) ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)
ListVulnerabilities lists security vulnerabilities with optional filtering
func (*InMemoryVulnerabilityStoreModels) UpdateVulnerability ¶
func (s *InMemoryVulnerabilityStoreModels) UpdateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error
UpdateVulnerability updates a security vulnerability
type IncidentFilter ¶
type IncidentFilter struct {
Severity string `json:"severity,omitempty"`
Status string `json:"status,omitempty"`
AssigneeID string `json:"assignee_id,omitempty"`
ReportedAfter string `json:"reported_after,omitempty"`
SortBy string `json:"sort_by,omitempty"`
SortOrder string `json:"sort_order,omitempty"`
Offset int `json:"offset,omitempty"`
Limit int `json:"limit,omitempty"`
}
IncidentFilter defines filters for querying security incidents
type IncidentStatus ¶
type IncidentStatus string
IncidentStatus represents the status of a security incident
const ( IncidentStatusNew IncidentStatus = "new" IncidentStatusInProgress IncidentStatus = "in_progress" IncidentStatusResolved IncidentStatus = "resolved" IncidentStatusClosed IncidentStatus = "closed" IncidentStatusDuplicate IncidentStatus = "duplicate" )
Incident statuses
type IncidentStore ¶
type IncidentStore interface {
CreateIncident(ctx context.Context, incident *SecurityIncident) error
GetIncident(ctx context.Context, id string) (*SecurityIncident, error)
UpdateIncident(ctx context.Context, incident *SecurityIncident) error
DeleteIncident(ctx context.Context, id string) error
ListIncidents(ctx context.Context, filter *LocalIncidentFilter) ([]*SecurityIncident, error)
}
IncidentStore defines the interface for security incident storage
type LegacyAuditLogger ¶
type LegacyAuditLogger interface {
// LogAudit logs an audit event
LogAudit(log *models.AuditLog) error
// GetAuditLogs gets audit logs
GetAuditLogs(filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)
// Close closes the audit logger
Close() error
}
LegacyAuditLogger defines the interface for audit logging (legacy)
type LegacyAuthManager ¶
type LegacyAuthManager struct {
// contains filtered or unexported fields
}
LegacyAuthManager manages authentication and session management (legacy version)
func NewLegacyAuthManager ¶
func NewLegacyAuthManager(config *AccessControlConfig, userStore UserStore, sessionStore SessionStore, auditLogger AuditLogger) *LegacyAuthManager
NewLegacyAuthManager creates a new legacy authentication manager
func NewLegacyAuthManagerWithMFA ¶
func NewLegacyAuthManagerWithMFA(config *AccessControlConfig, userStore UserStore, sessionStore SessionStore, auditLogger AuditLogger, mfaManager mfa.MFAManager) *LegacyAuthManager
NewLegacyAuthManagerWithMFA creates a new legacy authentication manager with MFA support
func (*LegacyAuthManager) CreateUser ¶
func (m *LegacyAuthManager) CreateUser(ctx context.Context, username, email, password string, roles []string) (*User, error)
CreateUser creates a new user
func (*LegacyAuthManager) DisableMFA ¶
func (m *LegacyAuthManager) DisableMFA(ctx context.Context, userID string, method common.AuthMethod) error
DisableMFA disables multi-factor authentication for a user
func (*LegacyAuthManager) EnableMFA ¶
func (m *LegacyAuthManager) EnableMFA(ctx context.Context, userID string, method common.AuthMethod) error
EnableMFA enables multi-factor authentication for a user
func (*LegacyAuthManager) Login ¶
func (m *LegacyAuthManager) Login(ctx context.Context, username, password string, ipAddress, userAgent string) (*Session, error)
Login authenticates a user and creates a new session
func (*LegacyAuthManager) Logout ¶
func (m *LegacyAuthManager) Logout(ctx context.Context, sessionID string) error
Logout logs out a user by invalidating their session
func (*LegacyAuthManager) RefreshSession ¶
func (m *LegacyAuthManager) RefreshSession(ctx context.Context, sessionID, refreshToken string, ipAddress, userAgent string) (*Session, error)
RefreshSession refreshes a session and returns a new token
func (*LegacyAuthManager) UpdateUserPassword ¶
func (m *LegacyAuthManager) UpdateUserPassword(ctx context.Context, userID, currentPassword, newPassword string) error
UpdateUserPassword updates a user's password
func (*LegacyAuthManager) ValidateSession ¶
func (m *LegacyAuthManager) ValidateSession(ctx context.Context, sessionID, token string, ipAddress, userAgent string) (*User, error)
ValidateSession validates a session and returns the associated user
type LegacyAuthManagerInterface ¶
type LegacyAuthManagerInterface interface {
// Login authenticates a user
Login(username, password string) (*models.Session, error)
// Logout logs out a user
Logout(sessionID string) error
// ValidateSession validates a session
ValidateSession(sessionID string) (*models.Session, error)
// RefreshSession refreshes a session
RefreshSession(sessionID string) (*models.Session, error)
// ChangePassword changes a user's password
ChangePassword(userID, oldPassword, newPassword string) error
// ResetPassword resets a user's password
ResetPassword(userID, newPassword string) error
// Close closes the auth manager
Close() error
}
LegacyAuthManagerInterface defines the interface for authentication (legacy)
type LocalInMemoryIncidentStore ¶
type LocalInMemoryIncidentStore struct {
// contains filtered or unexported fields
}
LocalInMemoryIncidentStore is a simple in-memory implementation of IncidentStore
func NewLocalInMemoryIncidentStore ¶
func NewLocalInMemoryIncidentStore() *LocalInMemoryIncidentStore
NewLocalInMemoryIncidentStore creates a new local in-memory incident store
func (*LocalInMemoryIncidentStore) CreateIncident ¶
func (s *LocalInMemoryIncidentStore) CreateIncident(ctx context.Context, incident *SecurityIncident) error
CreateIncident creates a new security incident
func (*LocalInMemoryIncidentStore) DeleteIncident ¶
func (s *LocalInMemoryIncidentStore) DeleteIncident(ctx context.Context, id string) error
DeleteIncident deletes a security incident by ID
func (*LocalInMemoryIncidentStore) GetIncident ¶
func (s *LocalInMemoryIncidentStore) GetIncident(ctx context.Context, id string) (*SecurityIncident, error)
GetIncident retrieves a security incident by ID
func (*LocalInMemoryIncidentStore) ListIncidents ¶
func (s *LocalInMemoryIncidentStore) ListIncidents(ctx context.Context, filter *LocalIncidentFilter) ([]*SecurityIncident, error)
ListIncidents lists security incidents based on filters
func (*LocalInMemoryIncidentStore) UpdateIncident ¶
func (s *LocalInMemoryIncidentStore) UpdateIncident(ctx context.Context, incident *SecurityIncident) error
UpdateIncident updates an existing security incident
