access

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2025 License: MIT Imports: 27 Imported by: 0

README

Access Control System

This package provides a comprehensive access control system with role-based permissions, multi-factor authentication, and detailed security audit logging for the LLMrecon tool.

Features

Role-Based Access Control (RBAC)
  • Hierarchical role management
  • Fine-grained permission control
  • Role inheritance
  • User-role assignments
  • Direct permission assignments
Multi-Factor Authentication (MFA)
  • TOTP (Time-based One-Time Password) support
  • Backup codes
  • Multiple MFA methods
  • Flexible MFA verification
Security Audit Logging
  • Comprehensive audit trail
  • Multiple logging backends (in-memory, file, etc.)
  • Structured audit events
  • Alert rules for security incidents

Architecture

The access control system is composed of several components:

  1. RBAC Manager: Manages roles and permissions
  2. MFA Manager: Handles multi-factor authentication
  3. Audit Manager: Manages security audit logging
  4. Access Control Integration: Integrates RBAC, MFA, and audit logging

Usage

Initialization
// Create stores
roleStore := rbac.NewInMemoryRoleStore()
permissionStore := rbac.NewInMemoryPermissionStore()
mfaStore := mfa.NewInMemoryMFAStore()
userStore := NewInMemoryUserStore()
sessionStore := NewInMemorySessionStore()

// Create managers
rbacManager := rbac.NewRBACManager(roleStore, permissionStore)
mfaManager := mfa.NewMFAManager(mfaStore)
auditManager := audit.NewAuditManager(...)

// Create integration
integration := NewAccessControlIntegration(
    rbacManager,
    mfaManager,
    auditManager,
    userStore,
    sessionStore,
)
Authentication
// Login
session, err := integration.Login(ctx, username, password, ip, userAgent)
if err != nil {
    // Handle error
}

// If MFA is required
if !session.MFAVerified {
    err = integration.VerifyMFA(ctx, session.ID, "totp", totpCode)
    if err != nil {
        // Handle error
    }
}

// Logout
err = integration.Logout(ctx, session.ID)
if err != nil {
    // Handle error
}
Authorization
// Check if user has permission to access a resource
err = integration.AuthorizeAccess(ctx, sessionID, "users", "read")
if err != nil {
    // Handle error
}
Role Management
// Create a role
role := &rbac.Role{
    ID:          "admin",
    Name:        "Administrator",
    Description: "System administrator with all permissions",
    SystemRole:  true,
}
err = rbacManager.CreateRole(ctx, role)

// Create a permission
permission := &rbac.Permission{
    ID:               "users:read",
    Name:             "Read Users",
    Description:      "Permission to read user data",
    Resource:         "users",
    Action:           "read",
    SystemPermission: true,
}
err = rbacManager.CreatePermission(ctx, permission)

// Add permission to role
err = rbacManager.AddPermissionToRole(ctx, "admin", "users:read")

// Assign role to user
err = integration.AssignRoleToUser(ctx, userID, "admin")

// Revoke role from user
err = integration.RevokeRoleFromUser(ctx, userID, "admin")
MFA Management
// Enable TOTP
err = integration.EnableMFA(ctx, userID, "totp")

// Disable TOTP
err = integration.DisableMFA(ctx, userID, "totp")

// Reset all MFA methods
err = integration.ResetMFA(ctx, userID)

Security Considerations

Password Storage
  • Passwords are stored as hashes, not plaintext
  • Secure password hashing algorithms are used
Session Management
  • Sessions have expiration times
  • Sessions can be invalidated
  • MFA verification status is tracked per session
Audit Logging
  • All security-relevant operations are logged
  • Audit logs include user, action, resource, and timestamp
  • Alert rules can be configured for critical security events

Implementation Details

RBAC
  • Roles can inherit permissions from parent roles
  • Permissions are structured as resource:action
  • Users can have both roles and direct permissions
MFA
  • TOTP implementation follows RFC 6238
  • Backup codes are one-time use
  • Multiple MFA methods can be enabled simultaneously
Audit Logging
  • Audit events include severity levels
  • Audit events can include additional metadata
  • Multiple audit loggers can be used simultaneously

Future Enhancements

  • WebAuthn support for passwordless authentication
  • SMS and email-based MFA
  • Rate limiting for login attempts
  • IP-based access restrictions
  • Time-based access restrictions
  • Delegated administration
  • Role request and approval workflow
  • User activity monitoring
  • Anomaly detection

Testing

The access control system includes comprehensive tests:

  • Unit tests for individual components
  • Integration tests for the complete system
  • Mock implementations for testing

Run the tests with:

go test -v ./src/security/access/...

Documentation

Overview

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides temporary stub implementations to fix compilation

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Package access provides access control and security auditing functionality

Index

Constants

View Source
const (
	RoleAdmin      = "admin"
	RoleUser       = "user"
	RoleManager    = "manager"
	RoleOperator   = "operator"
	RoleAuditor    = "auditor"
	RoleGuest      = "guest"
	RoleAutomation = "automation"
)

Role constants

View Source
const (
	PermissionAll = "*"

	// System permissions
	PermissionSystemAdmin   = "system.admin"
	PermissionSystemConfig  = "system.config"
	PermissionSystemView    = "system.view"
	PermissionSystemMonitor = "system.monitor"
	PermissionSystemAudit   = "system.audit"
	PermissionSystemBackup  = "system.backup"
	PermissionSystemRestore = "system.restore"

	// User permissions
	PermissionUserView        = "user.view"
	PermissionUserCreate      = "user.create"
	PermissionUserRead        = "user.read"
	PermissionUserUpdate      = "user.update"
	PermissionUserDelete      = "user.delete"
	PermissionUserRoleAssign  = "user.role.assign"
	PermissionUserManageRoles = "user.manage.roles"

	// Role permissions
	PermissionRoleView   = "role.view"
	PermissionRoleCreate = "role.create"
	PermissionRoleUpdate = "role.update"
	PermissionRoleDelete = "role.delete"

	// Template permissions
	PermissionTemplateView    = "template.view"
	PermissionTemplateCreate  = "template.create"
	PermissionTemplateRead    = "template.read"
	PermissionTemplateUpdate  = "template.update"
	PermissionTemplateDelete  = "template.delete"
	PermissionTemplateExecute = "template.execute"
	PermissionTemplateApprove = "template.approve"
	PermissionTemplateUse     = "template.use"

	// Security permissions
	PermissionSecurityView          = "security.view"
	PermissionSecurityConfig        = "security.config"
	PermissionSecurityTest          = "security.test"
	PermissionSecurityIncident      = "security.incident"
	PermissionSecurityAudit         = "security.audit"
	PermissionSecurityVulnerability = "security.vulnerability"
	PermissionSecurityScan          = "security.scan"

	// Audit permissions
	PermissionAuditView = "audit.view"

	// Vulnerability permissions
	PermissionVulnerabilityView = "vulnerability.view"

	// Prompt permissions
	PermissionPromptView = "prompt.view"
	PermissionPromptUse  = "prompt.use"

	// Test permissions
	PermissionTestExecute = "test.execute"

	// Report permissions
	PermissionReportView     = "report.view"
	PermissionReportCreate   = "report.create"
	PermissionReportRead     = "report.read"
	PermissionReportUpdate   = "report.update"
	PermissionReportDelete   = "report.delete"
	PermissionReportExport   = "report.export"
	PermissionReportGenerate = "report.generate"
)

Permission constants

Variables

View Source
var (
	ErrInvalidCredentials = interfaces.ErrInvalidCredentials
	ErrUserNotFound       = interfaces.ErrUserNotFound
	ErrUserLocked         = interfaces.ErrUserLocked
	ErrUserInactive       = interfaces.ErrUserInactive
	ErrMFARequired        = interfaces.ErrMFARequired
	ErrInvalidMFACode     = interfaces.ErrInvalidMFACode
	ErrSessionExpired     = interfaces.ErrSessionExpired
	ErrInvalidToken       = interfaces.ErrInvalidToken
)

Common errors - using the ones defined in interfaces package

View Source
var (
	ErrUnauthorized = errors.New("unauthorized access")
	// ErrInvalidCredentials is already defined in auth.go
	// ErrMFARequired is already defined in auth.go
	ErrMFAVerificationFailed = errors.New("multi-factor authentication verification failed")
	// ErrUserNotFound is already defined in auth.go
	// ErrSessionExpired is already defined in auth.go
	ErrInvalidSession = errors.New("invalid session")
)

Common errors

View Source
var (
	// ErrUnauthorized is already declared in integration.go
	ErrInvalidRole        = errors.New("invalid role")
	ErrInvalidPermission  = errors.New("invalid permission")
	ErrRoleAlreadyExists  = errors.New("role already exists")
	ErrRoleNotFound       = errors.New("role not found")
	ErrPermissionNotFound = errors.New("permission not found")
)

Common errors

AllPermissions contains all defined permissions

Functions

func CreateMFAContext

func CreateMFAContext(ctx context.Context, userID string, method common.AuthMethod, status MFAStatus) context.Context

CreateMFAContext creates a new context with MFA information

func GetMFAMethod

func GetMFAMethod(ctx context.Context) (common.AuthMethod, error)

GetMFAMethod gets MFA method from context

func GetMFAUserID

func GetMFAUserID(ctx context.Context) (string, error)

GetMFAUserID gets user ID from MFA context

func IsMFACompleted

func IsMFACompleted(ctx context.Context) bool

IsMFACompleted checks if MFA has been completed in the context

func IsMFARequired

func IsMFARequired(ctx context.Context) bool

IsMFARequired checks if MFA is required in the context

func NewInMemoryAuditLoggerAdapter

func NewInMemoryAuditLoggerAdapter() interfaces.AuditLogger

NewInMemoryAuditLoggerAdapter creates a new in-memory audit logger adapter

func NewInMemoryIncidentStoreAdapter

func NewInMemoryIncidentStoreAdapter() interfaces.IncidentStore

NewInMemoryIncidentStoreAdapter creates a new in-memory incident store adapter

func NewInMemoryVulnerabilityStoreAdapter

func NewInMemoryVulnerabilityStoreAdapter() interfaces.VulnerabilityStore

NewInMemoryVulnerabilityStoreAdapter creates a new in-memory vulnerability store adapter

func WithMFAMethod

func WithMFAMethod(ctx context.Context, method common.AuthMethod) context.Context

WithMFAMethod adds MFA method to context

func WithMFAStatus

func WithMFAStatus(ctx context.Context, status MFAStatus) context.Context

WithMFAStatus adds MFA status to context

func WithMFAUserID

func WithMFAUserID(ctx context.Context, userID string) context.Context

WithMFAUserID adds user ID to MFA context

func WithUserID

func WithUserID(ctx context.Context, userID string) context.Context

WithUserID adds a user ID to the context

Types

type AccessControlConfig

type AccessControlConfig struct {
	// EnableRBAC enables role-based access control
	EnableRBAC bool `json:"enable_rbac"`

	// EnableMFA enables multi-factor authentication
	EnableMFA bool `json:"enable_mfa"`

	// MFARequiredRoles specifies roles that require MFA
	MFARequiredRoles []string `json:"mfa_required_roles"`

	// PasswordPolicy defines password requirements
	PasswordPolicy PasswordPolicy `json:"password_policy"`

	// SessionPolicy defines session management settings
	SessionPolicy SessionPolicy `json:"session_policy"`

	// AuditConfig defines audit logging settings
	AuditConfig AuditConfig `json:"audit_config"`

	// SecurityIncidentConfig defines security incident management settings
	SecurityIncidentConfig SecurityIncidentConfig `json:"security_incident_config"`

	// VulnerabilityConfig defines vulnerability management settings
	VulnerabilityConfig VulnerabilityConfig `json:"vulnerability_config"`

	// RBACConfig defines RBAC-specific settings
	RBACConfig RBACConfigSettings `json:"rbac_config"`

	// RolePermissions maps roles to their permissions
	RolePermissions map[string][]string `json:"role_permissions,omitempty"`
}

AccessControlConfig represents the configuration for the access control system

func DefaultAccessControlConfig

func DefaultAccessControlConfig() *AccessControlConfig

DefaultAccessControlConfig returns the default access control configuration

func DefaultAccessControlConfigV2

func DefaultAccessControlConfigV2() *AccessControlConfig

DefaultAccessControlConfigV2 returns the default access control configuration (version 2)

type AccessControlIntegration

type AccessControlIntegration struct {
	// contains filtered or unexported fields
}

AccessControlIntegration integrates RBAC, MFA, and audit logging

func NewAccessControlIntegration

func NewAccessControlIntegration(
	rbacManager rbac.RBACManager,
	mfaManager mfa.MFAManager,
	auditManager audit.AuditManager,
	userStore UserStore,
	sessionStore SessionStore,
) *AccessControlIntegration

NewAccessControlIntegration creates a new access control integration

func (*AccessControlIntegration) AssignRoleToUser

func (a *AccessControlIntegration) AssignRoleToUser(ctx context.Context, userID, roleID string) error

AssignRoleToUser assigns a role to a user

func (*AccessControlIntegration) AuthorizeAccess

func (a *AccessControlIntegration) AuthorizeAccess(ctx context.Context, sessionID, resource, action string) error

AuthorizeAccess checks if a user has permission to access a resource

func (*AccessControlIntegration) DisableMFA

func (a *AccessControlIntegration) DisableMFA(ctx context.Context, userID, method string) error

DisableMFA disables MFA for a user

func (*AccessControlIntegration) EnableMFA

func (a *AccessControlIntegration) EnableMFA(ctx context.Context, userID, method string) error

EnableMFA enables MFA for a user

func (*AccessControlIntegration) GetUserPermissions

func (a *AccessControlIntegration) GetUserPermissions(ctx context.Context, userID string) ([]*rbac.Permission, error)

GetUserPermissions gets all permissions assigned to a user

func (*AccessControlIntegration) GetUserRoles

func (a *AccessControlIntegration) GetUserRoles(ctx context.Context, userID string) ([]*rbac.Role, error)

GetUserRoles gets all roles assigned to a user

func (*AccessControlIntegration) Login

func (a *AccessControlIntegration) Login(ctx context.Context, username, password, ip, userAgent string) (*Session, error)

Login authenticates a user and creates a session

func (*AccessControlIntegration) Logout

func (a *AccessControlIntegration) Logout(ctx context.Context, sessionID string) error

Logout invalidates a session

func (*AccessControlIntegration) ResetMFA

func (a *AccessControlIntegration) ResetMFA(ctx context.Context, userID string) error

ResetMFA resets all MFA methods for a user

func (*AccessControlIntegration) RevokeRoleFromUser

func (a *AccessControlIntegration) RevokeRoleFromUser(ctx context.Context, userID, roleID string) error

RevokeRoleFromUser revokes a role from a user

func (*AccessControlIntegration) VerifyMFA

func (a *AccessControlIntegration) VerifyMFA(ctx context.Context, sessionID, method, code string) error

VerifyMFA verifies MFA for a session

type AccessControlManager

type AccessControlManager struct {
	// contains filtered or unexported fields
}

AccessControlManager is the main entry point for the access control system

func NewAccessControlManager

func NewAccessControlManager(config *AccessControlConfig) (*AccessControlManager, error)

NewAccessControlManager creates a new access control manager

func (*AccessControlManager) ChangePassword

func (m *AccessControlManager) ChangePassword(ctx context.Context, id, currentPassword, newPassword, updatedBy string) error

ChangePassword changes a user's password

func (*AccessControlManager) Close

func (m *AccessControlManager) Close(ctx context.Context) error

Close closes the access control system

func (*AccessControlManager) CreateIncident

func (m *AccessControlManager) CreateIncident(ctx context.Context, title, description string, severity AuditSeverity, reportedBy string, auditLogIDs []string, metadata map[string]interface{}) (*SecurityIncident, error)

CreateIncident creates a new security incident

func (*AccessControlManager) CreateUser

func (m *AccessControlManager) CreateUser(ctx context.Context, username, email, password string, roles []string, createdBy string) (*User, error)