type LocalInMemoryVulnerabilityStore ¶
type LocalInMemoryVulnerabilityStore struct {
// contains filtered or unexported fields
}
LocalInMemoryVulnerabilityStore is a simple in-memory implementation of VulnerabilityStore
func NewLocalInMemoryVulnerabilityStore ¶
func NewLocalInMemoryVulnerabilityStore() *LocalInMemoryVulnerabilityStore
NewLocalInMemoryVulnerabilityStore creates a new local in-memory vulnerability store
func (*LocalInMemoryVulnerabilityStore) CreateVulnerability ¶
func (s *LocalInMemoryVulnerabilityStore) CreateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
CreateVulnerability creates a new vulnerability
func (*LocalInMemoryVulnerabilityStore) DeleteVulnerability ¶
func (s *LocalInMemoryVulnerabilityStore) DeleteVulnerability(ctx context.Context, id string) error
DeleteVulnerability deletes a vulnerability by ID
func (*LocalInMemoryVulnerabilityStore) GetVulnerability ¶
func (s *LocalInMemoryVulnerabilityStore) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)
GetVulnerability retrieves a vulnerability by ID
func (*LocalInMemoryVulnerabilityStore) ListVulnerabilities ¶
func (s *LocalInMemoryVulnerabilityStore) ListVulnerabilities(ctx context.Context, filter *LocalVulnerabilityFilter) ([]*Vulnerability, error)
ListVulnerabilities lists vulnerabilities based on filters
func (*LocalInMemoryVulnerabilityStore) UpdateVulnerability ¶
func (s *LocalInMemoryVulnerabilityStore) UpdateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
UpdateVulnerability updates an existing vulnerability
type LocalIncidentFilter ¶
type LocalIncidentFilter struct {
Severity AuditSeverity `json:"severity,omitempty"`
Status IncidentStatus `json:"status,omitempty"`
AssignedTo string `json:"assigned_to,omitempty"`
ReportedBy string `json:"reported_by,omitempty"`
StartTime time.Time `json:"start_time,omitempty"`
EndTime time.Time `json:"end_time,omitempty"`
Limit int `json:"limit,omitempty"`
Offset int `json:"offset,omitempty"`
}
LocalIncidentFilter defines filters for querying security incidents (local version)
type LocalVulnerabilityFilter ¶
type LocalVulnerabilityFilter struct {
Severity AuditSeverity `json:"severity,omitempty"`
Status VulnerabilityStatus `json:"status,omitempty"`
AssignedTo string `json:"assigned_to,omitempty"`
ReportedBy string `json:"reported_by,omitempty"`
AffectedSystem string `json:"affected_system,omitempty"`
CVE string `json:"cve,omitempty"`
StartTime time.Time `json:"start_time,omitempty"`
EndTime time.Time `json:"end_time,omitempty"`
Limit int `json:"limit,omitempty"`
Offset int `json:"offset,omitempty"`
}
LocalVulnerabilityFilter defines filters for querying vulnerabilities (local version)
type LoginResult ¶
type LoginResult struct {
User *models.User `json:"user"`
Session *models.Session `json:"session"`
Token string `json:"token,omitempty"` // Convenience field, same as Session.Token
RefreshToken string `json:"refresh_token,omitempty"` // Convenience field, same as Session.RefreshToken
}
LoginResult represents the result of a successful login attempt
type MFAContextKey ¶
type MFAContextKey string
MFAContextKey is the key used to store MFA information in the context
const ( // MFAStatusKey is the key for MFA status in context MFAStatusKey MFAContextKey = "mfa_status" // MFAMethodKey is the key for MFA method in context MFAMethodKey MFAContextKey = "mfa_method" // MFAUserIDKey is the key for user ID in MFA context MFAUserIDKey MFAContextKey = "mfa_user_id" )
type MFAMiddleware ¶
type MFAMiddleware struct {
// contains filtered or unexported fields
}
MFAMiddleware represents middleware for MFA verification
func NewMFAMiddleware ¶
func NewMFAMiddleware(authManager *AuthManager) *MFAMiddleware
NewMFAMiddleware creates a new MFA middleware
func (*MFAMiddleware) ConditionalMFA ¶
func (m *MFAMiddleware) ConditionalMFA(condition MFARequiredFunc, next http.Handler) http.Handler
ConditionalMFA creates middleware that requires MFA only if the condition function returns true
func (*MFAMiddleware) MFAByRole ¶
MFAByRole creates middleware that requires MFA for users with specific roles
func (*MFAMiddleware) MFAVerifyHandler ¶
func (m *MFAMiddleware) MFAVerifyHandler(w http.ResponseWriter, r *http.Request)
MFAVerifyHandler handles MFA verification
func (*MFAMiddleware) OptionalMFA ¶
func (m *MFAMiddleware) OptionalMFA(next http.Handler) http.Handler
OptionalMFA creates middleware that adds MFA status to context but doesn't require it
func (*MFAMiddleware) RequireMFA ¶
func (m *MFAMiddleware) RequireMFA(next http.Handler) http.Handler
RequireMFA creates middleware that requires MFA verification
type MFARequiredFunc ¶
MFARequiredFunc is a function that determines if MFA is required for a request
type MFAStatus ¶
type MFAStatus string
MFAStatus represents the status of MFA verification
const ( // MFAStatusRequired indicates that MFA is required but not completed MFAStatusRequired MFAStatus = "required" // MFAStatusCompleted indicates that MFA has been completed MFAStatusCompleted MFAStatus = "completed" // MFAStatusNotRequired indicates that MFA is not required MFAStatusNotRequired MFAStatus = "not_required" )
type MultiAuditLogger ¶
type MultiAuditLogger struct {
// contains filtered or unexported fields
}
MultiAuditLogger is an implementation of AuditLogger that logs to multiple loggers
func NewMultiAuditLogger ¶
func NewMultiAuditLogger(loggers ...AuditLogger) *MultiAuditLogger
NewMultiAuditLogger creates a new multi-logger
func (*MultiAuditLogger) Close ¶
func (l *MultiAuditLogger) Close(ctx context.Context) error
Close closes all loggers
func (*MultiAuditLogger) GetAuditLogByID ¶
GetAuditLogByID retrieves an audit log by ID from the primary logger
func (*MultiAuditLogger) GetAuditLogs ¶
func (l *MultiAuditLogger) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)
GetAuditLogs retrieves audit logs from the primary logger
func (*MultiAuditLogger) Initialize ¶
func (l *MultiAuditLogger) Initialize(ctx context.Context) error
Initialize initializes all loggers
type PasswordPolicy ¶
type PasswordPolicy struct {
// MinLength is the minimum password length
MinLength int `json:"min_length"`
// RequireUppercase requires at least one uppercase letter
RequireUppercase bool `json:"require_uppercase"`
// RequireLowercase requires at least one lowercase letter
RequireLowercase bool `json:"require_lowercase"`
// RequireNumbers requires at least one number
RequireNumbers bool `json:"require_numbers"`
// RequireSpecialChars requires at least one special character
RequireSpecialChars bool `json:"require_special_chars"`
// MaxAge is the maximum password age in days (0 = no expiration)
MaxAge int `json:"max_age"`
// PreventReuseCount prevents reusing the last N passwords
PreventReuseCount int `json:"prevent_reuse_count"`
// LockoutThreshold is the number of failed login attempts before account lockout
LockoutThreshold int `json:"lockout_threshold"`
// LockoutDuration is the duration of account lockout in minutes
LockoutDuration int `json:"lockout_duration"`
}
PasswordPolicy defines password requirements
type Permission ¶
type Permission = string
Permission represents a specific permission in the system
type PersistentSessionStore ¶
type PersistentSessionStore interface {
SessionStore
Initialize(ctx context.Context) error
CloseWithContext(ctx context.Context) error
}
PersistentSessionStore is an interface for session stores that persist data
type RBACConfig ¶
type RBACConfig struct {
DefaultRoles []string `json:"default_roles"`
RolePermissions map[string][]string `json:"role_permissions"`
RoleHierarchy map[string][]string `json:"role_hierarchy"`
CustomRoles []Role `json:"custom_roles"`
}
RBACConfig represents the configuration for role-based access control
func NewRBACConfig ¶
func NewRBACConfig() *RBACConfig
NewRBACConfig creates a new RBAC configuration with default values
type RBACConfigSettings ¶
type RBACConfigSettings struct {
// DefaultRoles specifies the default roles available in the system
DefaultRoles []string `json:"default_roles"`
// RolePermissions maps role names to their permissions
RolePermissions map[string][]string `json:"role_permissions"`
// StrictHierarchy enables strict role hierarchy enforcement
StrictHierarchy bool `json:"strict_hierarchy"`
// AllowDirectPermissions allows direct permission assignments to users
AllowDirectPermissions bool `json:"allow_direct_permissions"`
}
RBACConfigSettings defines RBAC-specific configuration settings
type RBACManager ¶
type RBACManager interface {
// HasPermission checks if a user has a permission
HasPermission(userID string, permission string) (bool, error)
// HasRole checks if a user has a role
HasRole(userID string, role string) (bool, error)
// AddRoleToUser adds a role to a user
AddRoleToUser(userID string, role string) error
// RemoveRoleFromUser removes a role from a user
RemoveRoleFromUser(userID string, role string) error
// GetUserRoles gets a user's roles
GetUserRoles(userID string) ([]string, error)
// GetUserPermissions gets a user's permissions
GetUserPermissions(userID string) ([]string, error)
// Close closes the RBAC manager
Close() error
}
RBACManager defines the interface for role-based access control
type RBACManagerAdapter ¶
type RBACManagerAdapter struct {
// contains filtered or unexported fields
}
RBACManagerAdapter wraps SimpleRBACManager to implement the RBACManager interface
func NewRBACManagerAdapter ¶
func NewRBACManagerAdapter(manager *SimpleRBACManager) *RBACManagerAdapter
NewRBACManagerAdapter creates a new RBAC manager adapter
func (*RBACManagerAdapter) AddRoleToUser ¶
func (a *RBACManagerAdapter) AddRoleToUser(userID string, role string) error
AddRoleToUser adds a role to a user
func (*RBACManagerAdapter) Close ¶
func (a *RBACManagerAdapter) Close() error
Close closes the RBAC manager
func (*RBACManagerAdapter) GetUserPermissions ¶
func (a *RBACManagerAdapter) GetUserPermissions(userID string) ([]string, error)
GetUserPermissions gets a user's permissions
func (*RBACManagerAdapter) GetUserRoles ¶
func (a *RBACManagerAdapter) GetUserRoles(userID string) ([]string, error)
GetUserRoles gets a user's roles
func (*RBACManagerAdapter) HasPermission ¶
func (a *RBACManagerAdapter) HasPermission(userID string, permission string) (bool, error)
HasPermission checks if a user has a permission
func (*RBACManagerAdapter) HasRole ¶
func (a *RBACManagerAdapter) HasRole(userID string, role string) (bool, error)
HasRole checks if a user has a role
func (*RBACManagerAdapter) RemoveRoleFromUser ¶
func (a *RBACManagerAdapter) RemoveRoleFromUser(userID string, role string) error
RemoveRoleFromUser removes a role from a user
type RBACManagerImpl ¶
type RBACManagerImpl struct {
// contains filtered or unexported fields
}
RBACManagerImpl implements the RBACManager interface
func NewRBACManagerImpl ¶
func NewRBACManagerImpl(userManager UserManager, roleStore RoleStore, auditLogger AuditLogger) *RBACManagerImpl
NewRBACManagerImpl creates a new RBAC manager implementation
func (*RBACManagerImpl) AddRoleToUser ¶
AddRoleToUser adds a role to a user
func (*RBACManagerImpl) Close ¶
func (m *RBACManagerImpl) Close() error
Close closes the RBAC manager
func (*RBACManagerImpl) GetUserPermissions ¶
GetUserPermissions gets a user's permissions
func (*RBACManagerImpl) GetUserRoles ¶
GetUserRoles gets a user's roles
func (*RBACManagerImpl) HasPermission ¶
func (m *RBACManagerImpl) HasPermission(ctx context.Context, userID string, permission string) (bool, error)
HasPermission checks if a user has a permission
func (*RBACManagerImpl) Initialize ¶
func (m *RBACManagerImpl) Initialize(ctx context.Context) error
Initialize initializes the RBAC manager
func (*RBACManagerImpl) RemoveRoleFromUser ¶
RemoveRoleFromUser removes a role from a user
type RequestContext ¶
type RequestContext interface {
context.Context
GetUserID() string
GetUsername() string
GetIPAddress() string
GetUserAgent() string
}
RequestContext is an interface that extends the standard context.Context to provide additional methods for access control operations
func NewRequestContext ¶
func NewRequestContext(ctx context.Context, userID, username, ipAddress, userAgent string) RequestContext
NewRequestContext creates a new RequestContext
type Role ¶
type Role struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Permissions []string `json:"permissions"`
ParentRoles []string `json:"parent_roles,omitempty"`
IsBuiltIn bool `json:"is_built_in"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
Role represents a role in the system with associated permissions
type RoleStore ¶
type RoleStore interface {
// GetUserRoles gets a user's roles
GetUserRoles(ctx context.Context, userID string) ([]string, error)
// AddRoleToUser adds a role to a user
AddRoleToUser(ctx context.Context, userID, role string) error
// RemoveRoleFromUser removes a role from a user
RemoveRoleFromUser(ctx context.Context, userID, role string) error
// GetRolePermissions gets the permissions for a role
GetRolePermissions(ctx context.Context, role string) ([]string, error)
// AddPermissionToRole adds a permission to a role
AddPermissionToRole(ctx context.Context, role, permission string) error
// RemovePermissionFromRole removes a permission from a role