CreateUser creates a new user

func (*AccessControlManager) CreateVulnerability

func (m *AccessControlManager) CreateVulnerability(ctx context.Context, title, description string, severity AuditSeverity, affectedSystem, cve, reportedBy string, metadata map[string]interface{}) (*Vulnerability, error)

CreateVulnerability creates a new vulnerability

func (*AccessControlManager) DeleteUser

func (m *AccessControlManager) DeleteUser(ctx context.Context, id, deletedBy string) error

DeleteUser deletes a user

func (*AccessControlManager) DisableMFA

func (m *AccessControlManager) DisableMFA(ctx context.Context, id string, method common.AuthMethod, disabledBy string) error

DisableMFA disables multi-factor authentication for a user

func (*AccessControlManager) EnableMFA

func (m *AccessControlManager) EnableMFA(ctx context.Context, id string, method common.AuthMethod, enabledBy string) error

EnableMFA enables multi-factor authentication for a user

func (*AccessControlManager) GetIncident

func (m *AccessControlManager) GetIncident(ctx context.Context, id string) (*SecurityIncident, error)

GetIncident retrieves a security incident by ID

func (*AccessControlManager) GetRBACManager

func (m *AccessControlManager) GetRBACManager() RBACManager

GetRBACManager returns the RBAC manager

func (*AccessControlManager) GetUser

func (m *AccessControlManager) GetUser(ctx context.Context, id string) (*User, error)

GetUser retrieves a user by ID

func (*AccessControlManager) GetUserByUsername

func (m *AccessControlManager) GetUserByUsername(ctx context.Context, username string) (*User, error)

GetUserByUsername retrieves a user by username

func (*AccessControlManager) GetUserManager

func (m *AccessControlManager) GetUserManager() UserManager

GetUserManager returns the user manager

func (*AccessControlManager) GetVulnerability

func (m *AccessControlManager) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)

GetVulnerability retrieves a vulnerability by ID

func (*AccessControlManager) HasPermission

func (m *AccessControlManager) HasPermission(ctx context.Context, user *User, permission Permission) bool

HasPermission checks if a user has a specific permission

func (*AccessControlManager) HasRole

func (m *AccessControlManager) HasRole(ctx context.Context, user *User, role rbac.Role) bool

HasRole checks if a user has a specific role

func (*AccessControlManager) Initialize

func (m *AccessControlManager) Initialize(ctx context.Context) error

Initialize initializes the access control system

func (*AccessControlManager) ListIncidents

func (m *AccessControlManager) ListIncidents(ctx context.Context, filter *IncidentFilter) ([]*SecurityIncident, error)

ListIncidents lists security incidents based on filters

func (*AccessControlManager) ListUsers

func (m *AccessControlManager) ListUsers(ctx context.Context) ([]*User, error)

ListUsers lists all users

func (*AccessControlManager) ListVulnerabilities

func (m *AccessControlManager) ListVulnerabilities(ctx context.Context, filter *VulnerabilityFilter) ([]*Vulnerability, error)

ListVulnerabilities lists vulnerabilities based on filters

func (*AccessControlManager) LockUser

func (m *AccessControlManager) LockUser(ctx context.Context, id, lockedBy string, reason string) error

LockUser locks a user account

func (*AccessControlManager) LogAudit

func (m *AccessControlManager) LogAudit(ctx context.Context, log *AuditLog) error

LogAudit logs an audit event

func (*AccessControlManager) Login

func (m *AccessControlManager) Login(ctx context.Context, username, password string, ipAddress, userAgent string) (*Session, error)

Login authenticates a user and creates a new session

func (*AccessControlManager) Logout

func (m *AccessControlManager) Logout(ctx context.Context, sessionID string) error

Logout logs out a user by invalidating their session

func (*AccessControlManager) QueryAuditLogs

func (m *AccessControlManager) QueryAuditLogs(ctx context.Context, filter *AuditLogFilter) ([]*AuditLog, error)

QueryAuditLogs queries audit logs

func (*AccessControlManager) RefreshSession

func (m *AccessControlManager) RefreshSession(ctx context.Context, refreshToken string) (*Session, error)

RefreshSession refreshes a session and returns a new token

func (*AccessControlManager) ResetPassword

func (m *AccessControlManager) ResetPassword(ctx context.Context, id, newPassword, resetBy string) error

ResetPassword resets a user's password (admin function)

func (*AccessControlManager) UnlockUser

func (m *AccessControlManager) UnlockUser(ctx context.Context, id, unlockedBy string) error

UnlockUser unlocks a user account

func (*AccessControlManager) UpdateIncidentStatus

func (m *AccessControlManager) UpdateIncidentStatus(ctx context.Context, id string, status IncidentStatus, assignedTo, updatedBy string) error

UpdateIncidentStatus updates the status of a security incident

func (*AccessControlManager) UpdateUser

func (m *AccessControlManager) UpdateUser(ctx context.Context, id, username, email string, roles []string, active bool, updatedBy string) (*User, error)

UpdateUser updates an existing user

func (*AccessControlManager) UpdateVulnerabilityStatus

func (m *AccessControlManager) UpdateVulnerabilityStatus(ctx context.Context, id string, status VulnerabilityStatus, assignedTo, remediationPlan, updatedBy string) error

UpdateVulnerabilityStatus updates the status of a vulnerability

func (*AccessControlManager) ValidateSession

func (m *AccessControlManager) ValidateSession(ctx context.Context, token string) (bool, error)

ValidateSession validates a session and returns whether it's valid

func (*AccessControlManager) VerifyMFA

func (m *AccessControlManager) VerifyMFA(ctx context.Context, sessionID, code string) error

VerifyMFA verifies a multi-factor authentication code

type AccessControlSystem

type AccessControlSystem struct {
	// contains filtered or unexported fields
}

AccessControlSystem is the main entry point for the access control system

func NewAccessControlSystem

func NewAccessControlSystem(config *AccessControlConfig) (*AccessControlSystem, error)

NewAccessControlSystem creates a new access control system

func NewAccessControlSystemWithStores

func NewAccessControlSystemWithStores(
	config *AccessControlConfig,
	userStore UserStore,
	sessionStore SessionStore,
	auditLogger AuditLogger,
	incidentStore IncidentStore,
	vulnerabilityStore VulnerabilityStore,
) (*AccessControlSystem, error)

NewAccessControlSystemWithStores creates a new access control system with the provided stores

func (*AccessControlSystem) Audit

func (s *AccessControlSystem) Audit() *AuditManager

Audit returns the audit manager

func (*AccessControlSystem) Auth

func (s *AccessControlSystem) Auth() *AuthManager

Auth returns the auth manager

func (*AccessControlSystem) Close

func (a *AccessControlSystem) Close() error

Close closes the access control system and releases any resources

func (*AccessControlSystem) CreateUser

func (s *AccessControlSystem) CreateUser(ctx context.Context, username, email, password string, roles []string) (*User, error)

CreateUser creates a new user

func (*AccessControlSystem) DeleteUser

func (a *AccessControlSystem) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes a user

func (*AccessControlSystem) DisableMFA

func (a *AccessControlSystem) DisableMFA(ctx context.Context, userID string, method common.AuthMethod) error

DisableMFA disables multi-factor authentication for a user

func (*AccessControlSystem) EnableMFA

func (a *AccessControlSystem) EnableMFA(ctx context.Context, userID string, method common.AuthMethod) error

EnableMFA enables multi-factor authentication for a user

func (*AccessControlSystem) GetAllUsers

func (s *AccessControlSystem) GetAllUsers(ctx context.Context) ([]*User, error)

GetAllUsers returns all users in the system

func (*AccessControlSystem) GetUserByID

func (s *AccessControlSystem) GetUserByID(ctx context.Context, id string) (*User, error)

GetUserByID retrieves a user by ID

func (*AccessControlSystem) GetUserByUsername

func (s *AccessControlSystem) GetUserByUsername(ctx context.Context, username string) (*User, error)

GetUserByUsername retrieves a user by username

func (*AccessControlSystem) Initialize

func (s *AccessControlSystem) Initialize(ctx context.Context) error

Initialize initializes the access control system

func (*AccessControlSystem) MFA

MFA returns the multi-factor authentication manager

func (*AccessControlSystem) RBAC

func (s *AccessControlSystem) RBAC() *simpleRBACManager

RBAC returns the RBAC manager

func (*AccessControlSystem) Security

func (s *AccessControlSystem) Security() *simpleSecurityManager

Security returns the security manager

func (*AccessControlSystem) UpdateUser

func (a *AccessControlSystem) UpdateUser(ctx context.Context, user *User) error

UpdateUser updates an existing user

func (*AccessControlSystem) UpdateUserPassword

func (a *AccessControlSystem) UpdateUserPassword(ctx context.Context, userID, currentPassword, newPassword string) error

UpdateUserPassword updates a user's password

type AccessControlSystemImpl

type AccessControlSystemImpl struct {
	// contains filtered or unexported fields
}

AccessControlSystemImpl implements the AccessControlSystem interface

func (*AccessControlSystemImpl) Close

func (a *AccessControlSystemImpl) Close() error

Close closes the access control system

func (*AccessControlSystemImpl) GetAuditLogger

func (a *AccessControlSystemImpl) GetAuditLogger() AuditLogger

GetAuditLogger returns the audit logger

func (*AccessControlSystemImpl) GetAuthManager

func (a *AccessControlSystemImpl) GetAuthManager() AuthManager

GetAuthManager returns the authentication manager

func (*AccessControlSystemImpl) GetRBACManager

func (a *AccessControlSystemImpl) GetRBACManager() RBACManager

GetRBACManager returns the RBAC manager

func (*AccessControlSystemImpl) GetSecurityManager

func (a *AccessControlSystemImpl) GetSecurityManager() SecurityManager

GetSecurityManager returns the security manager

func (*AccessControlSystemImpl) GetUserManager

func (a *AccessControlSystemImpl) GetUserManager() UserManager

GetUserManager returns the user manager

func (*AccessControlSystemImpl) Initialize

func (a *AccessControlSystemImpl) Initialize() error

Initialize initializes the access control system

type AuditAction

type AuditAction string

AuditAction represents the type of action being audited

const (
	AuditActionLogin        AuditAction = "login"
	AuditActionLogout       AuditAction = "logout"
	AuditActionCreate       AuditAction = "create"
	AuditActionRead         AuditAction = "read"
	AuditActionUpdate       AuditAction = "update"
	AuditActionDelete       AuditAction = "delete"
	AuditActionExecute      AuditAction = "execute"
	AuditActionAuthorize    AuditAction = "authorize"
	AuditActionUnauthorized AuditAction = "unauthorized"
	AuditActionSystem       AuditAction = "system"
	AuditActionSecurity     AuditAction = "security"
)

Audit actions

type AuditConfig

type AuditConfig struct {
	EnabledSeverities []AuditSeverity `json:"enabled_severities"`
	LogFilePath       string          `json:"log_file_path"`
	RetentionDays     int             `json:"retention_days"`
}

AuditConfig defines configuration for audit logging

func DefaultAuditConfig

func DefaultAuditConfig() *AuditConfig

DefaultAuditConfig returns the default audit configuration

func (*AuditConfig) IsEnabled

func (c *AuditConfig) IsEnabled(severity AuditSeverity) bool

IsEnabled checks if logging is enabled for a severity level

type AuditEventFilter

type AuditEventFilter struct {
	UserID        string `json:"user_id,omitempty"`
	Action        string `json:"action,omitempty"`
	Resource      string `json:"resource,omitempty"`
	ResourceID    string `json:"resource_id,omitempty"`
	Severity      string `json:"severity,omitempty"`
	IPAddress     string `json:"ip_address,omitempty"`
	CreatedAfter  string `json:"created_after,omitempty"`
	CreatedBefore string `json:"created_before,omitempty"`
	SortBy        string `json:"sort_by,omitempty"`
	SortOrder     string `json:"sort_order,omitempty"`
	Offset        int    `json:"offset,omitempty"`
	Limit         int    `json:"limit,omitempty"`
}

AuditEventFilter defines filters for querying audit events

type AuditLog

type AuditLog struct {
	ID          string                 `json:"id,omitempty"`
	Timestamp   time.Time              `json:"timestamp"`
	UserID      string                 `json:"user_id,omitempty"`
	Username    string                 `json:"username,omitempty"`
	Action      AuditAction            `json:"action"`
	Resource    string                 `json:"resource"`
	ResourceID  string                 `json:"resource_id,omitempty"`
	Description string                 `json:"description"`
	IPAddress   string                 `json:"ip_address,omitempty"`
	UserAgent   string                 `json:"user_agent,omitempty"`
	Severity    AuditSeverity          `json:"severity"`
	Status      string                 `json:"status"`
	SessionID   string                 `json:"session_id,omitempty"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
	Changes     map[string]interface{} `json:"changes,omitempty"`
}

AuditLog represents a security audit log entry

type AuditLogFilter

type AuditLogFilter struct {
	UserID     string        `json:"user_id,omitempty"`
	Username   string        `json:"username,omitempty"`
	Action     AuditAction   `json:"action,omitempty"`
	Resource   string        `json:"resource,omitempty"`
	ResourceID string        `json:"resource_id,omitempty"`
	IPAddress  string        `json:"ip_address,omitempty"`
	Severity   AuditSeverity `json:"severity,omitempty"`
	Status     string        `json:"status,omitempty"`
	SessionID  string        `json:"session_id,omitempty"`
	StartTime  time.Time     `json:"start_time,omitempty"`
	EndTime    time.Time     `json:"end_time,omitempty"`
	Limit      int           `json:"limit,omitempty"`
	Offset     int           `json:"offset,omitempty"`
}

AuditLogFilter defines filters for querying audit logs

type AuditLogger

type AuditLogger interface {
	// Initialize initializes the audit logger
	Initialize(ctx context.Context) error

	// LogAudit logs an audit event
	LogAudit(ctx context.Context, log *AuditLog) error

	// GetAuditLogs retrieves audit logs
	GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)

	// GetAuditLogByID retrieves an audit log by ID
	GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)

	// Close closes the logger
	Close(ctx context.Context) error
}

AuditLogger defines the interface for audit logging

type AuditLoggerConfig

type AuditLoggerConfig struct {
	// Logging configuration
	LogToConsole bool
	LogToFile    bool
	LogFile      string
	LogFormat    string

	// Retention configuration
	RetentionDays int
}

AuditLoggerConfig contains configuration for the audit logger implementation

type AuditLoggerImpl

type AuditLoggerImpl struct {
	// contains filtered or unexported fields
}

AuditLoggerImpl implements the AuditLogger interface

func NewAuditLogger

func NewAuditLogger(auditStore AuditStore, config *AuditLoggerConfig) *AuditLoggerImpl

NewAuditLogger creates a new audit logger

func (*AuditLoggerImpl) CleanupOldLogs

func (l *AuditLoggerImpl) CleanupOldLogs(ctx context.Context) (int, error)

CleanupOldLogs deletes audit logs older than the retention period

func (*AuditLoggerImpl) Close

func (l *AuditLoggerImpl) Close() error

Close closes the audit logger

func (*AuditLoggerImpl) GetAuditLogs

func (l *AuditLoggerImpl) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)

GetAuditLogs gets audit logs

func (*AuditLoggerImpl) Initialize

func (l *AuditLoggerImpl) Initialize(ctx context.Context) error

Initialize initializes the audit logger

func (*AuditLoggerImpl) LogAudit

func (l *AuditLoggerImpl) LogAudit(ctx context.Context, log *models.AuditLog) error

LogAudit logs an audit event

type AuditManager

type AuditManager struct {
	// contains filtered or unexported fields
}

AuditManager manages audit logging

func NewAuditManager

func NewAuditManager(logger AuditLogger, config *AuditConfig) (*AuditManager, error)

NewAuditManager creates a new audit manager

func (*AuditManager) Close

func (m *AuditManager) Close() error

Close closes the audit manager

func (*AuditManager) GetAuditLogByID

func (m *AuditManager) GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)

GetAuditLogByID retrieves an audit log by ID

func (*AuditManager) GetAuditLogs

func (m *AuditManager) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)

GetAuditLogs retrieves audit logs

func (*AuditManager) LogAudit

func (m *AuditManager) LogAudit(ctx context.Context, log *AuditLog) error

LogAudit logs an audit event

type AuditSeverity

type AuditSeverity string

AuditSeverity represents the severity level of an audit event

const (
	AuditSeverityInfo     AuditSeverity = "info"
	AuditSeverityLow      AuditSeverity = "low"
	AuditSeverityMedium   AuditSeverity = "medium"
	AuditSeverityHigh     AuditSeverity = "high"
	AuditSeverityCritical AuditSeverity = "critical"
	AuditSeverityError    AuditSeverity = "error"
)

Audit severity levels

type AuditStore

type AuditStore interface {
	// StoreAuditLog stores an audit log
	StoreAuditLog(ctx context.Context, log *models.AuditLog) error

	// GetAuditLog retrieves an audit log by ID
	GetAuditLog(ctx context.Context, id string) (*models.AuditLog, error)

	// GetAuditLogs retrieves audit logs with optional filtering
	GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)

	// DeleteAuditLog deletes an audit log
	DeleteAuditLog(ctx context.Context, id string) error

	// DeleteAuditLogsBefore deletes audit logs before a specific time
	DeleteAuditLogsBefore(ctx context.Context, before time.Time) (int, error)

	// Close closes the audit store
	Close() error
}

AuditStore defines the interface for storing and retrieving audit logs

type AuthConfig

type AuthConfig struct {
	// Session configuration
	SessionTimeout     time.Duration
	SessionMaxInactive time.Duration

	// Password configuration
	PasswordMinLength      int
	PasswordRequireUpper   bool
	PasswordRequireLower   bool
	PasswordRequireNumber  bool
	PasswordRequireSpecial bool
	PasswordMaxAge         time.Duration

	// MFA configuration
	MFAEnabled bool
	MFAMethods []string
}

AuthConfig contains configuration for the auth manager

type AuthManager

type AuthManager struct {
	// contains filtered or unexported fields
}

AuthManager handles authentication and user management

func NewAuthManager

func NewAuthManager(
	userStore UserStore,
	sessionStore SessionStore,
	auditLogger AuditLogger,
	mfaManager mfa.MFAManager,
	config *AuthConfig,
) (*AuthManager, error)

NewAuthManager creates a new authentication manager

func (*AuthManager) Close

func (m *AuthManager) Close() error

Close closes the auth manager

func (*AuthManager) CreateUser

func (m *AuthManager) CreateUser(ctx context.Context, username, email, password string, roles []string) (*User, error)

CreateUser creates a new user

func (*AuthManager) DeleteUser

func (m *AuthManager) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes a user

func (*AuthManager) DisableMFA

func (m *AuthManager) DisableMFA(ctx context.Context, userID string, method common.AuthMethod) error

DisableMFA disables multi-factor authentication for a user

func (*AuthManager) EnableMFA

func (m *AuthManager) EnableMFA(ctx context.Context, userID string, method common.AuthMethod) error

EnableMFA enables multi-factor authentication for a user

func (*AuthManager) GetAllUsers

func (m *AuthManager) GetAllUsers(ctx context.Context) ([]*User, error)

GetAllUsers returns all users

func (*AuthManager) GetUserByEmail

func (m *AuthManager) GetUserByEmail(ctx context.Context, email string) (*User, error)

GetUserByEmail retrieves a user by email

func (*AuthManager) GetUserByID

func (m *AuthManager) GetUserByID(ctx context.Context, id string) (*User, error)

GetUserByID retrieves a user by ID

func (*AuthManager) GetUserByUsername

func (m *AuthManager) GetUserByUsername(ctx context.Context, username string) (*User, error)

GetUserByUsername retrieves a user by username

func (*AuthManager) HasRole

func (m *AuthManager) HasRole(ctx context.Context, userID string, role string) (bool, error)

HasRole checks if a user has a specific role

func (*AuthManager) Initialize

func (m *AuthManager) Initialize(ctx context.Context) error

Initialize initializes the authentication manager

func (*AuthManager) Login

func (m *AuthManager) Login(ctx context.Context, username, password, ipAddress, userAgent string) (*Session, error)

Login authenticates a user and creates a session

func (*AuthManager) Logout

func (m *AuthManager) Logout(ctx context.Context, sessionID string) error

Logout ends a user session

func (*AuthManager) RefreshSession

func (m *AuthManager) RefreshSession(ctx context.Context, refreshToken string) (*Session, error)

RefreshSession refreshes a session using the refresh token

func (*AuthManager) UpdateSession

func (m *AuthManager) UpdateSession(ctx context.Context, sessionID string, updates map[string]interface{}) error

UpdateSession updates a session

func (*AuthManager) UpdateUser

func (m *AuthManager) UpdateUser(ctx context.Context, user *User) error

UpdateUser updates an existing user

func (*AuthManager) UpdateUserPassword

func (m *AuthManager) UpdateUserPassword(ctx context.Context, userID, currentPassword, newPassword string) error

UpdateUserPassword updates a user's password

func (*AuthManager) ValidateSession

func (m *AuthManager) ValidateSession(ctx context.Context, token string) (*Session, error)

ValidateSession validates a session token and returns the session

func (*AuthManager) VerifyMFA

func (m *AuthManager) VerifyMFA(ctx context.Context, sessionID, code string) error

VerifyMFA verifies a multi-factor authentication code

func (*AuthManager) VerifySession

func (m *AuthManager) VerifySession(ctx context.Context, token string) (bool, error)

VerifySession verifies a session token

type AuthManagerImpl

type AuthManagerImpl struct {
	// contains filtered or unexported fields
}

AuthManagerImpl implements the AuthManager interface

func NewAuthManagerImpl

func NewAuthManagerImpl(userStore interfaces.UserStore, sessionStore interfaces.SessionStore, auditLogger AuditLogger, config *AuthConfig) *AuthManagerImpl

NewAuthManagerImpl creates a new auth manager implementation

func (*AuthManagerImpl) ChangePassword

func (m *AuthManagerImpl) ChangePassword(ctx context.Context, userID, oldPassword, newPassword string) error

ChangePassword changes a user's password

func (*AuthManagerImpl) Close

func (m *AuthManagerImpl) Close() error

Close closes the auth manager

func (*AuthManagerImpl) Initialize

func (m *AuthManagerImpl) Initialize(ctx context.Context) error

Initialize initializes the auth manager

func (*AuthManagerImpl) Login

func (m *AuthManagerImpl) Login(ctx context.Context, username, password string) (*models.Session, error)

Login authenticates a user

func (*AuthManagerImpl) Logout

func (m *AuthManagerImpl) Logout(ctx context.Context, sessionID string) error

Logout logs out a user

func (*AuthManagerImpl) RefreshSession

func (m *AuthManagerImpl) RefreshSession(ctx context.Context, sessionID string) (*models.Session, error)

RefreshSession refreshes a session

func (*AuthManagerImpl) ResetPassword

func (m *AuthManagerImpl) ResetPassword(ctx context.Context, userID, newPassword string) error

ResetPassword resets a user's password

func (*AuthManagerImpl) ValidateSession

func (m *AuthManagerImpl) ValidateSession(ctx context.Context, sessionID string) (*models.Session, error)

ValidateSession validates a session

type BasicInMemorySessionStore

type BasicInMemorySessionStore struct {
	// contains filtered or unexported fields
}

BasicInMemorySessionStore is an in-memory implementation of SessionStore

func NewBasicInMemorySessionStore

func NewBasicInMemorySessionStore() *BasicInMemorySessionStore

NewBasicInMemorySessionStore creates a new basic in-memory session store

func (*BasicInMemorySessionStore) CleanupExpiredSessions

func (s *BasicInMemorySessionStore) CleanupExpiredSessions(ctx context.Context) error

CleanupExpiredSessions cleans up expired sessions

func (*BasicInMemorySessionStore) CreateSession

func (s *BasicInMemorySessionStore) CreateSession(ctx context.Context, session *Session) error

CreateSession creates a new session

func (*BasicInMemorySessionStore) DeleteSession

func (s *BasicInMemorySessionStore) DeleteSession(ctx context.Context, sessionID string) error

DeleteSession deletes a session

func (*BasicInMemorySessionStore) DeleteUserSessions

func (s *BasicInMemorySessionStore) DeleteUserSessions(ctx context.Context, userID string) error

DeleteUserSessions deletes all sessions for a user

func (*BasicInMemorySessionStore) GetSession

func (s *BasicInMemorySessionStore) GetSession(ctx context.Context, sessionID string) (*Session, error)

GetSession retrieves a session by ID

func (*BasicInMemorySessionStore) ListUserSessions

func (s *BasicInMemorySessionStore) ListUserSessions(ctx context.Context, userID string) ([]*Session, error)

ListUserSessions lists all sessions for a user

func (*BasicInMemorySessionStore) UpdateSession

func (s *BasicInMemorySessionStore) UpdateSession(ctx context.Context, session *Session) error

UpdateSession updates an existing session

type BasicInMemoryUserStore

type BasicInMemoryUserStore struct {
	// contains filtered or unexported fields
}

BasicInMemoryUserStore is an in-memory implementation of UserStore

func NewBasicInMemoryUserStore

func NewBasicInMemoryUserStore() *BasicInMemoryUserStore

NewBasicInMemoryUserStore creates a new basic in-memory user store

func (*BasicInMemoryUserStore) CreateUser

func (s *BasicInMemoryUserStore) CreateUser(ctx context.Context, user *User) error

CreateUser creates a new user

func (*BasicInMemoryUserStore) DeleteUser

func (s *BasicInMemoryUserStore) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes a user

func (*BasicInMemoryUserStore) GetUserByEmail

func (s *BasicInMemoryUserStore) GetUserByEmail(ctx context.Context, email string) (*User, error)

GetUserByEmail retrieves a user by email

func (*BasicInMemoryUserStore) GetUserByID

func (s *BasicInMemoryUserStore) GetUserByID(ctx context.Context, userID string) (*User, error)

GetUserByID retrieves a user by ID

func (*BasicInMemoryUserStore) GetUserByUsername

func (s *BasicInMemoryUserStore) GetUserByUsername(ctx context.Context, username string) (*User, error)

GetUserByUsername retrieves a user by username

func (*BasicInMemoryUserStore) ListUsers

func (s *BasicInMemoryUserStore) ListUsers(ctx context.Context) ([]*User, error)

ListUsers lists all users

func (*BasicInMemoryUserStore) UpdateUser

func (s *BasicInMemoryUserStore) UpdateUser(ctx context.Context, user *User) error

UpdateUser updates an existing user

type BasicSecurityManager

type BasicSecurityManager struct {
	// contains filtered or unexported fields
}

BasicSecurityManager manages security incidents and vulnerabilities

func NewBasicSecurityManager

func NewBasicSecurityManager(config *AccessControlConfig, incidentStore IncidentStore, vulnerabilityStore VulnerabilityStore, auditLogger AuditLogger) *BasicSecurityManager

NewBasicSecurityManager creates a new basic security manager

func NewSecurityManager

func NewSecurityManager(config *AccessControlConfig, incidentStore IncidentStore, vulnerabilityStore VulnerabilityStore, auditLogger AuditLogger) *BasicSecurityManager

NewSecurityManager creates a new security manager

func (*BasicSecurityManager) Close

func (m *BasicSecurityManager) Close() error

Close closes the security manager

func (*BasicSecurityManager) CreateIncident

func (m *BasicSecurityManager) CreateIncident(ctx context.Context, title, description string, severity AuditSeverity, reportedBy string, auditLogIDs []string, metadata map[string]interface{}) (*SecurityIncident, error)

CreateIncident creates a new security incident

func (*BasicSecurityManager) CreateVulnerability

func (m *BasicSecurityManager) CreateVulnerability(ctx context.Context, title, description string, severity AuditSeverity, affectedSystem, cve, reportedBy string, metadata map[string]interface{}) (*Vulnerability, error)

CreateVulnerability creates a new vulnerability

func (*BasicSecurityManager) GetIncident

func (m *BasicSecurityManager) GetIncident(ctx context.Context, id string) (*SecurityIncident, error)

GetIncident retrieves a security incident by ID

func (*BasicSecurityManager) GetVulnerability

func (m *BasicSecurityManager) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)

GetVulnerability retrieves a vulnerability by ID

func (*BasicSecurityManager) ListIncidents

func (m *BasicSecurityManager) ListIncidents(ctx context.Context, filter *LocalIncidentFilter) ([]*SecurityIncident, error)

ListIncidents lists security incidents based on filters

func (*BasicSecurityManager) ListVulnerabilities

func (m *BasicSecurityManager) ListVulnerabilities(ctx context.Context, filter *LocalVulnerabilityFilter) ([]*Vulnerability, error)

ListVulnerabilities lists vulnerabilities based on filters

func (*BasicSecurityManager) ProcessSecurityAuditLog

func (m *BasicSecurityManager) ProcessSecurityAuditLog(ctx context.Context, log *AuditLog) error

ProcessSecurityAuditLog processes an audit log for security incidents

func (*BasicSecurityManager) UpdateIncidentStatus

func (m *BasicSecurityManager) UpdateIncidentStatus(ctx context.Context, id string, status IncidentStatus, assignedTo, updatedBy string) error

UpdateIncidentStatus updates the status of a security incident

func (*BasicSecurityManager) UpdateVulnerabilityStatus

func (m *BasicSecurityManager) UpdateVulnerabilityStatus(ctx context.Context, id string, status VulnerabilityStatus, assignedTo, remediationPlan, updatedBy string) error

UpdateVulnerabilityStatus updates the status of a vulnerability

type Config

type Config struct {
	// Database configuration
	DBDriver string
	DBDSN    string

	// In-memory mode
	InMemory bool

	// Logging configuration
	LogLevel  string
	LogFormat string
	LogFile   string

	// Security configuration
	PasswordMinLength      int
	PasswordRequireUpper   bool
	PasswordRequireLower   bool
	PasswordRequireNumber  bool
	PasswordRequireSpecial bool
	PasswordMaxAge         int

	// Session configuration
	SessionTimeout     int
	SessionMaxInactive int

	// MFA configuration
	MFAEnabled bool
	MFAMethods []string
}

Config contains configuration for the factory

type ContextBoundary

type ContextBoundary struct {
	Type       ContextBoundaryType
	Value      string
	Required   bool
	Validation func(ctx context.Context, value string) bool
}

ContextBoundary represents a security boundary that must be enforced

type ContextBoundaryType

type ContextBoundaryType string

ContextBoundaryType represents the type of boundary being enforced

const (
	// BoundaryTypeSession represents a session boundary
	BoundaryTypeSession ContextBoundaryType = "session"
	// BoundaryTypeUser represents a user boundary
	BoundaryTypeUser ContextBoundaryType = "user"
	// BoundaryTypeRole represents a role boundary
	BoundaryTypeRole ContextBoundaryType = "role"
	// BoundaryTypePermission represents a permission boundary
	BoundaryTypePermission ContextBoundaryType = "permission"
	// BoundaryTypeMFA represents an MFA boundary
	BoundaryTypeMFA ContextBoundaryType = "mfa"
)

type EnhancedContextBoundaryEnforcer

type EnhancedContextBoundaryEnforcer struct {
	// contains filtered or unexported fields
}

EnhancedContextBoundaryEnforcer enforces security boundaries for requests

func NewEnhancedContextBoundaryEnforcer

func NewEnhancedContextBoundaryEnforcer() *EnhancedContextBoundaryEnforcer

NewEnhancedContextBoundaryEnforcer creates a new boundary enforcer

func (*EnhancedContextBoundaryEnforcer) AddBoundary

func (e *EnhancedContextBoundaryEnforcer) AddBoundary(boundary ContextBoundary)

AddBoundary adds a new boundary to enforce

func (*EnhancedContextBoundaryEnforcer) EnforceBoundaries

func (e *EnhancedContextBoundaryEnforcer) EnforceBoundaries(ctx context.Context) error