RemovePermissionFromRole(ctx context.Context, role, permission string) error
// GetAllRoles gets all roles
GetAllRoles(ctx context.Context) ([]string, error)
// GetAllPermissions gets all permissions
GetAllPermissions(ctx context.Context) ([]string, error)
}
RoleStore defines the interface for storing and retrieving roles and permissions
type SecurityConfig ¶
type SecurityConfig struct {
// Security incident management
IncidentNotificationEmails []string
IncidentEscalationThreshold common.AuditSeverity
IncidentAutoClose time.Duration
// Vulnerability management
VulnerabilityCheckPeriod time.Duration
VulnerabilityNotificationEmails []string
}
SecurityConfig contains security configuration
type SecurityIncident ¶
type SecurityIncident struct {
ID string `json:"id"`
Title string `json:"title"`
Description string `json:"description"`
Severity AuditSeverity `json:"severity"`
Status IncidentStatus `json:"status"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
ResolvedAt time.Time `json:"resolved_at,omitempty"`
AssignedTo string `json:"assigned_to,omitempty"`
ReportedBy string `json:"reported_by,omitempty"`
AuditLogIDs []string `json:"audit_log_ids,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
SecurityIncident represents a security incident
type SecurityIncidentConfig ¶
type SecurityIncidentConfig struct {
// EnableIncidentTracking enables security incident tracking
EnableIncidentTracking bool `json:"enable_incident_tracking"`
// AutoCreateIncidents automatically creates incidents for high-severity events
AutoCreateIncidents bool `json:"auto_create_incidents"`
// NotificationEmails are email addresses to notify for security incidents
NotificationEmails []string `json:"notification_emails"`
// EscalationThreshold is the severity threshold for incident escalation
EscalationThreshold AuditSeverity `json:"escalation_threshold"`
// ResponseTimeoutMinutes is the maximum response time for incidents in minutes
ResponseTimeoutMinutes int `json:"response_timeout_minutes"`
}
SecurityIncidentConfig defines security incident management settings
type SecurityManager ¶
type SecurityManager interface {
// ReportIncident reports a security incident
ReportIncident(title, description string, severity models.SecurityIncidentSeverity) (*models.SecurityIncident, error)
// GetIncident retrieves a security incident by ID
GetIncident(incidentID string) (*models.SecurityIncident, error)
// UpdateIncident updates a security incident
UpdateIncident(incident *models.SecurityIncident) error
// CloseIncident closes a security incident
CloseIncident(incidentID, resolution string) error
// ListIncidents lists security incidents
ListIncidents(filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)
// ReportVulnerability reports a security vulnerability
ReportVulnerability(title, description string, severity models.VulnerabilitySeverity) (*models.Vulnerability, error)
// GetVulnerability retrieves a security vulnerability by ID
GetVulnerability(vulnerabilityID string) (*models.Vulnerability, error)
// UpdateVulnerability updates a security vulnerability
UpdateVulnerability(vulnerability *models.Vulnerability) error
// MitigateVulnerability marks a security vulnerability as mitigated
MitigateVulnerability(vulnerabilityID, mitigation string) error
// ResolveVulnerability marks a security vulnerability as resolved
ResolveVulnerability(vulnerabilityID string) error
// ListVulnerabilities lists security vulnerabilities
ListVulnerabilities(filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)
// Close closes the security manager
Close() error
}
SecurityManager defines the interface for managing security incidents and vulnerabilities
type SecurityManagerAdapter ¶
type SecurityManagerAdapter struct {
// contains filtered or unexported fields
}
SecurityManagerAdapter wraps BasicSecurityManager to implement the SecurityManager interface
func NewSecurityManagerAdapter ¶
func NewSecurityManagerAdapter(impl *BasicSecurityManager) *SecurityManagerAdapter
NewSecurityManagerAdapter creates a new security manager adapter
func (*SecurityManagerAdapter) Close ¶
func (a *SecurityManagerAdapter) Close() error
Close closes the security manager
func (*SecurityManagerAdapter) CloseIncident ¶
func (a *SecurityManagerAdapter) CloseIncident(incidentID, resolution string) error
CloseIncident closes a security incident
func (*SecurityManagerAdapter) GetIncident ¶
func (a *SecurityManagerAdapter) GetIncident(incidentID string) (*models.SecurityIncident, error)
GetIncident retrieves a security incident by ID
func (*SecurityManagerAdapter) GetVulnerability ¶
func (a *SecurityManagerAdapter) GetVulnerability(vulnerabilityID string) (*models.Vulnerability, error)
GetVulnerability retrieves a security vulnerability by ID
func (*SecurityManagerAdapter) ListIncidents ¶
func (a *SecurityManagerAdapter) ListIncidents(filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)
ListIncidents lists security incidents
func (*SecurityManagerAdapter) ListVulnerabilities ¶
func (a *SecurityManagerAdapter) ListVulnerabilities(filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)
ListVulnerabilities lists security vulnerabilities
func (*SecurityManagerAdapter) MitigateVulnerability ¶
func (a *SecurityManagerAdapter) MitigateVulnerability(vulnerabilityID, mitigation string) error
MitigateVulnerability marks a security vulnerability as mitigated
func (*SecurityManagerAdapter) ReportIncident ¶
func (a *SecurityManagerAdapter) ReportIncident(title, description string, severity models.SecurityIncidentSeverity) (*models.SecurityIncident, error)
ReportIncident reports a security incident
func (*SecurityManagerAdapter) ReportVulnerability ¶
func (a *SecurityManagerAdapter) ReportVulnerability(title, description string, severity models.VulnerabilitySeverity) (*models.Vulnerability, error)
ReportVulnerability reports a security vulnerability
func (*SecurityManagerAdapter) ResolveVulnerability ¶
func (a *SecurityManagerAdapter) ResolveVulnerability(vulnerabilityID string) error
ResolveVulnerability marks a security vulnerability as resolved
func (*SecurityManagerAdapter) UpdateIncident ¶
func (a *SecurityManagerAdapter) UpdateIncident(incident *models.SecurityIncident) error
UpdateIncident updates a security incident
func (*SecurityManagerAdapter) UpdateVulnerability ¶
func (a *SecurityManagerAdapter) UpdateVulnerability(vulnerability *models.Vulnerability) error
UpdateVulnerability updates a security vulnerability
type Session ¶
type Session struct {
ID string `json:"id"`
UserID string `json:"user_id"`
Token string `json:"token"`