EnforceBoundaries enforces all boundaries for a request

func (*EnhancedContextBoundaryEnforcer) Middleware

Middleware creates an HTTP middleware that enforces boundaries

func (*EnhancedContextBoundaryEnforcer) RequireMFA

RequireMFA creates a boundary that requires MFA completion

func (*EnhancedContextBoundaryEnforcer) RequirePermission

func (e *EnhancedContextBoundaryEnforcer) RequirePermission(permission string) ContextBoundary

RequirePermission creates a boundary that requires a specific permission

func (*EnhancedContextBoundaryEnforcer) RequireRole

RequireRole creates a boundary that requires a specific role

func (*EnhancedContextBoundaryEnforcer) RequireSession

RequireSession creates a boundary that requires a valid session

func (*EnhancedContextBoundaryEnforcer) RequireUser

RequireUser creates a boundary that requires a specific user

func (*EnhancedContextBoundaryEnforcer) SetAuthManager

func (e *EnhancedContextBoundaryEnforcer) SetAuthManager(authManager *AuthManager)

SetAuthManager sets the auth manager for the boundary enforcer

func (*EnhancedContextBoundaryEnforcer) SetRBACManager

func (e *EnhancedContextBoundaryEnforcer) SetRBACManager(rbacManager *RBACManagerImpl)

SetRBACManager sets the RBAC manager for the boundary enforcer

func (*EnhancedContextBoundaryEnforcer) SetSessionManager

func (e *EnhancedContextBoundaryEnforcer) SetSessionManager(sessionManager *SessionManager)

SetSessionManager sets the session manager for the boundary enforcer

type Factory

type Factory interface {
	// CreateAccessControlSystem creates a new access control system
	CreateAccessControlSystem() (AccessControlSystem, error)

	// CreateSecurityManager creates a new security manager
	CreateSecurityManager() (SecurityManager, error)

	// CreateUserManager creates a new user manager
	CreateUserManager() (UserManager, error)

	// CreateAuthManager creates a new auth manager
	CreateAuthManager() (LegacyAuthManagerInterface, error)

	// CreateRBACManager creates a new RBAC manager
	CreateRBACManager() (RBACManager, error)

	// CreateAuditLogger creates a new audit logger
	CreateAuditLogger() (LegacyAuditLogger, error)
}

Factory creates access control system components

type FactoryImpl

type FactoryImpl struct {
	// contains filtered or unexported fields
}

FactoryImpl implements the Factory interface

func NewAccessControlFactory

func NewAccessControlFactory(config *Config) *FactoryImpl

NewAccessControlFactory creates a new access control factory (alias for NewFactory)

func NewFactory

func NewFactory(config *Config) *FactoryImpl

NewFactory creates a new factory

func (*FactoryImpl) CreateAccessControlSystem

func (f *FactoryImpl) CreateAccessControlSystem() (*AccessControlSystem, error)

CreateAccessControlSystem creates a new access control system

func (*FactoryImpl) CreateAuditLogger

func (f *FactoryImpl) CreateAuditLogger() (AuditLogger, error)

CreateAuditLogger creates a new audit logger

func (*FactoryImpl) CreateAuthManager

func (f *FactoryImpl) CreateAuthManager() (AuthManager, error)

CreateAuthManager creates a new auth manager

func (*FactoryImpl) CreateDatabaseAccessControlSystem

func (f *FactoryImpl) CreateDatabaseAccessControlSystem(dbDriver, dbDSN string) (*AccessControlSystem, error)

CreateDatabaseAccessControlSystem creates a database-backed access control system

func (*FactoryImpl) CreateInMemoryAccessControlSystem

func (f *FactoryImpl) CreateInMemoryAccessControlSystem() (*AccessControlSystem, error)

CreateInMemoryAccessControlSystem creates an in-memory access control system

func (*FactoryImpl) CreateRBACManager

func (f *FactoryImpl) CreateRBACManager() (RBACManager, error)

CreateRBACManager creates a new RBAC manager

func (*FactoryImpl) CreateSecurityManager

func (f *FactoryImpl) CreateSecurityManager() (*BasicSecurityManager, error)

CreateSecurityManager creates a new security manager

func (*FactoryImpl) CreateSecurityManagerAdapter

func (f *FactoryImpl) CreateSecurityManagerAdapter(legacyManager interface{}) interfaces.SecurityManager

CreateSecurityManagerAdapter creates a new security manager adapter

func (*FactoryImpl) CreateSessionStoreAdapter

func (f *FactoryImpl) CreateSessionStoreAdapter(legacyStore interface{}) interfaces.SessionStore

CreateSessionStoreAdapter creates a new session store adapter

func (*FactoryImpl) CreateUserManager

func (f *FactoryImpl) CreateUserManager() (UserManager, error)

CreateUserManager creates a new user manager

func (*FactoryImpl) CreateUserStoreAdapter

func (f *FactoryImpl) CreateUserStoreAdapter(legacyStore interface{}) interfaces.UserStore

CreateUserStoreAdapter creates a new user store adapter

type FileAuditLogger

type FileAuditLogger struct {
	// contains filtered or unexported fields
}

FileAuditLogger is a file-based implementation of AuditLogger

func NewFileAuditLogger

func NewFileAuditLogger(filePath string) *FileAuditLogger

NewFileAuditLogger creates a new file-based audit logger

func (*FileAuditLogger) Close

func (l *FileAuditLogger) Close(ctx context.Context) error

Close closes the file audit logger

func (*FileAuditLogger) GetAuditLogByID

func (l *FileAuditLogger) GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)

GetAuditLogByID retrieves an audit log by ID

func (*FileAuditLogger) GetAuditLogs

func (l *FileAuditLogger) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)

GetAuditLogs retrieves audit logs

func (*FileAuditLogger) Initialize

func (l *FileAuditLogger) Initialize(ctx context.Context) error

Initialize initializes the file audit logger

func (*FileAuditLogger) LogAudit

func (l *FileAuditLogger) LogAudit(ctx context.Context, log *AuditLog) error

LogAudit logs an audit event to the file

type InMemoryAuditLogger

type InMemoryAuditLogger struct {
	// contains filtered or unexported fields
}

InMemoryAuditLogger is a simple in-memory implementation of AuditLogger

func NewInMemoryAuditLogger

func NewInMemoryAuditLogger() *InMemoryAuditLogger

NewInMemoryAuditLogger creates a new in-memory audit logger

func (*InMemoryAuditLogger) Close

func (l *InMemoryAuditLogger) Close(ctx context.Context) error

Close closes the audit logger

func (*InMemoryAuditLogger) GetAuditLogByID

func (l *InMemoryAuditLogger) GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)

GetAuditLogByID retrieves an audit log by ID

func (*InMemoryAuditLogger) GetAuditLogs

func (l *InMemoryAuditLogger) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)

GetAuditLogs retrieves audit logs

func (*InMemoryAuditLogger) Initialize

func (l *InMemoryAuditLogger) Initialize(ctx context.Context) error

Initialize initializes the audit logger

func (*InMemoryAuditLogger) LogAudit

func (l *InMemoryAuditLogger) LogAudit(ctx context.Context, log *AuditLog) error

LogAudit logs an audit event

type InMemoryAuditLoggerAdapter

type InMemoryAuditLoggerAdapter struct {
	// contains filtered or unexported fields
}

InMemoryAuditLoggerAdapter is an in-memory implementation of interfaces.AuditLogger

func (*InMemoryAuditLoggerAdapter) Close

func (l *InMemoryAuditLoggerAdapter) Close() error

Close closes the audit logger

func (*InMemoryAuditLoggerAdapter) ExportEvents

func (l *InMemoryAuditLoggerAdapter) ExportEvents(ctx context.Context, filter map[string]interface{}, format string) (string, error)

ExportEvents exports audit events to a file

func (*InMemoryAuditLoggerAdapter) GetAuditLogByID

func (l *InMemoryAuditLoggerAdapter) GetAuditLogByID(ctx context.Context, id string) (*models.AuditLog, error)

GetAuditLogByID retrieves an audit log by ID

func (*InMemoryAuditLoggerAdapter) GetEventByID

func (l *InMemoryAuditLoggerAdapter) GetEventByID(ctx context.Context, id string) (*models.AuditLog, error)

GetEventByID retrieves an audit event by ID (alias for GetAuditLogByID to satisfy interface)

func (*InMemoryAuditLoggerAdapter) ListAuditLogs

func (l *InMemoryAuditLoggerAdapter) ListAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)

ListAuditLogs lists audit logs with optional filtering

func (*InMemoryAuditLoggerAdapter) LogAudit

LogAudit logs an audit event

func (*InMemoryAuditLoggerAdapter) LogEvent

LogEvent logs an audit event (alias for LogAudit to satisfy interface)

func (*InMemoryAuditLoggerAdapter) QueryEvents

func (l *InMemoryAuditLoggerAdapter) QueryEvents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)

QueryEvents queries audit events with filtering (alias for ListAuditLogs to satisfy interface)

type InMemoryAuditLoggerWithTypes

type InMemoryAuditLoggerWithTypes struct {
	// contains filtered or unexported fields
}

InMemoryAuditLoggerWithTypes is a simple in-memory implementation of AuditLogger using common.AuditLog

func NewInMemoryAuditLoggerWithTypes

func NewInMemoryAuditLoggerWithTypes() *InMemoryAuditLoggerWithTypes

NewInMemoryAuditLoggerWithTypes creates a new in-memory audit logger with types

func (*InMemoryAuditLoggerWithTypes) Close

Close closes the logger

func (*InMemoryAuditLoggerWithTypes) GetAuditLogByID

func (l *InMemoryAuditLoggerWithTypes) GetAuditLogByID(ctx context.Context, id string) (*common.AuditLog, error)

GetAuditLogByID retrieves an audit log by ID

func (*InMemoryAuditLoggerWithTypes) GetAuditLogs

func (l *InMemoryAuditLoggerWithTypes) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*common.AuditLog, int, error)

GetAuditLogs retrieves audit logs

func (*InMemoryAuditLoggerWithTypes) Initialize

Initialize initializes the audit logger

func (*InMemoryAuditLoggerWithTypes) LogAudit

LogAudit logs an audit event

type InMemoryAuditStore

type InMemoryAuditStore struct {
	// contains filtered or unexported fields
}

InMemoryAuditStore is an in-memory implementation of the AuditStore interface

func NewInMemoryAuditStore

func NewInMemoryAuditStore() *InMemoryAuditStore

NewInMemoryAuditStore creates a new in-memory audit store

func (*InMemoryAuditStore) Close

func (s *InMemoryAuditStore) Close() error

Close closes the audit store

func (*InMemoryAuditStore) DeleteAuditLog

func (s *InMemoryAuditStore) DeleteAuditLog(ctx context.Context, id string) error

DeleteAuditLog deletes an audit log

func (*InMemoryAuditStore) DeleteAuditLogsBefore

func (s *InMemoryAuditStore) DeleteAuditLogsBefore(ctx context.Context, before time.Time) (int, error)

DeleteAuditLogsBefore deletes audit logs before a specific time

func (*InMemoryAuditStore) GetAuditLog

func (s *InMemoryAuditStore) GetAuditLog(ctx context.Context, id string) (*models.AuditLog, error)

GetAuditLog retrieves an audit log by ID

func (*InMemoryAuditStore) GetAuditLogs

func (s *InMemoryAuditStore) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)

GetAuditLogs retrieves audit logs with optional filtering

func (*InMemoryAuditStore) StoreAuditLog

func (s *InMemoryAuditStore) StoreAuditLog(ctx context.Context, log *models.AuditLog) error

StoreAuditLog stores an audit log

type InMemoryIncidentStore

type InMemoryIncidentStore struct {
	// contains filtered or unexported fields
}

InMemoryIncidentStore is a simple in-memory implementation of IncidentStore

func NewInMemoryIncidentStore

func NewInMemoryIncidentStore() *InMemoryIncidentStore

NewInMemoryIncidentStore creates a new in-memory incident store

func (*InMemoryIncidentStore) Close

func (s *InMemoryIncidentStore) Close() error

Close closes the store

func (*InMemoryIncidentStore) CreateIncident

func (s *InMemoryIncidentStore) CreateIncident(ctx context.Context, incident *common.SecurityIncident) error

CreateIncident creates a new security incident

func (*InMemoryIncidentStore) DeleteIncident

func (s *InMemoryIncidentStore) DeleteIncident(ctx context.Context, id string) error

DeleteIncident deletes a security incident by ID

func (*InMemoryIncidentStore) GetIncidentByID

func (s *InMemoryIncidentStore) GetIncidentByID(ctx context.Context, id string) (*common.SecurityIncident, error)

GetIncidentByID retrieves a security incident by ID

func (*InMemoryIncidentStore) ListIncidents

func (s *InMemoryIncidentStore) ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*common.SecurityIncident, int, error)

ListIncidents lists security incidents

func (*InMemoryIncidentStore) UpdateIncident

func (s *InMemoryIncidentStore) UpdateIncident(ctx context.Context, incident *common.SecurityIncident) error

UpdateIncident updates an existing security incident

type InMemoryIncidentStoreAdapter

type InMemoryIncidentStoreAdapter struct {
	// contains filtered or unexported fields
}

InMemoryIncidentStoreAdapter is an in-memory implementation of interfaces.IncidentStore

func (*InMemoryIncidentStoreAdapter) Close

Close closes the incident store

func (*InMemoryIncidentStoreAdapter) CreateIncident

func (s *InMemoryIncidentStoreAdapter) CreateIncident(ctx context.Context, incident *models.SecurityIncident) error

CreateIncident creates a new security incident

func (*InMemoryIncidentStoreAdapter) DeleteIncident

func (s *InMemoryIncidentStoreAdapter) DeleteIncident(ctx context.Context, id string) error

DeleteIncident deletes a security incident

func (*InMemoryIncidentStoreAdapter) GetIncidentByID

GetIncidentByID retrieves a security incident by ID

func (*InMemoryIncidentStoreAdapter) ListIncidents

func (s *InMemoryIncidentStoreAdapter) ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)

ListIncidents lists security incidents with optional filtering

func (*InMemoryIncidentStoreAdapter) UpdateIncident

func (s *InMemoryIncidentStoreAdapter) UpdateIncident(ctx context.Context, incident *models.SecurityIncident) error

UpdateIncident updates a security incident

type InMemoryIncidentStoreModels

type InMemoryIncidentStoreModels struct {
	// contains filtered or unexported fields
}

InMemoryIncidentStoreModels is an in-memory implementation of the IncidentStore interface using models

func (*InMemoryIncidentStoreModels) CreateIncident

func (s *InMemoryIncidentStoreModels) CreateIncident(ctx context.Context, incident *models.SecurityIncident) error

CreateIncident creates a new security incident

func (*InMemoryIncidentStoreModels) GetIncidentByID

func (s *InMemoryIncidentStoreModels) GetIncidentByID(ctx context.Context, incidentID string) (*models.SecurityIncident, error)

GetIncidentByID retrieves a security incident by ID

func (*InMemoryIncidentStoreModels) ListIncidents

func (s *InMemoryIncidentStoreModels) ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)

ListIncidents lists security incidents with optional filtering

func (*InMemoryIncidentStoreModels) UpdateIncident

func (s *InMemoryIncidentStoreModels) UpdateIncident(ctx context.Context, incident *models.SecurityIncident) error

UpdateIncident updates a security incident

type InMemoryRoleStore

type InMemoryRoleStore struct {
	// contains filtered or unexported fields
}

InMemoryRoleStore is an in-memory implementation of the RoleStore interface

func NewInMemoryRoleStore

func NewInMemoryRoleStore() *InMemoryRoleStore

NewInMemoryRoleStore creates a new in-memory role store

func (*InMemoryRoleStore) AddPermissionToRole

func (s *InMemoryRoleStore) AddPermissionToRole(ctx context.Context, role, permission string) error

AddPermissionToRole adds a permission to a role

func (*InMemoryRoleStore) AddRoleToUser

func (s *InMemoryRoleStore) AddRoleToUser(ctx context.Context, userID, role string) error