RefreshToken string `json:"refresh_token,omitempty"`
IPAddress string `json:"ip_address"`
UserAgent string `json:"user_agent"`
ExpiresAt time.Time `json:"expires_at"`
LastActivity time.Time `json:"last_activity"`
MFACompleted bool `json:"mfa_completed"`
CreatedAt time.Time `json:"created_at"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
Session represents a user session
type SessionFilter ¶
type SessionFilter struct {
UserID string `json:"user_id,omitempty"`
IPAddress string `json:"ip_address,omitempty"`
UserAgent string `json:"user_agent,omitempty"`
MFACompleted *bool `json:"mfa_completed,omitempty"`
Active *bool `json:"active,omitempty"`
CreatedAfter string `json:"created_after,omitempty"`
CreatedBefore string `json:"created_before,omitempty"`
SortBy string `json:"sort_by,omitempty"`
SortOrder string `json:"sort_order,omitempty"`
Offset int `json:"offset,omitempty"`
Limit int `json:"limit,omitempty"`
}
SessionFilter defines filters for querying sessions
type SessionManager ¶
type SessionManager struct {
// contains filtered or unexported fields
}
SessionManager manages user sessions
func NewSessionManager ¶
func NewSessionManager(store SessionStore, config *SessionPolicy, auditLogger AuditLogger) *SessionManager
NewSessionManager creates a new session manager
func (*SessionManager) CreateSession ¶
func (m *SessionManager) CreateSession(ctx context.Context, userID, ipAddress, userAgent string, mfaCompleted bool) (*Session, error)
CreateSession creates a new session
func (*SessionManager) GetSessionFromContext ¶
func (m *SessionManager) GetSessionFromContext(ctx context.Context) (*Session, error)
GetSessionFromContext extracts a session from the request context
func (*SessionManager) GetUserSessions ¶
GetUserSessions retrieves all sessions for a user
func (*SessionManager) InvalidateSession ¶
func (m *SessionManager) InvalidateSession(ctx context.Context, sessionID string) error
InvalidateSession invalidates a session
func (*SessionManager) InvalidateUserSessions ¶
func (m *SessionManager) InvalidateUserSessions(ctx context.Context, userID string) error
InvalidateUserSessions invalidates all sessions for a user
func (*SessionManager) RefreshSession ¶
func (m *SessionManager) RefreshSession(ctx context.Context, sessionID, refreshToken string) (*Session, error)
RefreshSession refreshes a session and returns a new token
func (*SessionManager) ValidateSession ¶
func (m *SessionManager) ValidateSession(ctx context.Context, sessionID, token string, ipAddress, userAgent string) (*Session, error)
ValidateSession validates a session
type SessionPolicy ¶
type SessionPolicy struct {
// TokenExpiration is the token expiration time in minutes
TokenExpiration int `json:"token_expiration"`
// RefreshTokenExpiration is the refresh token expiration time in minutes
RefreshTokenExpiration int `json:"refresh_token_expiration"`
// InactivityTimeout is the session inactivity timeout in minutes
InactivityTimeout int `json:"inactivity_timeout"`
// MaxConcurrentSessions is the maximum number of concurrent sessions per user
MaxConcurrentSessions int `json:"max_concurrent_sessions"`
// EnforceIPBinding enforces session binding to IP address
EnforceIPBinding bool `json:"enforce_ip_binding"`
// EnforceUserAgentBinding enforces session binding to user agent
EnforceUserAgentBinding bool `json:"enforce_user_agent_binding"`
// CleanupInterval is the interval for cleaning up expired sessions in minutes
CleanupInterval int `json:"cleanup_interval"`
}
SessionPolicy defines session management settings
type SessionStore ¶
type SessionStore interface {
// CreateSession creates a new session
CreateSession(ctx context.Context, session *Session) error
// GetSession retrieves a session by ID
GetSession(ctx context.Context, id string) (*Session, error)
// UpdateSession updates an existing session
UpdateSession(ctx context.Context, session *Session) error
// DeleteSession deletes a session by ID
DeleteSession(ctx context.Context, id string) error
// GetUserSessions retrieves all sessions for a user
GetUserSessions(ctx context.Context, userID string) ([]*Session, error)
// CleanExpiredSessions removes all expired sessions
CleanExpiredSessions(ctx context.Context) error
// Close closes the store
Close() error
}
SessionStore defines the interface for session storage
type SimpleInMemorySessionStore ¶
type SimpleInMemorySessionStore struct {
// contains filtered or unexported fields
}
SimpleInMemorySessionStore is a simple in-memory implementation of SessionStore
func NewSimpleInMemorySessionStore ¶
func NewSimpleInMemorySessionStore() *SimpleInMemorySessionStore
NewSimpleInMemorySessionStore creates a new simple in-memory session store
func (*SimpleInMemorySessionStore) CleanExpiredSessions ¶
func (s *SimpleInMemorySessionStore) CleanExpiredSessions(ctx context.Context) error
CleanExpiredSessions removes expired sessions
func (*SimpleInMemorySessionStore) CreateSession ¶
func (s *SimpleInMemorySessionStore) CreateSession(ctx context.Context, session *Session) error
CreateSession creates a new session
func (*SimpleInMemorySessionStore) DeleteSession ¶
func (s *SimpleInMemorySessionStore) DeleteSession(ctx context.Context, id string) error
DeleteSession deletes a session by ID
func (*SimpleInMemorySessionStore) GetSession ¶
GetSession retrieves a session by ID
func (*SimpleInMemorySessionStore) GetUserSessions ¶
func (s *SimpleInMemorySessionStore) GetUserSessions(ctx context.Context, userID string) ([]*Session, error)
GetUserSessions retrieves all sessions for a user
func (*SimpleInMemorySessionStore) UpdateSession ¶
func (s *SimpleInMemorySessionStore) UpdateSession(ctx context.Context, session *Session) error
UpdateSession updates an existing session
type SimpleRBACManager ¶
type SimpleRBACManager struct {
// contains filtered or unexported fields
}
SimpleRBACManager manages role-based access control
func NewRBACManager ¶
func NewRBACManager(config *AccessControlConfig) *SimpleRBACManager
NewRBACManager creates a new RBAC manager
func NewSimpleRBACManager ¶
func NewSimpleRBACManager(config *AccessControlConfig) *SimpleRBACManager
NewSimpleRBACManager creates a new simple RBAC manager
func (*SimpleRBACManager) AddPermission ¶
func (m *SimpleRBACManager) AddPermission(permission Permission, description string) error
AddPermission adds a permission to the system
func (*SimpleRBACManager) AddPermissionToRole ¶
func (m *SimpleRBACManager) AddPermissionToRole(role string, permission Permission) error
AddPermissionToRole adds a permission to a role
func (*SimpleRBACManager) AddRole ¶
func (m *SimpleRBACManager) AddRole(role string, description string) error