AddRoleToUser adds a role to a user

func (*InMemoryRoleStore) GetAllPermissions

func (s *InMemoryRoleStore) GetAllPermissions(ctx context.Context) ([]string, error)

GetAllPermissions gets all permissions

func (*InMemoryRoleStore) GetAllRoles

func (s *InMemoryRoleStore) GetAllRoles(ctx context.Context) ([]string, error)

GetAllRoles gets all roles

func (*InMemoryRoleStore) GetRolePermissions

func (s *InMemoryRoleStore) GetRolePermissions(ctx context.Context, role string) ([]string, error)

GetRolePermissions gets the permissions for a role

func (*InMemoryRoleStore) GetUserRoles

func (s *InMemoryRoleStore) GetUserRoles(ctx context.Context, userID string) ([]string, error)

GetUserRoles gets a user's roles

func (*InMemoryRoleStore) RemovePermissionFromRole

func (s *InMemoryRoleStore) RemovePermissionFromRole(ctx context.Context, role, permission string) error

RemovePermissionFromRole removes a permission from a role

func (*InMemoryRoleStore) RemoveRoleFromUser

func (s *InMemoryRoleStore) RemoveRoleFromUser(ctx context.Context, userID, role string) error

RemoveRoleFromUser removes a role from a user

type InMemorySessionStore

type InMemorySessionStore struct {
	// contains filtered or unexported fields
}

InMemorySessionStore is a simple in-memory implementation of SessionStore

func NewInMemorySessionStore

func NewInMemorySessionStore() *InMemorySessionStore

NewInMemorySessionStore creates a new in-memory session store

func (*InMemorySessionStore) CleanExpiredSessions

func (s *InMemorySessionStore) CleanExpiredSessions(ctx context.Context) error

CleanExpiredSessions removes all expired sessions

func (*InMemorySessionStore) Close

func (s *InMemorySessionStore) Close() error

Close closes the session store

func (*InMemorySessionStore) CreateSession

func (s *InMemorySessionStore) CreateSession(ctx context.Context, session *Session) error

CreateSession creates a new session

func (*InMemorySessionStore) DeleteSession

func (s *InMemorySessionStore) DeleteSession(ctx context.Context, id string) error

DeleteSession deletes a session by ID

func (*InMemorySessionStore) GetSession

func (s *InMemorySessionStore) GetSession(ctx context.Context, id string) (*Session, error)

GetSession retrieves a session by ID

func (*InMemorySessionStore) GetUserSessions

func (s *InMemorySessionStore) GetUserSessions(ctx context.Context, userID string) ([]*Session, error)

GetUserSessions retrieves all sessions for a user

func (*InMemorySessionStore) UpdateSession

func (s *InMemorySessionStore) UpdateSession(ctx context.Context, session *Session) error

UpdateSession updates an existing session

type InMemoryUserStore

type InMemoryUserStore struct {
	// contains filtered or unexported fields
}

InMemoryUserStore is a simple in-memory implementation of UserStore

func NewInMemoryUserStore

func NewInMemoryUserStore() *InMemoryUserStore

NewInMemoryUserStore creates a new in-memory user store

func (*InMemoryUserStore) Close

func (s *InMemoryUserStore) Close() error

Close closes the user store

func (*InMemoryUserStore) CreateUser

func (s *InMemoryUserStore) CreateUser(ctx context.Context, user *User) error

CreateUser creates a new user

func (*InMemoryUserStore) DeleteUser

func (s *InMemoryUserStore) DeleteUser(ctx context.Context, id string) error

DeleteUser deletes a user by ID

func (*InMemoryUserStore) GetUserByEmail

func (s *InMemoryUserStore) GetUserByEmail(ctx context.Context, email string) (*User, error)

GetUserByEmail retrieves a user by email

func (*InMemoryUserStore) GetUserByID

func (s *InMemoryUserStore) GetUserByID(ctx context.Context, id string) (*User, error)

GetUserByID retrieves a user by ID

func (*InMemoryUserStore) GetUserByUsername

func (s *InMemoryUserStore) GetUserByUsername(ctx context.Context, username string) (*User, error)

GetUserByUsername retrieves a user by username

func (*InMemoryUserStore) ListUsers

func (s *InMemoryUserStore) ListUsers(ctx context.Context) ([]*User, error)

ListUsers lists all users

func (*InMemoryUserStore) UpdateUser

func (s *InMemoryUserStore) UpdateUser(ctx context.Context, user *User) error

UpdateUser updates an existing user

type InMemoryVulnerabilityStore

type InMemoryVulnerabilityStore struct {
	// contains filtered or unexported fields
}

InMemoryVulnerabilityStore is a simple in-memory implementation of VulnerabilityStore

func NewInMemoryVulnerabilityStore

func NewInMemoryVulnerabilityStore() *InMemoryVulnerabilityStore

NewInMemoryVulnerabilityStore creates a new in-memory vulnerability store

func (*InMemoryVulnerabilityStore) Close

func (s *InMemoryVulnerabilityStore) Close() error

Close closes the store

func (*InMemoryVulnerabilityStore) CreateVulnerability

func (s *InMemoryVulnerabilityStore) CreateVulnerability(ctx context.Context, vulnerability *common.Vulnerability) error

CreateVulnerability creates a new vulnerability

func (*InMemoryVulnerabilityStore) DeleteVulnerability

func (s *InMemoryVulnerabilityStore) DeleteVulnerability(ctx context.Context, id string) error

DeleteVulnerability deletes a vulnerability by ID

func (*InMemoryVulnerabilityStore) GetVulnerabilityByID

func (s *InMemoryVulnerabilityStore) GetVulnerabilityByID(ctx context.Context, id string) (*common.Vulnerability, error)

GetVulnerabilityByID retrieves a vulnerability by ID

func (*InMemoryVulnerabilityStore) ListVulnerabilities

func (s *InMemoryVulnerabilityStore) ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*common.Vulnerability, int, error)

ListVulnerabilities lists vulnerabilities

func (*InMemoryVulnerabilityStore) UpdateVulnerability

func (s *InMemoryVulnerabilityStore) UpdateVulnerability(ctx context.Context, vulnerability *common.Vulnerability) error

UpdateVulnerability updates an existing vulnerability

type InMemoryVulnerabilityStoreAdapter

type InMemoryVulnerabilityStoreAdapter struct {
	// contains filtered or unexported fields
}

InMemoryVulnerabilityStoreAdapter is an in-memory implementation of interfaces.VulnerabilityStore

func (*InMemoryVulnerabilityStoreAdapter) Close

Close closes the vulnerability store

func (*InMemoryVulnerabilityStoreAdapter) CreateVulnerability

func (s *InMemoryVulnerabilityStoreAdapter) CreateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error

CreateVulnerability creates a new vulnerability

func (*InMemoryVulnerabilityStoreAdapter) DeleteVulnerability

func (s *InMemoryVulnerabilityStoreAdapter) DeleteVulnerability(ctx context.Context, id string) error

DeleteVulnerability deletes a vulnerability

func (*InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByCVE

func (s *InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByCVE(ctx context.Context, cve string) (*models.Vulnerability, error)

GetVulnerabilityByCVE retrieves a vulnerability by CVE ID

func (*InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByID

func (s *InMemoryVulnerabilityStoreAdapter) GetVulnerabilityByID(ctx context.Context, id string) (*models.Vulnerability, error)

GetVulnerabilityByID retrieves a vulnerability by ID

func (*InMemoryVulnerabilityStoreAdapter) ListVulnerabilities

func (s *InMemoryVulnerabilityStoreAdapter) ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)

ListVulnerabilities lists vulnerabilities with optional filtering

func (*InMemoryVulnerabilityStoreAdapter) UpdateVulnerability

func (s *InMemoryVulnerabilityStoreAdapter) UpdateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error

UpdateVulnerability updates a vulnerability

type InMemoryVulnerabilityStoreModels

type InMemoryVulnerabilityStoreModels struct {
	// contains filtered or unexported fields
}

InMemoryVulnerabilityStoreModels is an in-memory implementation of the VulnerabilityStore interface using models

func (*InMemoryVulnerabilityStoreModels) CreateVulnerability

func (s *InMemoryVulnerabilityStoreModels) CreateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error

CreateVulnerability creates a new security vulnerability

func (*InMemoryVulnerabilityStoreModels) GetVulnerabilityByID

func (s *InMemoryVulnerabilityStoreModels) GetVulnerabilityByID(ctx context.Context, vulnerabilityID string) (*models.Vulnerability, error)

GetVulnerabilityByID retrieves a security vulnerability by ID

func (*InMemoryVulnerabilityStoreModels) ListVulnerabilities

func (s *InMemoryVulnerabilityStoreModels) ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)

ListVulnerabilities lists security vulnerabilities with optional filtering

func (*InMemoryVulnerabilityStoreModels) UpdateVulnerability

func (s *InMemoryVulnerabilityStoreModels) UpdateVulnerability(ctx context.Context, vulnerability *models.Vulnerability) error

UpdateVulnerability updates a security vulnerability

type IncidentFilter

type IncidentFilter struct {
	Severity      string `json:"severity,omitempty"`
	Status        string `json:"status,omitempty"`
	AssigneeID    string `json:"assignee_id,omitempty"`
	ReportedAfter string `json:"reported_after,omitempty"`
	SortBy        string `json:"sort_by,omitempty"`
	SortOrder     string `json:"sort_order,omitempty"`
	Offset        int    `json:"offset,omitempty"`
	Limit         int    `json:"limit,omitempty"`
}

IncidentFilter defines filters for querying security incidents

type IncidentStatus

type IncidentStatus string

IncidentStatus represents the status of a security incident

const (
	IncidentStatusNew        IncidentStatus = "new"
	IncidentStatusInProgress IncidentStatus = "in_progress"
	IncidentStatusResolved   IncidentStatus = "resolved"
	IncidentStatusClosed     IncidentStatus = "closed"
	IncidentStatusDuplicate  IncidentStatus = "duplicate"
)

Incident statuses

type IncidentStore

type IncidentStore interface {
	CreateIncident(ctx context.Context, incident *SecurityIncident) error
	GetIncident(ctx context.Context, id string) (*SecurityIncident, error)
	UpdateIncident(ctx context.Context, incident *SecurityIncident) error
	DeleteIncident(ctx context.Context, id string) error
	ListIncidents(ctx context.Context, filter *LocalIncidentFilter) ([]*SecurityIncident, error)
}

IncidentStore defines the interface for security incident storage

type LegacyAuditLogger

type LegacyAuditLogger interface {
	// LogAudit logs an audit event
	LogAudit(log *models.AuditLog) error

	// GetAuditLogs gets audit logs
	GetAuditLogs(filter map[string]interface{}, offset, limit int) ([]*models.AuditLog, int, error)

	// Close closes the audit logger
	Close() error
}

LegacyAuditLogger defines the interface for audit logging (legacy)

type LegacyAuthManager

type LegacyAuthManager struct {
	// contains filtered or unexported fields
}

LegacyAuthManager manages authentication and session management (legacy version)

func NewLegacyAuthManager

func NewLegacyAuthManager(config *AccessControlConfig, userStore UserStore, sessionStore SessionStore, auditLogger AuditLogger) *LegacyAuthManager

NewLegacyAuthManager creates a new legacy authentication manager

func NewLegacyAuthManagerWithMFA

func NewLegacyAuthManagerWithMFA(config *AccessControlConfig, userStore UserStore, sessionStore SessionStore, auditLogger AuditLogger, mfaManager mfa.MFAManager) *LegacyAuthManager

NewLegacyAuthManagerWithMFA creates a new legacy authentication manager with MFA support

func (*LegacyAuthManager) CreateUser

func (m *LegacyAuthManager) CreateUser(ctx context.Context, username, email, password string, roles []string) (*User, error)

CreateUser creates a new user

func (*LegacyAuthManager) DisableMFA

func (m *LegacyAuthManager) DisableMFA(ctx context.Context, userID string, method common.AuthMethod) error

DisableMFA disables multi-factor authentication for a user

func (*LegacyAuthManager) EnableMFA

func (m *LegacyAuthManager) EnableMFA(ctx context.Context, userID string, method common.AuthMethod) error

EnableMFA enables multi-factor authentication for a user

func (*LegacyAuthManager) Login

func (m *LegacyAuthManager) Login(ctx context.Context, username, password string, ipAddress, userAgent string) (*Session, error)

Login authenticates a user and creates a new session

func (*LegacyAuthManager) Logout

func (m *LegacyAuthManager) Logout(ctx context.Context, sessionID string) error

Logout logs out a user by invalidating their session

func (*LegacyAuthManager) RefreshSession

func (m *LegacyAuthManager) RefreshSession(ctx context.Context, sessionID, refreshToken string, ipAddress, userAgent string) (*Session, error)

RefreshSession refreshes a session and returns a new token

func (*LegacyAuthManager) UpdateUserPassword

func (m *LegacyAuthManager) UpdateUserPassword(ctx context.Context, userID, currentPassword, newPassword string) error

UpdateUserPassword updates a user's password

func (*LegacyAuthManager) ValidateSession

func (m *LegacyAuthManager) ValidateSession(ctx context.Context, sessionID, token string, ipAddress, userAgent string) (*User, error)

ValidateSession validates a session and returns the associated user

func (*LegacyAuthManager) VerifyMFA

func (m *LegacyAuthManager) VerifyMFA(ctx context.Context, sessionID, code string) error

VerifyMFA verifies a multi-factor authentication code

type LegacyAuthManagerInterface

type LegacyAuthManagerInterface interface {
	// Login authenticates a user
	Login(username, password string) (*models.Session, error)

	// Logout logs out a user
	Logout(sessionID string) error

	// ValidateSession validates a session
	ValidateSession(sessionID string) (*models.Session, error)

	// RefreshSession refreshes a session
	RefreshSession(sessionID string) (*models.Session, error)

	// ChangePassword changes a user's password
	ChangePassword(userID, oldPassword, newPassword string) error

	// ResetPassword resets a user's password
	ResetPassword(userID, newPassword string) error

	// Close closes the auth manager
	Close() error
}

LegacyAuthManagerInterface defines the interface for authentication (legacy)

type LocalInMemoryIncidentStore

type LocalInMemoryIncidentStore struct {
	// contains filtered or unexported fields
}

LocalInMemoryIncidentStore is a simple in-memory implementation of IncidentStore

func NewLocalInMemoryIncidentStore

func NewLocalInMemoryIncidentStore() *LocalInMemoryIncidentStore

NewLocalInMemoryIncidentStore creates a new local in-memory incident store

func (*LocalInMemoryIncidentStore) CreateIncident

func (s *LocalInMemoryIncidentStore) CreateIncident(ctx context.Context, incident *SecurityIncident) error

CreateIncident creates a new security incident

func (*LocalInMemoryIncidentStore) DeleteIncident

func (s *LocalInMemoryIncidentStore) DeleteIncident(ctx context.Context, id string) error

DeleteIncident deletes a security incident by ID

func (*LocalInMemoryIncidentStore) GetIncident

GetIncident retrieves a security incident by ID

func (*LocalInMemoryIncidentStore) ListIncidents

ListIncidents lists security incidents based on filters

func (*LocalInMemoryIncidentStore) UpdateIncident

func (s *LocalInMemoryIncidentStore) UpdateIncident(ctx context.Context, incident *SecurityIncident) error

UpdateIncident updates an existing security incident

type LocalInMemoryVulnerabilityStore

type LocalInMemoryVulnerabilityStore struct {
	// contains filtered or unexported fields
}

LocalInMemoryVulnerabilityStore is a simple in-memory implementation of VulnerabilityStore

func NewLocalInMemoryVulnerabilityStore

func NewLocalInMemoryVulnerabilityStore() *LocalInMemoryVulnerabilityStore

NewLocalInMemoryVulnerabilityStore creates a new local in-memory vulnerability store

func (*LocalInMemoryVulnerabilityStore) CreateVulnerability

func (s *LocalInMemoryVulnerabilityStore) CreateVulnerability(ctx context.Context, vulnerability *Vulnerability) error

CreateVulnerability creates a new vulnerability

func (*LocalInMemoryVulnerabilityStore) DeleteVulnerability

func (s *LocalInMemoryVulnerabilityStore) DeleteVulnerability(ctx context.Context, id string) error

DeleteVulnerability deletes a vulnerability by ID

func (*LocalInMemoryVulnerabilityStore) GetVulnerability

func (s *LocalInMemoryVulnerabilityStore) GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)

GetVulnerability retrieves a vulnerability by ID

func (*LocalInMemoryVulnerabilityStore) ListVulnerabilities

ListVulnerabilities lists vulnerabilities based on filters

func (*LocalInMemoryVulnerabilityStore) UpdateVulnerability

func (s *LocalInMemoryVulnerabilityStore) UpdateVulnerability(ctx context.Context, vulnerability *Vulnerability) error

UpdateVulnerability updates an existing vulnerability

type LocalIncidentFilter

type LocalIncidentFilter struct {
	Severity   AuditSeverity  `json:"severity,omitempty"`
	Status     IncidentStatus `json:"status,omitempty"`
	AssignedTo string         `json:"assigned_to,omitempty"`
	ReportedBy string         `json:"reported_by,omitempty"`
	StartTime  time.Time      `json:"start_time,omitempty"`
	EndTime    time.Time      `json:"end_time,omitempty"`
	Limit      int            `json:"limit,omitempty"`
	Offset     int            `json:"offset,omitempty"`
}

LocalIncidentFilter defines filters for querying security incidents (local version)

type LocalVulnerabilityFilter

type LocalVulnerabilityFilter struct {
	Severity       AuditSeverity       `json:"severity,omitempty"`
	Status         VulnerabilityStatus `json:"status,omitempty"`
	AssignedTo     string              `json:"assigned_to,omitempty"`
	ReportedBy     string              `json:"reported_by,omitempty"`
	AffectedSystem string              `json:"affected_system,omitempty"`
	CVE            string              `json:"cve,omitempty"`
	StartTime      time.Time           `json:"start_time,omitempty"`
	EndTime        time.Time           `json:"end_time,omitempty"`
	Limit          int                 `json:"limit,omitempty"`
	Offset         int                 `json:"offset,omitempty"`
}

LocalVulnerabilityFilter defines filters for querying vulnerabilities (local version)

type LoginResult

type LoginResult struct {
	User         *models.User    `json:"user"`
	Session      *models.Session `json:"session"`
	Token        string          `json:"token,omitempty"`         // Convenience field, same as Session.Token
	RefreshToken string          `json:"refresh_token,omitempty"` // Convenience field, same as Session.RefreshToken
}

LoginResult represents the result of a successful login attempt

type MFAContextKey

type MFAContextKey string

MFAContextKey is the key used to store MFA information in the context

const (
	// MFAStatusKey is the key for MFA status in context
	MFAStatusKey MFAContextKey = "mfa_status"
	// MFAMethodKey is the key for MFA method in context
	MFAMethodKey MFAContextKey = "mfa_method"
	// MFAUserIDKey is the key for user ID in MFA context
	MFAUserIDKey MFAContextKey = "mfa_user_id"
)

type MFAMiddleware

type MFAMiddleware struct {
	// contains filtered or unexported fields
}

MFAMiddleware represents middleware for MFA verification

func NewMFAMiddleware

func NewMFAMiddleware(authManager *AuthManager) *MFAMiddleware

NewMFAMiddleware creates a new MFA middleware

func (*MFAMiddleware) ConditionalMFA

func (m *MFAMiddleware) ConditionalMFA(condition MFARequiredFunc, next http.Handler) http.Handler

ConditionalMFA creates middleware that requires MFA only if the condition function returns true

func (*MFAMiddleware) MFAByPath

func (m *MFAMiddleware) MFAByPath(paths []string, next http.Handler) http.Handler

MFAByPath creates middleware that requires MFA for specific paths

func (*MFAMiddleware) MFAByRole

func (m *MFAMiddleware) MFAByRole(roles []string, next http.Handler) http.Handler

MFAByRole creates middleware that requires MFA for users with specific roles

func (*MFAMiddleware) MFAVerifyHandler

func (m *MFAMiddleware) MFAVerifyHandler(w http.ResponseWriter, r *http.Request)

MFAVerifyHandler handles MFA verification

func (*MFAMiddleware) OptionalMFA

func (m *MFAMiddleware) OptionalMFA(next http.Handler) http.Handler

OptionalMFA creates middleware that adds MFA status to context but doesn't require it

func (*MFAMiddleware) RequireMFA

func (m *MFAMiddleware) RequireMFA(next http.Handler) http.Handler

RequireMFA creates middleware that requires MFA verification

type MFARequiredFunc

type MFARequiredFunc func(r *http.Request) bool

MFARequiredFunc is a function that determines if MFA is required for a request

type MFAStatus

type MFAStatus string

MFAStatus represents the status of MFA verification

const (
	// MFAStatusRequired indicates that MFA is required but not completed
	MFAStatusRequired MFAStatus = "required"
	// MFAStatusCompleted indicates that MFA has been completed
	MFAStatusCompleted MFAStatus = "completed"
	// MFAStatusNotRequired indicates that MFA is not required
	MFAStatusNotRequired MFAStatus = "not_required"
)

func GetMFAStatus

func GetMFAStatus(ctx context.Context) (MFAStatus, error)

GetMFAStatus gets MFA status from context

type MultiAuditLogger

type MultiAuditLogger struct {
	// contains filtered or unexported fields
}

MultiAuditLogger is an implementation of AuditLogger that logs to multiple loggers

func NewMultiAuditLogger

func NewMultiAuditLogger(loggers ...AuditLogger) *MultiAuditLogger

NewMultiAuditLogger creates a new multi-logger

func (*MultiAuditLogger) Close

func (l *MultiAuditLogger) Close(ctx context.Context) error

Close closes all loggers

func (*MultiAuditLogger) GetAuditLogByID

func (l *MultiAuditLogger) GetAuditLogByID(ctx context.Context, id string) (*AuditLog, error)

GetAuditLogByID retrieves an audit log by ID from the primary logger

func (*MultiAuditLogger) GetAuditLogs

func (l *MultiAuditLogger) GetAuditLogs(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*AuditLog, int, error)

GetAuditLogs retrieves audit logs from the primary logger

func (*MultiAuditLogger) Initialize

func (l *MultiAuditLogger) Initialize(ctx context.Context) error

Initialize initializes all loggers

func (*MultiAuditLogger) LogAudit

func (l *MultiAuditLogger) LogAudit(ctx context.Context, log *AuditLog) error

LogAudit logs an audit event to all loggers

type PasswordPolicy

type PasswordPolicy struct {
	// MinLength is the minimum password length
	MinLength int `json:"min_length"`

	// RequireUppercase requires at least one uppercase letter
	RequireUppercase bool `json:"require_uppercase"`

	// RequireLowercase requires at least one lowercase letter
	RequireLowercase bool `json:"require_lowercase"`

	// RequireNumbers requires at least one number
	RequireNumbers bool `json:"require_numbers"`

	// RequireSpecialChars requires at least one special character
	RequireSpecialChars bool `json:"require_special_chars"`

	// MaxAge is the maximum password age in days (0 = no expiration)
	MaxAge int `json:"max_age"`

	// PreventReuseCount prevents reusing the last N passwords
	PreventReuseCount int `json:"prevent_reuse_count"`

	// LockoutThreshold is the number of failed login attempts before account lockout
	LockoutThreshold int `json:"lockout_threshold"`

	// LockoutDuration is the duration of account lockout in minutes
	LockoutDuration int `json:"lockout_duration"`
}

PasswordPolicy defines password requirements

type Permission

type Permission = string

Permission represents a specific permission in the system

type PersistentSessionStore

type PersistentSessionStore interface {
	SessionStore
	Initialize(ctx context.Context) error
	CloseWithContext(ctx context.Context) error
}

PersistentSessionStore is an interface for session stores that persist data

type RBACConfig

type RBACConfig struct {
	DefaultRoles    []string            `json:"default_roles"`
	RolePermissions map[string][]string `json:"role_permissions"`
	RoleHierarchy   map[string][]string `json:"role_hierarchy"`
	CustomRoles     []Role              `json:"custom_roles"`
}

RBACConfig represents the configuration for role-based access control

func NewRBACConfig

func NewRBACConfig() *RBACConfig

NewRBACConfig creates a new RBAC configuration with default values

type RBACConfigSettings

type RBACConfigSettings struct {
	// DefaultRoles specifies the default roles available in the system
	DefaultRoles []string `json:"default_roles"`

	// RolePermissions maps role names to their permissions
	RolePermissions map[string][]string `json:"role_permissions"`

	// StrictHierarchy enables strict role hierarchy enforcement
	StrictHierarchy bool `json:"strict_hierarchy"`

	// AllowDirectPermissions allows direct permission assignments to users
	AllowDirectPermissions bool `json:"allow_direct_permissions"`
}

RBACConfigSettings defines RBAC-specific configuration settings

type RBACManager

type RBACManager interface {
	// HasPermission checks if a user has a permission
	HasPermission(userID string, permission string) (bool, error)

	// HasRole checks if a user has a role
	HasRole(userID string, role string) (bool, error)

	// AddRoleToUser adds a role to a user
	AddRoleToUser(userID string, role string) error

	// RemoveRoleFromUser removes a role from a user
	RemoveRoleFromUser(userID string, role string) error

	// GetUserRoles gets a user's roles
	GetUserRoles(userID string) ([]string, error)

	// GetUserPermissions gets a user's permissions
	GetUserPermissions(userID string) ([]string, error)

	// Close closes the RBAC manager
	Close() error
}

RBACManager defines the interface for role-based access control

type RBACManagerAdapter

type RBACManagerAdapter struct {
	// contains filtered or unexported fields
}

RBACManagerAdapter wraps SimpleRBACManager to implement the RBACManager interface

func NewRBACManagerAdapter

func NewRBACManagerAdapter(manager *SimpleRBACManager) *RBACManagerAdapter

NewRBACManagerAdapter creates a new RBAC manager adapter

func (*RBACManagerAdapter) AddRoleToUser

func (a *RBACManagerAdapter) AddRoleToUser(userID string, role string) error

AddRoleToUser adds a role to a user

func (*RBACManagerAdapter) Close

func (a *RBACManagerAdapter) Close() error

Close closes the RBAC manager

func (*RBACManagerAdapter) GetUserPermissions

func (a *RBACManagerAdapter) GetUserPermissions(userID string) ([]string, error)

GetUserPermissions gets a user's permissions

func (*RBACManagerAdapter) GetUserRoles

func (a *RBACManagerAdapter) GetUserRoles(userID string) ([]string, error)

GetUserRoles gets a user's roles

func (*RBACManagerAdapter) HasPermission

func (a *RBACManagerAdapter) HasPermission(userID string, permission string) (bool, error)

HasPermission checks if a user has a permission

func (*RBACManagerAdapter) HasRole

func (a *RBACManagerAdapter) HasRole(userID string, role string) (bool, error)

HasRole checks if a user has a role

func (*RBACManagerAdapter) RemoveRoleFromUser

func (a *RBACManagerAdapter) RemoveRoleFromUser(userID string, role string) error

RemoveRoleFromUser removes a role from a user

type RBACManagerImpl

type RBACManagerImpl struct {
	// contains filtered or unexported fields
}

RBACManagerImpl implements the RBACManager interface

func NewRBACManagerImpl

func NewRBACManagerImpl(userManager UserManager, roleStore RoleStore, auditLogger AuditLogger) *RBACManagerImpl

NewRBACManagerImpl creates a new RBAC manager implementation

func (*RBACManagerImpl) AddRoleToUser

func (m *RBACManagerImpl) AddRoleToUser(ctx context.Context, userID string, role string) error

AddRoleToUser adds a role to a user

func (*RBACManagerImpl) Close

func (m *RBACManagerImpl) Close() error

Close closes the RBAC manager

func (*RBACManagerImpl) GetUserPermissions

func (m *RBACManagerImpl) GetUserPermissions(ctx context.Context, userID string) ([]string, error)

GetUserPermissions gets a user's permissions

func (*RBACManagerImpl) GetUserRoles

func (m *RBACManagerImpl) GetUserRoles(ctx context.Context, userID string) ([]string, error)

GetUserRoles gets a user's roles

func (*RBACManagerImpl) HasPermission

func (m *RBACManagerImpl) HasPermission(ctx context.Context, userID string, permission string) (bool, error)

HasPermission checks if a user has a permission

func (*RBACManagerImpl) HasRole

func (m *RBACManagerImpl) HasRole(ctx context.Context, userID string, role string) (bool, error)

HasRole checks if a user has a role

func (*RBACManagerImpl) Initialize

func (m *RBACManagerImpl) Initialize(ctx context.Context) error

Initialize initializes the RBAC manager

func (*RBACManagerImpl) RemoveRoleFromUser

func (m *RBACManagerImpl) RemoveRoleFromUser(ctx context.Context, userID string, role string) error

RemoveRoleFromUser removes a role from a user

type RequestContext

type RequestContext interface {
	context.Context
	GetUserID() string
	GetUsername() string
	GetIPAddress() string
	GetUserAgent() string
}

RequestContext is an interface that extends the standard context.Context to provide additional methods for access control operations

func NewRequestContext

func NewRequestContext(ctx context.Context, userID, username, ipAddress, userAgent string) RequestContext

NewRequestContext creates a new RequestContext

type Role

type Role struct {
	ID          string    `json:"id"`
	Name        string    `json:"name"`
	Description string    `json:"description"`
	Permissions []string  `json:"permissions"`
	ParentRoles []string  `json:"parent_roles,omitempty"`
	IsBuiltIn   bool      `json:"is_built_in"`
	CreatedAt   time.Time `json:"created_at"`
	UpdatedAt   time.Time `json:"updated_at"`
}

Role represents a role in the system with associated permissions

type RoleName

type RoleName = string

RoleName represents a user role name in the system

type RoleStore

type RoleStore interface {
	// GetUserRoles gets a user's roles
	GetUserRoles(ctx context.Context, userID string) ([]string, error)

	// AddRoleToUser adds a role to a user
	AddRoleToUser(ctx context.Context, userID, role string) error

	// RemoveRoleFromUser removes a role from a user
	RemoveRoleFromUser(ctx context.Context, userID, role string) error

	// GetRolePermissions gets the permissions for a role
	GetRolePermissions(ctx context.Context, role string) ([]string, error)

	// AddPermissionToRole adds a permission to a role
	AddPermissionToRole(ctx context.Context, role, permission string) error

	// RemovePermissionFromRole removes a permission from a role
	RemovePermissionFromRole(ctx context.Context, role, permission string) error

	// GetAllRoles gets all roles
	GetAllRoles(ctx context.Context) ([]string, error)

	// GetAllPermissions gets all permissions
	GetAllPermissions(ctx context.Context) ([]string, error)
}

RoleStore defines the interface for storing and retrieving roles and permissions

type SecurityConfig

type SecurityConfig struct {
	// Security incident management
	IncidentNotificationEmails  []string
	IncidentEscalationThreshold common.AuditSeverity
	IncidentAutoClose           time.Duration

	// Vulnerability management
	VulnerabilityCheckPeriod        time.Duration
	VulnerabilityNotificationEmails []string
}

SecurityConfig contains security configuration

type SecurityIncident

type SecurityIncident struct {
	ID          string                 `json:"id"`
	Title       string                 `json:"title"`
	Description string                 `json:"description"`
	Severity    AuditSeverity          `json:"severity"`
	Status      IncidentStatus         `json:"status"`
	CreatedAt   time.Time              `json:"created_at"`
	UpdatedAt   time.Time              `json:"updated_at"`
	ResolvedAt  time.Time              `json:"resolved_at,omitempty"`
	AssignedTo  string                 `json:"assigned_to,omitempty"`
	ReportedBy  string                 `json:"reported_by,omitempty"`
	AuditLogIDs []string               `json:"audit_log_ids,omitempty"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
}