AddRole adds a role with default permissions
func (*SimpleRBACManager) AddRolePermission ¶
func (m *SimpleRBACManager) AddRolePermission(ctx context.Context, role string, permission Permission) error
AddRolePermission adds a permission to a role
func (*SimpleRBACManager) AssignPermission ¶
func (m *SimpleRBACManager) AssignPermission(ctx context.Context, user *User, permission Permission) error
AssignPermission assigns a direct permission to a user
func (*SimpleRBACManager) AssignRole ¶
AssignRole assigns a role to a user
func (*SimpleRBACManager) Authorize ¶
func (m *SimpleRBACManager) Authorize(ctx context.Context, user *User, permission Permission) error
Authorize checks if a user is authorized to perform an action on a resource
func (*SimpleRBACManager) CreateRole ¶
func (m *SimpleRBACManager) CreateRole(ctx context.Context, role string, permissions []Permission) error
CreateRole creates a new role with the specified permissions
func (*SimpleRBACManager) DeleteRole ¶
func (m *SimpleRBACManager) DeleteRole(ctx context.Context, role string) error
DeleteRole deletes a role
func (*SimpleRBACManager) GetAllRoles ¶
func (m *SimpleRBACManager) GetAllRoles(ctx context.Context) []string
GetAllRoles gets all defined roles
func (*SimpleRBACManager) GetRolePermissions ¶
func (m *SimpleRBACManager) GetRolePermissions(ctx context.Context, role string) ([]Permission, error)
GetRolePermissions gets all permissions for a role
func (*SimpleRBACManager) GetUserPermissions ¶
func (m *SimpleRBACManager) GetUserPermissions(ctx context.Context, user *User) []Permission
GetUserPermissions gets all permissions for a user (both direct and role-based)
func (*SimpleRBACManager) HasPermission ¶
func (m *SimpleRBACManager) HasPermission(user *User, permission string) bool
HasPermission checks if a user has a specific permission
func (*SimpleRBACManager) HasPermissionWithContext ¶
func (m *SimpleRBACManager) HasPermissionWithContext(ctx context.Context, user *User, permission Permission) bool
HasPermissionWithContext checks if a user has a specific permission (with context)
func (*SimpleRBACManager) HasRole ¶
func (m *SimpleRBACManager) HasRole(user *User, role string) bool
HasRole checks if a user has a specific role
func (*SimpleRBACManager) HasRoleWithContext ¶
HasRoleWithContext checks if a user has a specific role (with context)
func (*SimpleRBACManager) RemoveRolePermission ¶
func (m *SimpleRBACManager) RemoveRolePermission(ctx context.Context, role string, permission Permission) error
RemoveRolePermission removes a permission from a role
func (*SimpleRBACManager) RequireAllPermissions ¶
func (m *SimpleRBACManager) RequireAllPermissions(permissions ...Permission) func(ctx context.Context, user *User) error
RequireAllPermissions is a middleware-style function that checks if a user has all of the specified permissions
func (*SimpleRBACManager) RequireAllRoles ¶
func (m *SimpleRBACManager) RequireAllRoles(roles ...string) func(ctx context.Context, user *User) error
RequireAllRoles is a middleware-style function that checks if a user has all of the specified roles
func (*SimpleRBACManager) RequireAnyPermission ¶
func (m *SimpleRBACManager) RequireAnyPermission(permissions ...Permission) func(ctx context.Context, user *User) error
RequireAnyPermission is a middleware-style function that checks if a user has any of the specified permissions
func (*SimpleRBACManager) RequireAnyRole ¶
func (m *SimpleRBACManager) RequireAnyRole(roles ...string) func(ctx context.Context, user *User) error
RequireAnyRole is a middleware-style function that checks if a user has any of the specified roles
func (*SimpleRBACManager) RequirePermission ¶
func (m *SimpleRBACManager) RequirePermission(permission Permission) func(ctx context.Context, user *User) error
RequirePermission is a middleware-style function that checks if a user has a permission
func (*SimpleRBACManager) RequireRole ¶
RequireRole is a middleware-style function that checks if a user has a role
func (*SimpleRBACManager) RevokePermission ¶
func (m *SimpleRBACManager) RevokePermission(ctx context.Context, user *User, permission Permission) error
RevokePermission revokes a direct permission from a user
func (*SimpleRBACManager) RevokeRole ¶
RevokeRole revokes a role from a user
type StubUserManager ¶
type StubUserManager struct{}
StubUserManager provides basic stub functionality
func (*StubUserManager) Close ¶
func (s *StubUserManager) Close() error
Close closes the user manager (stub implementation)
func (*StubUserManager) CreateUser ¶
func (s *StubUserManager) CreateUser(user *models.User) error
CreateUser creates a new user (stub implementation)
func (*StubUserManager) DeleteUser ¶
func (s *StubUserManager) DeleteUser(userID string) error
DeleteUser deletes a user (stub implementation)
func (*StubUserManager) GetUser ¶
func (s *StubUserManager) GetUser(userID string) (*models.User, error)
GetUser retrieves a user by ID (stub implementation)
func (*StubUserManager) GetUserByEmail ¶
func (s *StubUserManager) GetUserByEmail(email string) (*models.User, error)
GetUserByEmail retrieves a user by email (stub implementation)
func (*StubUserManager) GetUserByUsername ¶
func (s *StubUserManager) GetUserByUsername(username string) (*models.User, error)
GetUserByUsername retrieves a user by username (stub implementation)
func (*StubUserManager) ListUsers ¶
func (s *StubUserManager) ListUsers(filter map[string]interface{}, offset, limit int) ([]*models.User, int, error)
ListUsers lists users (stub implementation)
func (*StubUserManager) UpdateUser ¶
func (s *StubUserManager) UpdateUser(user *models.User) error
UpdateUser updates a user (stub implementation)
type TypesIncidentStore ¶
type TypesIncidentStore interface {
// CreateIncident creates a new security incident
CreateIncident(ctx context.Context, incident *SecurityIncident) error
// GetIncidentByID retrieves a security incident by ID
GetIncidentByID(ctx context.Context, id string) (*SecurityIncident, error)
// UpdateIncident updates an existing security incident
UpdateIncident(ctx context.Context, incident *SecurityIncident) error
// DeleteIncident deletes a security incident by ID
DeleteIncident(ctx context.Context, id string) error
// ListIncidents lists security incidents
ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*SecurityIncident, int, error)
// Close closes the store
Close() error
}
TypesIncidentStore defines the interface for security incident storage using types.SecurityIncident
type TypesRBACManager ¶
type TypesRBACManager struct {
// contains filtered or unexported fields
}
TypesRBACManager handles role-based access control with types config
func NewTypesRBACManager ¶
func NewTypesRBACManager(config *AccessControlConfig) *TypesRBACManager
NewTypesRBACManager creates a new RBAC manager with types config
func (*TypesRBACManager) AddPermissionToRole ¶
func (m *TypesRBACManager) AddPermissionToRole(ctx context.Context, role string, permission string) error
AddPermissionToRole adds a permission to a role
func (*TypesRBACManager) AddPermissionToUser ¶
func (m *TypesRBACManager) AddPermissionToUser(ctx context.Context, user *User, permission string) error
AddPermissionToUser adds a permission directly to a user
func (*TypesRBACManager) AddRole ¶
func (m *TypesRBACManager) AddRole(ctx context.Context, role string) error
AddRole adds a new role
func (*TypesRBACManager) AddRoleToUser ¶
AddRoleToUser adds a role to a user
func (*TypesRBACManager) GetRolePermissions ¶
GetRolePermissions returns the permissions for a role
func (*TypesRBACManager) GetRoles ¶
func (m *TypesRBACManager) GetRoles(ctx context.Context) []string
GetRoles returns all available roles
func (*TypesRBACManager) GetUserPermissions ¶
GetUserPermissions returns all permissions a user has
func (*TypesRBACManager) Initialize ¶
func (m *TypesRBACManager) Initialize(ctx context.Context) error
Initialize initializes the RBAC manager
func (*TypesRBACManager) RemovePermissionFromRole ¶
func (m *TypesRBACManager) RemovePermissionFromRole(ctx context.Context, role string, permission string) error
RemovePermissionFromRole removes a permission from a role
func (*TypesRBACManager) RemovePermissionFromUser ¶
func (m *TypesRBACManager) RemovePermissionFromUser(ctx context.Context, user *User, permission string) error
RemovePermissionFromUser removes a permission directly from a user
func (*TypesRBACManager) RemoveRole ¶
func (m *TypesRBACManager) RemoveRole(ctx context.Context, role string) error
RemoveRole removes a role
func (*TypesRBACManager) RemoveRoleFromUser ¶
RemoveRoleFromUser removes a role from a user
func (*TypesRBACManager) RoleHasPermission ¶
func (m *TypesRBACManager) RoleHasPermission(ctx context.Context, role string, permission string) (bool, error)
RoleHasPermission checks if a role has a specific permission
func (*TypesRBACManager) UserHasPermission ¶
func (m *TypesRBACManager) UserHasPermission(ctx context.Context, user *User, permission string) (bool, error)
UserHasPermission checks if a user has a specific permission
type TypesVulnerabilityStore ¶
type TypesVulnerabilityStore interface {
// CreateVulnerability creates a new vulnerability
CreateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
// GetVulnerabilityByID retrieves a vulnerability by ID
GetVulnerabilityByID(ctx context.Context, id string) (*Vulnerability, error)
// UpdateVulnerability updates an existing vulnerability
UpdateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
// DeleteVulnerability deletes a vulnerability by ID
DeleteVulnerability(ctx context.Context, id string) error
// ListVulnerabilities lists vulnerabilities
ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*Vulnerability, int, error)
// Close closes the store
Close() error
}
TypesVulnerabilityStore defines the interface for vulnerability storage using types.Vulnerability
type User ¶
type User struct {
// ID is the unique identifier for the user
ID string `json:"id"`
// Username is the username of the user
Username string `json:"username"`
// Email is the email address of the user
Email string `json:"email"`
// PasswordHash is the hashed password of the user
PasswordHash string `json:"-"`
// Enabled indicates if the user is enabled
Enabled bool `json:"enabled"`
// Active indicates if the user is active (alias for Enabled for compatibility)
Active bool `json:"active"`
// MFAEnabled indicates if MFA is enabled for the user
MFAEnabled bool `json:"mfa_enabled"`
// MFAMethods contains the enabled MFA methods for the user
MFAMethods []string `json:"mfa_methods"`
// MFAMethod is the default MFA method
MFAMethod string `json:"mfa_method,omitempty"`
// MFASecret is the MFA secret (for TOTP)
MFASecret string `json:"mfa_secret,omitempty"`
// Roles contains the user's roles
Roles []string `json:"roles"`
// Permissions contains the user's permissions
Permissions []string `json:"permissions,omitempty"`
// FailedLoginAttempts tracks failed login attempts
FailedLoginAttempts int `json:"failed_login_attempts"`
// Locked indicates if the user account is locked
Locked bool `json:"locked"`
// LastLogin is the timestamp of the last successful login
LastLogin time.Time `json:"last_login"`
// LastPasswordChange is the timestamp of the last password change
LastPasswordChange time.Time `json:"last_password_change"`
// CreatedAt is the timestamp when the user was created
CreatedAt time.Time `json:"created_at"`
// UpdatedAt is the timestamp when the user was last updated
UpdatedAt time.Time `json:"updated_at"`
// Metadata contains additional user metadata
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
User represents a user in the system
type UserFilter ¶
type UserFilter struct {
Username string `json:"username,omitempty"`
Email string `json:"email,omitempty"`
Roles []string `json:"roles,omitempty"`
Active *bool `json:"active,omitempty"`
Locked *bool `json:"locked,omitempty"`
SortBy string `json:"sort_by,omitempty"`
SortOrder string `json:"sort_order,omitempty"`
Offset int `json:"offset,omitempty"`
Limit int `json:"limit,omitempty"`
}
UserFilter defines filters for querying users
type UserManager ¶
type UserManager interface {
// CreateUser creates a new user
CreateUser(user *models.User) error
// GetUser retrieves a user by ID
GetUser(userID string) (*models.User, error)
// GetUserByUsername retrieves a user by username
GetUserByUsername(username string) (*models.User, error)
// GetUserByEmail retrieves a user by email
GetUserByEmail(email string) (*models.User, error)
// UpdateUser updates a user
UpdateUser(user *models.User) error
// DeleteUser deletes a user
DeleteUser(userID string) error
// ListUsers lists users
ListUsers(filter map[string]interface{}, offset, limit int) ([]*models.User, int, error)
// Close closes the user manager
Close() error
}
UserManager defines the interface for managing users
func NewUserManager ¶
func NewUserManager() UserManager
NewUserManager creates a new stub user manager
func NewUserManagerAdapter ¶
func NewUserManagerAdapter(manager UserManager) UserManager
NewUserManagerAdapter creates an adapter for the stub user manager
type UserStore ¶
type UserStore interface {
// CreateUser creates a new user
CreateUser(ctx context.Context, user *User) error
// GetUserByID retrieves a user by ID
GetUserByID(ctx context.Context, id string) (*User, error)
// GetUserByUsername retrieves a user by username
GetUserByUsername(ctx context.Context, username string) (*User, error)
// GetUserByEmail retrieves a user by email
GetUserByEmail(ctx context.Context, email string) (*User, error)
// UpdateUser updates an existing user
UpdateUser(ctx context.Context, user *User) error
// DeleteUser deletes a user by ID
DeleteUser(ctx context.Context, id string) error
// ListUsers lists all users
ListUsers(ctx context.Context) ([]*User, error)
// Close closes the store
Close() error
}
UserStore defines the interface for user storage
type Vulnerability ¶
type Vulnerability struct {
ID string `json:"id"`
Title string `json:"title"`
Description string `json:"description"`
Severity AuditSeverity `json:"severity"`
Status VulnerabilityStatus `json:"status"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
ResolvedAt time.Time `json:"resolved_at,omitempty"`
AssignedTo string `json:"assigned_to,omitempty"`
ReportedBy string `json:"reported_by,omitempty"`
AffectedSystem string `json:"affected_system,omitempty"`
CVE string `json:"cve,omitempty"`
RemediationPlan string `json:"remediation_plan,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
Vulnerability represents a security vulnerability
type VulnerabilityConfig ¶
type VulnerabilityConfig struct {
// EnableVulnerabilityTracking enables vulnerability tracking
EnableVulnerabilityTracking bool `json:"enable_vulnerability_tracking"`
// AutoScanEnabled enables automatic vulnerability scanning
AutoScanEnabled bool `json:"auto_scan_enabled"`
// ScanSchedule defines when automatic scans are performed
ScanSchedule string `json:"scan_schedule"`
// ReportRecipients are email addresses to receive vulnerability reports
ReportRecipients []string `json:"report_recipients"`
// RemediationDeadlineDays is the number of days to remediate vulnerabilities
RemediationDeadlineDays map[string]int `json:"remediation_deadline_days"`
}
VulnerabilityConfig defines vulnerability management settings
type VulnerabilityFilter ¶
type VulnerabilityFilter struct {
Severity string `json:"severity,omitempty"`
Status string `json:"status,omitempty"`
CveID string `json:"cve_id,omitempty"`
Component string `json:"component,omitempty"`
ReportedAfter string `json:"reported_after,omitempty"`
SortBy string `json:"sort_by,omitempty"`
SortOrder string `json:"sort_order,omitempty"`
Offset int `json:"offset,omitempty"`
Limit int `json:"limit,omitempty"`
}
VulnerabilityFilter defines filters for querying vulnerabilities
type VulnerabilityStatus ¶
type VulnerabilityStatus string
VulnerabilityStatus represents the status of a vulnerability
const ( VulnerabilityStatusNew VulnerabilityStatus = "new" VulnerabilityStatusValidated VulnerabilityStatus = "validated" VulnerabilityStatusInProgress VulnerabilityStatus = "in_progress" VulnerabilityStatusRemediated VulnerabilityStatus = "remediated" VulnerabilityStatusVerified VulnerabilityStatus = "verified" VulnerabilityStatusRejected VulnerabilityStatus = "rejected" VulnerabilityStatusDeferred VulnerabilityStatus = "deferred" )
Vulnerability statuses
type VulnerabilityStore ¶
type VulnerabilityStore interface {
CreateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)
UpdateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
DeleteVulnerability(ctx context.Context, id string) error
ListVulnerabilities(ctx context.Context, filter *LocalVulnerabilityFilter) ([]*Vulnerability, error)
}
VulnerabilityStore defines the interface for vulnerability storage
Source Files
¶
- access_control_system.go
- access_control_with_stores.go
- audit.go
- audit_logger_impl.go
- auth.go
- auth_manager.go
- auth_manager_impl.go
- auth_types.go
- boundary.go
- config.go
- constants.go
- factory.go
- filter_types.go
- in_memory_stores.go
- integration.go
- legacy_interfaces.go
- manager.go
- memory_stores.go
- mfa_context.go
- mfa_middleware.go
- rbac.go
- rbac_manager.go
- rbac_manager_impl.go
- request_context.go
- role.go
- security.go
- security_manager.go
- session.go
- store_interfaces.go
- stub_managers.go
- types.go
- user.go
- utils.go
Directories
¶
| Path | Synopsis |
|---|---|
|
Package adapters provides adapter implementations for security interfaces
|
Package adapters provides adapter implementations for security interfaces |
|
Package api provides a RESTful API for the access control system
|
Package api provides a RESTful API for the access control system |
|
Package audit provides comprehensive security audit logging functionality
|
Package audit provides comprehensive security audit logging functionality |
|
trail
Package trail provides a comprehensive audit trail system for tracking all operations
|
Package trail provides a comprehensive audit trail system for tracking all operations |
|
Package common provides common constants and utilities for the security access control system
|
Package common provides common constants and utilities for the security access control system |
|
Package converters provides conversion functions between different data models
|
Package converters provides conversion functions between different data models |
|
Package db provides database implementations for the access control system
|
Package db provides database implementations for the access control system |
|
adapter
Package adapter provides adapters for the access control system
|
Package adapter provides adapters for the access control system |
|
Package impl provides implementations of the security access interfaces
|
Package impl provides implementations of the security access interfaces |
|
Package interfaces defines common interfaces and types for the access control system
|
Package interfaces defines common interfaces and types for the access control system |
|
Package mfa provides multi-factor authentication functionality
|
Package mfa provides multi-factor authentication functionality |
|
Package models provides common data models for the security system
|
Package models provides common data models for the security system |
|
Package rbac provides enhanced role-based access control functionality
|
Package rbac provides enhanced role-based access control functionality |
|
Package tests provides testing utilities for the access control system
|
Package tests provides testing utilities for the access control system |
|
Package types defines common types for the security access control system
|
Package types defines common types for the security access control system |