SecurityIncident represents a security incident

type SecurityIncidentConfig

type SecurityIncidentConfig struct {
	// EnableIncidentTracking enables security incident tracking
	EnableIncidentTracking bool `json:"enable_incident_tracking"`

	// AutoCreateIncidents automatically creates incidents for high-severity events
	AutoCreateIncidents bool `json:"auto_create_incidents"`

	// NotificationEmails are email addresses to notify for security incidents
	NotificationEmails []string `json:"notification_emails"`

	// EscalationThreshold is the severity threshold for incident escalation
	EscalationThreshold AuditSeverity `json:"escalation_threshold"`

	// ResponseTimeoutMinutes is the maximum response time for incidents in minutes
	ResponseTimeoutMinutes int `json:"response_timeout_minutes"`
}

SecurityIncidentConfig defines security incident management settings

type SecurityManager

type SecurityManager interface {
	// ReportIncident reports a security incident
	ReportIncident(title, description string, severity models.SecurityIncidentSeverity) (*models.SecurityIncident, error)

	// GetIncident retrieves a security incident by ID
	GetIncident(incidentID string) (*models.SecurityIncident, error)

	// UpdateIncident updates a security incident
	UpdateIncident(incident *models.SecurityIncident) error

	// CloseIncident closes a security incident
	CloseIncident(incidentID, resolution string) error

	// ListIncidents lists security incidents
	ListIncidents(filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)

	// ReportVulnerability reports a security vulnerability
	ReportVulnerability(title, description string, severity models.VulnerabilitySeverity) (*models.Vulnerability, error)

	// GetVulnerability retrieves a security vulnerability by ID
	GetVulnerability(vulnerabilityID string) (*models.Vulnerability, error)

	// UpdateVulnerability updates a security vulnerability
	UpdateVulnerability(vulnerability *models.Vulnerability) error

	// MitigateVulnerability marks a security vulnerability as mitigated
	MitigateVulnerability(vulnerabilityID, mitigation string) error

	// ResolveVulnerability marks a security vulnerability as resolved
	ResolveVulnerability(vulnerabilityID string) error

	// ListVulnerabilities lists security vulnerabilities
	ListVulnerabilities(filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)

	// Close closes the security manager
	Close() error
}

SecurityManager defines the interface for managing security incidents and vulnerabilities

type SecurityManagerAdapter

type SecurityManagerAdapter struct {
	// contains filtered or unexported fields
}

SecurityManagerAdapter wraps BasicSecurityManager to implement the SecurityManager interface

func NewSecurityManagerAdapter

func NewSecurityManagerAdapter(impl *BasicSecurityManager) *SecurityManagerAdapter

NewSecurityManagerAdapter creates a new security manager adapter

func (*SecurityManagerAdapter) Close

func (a *SecurityManagerAdapter) Close() error

Close closes the security manager

func (*SecurityManagerAdapter) CloseIncident

func (a *SecurityManagerAdapter) CloseIncident(incidentID, resolution string) error

CloseIncident closes a security incident

func (*SecurityManagerAdapter) GetIncident

func (a *SecurityManagerAdapter) GetIncident(incidentID string) (*models.SecurityIncident, error)

GetIncident retrieves a security incident by ID

func (*SecurityManagerAdapter) GetVulnerability

func (a *SecurityManagerAdapter) GetVulnerability(vulnerabilityID string) (*models.Vulnerability, error)

GetVulnerability retrieves a security vulnerability by ID

func (*SecurityManagerAdapter) ListIncidents

func (a *SecurityManagerAdapter) ListIncidents(filter map[string]interface{}, offset, limit int) ([]*models.SecurityIncident, int, error)

ListIncidents lists security incidents

func (*SecurityManagerAdapter) ListVulnerabilities

func (a *SecurityManagerAdapter) ListVulnerabilities(filter map[string]interface{}, offset, limit int) ([]*models.Vulnerability, int, error)

ListVulnerabilities lists security vulnerabilities

func (*SecurityManagerAdapter) MitigateVulnerability

func (a *SecurityManagerAdapter) MitigateVulnerability(vulnerabilityID, mitigation string) error

MitigateVulnerability marks a security vulnerability as mitigated

func (*SecurityManagerAdapter) ReportIncident

func (a *SecurityManagerAdapter) ReportIncident(title, description string, severity models.SecurityIncidentSeverity) (*models.SecurityIncident, error)

ReportIncident reports a security incident

func (*SecurityManagerAdapter) ReportVulnerability

func (a *SecurityManagerAdapter) ReportVulnerability(title, description string, severity models.VulnerabilitySeverity) (*models.Vulnerability, error)

ReportVulnerability reports a security vulnerability

func (*SecurityManagerAdapter) ResolveVulnerability

func (a *SecurityManagerAdapter) ResolveVulnerability(vulnerabilityID string) error

ResolveVulnerability marks a security vulnerability as resolved

func (*SecurityManagerAdapter) UpdateIncident

func (a *SecurityManagerAdapter) UpdateIncident(incident *models.SecurityIncident) error

UpdateIncident updates a security incident

func (*SecurityManagerAdapter) UpdateVulnerability

func (a *SecurityManagerAdapter) UpdateVulnerability(vulnerability *models.Vulnerability) error

UpdateVulnerability updates a security vulnerability

type Session

type Session struct {
	ID           string                 `json:"id"`
	UserID       string                 `json:"user_id"`
	Token        string                 `json:"token"`
	RefreshToken string                 `json:"refresh_token,omitempty"`
	IPAddress    string                 `json:"ip_address"`
	UserAgent    string                 `json:"user_agent"`
	ExpiresAt    time.Time              `json:"expires_at"`
	LastActivity time.Time              `json:"last_activity"`
	MFACompleted bool                   `json:"mfa_completed"`
	CreatedAt    time.Time              `json:"created_at"`
	Metadata     map[string]interface{} `json:"metadata,omitempty"`
}

Session represents a user session

func (*Session) IsExpired

func (s *Session) IsExpired() bool

IsExpired checks if the session has expired

type SessionFilter

type SessionFilter struct {
	UserID        string `json:"user_id,omitempty"`
	IPAddress     string `json:"ip_address,omitempty"`
	UserAgent     string `json:"user_agent,omitempty"`
	MFACompleted  *bool  `json:"mfa_completed,omitempty"`
	Active        *bool  `json:"active,omitempty"`
	CreatedAfter  string `json:"created_after,omitempty"`
	CreatedBefore string `json:"created_before,omitempty"`
	SortBy        string `json:"sort_by,omitempty"`
	SortOrder     string `json:"sort_order,omitempty"`
	Offset        int    `json:"offset,omitempty"`
	Limit         int    `json:"limit,omitempty"`
}

SessionFilter defines filters for querying sessions

type SessionManager

type SessionManager struct {
	// contains filtered or unexported fields
}

SessionManager manages user sessions

func NewSessionManager

func NewSessionManager(store SessionStore, config *SessionPolicy, auditLogger AuditLogger) *SessionManager

NewSessionManager creates a new session manager

func (*SessionManager) CreateSession

func (m *SessionManager) CreateSession(ctx context.Context, userID, ipAddress, userAgent string, mfaCompleted bool) (*Session, error)

CreateSession creates a new session

func (*SessionManager) GetSessionFromContext

func (m *SessionManager) GetSessionFromContext(ctx context.Context) (*Session, error)

GetSessionFromContext extracts a session from the request context

func (*SessionManager) GetUserSessions

func (m *SessionManager) GetUserSessions(ctx context.Context, userID string) ([]*Session, error)

GetUserSessions retrieves all sessions for a user

func (*SessionManager) InvalidateSession

func (m *SessionManager) InvalidateSession(ctx context.Context, sessionID string) error

InvalidateSession invalidates a session

func (*SessionManager) InvalidateUserSessions

func (m *SessionManager) InvalidateUserSessions(ctx context.Context, userID string) error

InvalidateUserSessions invalidates all sessions for a user

func (*SessionManager) RefreshSession

func (m *SessionManager) RefreshSession(ctx context.Context, sessionID, refreshToken string) (*Session, error)

RefreshSession refreshes a session and returns a new token

func (*SessionManager) Stop

func (m *SessionManager) Stop()

Stop stops the session manager

func (*SessionManager) ValidateSession

func (m *SessionManager) ValidateSession(ctx context.Context, sessionID, token string, ipAddress, userAgent string) (*Session, error)

ValidateSession validates a session

type SessionPolicy

type SessionPolicy struct {
	// TokenExpiration is the token expiration time in minutes
	TokenExpiration int `json:"token_expiration"`

	// RefreshTokenExpiration is the refresh token expiration time in minutes
	RefreshTokenExpiration int `json:"refresh_token_expiration"`

	// InactivityTimeout is the session inactivity timeout in minutes
	InactivityTimeout int `json:"inactivity_timeout"`

	// MaxConcurrentSessions is the maximum number of concurrent sessions per user
	MaxConcurrentSessions int `json:"max_concurrent_sessions"`

	// EnforceIPBinding enforces session binding to IP address
	EnforceIPBinding bool `json:"enforce_ip_binding"`

	// EnforceUserAgentBinding enforces session binding to user agent
	EnforceUserAgentBinding bool `json:"enforce_user_agent_binding"`

	// CleanupInterval is the interval for cleaning up expired sessions in minutes
	CleanupInterval int `json:"cleanup_interval"`
}

SessionPolicy defines session management settings

type SessionStore

type SessionStore interface {
	// CreateSession creates a new session
	CreateSession(ctx context.Context, session *Session) error

	// GetSession retrieves a session by ID
	GetSession(ctx context.Context, id string) (*Session, error)

	// UpdateSession updates an existing session
	UpdateSession(ctx context.Context, session *Session) error

	// DeleteSession deletes a session by ID
	DeleteSession(ctx context.Context, id string) error

	// GetUserSessions retrieves all sessions for a user
	GetUserSessions(ctx context.Context, userID string) ([]*Session, error)

	// CleanExpiredSessions removes all expired sessions
	CleanExpiredSessions(ctx context.Context) error

	// Close closes the store
	Close() error
}

SessionStore defines the interface for session storage

type SimpleInMemorySessionStore

type SimpleInMemorySessionStore struct {
	// contains filtered or unexported fields
}

SimpleInMemorySessionStore is a simple in-memory implementation of SessionStore

func NewSimpleInMemorySessionStore

func NewSimpleInMemorySessionStore() *SimpleInMemorySessionStore

NewSimpleInMemorySessionStore creates a new simple in-memory session store

func (*SimpleInMemorySessionStore) CleanExpiredSessions

func (s *SimpleInMemorySessionStore) CleanExpiredSessions(ctx context.Context) error

CleanExpiredSessions removes expired sessions

func (*SimpleInMemorySessionStore) CreateSession

func (s *SimpleInMemorySessionStore) CreateSession(ctx context.Context, session *Session) error

CreateSession creates a new session

func (*SimpleInMemorySessionStore) DeleteSession

func (s *SimpleInMemorySessionStore) DeleteSession(ctx context.Context, id string) error

DeleteSession deletes a session by ID

func (*SimpleInMemorySessionStore) GetSession

func (s *SimpleInMemorySessionStore) GetSession(ctx context.Context, id string) (*Session, error)

GetSession retrieves a session by ID

func (*SimpleInMemorySessionStore) GetUserSessions

func (s *SimpleInMemorySessionStore) GetUserSessions(ctx context.Context, userID string) ([]*Session, error)

GetUserSessions retrieves all sessions for a user

func (*SimpleInMemorySessionStore) UpdateSession

func (s *SimpleInMemorySessionStore) UpdateSession(ctx context.Context, session *Session) error

UpdateSession updates an existing session

type SimpleRBACManager

type SimpleRBACManager struct {
	// contains filtered or unexported fields
}

SimpleRBACManager manages role-based access control

func NewRBACManager

func NewRBACManager(config *AccessControlConfig) *SimpleRBACManager

NewRBACManager creates a new RBAC manager

func NewSimpleRBACManager

func NewSimpleRBACManager(config *AccessControlConfig) *SimpleRBACManager

NewSimpleRBACManager creates a new simple RBAC manager

func (*SimpleRBACManager) AddPermission

func (m *SimpleRBACManager) AddPermission(permission Permission, description string) error

AddPermission adds a permission to the system

func (*SimpleRBACManager) AddPermissionToRole

func (m *SimpleRBACManager) AddPermissionToRole(role string, permission Permission) error

AddPermissionToRole adds a permission to a role

func (*SimpleRBACManager) AddRole

func (m *SimpleRBACManager) AddRole(role string, description string) error

AddRole adds a role with default permissions

func (*SimpleRBACManager) AddRolePermission

func (m *SimpleRBACManager) AddRolePermission(ctx context.Context, role string, permission Permission) error

AddRolePermission adds a permission to a role

func (*SimpleRBACManager) AssignPermission

func (m *SimpleRBACManager) AssignPermission(ctx context.Context, user *User, permission Permission) error

AssignPermission assigns a direct permission to a user

func (*SimpleRBACManager) AssignRole

func (m *SimpleRBACManager) AssignRole(ctx context.Context, user *User, role string) error

AssignRole assigns a role to a user

func (*SimpleRBACManager) Authorize

func (m *SimpleRBACManager) Authorize(ctx context.Context, user *User, permission Permission) error

Authorize checks if a user is authorized to perform an action on a resource

func (*SimpleRBACManager) CreateRole

func (m *SimpleRBACManager) CreateRole(ctx context.Context, role string, permissions []Permission) error

CreateRole creates a new role with the specified permissions

func (*SimpleRBACManager) DeleteRole

func (m *SimpleRBACManager) DeleteRole(ctx context.Context, role string) error

DeleteRole deletes a role

func (*SimpleRBACManager) GetAllRoles

func (m *SimpleRBACManager) GetAllRoles(ctx context.Context) []string

GetAllRoles gets all defined roles

func (*SimpleRBACManager) GetRolePermissions

func (m *SimpleRBACManager) GetRolePermissions(ctx context.Context, role string) ([]Permission, error)

GetRolePermissions gets all permissions for a role

func (*SimpleRBACManager) GetUserPermissions

func (m *SimpleRBACManager) GetUserPermissions(ctx context.Context, user *User) []Permission

GetUserPermissions gets all permissions for a user (both direct and role-based)

func (*SimpleRBACManager) HasPermission

func (m *SimpleRBACManager) HasPermission(user *User, permission string) bool

HasPermission checks if a user has a specific permission

func (*SimpleRBACManager) HasPermissionWithContext

func (m *SimpleRBACManager) HasPermissionWithContext(ctx context.Context, user *User, permission Permission) bool

HasPermissionWithContext checks if a user has a specific permission (with context)

func (*SimpleRBACManager) HasRole

func (m *SimpleRBACManager) HasRole(user *User, role string) bool

HasRole checks if a user has a specific role

func (*SimpleRBACManager) HasRoleWithContext

func (m *SimpleRBACManager) HasRoleWithContext(ctx context.Context, user *User, role string) bool

HasRoleWithContext checks if a user has a specific role (with context)

func (*SimpleRBACManager) RemoveRolePermission

func (m *SimpleRBACManager) RemoveRolePermission(ctx context.Context, role string, permission Permission) error

RemoveRolePermission removes a permission from a role

func (*SimpleRBACManager) RequireAllPermissions

func (m *SimpleRBACManager) RequireAllPermissions(permissions ...Permission) func(ctx context.Context, user *User) error

RequireAllPermissions is a middleware-style function that checks if a user has all of the specified permissions

func (*SimpleRBACManager) RequireAllRoles

func (m *SimpleRBACManager) RequireAllRoles(roles ...string) func(ctx context.Context, user *User) error

RequireAllRoles is a middleware-style function that checks if a user has all of the specified roles

func (*SimpleRBACManager) RequireAnyPermission

func (m *SimpleRBACManager) RequireAnyPermission(permissions ...Permission) func(ctx context.Context, user *User) error

RequireAnyPermission is a middleware-style function that checks if a user has any of the specified permissions

func (*SimpleRBACManager) RequireAnyRole

func (m *SimpleRBACManager) RequireAnyRole(roles ...string) func(ctx context.Context, user *User) error

RequireAnyRole is a middleware-style function that checks if a user has any of the specified roles

func (*SimpleRBACManager) RequirePermission

func (m *SimpleRBACManager) RequirePermission(permission Permission) func(ctx context.Context, user *User) error

RequirePermission is a middleware-style function that checks if a user has a permission

func (*SimpleRBACManager) RequireRole

func (m *SimpleRBACManager) RequireRole(role string) func(ctx context.Context, user *User) error

RequireRole is a middleware-style function that checks if a user has a role

func (*SimpleRBACManager) RevokePermission

func (m *SimpleRBACManager) RevokePermission(ctx context.Context, user *User, permission Permission) error

RevokePermission revokes a direct permission from a user

func (*SimpleRBACManager) RevokeRole

func (m *SimpleRBACManager) RevokeRole(ctx context.Context, user *User, role string) error

RevokeRole revokes a role from a user

type StubUserManager

type StubUserManager struct{}

StubUserManager provides basic stub functionality

func (*StubUserManager) Close

func (s *StubUserManager) Close() error

Close closes the user manager (stub implementation)

func (*StubUserManager) CreateUser

func (s *StubUserManager) CreateUser(user *models.User) error

CreateUser creates a new user (stub implementation)

func (*StubUserManager) DeleteUser

func (s *StubUserManager) DeleteUser(userID string) error

DeleteUser deletes a user (stub implementation)

func (*StubUserManager) GetUser

func (s *StubUserManager) GetUser(userID string) (*models.User, error)

GetUser retrieves a user by ID (stub implementation)

func (*StubUserManager) GetUserByEmail

func (s *StubUserManager) GetUserByEmail(email string) (*models.User, error)

GetUserByEmail retrieves a user by email (stub implementation)

func (*StubUserManager) GetUserByUsername

func (s *StubUserManager) GetUserByUsername(username string) (*models.User, error)

GetUserByUsername retrieves a user by username (stub implementation)

func (*StubUserManager) ListUsers

func (s *StubUserManager) ListUsers(filter map[string]interface{}, offset, limit int) ([]*models.User, int, error)

ListUsers lists users (stub implementation)

func (*StubUserManager) UpdateUser

func (s *StubUserManager) UpdateUser(user *models.User) error

UpdateUser updates a user (stub implementation)

type TypesIncidentStore

type TypesIncidentStore interface {
	// CreateIncident creates a new security incident
	CreateIncident(ctx context.Context, incident *SecurityIncident) error

	// GetIncidentByID retrieves a security incident by ID
	GetIncidentByID(ctx context.Context, id string) (*SecurityIncident, error)

	// UpdateIncident updates an existing security incident
	UpdateIncident(ctx context.Context, incident *SecurityIncident) error

	// DeleteIncident deletes a security incident by ID
	DeleteIncident(ctx context.Context, id string) error

	// ListIncidents lists security incidents
	ListIncidents(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*SecurityIncident, int, error)

	// Close closes the store
	Close() error
}

TypesIncidentStore defines the interface for security incident storage using types.SecurityIncident

type TypesRBACManager

type TypesRBACManager struct {
	// contains filtered or unexported fields
}

TypesRBACManager handles role-based access control with types config

func NewTypesRBACManager

func NewTypesRBACManager(config *AccessControlConfig) *TypesRBACManager

NewTypesRBACManager creates a new RBAC manager with types config

func (*TypesRBACManager) AddPermissionToRole

func (m *TypesRBACManager) AddPermissionToRole(ctx context.Context, role string, permission string) error

AddPermissionToRole adds a permission to a role

func (*TypesRBACManager) AddPermissionToUser

func (m *TypesRBACManager) AddPermissionToUser(ctx context.Context, user *User, permission string) error

AddPermissionToUser adds a permission directly to a user

func (*TypesRBACManager) AddRole

func (m *TypesRBACManager) AddRole(ctx context.Context, role string) error

AddRole adds a new role

func (*TypesRBACManager) AddRoleToUser

func (m *TypesRBACManager) AddRoleToUser(ctx context.Context, user *User, role string) error

AddRoleToUser adds a role to a user

func (*TypesRBACManager) GetRolePermissions

func (m *TypesRBACManager) GetRolePermissions(ctx context.Context, role string) ([]string, error)

GetRolePermissions returns the permissions for a role

func (*TypesRBACManager) GetRoles

func (m *TypesRBACManager) GetRoles(ctx context.Context) []string

GetRoles returns all available roles

func (*TypesRBACManager) GetUserPermissions

func (m *TypesRBACManager) GetUserPermissions(ctx context.Context, user *User) ([]string, error)

GetUserPermissions returns all permissions a user has

func (*TypesRBACManager) Initialize

func (m *TypesRBACManager) Initialize(ctx context.Context) error

Initialize initializes the RBAC manager

func (*TypesRBACManager) RemovePermissionFromRole

func (m *TypesRBACManager) RemovePermissionFromRole(ctx context.Context, role string, permission string) error

RemovePermissionFromRole removes a permission from a role

func (*TypesRBACManager) RemovePermissionFromUser

func (m *TypesRBACManager) RemovePermissionFromUser(ctx context.Context, user *User, permission string) error

RemovePermissionFromUser removes a permission directly from a user

func (*TypesRBACManager) RemoveRole

func (m *TypesRBACManager) RemoveRole(ctx context.Context, role string) error

RemoveRole removes a role

func (*TypesRBACManager) RemoveRoleFromUser

func (m *TypesRBACManager) RemoveRoleFromUser(ctx context.Context, user *User, role string) error

RemoveRoleFromUser removes a role from a user

func (*TypesRBACManager) RoleHasPermission

func (m *TypesRBACManager) RoleHasPermission(ctx context.Context, role string, permission string) (bool, error)

RoleHasPermission checks if a role has a specific permission

func (*TypesRBACManager) UserHasPermission

func (m *TypesRBACManager) UserHasPermission(ctx context.Context, user *User, permission string) (bool, error)

UserHasPermission checks if a user has a specific permission

type TypesVulnerabilityStore

type TypesVulnerabilityStore interface {
	// CreateVulnerability creates a new vulnerability
	CreateVulnerability(ctx context.Context, vulnerability *Vulnerability) error

	// GetVulnerabilityByID retrieves a vulnerability by ID
	GetVulnerabilityByID(ctx context.Context, id string) (*Vulnerability, error)

	// UpdateVulnerability updates an existing vulnerability
	UpdateVulnerability(ctx context.Context, vulnerability *Vulnerability) error

	// DeleteVulnerability deletes a vulnerability by ID
	DeleteVulnerability(ctx context.Context, id string) error

	// ListVulnerabilities lists vulnerabilities
	ListVulnerabilities(ctx context.Context, filter map[string]interface{}, offset, limit int) ([]*Vulnerability, int, error)

	// Close closes the store
	Close() error
}

TypesVulnerabilityStore defines the interface for vulnerability storage using types.Vulnerability

type User

type User struct {
	// ID is the unique identifier for the user
	ID string `json:"id"`

	// Username is the username of the user
	Username string `json:"username"`

	// Email is the email address of the user
	Email string `json:"email"`

	// PasswordHash is the hashed password of the user
	PasswordHash string `json:"-"`

	// Enabled indicates if the user is enabled
	Enabled bool `json:"enabled"`

	// Active indicates if the user is active (alias for Enabled for compatibility)
	Active bool `json:"active"`

	// MFAEnabled indicates if MFA is enabled for the user
	MFAEnabled bool `json:"mfa_enabled"`

	// MFAMethods contains the enabled MFA methods for the user
	MFAMethods []string `json:"mfa_methods"`

	// MFAMethod is the default MFA method
	MFAMethod string `json:"mfa_method,omitempty"`

	// MFASecret is the MFA secret (for TOTP)
	MFASecret string `json:"mfa_secret,omitempty"`

	// Roles contains the user's roles
	Roles []string `json:"roles"`

	// Permissions contains the user's permissions
	Permissions []string `json:"permissions,omitempty"`

	// FailedLoginAttempts tracks failed login attempts
	FailedLoginAttempts int `json:"failed_login_attempts"`

	// Locked indicates if the user account is locked
	Locked bool `json:"locked"`

	// LastLogin is the timestamp of the last successful login
	LastLogin time.Time `json:"last_login"`

	// LastPasswordChange is the timestamp of the last password change
	LastPasswordChange time.Time `json:"last_password_change"`

	// CreatedAt is the timestamp when the user was created
	CreatedAt time.Time `json:"created_at"`

	// UpdatedAt is the timestamp when the user was last updated
	UpdatedAt time.Time `json:"updated_at"`

	// Metadata contains additional user metadata
	Metadata map[string]interface{} `json:"metadata,omitempty"`
}

User represents a user in the system

type UserFilter

type UserFilter struct {
	Username  string   `json:"username,omitempty"`
	Email     string   `json:"email,omitempty"`
	Roles     []string `json:"roles,omitempty"`
	Active    *bool    `json:"active,omitempty"`
	Locked    *bool    `json:"locked,omitempty"`
	SortBy    string   `json:"sort_by,omitempty"`
	SortOrder string   `json:"sort_order,omitempty"`
	Offset    int      `json:"offset,omitempty"`
	Limit     int      `json:"limit,omitempty"`
}

UserFilter defines filters for querying users

type UserManager

type UserManager interface {
	// CreateUser creates a new user
	CreateUser(user *models.User) error

	// GetUser retrieves a user by ID
	GetUser(userID string) (*models.User, error)

	// GetUserByUsername retrieves a user by username
	GetUserByUsername(username string) (*models.User, error)

	// GetUserByEmail retrieves a user by email
	GetUserByEmail(email string) (*models.User, error)

	// UpdateUser updates a user
	UpdateUser(user *models.User) error

	// DeleteUser deletes a user
	DeleteUser(userID string) error

	// ListUsers lists users
	ListUsers(filter map[string]interface{}, offset, limit int) ([]*models.User, int, error)

	// Close closes the user manager
	Close() error
}

UserManager defines the interface for managing users

func NewUserManager

func NewUserManager() UserManager

NewUserManager creates a new stub user manager

func NewUserManagerAdapter

func NewUserManagerAdapter(manager UserManager) UserManager

NewUserManagerAdapter creates an adapter for the stub user manager

type UserStore

type UserStore interface {
	// CreateUser creates a new user
	CreateUser(ctx context.Context, user *User) error

	// GetUserByID retrieves a user by ID
	GetUserByID(ctx context.Context, id string) (*User, error)

	// GetUserByUsername retrieves a user by username
	GetUserByUsername(ctx context.Context, username string) (*User, error)

	// GetUserByEmail retrieves a user by email
	GetUserByEmail(ctx context.Context, email string) (*User, error)

	// UpdateUser updates an existing user
	UpdateUser(ctx context.Context, user *User) error

	// DeleteUser deletes a user by ID
	DeleteUser(ctx context.Context, id string) error

	// ListUsers lists all users
	ListUsers(ctx context.Context) ([]*User, error)

	// Close closes the store
	Close() error
}

UserStore defines the interface for user storage

type Vulnerability

type Vulnerability struct {
	ID              string                 `json:"id"`
	Title           string                 `json:"title"`
	Description     string                 `json:"description"`
	Severity        AuditSeverity          `json:"severity"`
	Status          VulnerabilityStatus    `json:"status"`
	CreatedAt       time.Time              `json:"created_at"`
	UpdatedAt       time.Time              `json:"updated_at"`
	ResolvedAt      time.Time              `json:"resolved_at,omitempty"`
	AssignedTo      string                 `json:"assigned_to,omitempty"`
	ReportedBy      string                 `json:"reported_by,omitempty"`
	AffectedSystem  string                 `json:"affected_system,omitempty"`
	CVE             string                 `json:"cve,omitempty"`
	RemediationPlan string                 `json:"remediation_plan,omitempty"`
	Metadata        map[string]interface{} `json:"metadata,omitempty"`
}

Vulnerability represents a security vulnerability

type VulnerabilityConfig

type VulnerabilityConfig struct {
	// EnableVulnerabilityTracking enables vulnerability tracking
	EnableVulnerabilityTracking bool `json:"enable_vulnerability_tracking"`

	// AutoScanEnabled enables automatic vulnerability scanning
	AutoScanEnabled bool `json:"auto_scan_enabled"`

	// ScanSchedule defines when automatic scans are performed
	ScanSchedule string `json:"scan_schedule"`

	// ReportRecipients are email addresses to receive vulnerability reports
	ReportRecipients []string `json:"report_recipients"`

	// RemediationDeadlineDays is the number of days to remediate vulnerabilities
	RemediationDeadlineDays map[string]int `json:"remediation_deadline_days"`
}

VulnerabilityConfig defines vulnerability management settings

type VulnerabilityFilter

type VulnerabilityFilter struct {
	Severity      string `json:"severity,omitempty"`
	Status        string `json:"status,omitempty"`
	CveID         string `json:"cve_id,omitempty"`
	Component     string `json:"component,omitempty"`
	ReportedAfter string `json:"reported_after,omitempty"`
	SortBy        string `json:"sort_by,omitempty"`
	SortOrder     string `json:"sort_order,omitempty"`
	Offset        int    `json:"offset,omitempty"`
	Limit         int    `json:"limit,omitempty"`
}

VulnerabilityFilter defines filters for querying vulnerabilities

type VulnerabilityStatus

type VulnerabilityStatus string

VulnerabilityStatus represents the status of a vulnerability

const (
	VulnerabilityStatusNew        VulnerabilityStatus = "new"
	VulnerabilityStatusValidated  VulnerabilityStatus = "validated"
	VulnerabilityStatusInProgress VulnerabilityStatus = "in_progress"
	VulnerabilityStatusRemediated VulnerabilityStatus = "remediated"
	VulnerabilityStatusVerified   VulnerabilityStatus = "verified"
	VulnerabilityStatusRejected   VulnerabilityStatus = "rejected"
	VulnerabilityStatusDeferred   VulnerabilityStatus = "deferred"
)

Vulnerability statuses

type VulnerabilityStore

type VulnerabilityStore interface {
	CreateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
	GetVulnerability(ctx context.Context, id string) (*Vulnerability, error)
	UpdateVulnerability(ctx context.Context, vulnerability *Vulnerability) error
	DeleteVulnerability(ctx context.Context, id string) error
	ListVulnerabilities(ctx context.Context, filter *LocalVulnerabilityFilter) ([]*Vulnerability, error)
}

VulnerabilityStore defines the interface for vulnerability storage

Directories

Path Synopsis
Package adapters provides adapter implementations for security interfaces
Package adapters provides adapter implementations for security interfaces
Package api provides a RESTful API for the access control system
Package api provides a RESTful API for the access control system
Package audit provides comprehensive security audit logging functionality
Package audit provides comprehensive security audit logging functionality
trail
Package trail provides a comprehensive audit trail system for tracking all operations
Package trail provides a comprehensive audit trail system for tracking all operations
Package common provides common constants and utilities for the security access control system
Package common provides common constants and utilities for the security access control system
Package converters provides conversion functions between different data models
Package converters provides conversion functions between different data models
db
Package db provides database implementations for the access control system
Package db provides database implementations for the access control system
adapter
Package adapter provides adapters for the access control system
Package adapter provides adapters for the access control system
Package impl provides implementations of the security access interfaces
Package impl provides implementations of the security access interfaces
Package interfaces defines common interfaces and types for the access control system
Package interfaces defines common interfaces and types for the access control system
Package mfa provides multi-factor authentication functionality
Package mfa provides multi-factor authentication functionality
Package models provides common data models for the security system
Package models provides common data models for the security system
Package rbac provides enhanced role-based access control functionality
Package rbac provides enhanced role-based access control functionality
Package tests provides testing utilities for the access control system
Package tests provides testing utilities for the access control system
Package types defines common types for the security access control system
Package types defines common types for the security access control system

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL