auth

package
v0.23.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 26, 2025 License: Apache-2.0 Imports: 13 Imported by: 8

Documentation

Overview

Package auth handles auth

Index

Constants

View Source 
const (
	// Authorization is the key used in HTTP headers or cookies to represent the authorization token
	Authorization = "Authorization"
	// APIKeyHeader is the key used in HTTP headers to represent the API key
	APIKeyHeader = "X-API-Key" //nolint:gosec
	// AccessTokenCookie is the key used in cookies to represent the access token
	AccessTokenCookie = "access_token"
	// RefreshTokenCookie is the key used in cookies to represent the refresh token
	RefreshTokenCookie = "refresh_token"
	// UserIDHeader is the header used by system admins to specify target user ID
	UserIDHeader = "X-User-ID"
	// OrganizationIDHeader is the header used by system admins to specify target organization ID
	OrganizationIDHeader = "X-Organization-ID"
	// ImpersonationScheme is the authorization scheme for impersonation tokens
	ImpersonationScheme = "Impersonation"
)
View Source 
const (
	// UserSubjectType is the subject type for user accounts
	UserSubjectType = "user"
	// ServiceSubjectType is the subject type for service accounts
	ServiceSubjectType = "service"
)

Variables

View Source 
var (
	// ErrNoClaims is returned when no claims are found on the request context
	ErrNoClaims = errors.New("no claims found on the request context")
	// ErrNoUserInfo is returned when no user info is found on the request context
	ErrNoUserInfo = errors.New("no user info found on the request context")
	// ErrNoAuthUser is returned when no authenticated user is found on the request context
	ErrNoAuthUser = errors.New("could not identify authenticated user in request")
	// ErrUnverifiedUser is returned when the user is not verified
	ErrUnverifiedUser = errors.New("user is not verified")
	// ErrParseBearer is returned when the bearer token could not be parsed from the authorization header
	ErrParseBearer = errors.New("could not parse bearer token from authorization header")
	// ErrNoAuthorization is returned when no authorization header is found in the request
	ErrNoAuthorization = errors.New("no authorization header in request")
	// ErrNoAPIKey is returned when no API key is found in the request
	ErrNoAPIKey = errors.New("no API key found in request")
	// ErrNoRequest is returned when no request is found on the context
	ErrNoRequest = errors.New("no request found on the context")
	// ErrNoRefreshToken is returned when no refresh token is found on the request
	ErrNoRefreshToken = errors.New("no refresh token available on request")
	// ErrRefreshDisabled is returned when re-authentication with refresh tokens is disabled
	ErrRefreshDisabled = errors.New("re-authentication with refresh tokens disabled")
	// ErrUnableToConstructValidator is returned when the validator cannot be constructed
	ErrUnableToConstructValidator = errors.New("unable to construct validator")
	// ErrPasswordTooWeak is returned when the password is too weak
	ErrPasswordTooWeak = errors.New("password is too weak: use a combination of upper and lower case letters, numbers, and special characters")
	// ErrCouldNotFetchSubscription is returned when the subscription could not be fetched
	ErrCouldNotFetchSubscription = errors.New("could not fetch subscription")
)

Functions

func AccessTokenFromContext added in v0.4.2 

func AccessTokenFromContext(ctx context.Context) (string, bool)

AccessTokenFromContext retrieves the access token from the context

func AccessTokenFromContextOr added in v0.4.2 

func AccessTokenFromContextOr(ctx context.Context, def string) string

AccessTokenFromContextOr retrieves the access token from the context or returns the provided default value if not found

func AddOrganizationIDToContext 

func AddOrganizationIDToContext(ctx context.Context, orgID string) error

AddOrganizationIDToContext appends an authorized organization ID to the context. This generally should not be used, as the authorized organization should be determined by the claims or the token. This is only used in cases where the a user is newly authorized to an organization and the organization ID is not in the token claims

func AddSubscriptionToContext added in v0.3.2 

func AddSubscriptionToContext(ctx context.Context, subscription bool) error

AddSubscriptionToContext appends a subscription to the context

func ClearAuthCookies 

func ClearAuthCookies(w http.ResponseWriter)

ClearAuthCookies is a helper function to clear authentication cookies on a echo request to effectively logger out a user.

func CookieExpired 

func CookieExpired(cookie *http.Cookie) bool

CookieExpired checks to see if a cookie is expired

func GetAPIKey added in v0.7.1 

func GetAPIKey(c echo.Context) (string, error)

GetAPIKey retrieves the API key from the authorization header or the X-API-Key header.

func GetAuthzSubjectType 

func GetAuthzSubjectType(ctx context.Context) string

GetAuthzSubjectType returns the subject type based on the authentication type

func GetBearerToken added in v0.9.0 

func GetBearerToken(c echo.Context) (string, error)

GetBearerToken retrieves the bearer token from the authorization header and parses it to return only the JWT access token component of the header. Alternatively, if the authorization header is not present, then the token is fetched from cookies. If the header is missing or the token is not available, an error is returned.

NOTE: the authorization header takes precedence over access tokens in cookies.

func GetImpersonationToken added in v0.14.3 

func GetImpersonationToken(c echo.Context) (string, error)

GetImpersonationToken retrieves the impersonation token from the authorization header and parses it to return only the token component. If the header is missing or malformed, an error is returned.

func GetOrganizationContextHeader added in v0.15.1 

func GetOrganizationContextHeader(c echo.Context) string

GetOrganizationContextHeader retrieves the org context header to specify which organization context to operate under. This can be useful in scenarios when using a PAT that has access to multiple organizations and some preliminary check is needed for the operation. e.g checking if they have access to some modules.

If this is present, it will be the default OrganizationID when using a PAT

func GetOrganizationIDFromContext 

func GetOrganizationIDFromContext(ctx context.Context) (string, error)

GetOrganizationIDFromContext returns the organization ID from context

func GetOrganizationIDsFromContext 

func GetOrganizationIDsFromContext(ctx context.Context) ([]string, error)

GetOrganizationIDFromContext returns the organization ID from context

func GetRefreshToken 

func GetRefreshToken(c echo.Context) (string, error)

GetRefreshToken retrieves the refresh token from the cookies in the request. If the cookie is not present or expired then an error is returned.

func GetSubjectIDFromContext added in v0.9.0 

func GetSubjectIDFromContext(ctx context.Context) (string, error)

GetSubjectIDFromContext returns the actor subject from the context In most cases this will be the user ID, but in the case of an API token it will be the token ID

func GetSubscriptionFromContext added in v0.3.2 

func GetSubscriptionFromContext(ctx context.Context) bool

GetSubscriptionFromContext returns the active subscription from the context

func GetUserContextHeaders added in v0.14.3 

func GetUserContextHeaders(c echo.Context) (userID, orgID string)

GetUserContextHeaders retrieves the user context headers used by system admins to specify which user context to operate under. Returns the user ID and organization ID from the X-User-ID and X-Organization-ID headers respectively.

func HasOrganizationContextHeader added in v0.15.1 

func HasOrganizationContextHeader(c echo.Context) bool

HasOrganizationContextHeader checks if the required organization context header is present

func HasUserContextHeaders added in v0.14.3 

func HasUserContextHeaders(c echo.Context) bool

HasUserContextHeaders checks if both required user context headers are present

func IsAPITokenAuthentication 

func IsAPITokenAuthentication(ctx context.Context) bool

IsAPITokenAuthentication returns true if the authentication type is API token this is used to determine if the request is from a service account

func IsSystemAdminFromContext added in v0.14.1 

func IsSystemAdminFromContext(ctx context.Context) bool

IsSystemAdminFromContext checks if the user is a system admin

func MustAccessTokenFromContext added in v0.4.2 

func MustAccessTokenFromContext(ctx context.Context) string

MustAccessTokenFromContext retrieves the access token from the context or panics if not found

func MustRefreshTokenFromContext added in v0.9.0 

func MustRefreshTokenFromContext(ctx context.Context) string

MustRefreshTokenFromContext retrieves the refresh token from the context or panics if not found

func MustRequestIDFromContext added in v0.4.2 

func MustRequestIDFromContext(ctx context.Context) string

MustRequestIDFromContext retrieves the request ID from the context or panics if not found

func NewTestContextForSystemAdmin added in v0.14.1 

func NewTestContextForSystemAdmin(sub, orgID string) context.Context

NewTestContextForSystemAdmin creates a context with a fake system admin user

func NewTestContextWithOrgID 

func NewTestContextWithOrgID(sub, orgID string) context.Context

NewTestContextWithOrgID creates a context with a fake orgID for testing purposes only (why all caps jeez keep it down)

func NewTestContextWithSubscription added in v0.3.2 

func NewTestContextWithSubscription(subscription bool) context.Context

NewTestContextWithSubscription creates a context with an active subscription for testing purposes only

func NewTestContextWithValidUser 

func NewTestContextWithValidUser(subject string) context.Context

func RefreshTokenFromContext added in v0.9.0 

func RefreshTokenFromContext(ctx context.Context) (string, bool)

RefreshTokenFromContext retrieves the refresh token from the context

func RequestIDFromContext added in v0.4.2 

func RequestIDFromContext(ctx context.Context) (string, bool)

RequestIDFromContext retrieves the request ID from the context

func SetAccessToken added in v0.9.0 

func SetAccessToken(c echo.Context, token string)

SetAccessToken sets the access token context in the echo context

func SetAnonymousQuestionnaireUserContext added in v0.22.1 

func SetAnonymousQuestionnaireUserContext(c echo.Context, user *AnonymousQuestionnaireUser)

SetAnonymousQuestionnaireUserContext sets the anonymous questionnaire user context in the echo context

func SetAnonymousTrustCenterUserContext added in v0.13.3 

func SetAnonymousTrustCenterUserContext(c echo.Context, user *AnonymousTrustCenterUser)

SetAnonymousTrustCenterUserContext sets the anonymous trust center user context in the echo context

func SetAuthCookies 

func SetAuthCookies(w http.ResponseWriter, accessToken, refreshToken string, c sessions.CookieConfig)

SetAuthCookies is a helper function to set authentication cookies on a echo request. The access token cookie (access_token) is an http only cookie that expires when the access token expires. The refresh token cookie is not an http only cookie (it can be accessed by client-side scripts) and it expires when the refresh token expires. Both cookies require https and will not be set (silently) over http connections.

func SetAuthenticatedUserContext 

func SetAuthenticatedUserContext(c echo.Context, user *AuthenticatedUser)

SetAuthenticatedUserContext sets the authenticated user context in the echo context

func SetOrganizationIDInAuthContext added in v0.1.4 

func SetOrganizationIDInAuthContext(ctx context.Context, orgID string) error

SetOrganizationIDInAuthContext sets the organization ID in the auth context this should only be used when creating a new organization and subsequent updates need to happen in the context of the new organization

func SetRefreshToken added in v0.9.0 

func SetRefreshToken(c echo.Context, token string)

SetRefreshToken sets the refresh token context in the echo context

func SetRequestID added in v0.9.0 

func SetRequestID(c echo.Context, token string)

SetRequestID sets the request id in the echo context

func SetSystemAdminInContext added in v0.14.1 

func SetSystemAdminInContext(ctx context.Context, isAdmin bool) error

SetSystemAdminInContext sets the system admin flag in the context

func WithAccessAndRefreshToken added in v0.9.0 

func WithAccessAndRefreshToken(ctx context.Context, accessToken, refreshToken string) context.Context

WithAccessAndRefreshToken sets the access and refresh tokens in the context

func WithAccessToken added in v0.4.2 

func WithAccessToken(ctx context.Context, token string) context.Context

WithAccessToken sets the access token in the context

func WithAnonymousQuestionnaireUser added in v0.22.1 

func WithAnonymousQuestionnaireUser(ctx context.Context, user *AnonymousQuestionnaireUser) context.Context

WithAnonymousQuestionnaireUser sets the anonymous questionnaire user in the context

func WithAnonymousTrustCenterUser added in v0.13.3 

func WithAnonymousTrustCenterUser(ctx context.Context, user *AnonymousTrustCenterUser) context.Context

WithAnonymousTrustCenterUser sets the anonymous trust center user in the context

func WithAuthenticatedUser added in v0.4.2 

func WithAuthenticatedUser(ctx context.Context, user *AuthenticatedUser) context.Context

WithAuthenticatedUser sets the authenticated user in the context

func WithImpersonatedUser added in v0.14.3 

func WithImpersonatedUser(ctx context.Context, user *ImpersonatedUser) context.Context

WithImpersonatedUser sets an impersonated user in the context

func WithRefreshToken added in v0.9.0 

func WithRefreshToken(ctx context.Context, token string) context.Context

WithRefreshToken sets the refresh token in the context

func WithRequestID added in v0.4.2 

func WithRequestID(ctx context.Context, requestID string) context.Context

WithRequestID sets the request ID in the context This is used to track requests across services

func WithSystemAdminContext added in v0.14.3 

func WithSystemAdminContext(ctx context.Context, adminUser *AuthenticatedUser) context.Context

WithSystemAdminContext sets the original system admin user in the context when user context switching occurs

Types

type AcmeSolverContextKey added in v0.12.6 

type AcmeSolverContextKey struct{}

AcmeSolverContextKey is the context key name for the acme solver context

type AnonymousQuestionnaireUser added in v0.22.1 

type AnonymousQuestionnaireUser struct {
	// SubjectID is the user ID of the authenticated user or the api token ID if the user is an API token
	SubjectID string
	// SubjectName is the name of the authenticated user
	SubjectName string
	// SubjectEmail is the email of the authenticated user
	SubjectEmail string
	// OrganizationID is the organization ID of the authenticated user
	OrganizationID string
	// AuthenticationType is the type of authentication used to authenticate the user (JWT, PAT, API Token)
	AuthenticationType AuthenticationType
	// AssessmentID is the ID of the assessment the user is accessing
	AssessmentID string
}

AnonymousQuestionnaireUser contains user information for anonymously accessing and filling a questionnaire

func AnonymousQuestionnaireUserFromContext added in v0.22.1 

func AnonymousQuestionnaireUserFromContext(ctx context.Context) (*AnonymousQuestionnaireUser, bool)

AnonymousQuestionnaireUserFromContext retrieves the anonymous questionnaire user from the context

func GetAnonymousQuestionnaireUserContext added in v0.22.1 

func GetAnonymousQuestionnaireUserContext(c echo.Context) (*AnonymousQuestionnaireUser, bool)

GetAnonymousQuestionnaireUserContext retrieves the anonymous questionnaire user from the echo context

func GetAnonymousQuestionnaireUserContextOr added in v0.22.1 

func GetAnonymousQuestionnaireUserContextOr(c echo.Context, def *AnonymousQuestionnaireUser) *AnonymousQuestionnaireUser

GetAnonymousQuestionnaireUserContextOr retrieves the anonymous questionnaire user from the echo context or returns the provided default value if not found

func GetAnonymousQuestionnaireUserContextOrFunc added in v0.22.1 

func GetAnonymousQuestionnaireUserContextOrFunc(c echo.Context, f func() *AnonymousQuestionnaireUser) *AnonymousQuestionnaireUser

GetAnonymousQuestionnaireUserContextOrFunc retrieves the anonymous questionnaire user from the echo context or returns the result of the provided function if not found

func MustGetAnonymousQuestionnaireUserContext added in v0.22.1 

func MustGetAnonymousQuestionnaireUserContext(c echo.Context) *AnonymousQuestionnaireUser

MustGetAnonymousQuestionnaireUserContext retrieves the anonymous questionnaire user from the echo context or panics if not found

type AnonymousTrustCenterUser added in v0.13.3 

type AnonymousTrustCenterUser struct {
	// SubjectID is the user ID of the authenticated user or the api token ID if the user is an API token
	SubjectID string
	// SubjectName is the name of the authenticated user
	SubjectName string
	// SubjectEmail is the email of the authenticated user
	SubjectEmail string
	// OrganizationID is the organization ID of the authenticated user
	OrganizationID string
	// AuthenticationType is the type of authentication used to authenticate the user (JWT, PAT, API Token)
	AuthenticationType AuthenticationType
	// TrustCenterID is the ID of the trust center the user has access to
	TrustCenterID string
}

AnonymousTrustCenterUser contains user information for anonymous trust center access This allows unauthenticated users to access specific trust center resources

func AnonymousTrustCenterUserFromContext added in v0.13.3 

func AnonymousTrustCenterUserFromContext(ctx context.Context) (*AnonymousTrustCenterUser, bool)

AnonymousTrustCenterUserFromContext retrieves the anonymous trust center user from the context

func GetAnonymousTrustCenterUserContext added in v0.13.3 

func GetAnonymousTrustCenterUserContext(c echo.Context) (*AnonymousTrustCenterUser, bool)

GetAnonymousTrustCenterUserContext retrieves the anonymous trust center user from the echo context

func GetAnonymousTrustCenterUserContextOr added in v0.13.3 

func GetAnonymousTrustCenterUserContextOr(c echo.Context, def *AnonymousTrustCenterUser) *AnonymousTrustCenterUser

GetAnonymousTrustCenterUserContextOr retrieves the anonymous trust center user from the echo context or returns the provided default value if not found

func GetAnonymousTrustCenterUserContextOrFunc added in v0.13.3 

func GetAnonymousTrustCenterUserContextOrFunc(c echo.Context, f func() *AnonymousTrustCenterUser) *AnonymousTrustCenterUser

GetAnonymousTrustCenterUserContextOrFunc retrieves the anonymous trust center user from the echo context or returns the result of the provided function if not found

func MustGetAnonymousTrustCenterUserContext added in v0.13.3 

func MustGetAnonymousTrustCenterUserContext(c echo.Context) *AnonymousTrustCenterUser

MustGetAnonymousTrustCenterUserContext retrieves the anonymous trust center user from the echo context or panics if not found

type AuthenticatedUser 

type AuthenticatedUser struct {
	// SubjectID is the user ID of the authenticated user or the api token ID if the user is an API token
	SubjectID string
	// SubjectName is the name of the authenticated user
	SubjectName string
	// SubjectEmail is the email of the authenticated user
	SubjectEmail string
	// OrganizationID is the organization ID of the authenticated user
	OrganizationID string
	// OrganizationName is the name of the organization the user is authenticated to
	OrganizationName string
	// OrganizationIDs is the list of organization IDs the user is authorized to access
	OrganizationIDs []string
	// AuthenticationType is the type of authentication used to authenticate the user (JWT, PAT, API Token)
	AuthenticationType AuthenticationType
	// ActiveSubscription is the active subscription for the user
	ActiveSubscription bool
	// IsSystemAdmin indicates if the user is a system admin
	IsSystemAdmin bool
}

AuthenticatedUser contains the user and organization ID for the authenticated user

func AuthenticatedUserFromContext added in v0.4.2 

func AuthenticatedUserFromContext(ctx context.Context) (*AuthenticatedUser, bool)

AuthenticatedUserFromContext retrieves the authenticated user from the context

func AuthenticatedUserFromContextOr added in v0.4.2 

func AuthenticatedUserFromContextOr(ctx context.Context, def *AuthenticatedUser) *AuthenticatedUser

AuthenticatedUserFromContextOr retrieves the authenticated user from the context or returns the provided default value if not found

func AuthenticatedUserFromContextOrFunc added in v0.4.2 

func AuthenticatedUserFromContextOrFunc(ctx context.Context, f func() *AuthenticatedUser) *AuthenticatedUser

AuthenticatedUserFromContextOrFunc retrieves the authenticated user from the context or returns the result of the provided function if not found

func GetAuthenticatedUserContext 

func GetAuthenticatedUserContext(c echo.Context) (*AuthenticatedUser, bool)

GetAuthenticatedUserContext retrieves the authenticated user from the echo context

func GetAuthenticatedUserContextOr added in v0.4.2 

func GetAuthenticatedUserContextOr(c echo.Context, def *AuthenticatedUser) *AuthenticatedUser

GetAuthenticatedUserContextOr retrieves the authenticated user from the echo context or returns the provided default value if not found

func GetAuthenticatedUserContextOrFunc added in v0.4.2 

func GetAuthenticatedUserContextOrFunc(c echo.Context, f func() *AuthenticatedUser) *AuthenticatedUser

GetAuthenticatedUserContextOrFunc retrieves the authenticated user from the echo context or returns the result of the provided function if not found

func GetAuthenticatedUserFromContext added in v0.9.0 

func GetAuthenticatedUserFromContext(ctx context.Context) (*AuthenticatedUser, error)

GetAuthenticatedUserFromContext attempts to retrieve the authenticated user from the context and will return an error if the user is not found

func GetEffectiveUser added in v0.14.3 

func GetEffectiveUser(ctx context.Context) (*AuthenticatedUser, bool)

GetEffectiveUser returns the impersonated user if present, otherwise the regular authenticated user

func MustAuthenticatedUserFromContext added in v0.4.2 

func MustAuthenticatedUserFromContext(ctx context.Context) *AuthenticatedUser

MustAuthenticatedUserFromContext retrieves the authenticated user from the context or panics if not found

func MustGetAuthenticatedUserContext added in v0.4.2 

func MustGetAuthenticatedUserContext(c echo.Context) *AuthenticatedUser

MustGetAuthenticatedUserContext retrieves the authenticated user from the echo context or panics if not found

func SystemAdminFromContext added in v0.14.3 

func SystemAdminFromContext(ctx context.Context) (*AuthenticatedUser, bool)

SystemAdminFromContext retrieves the original system admin user when user context switching is active

type AuthenticationType 

type AuthenticationType string

AuthenticationType represents the type of authentication used It can be JWT, PAT (Personal Access Token), or API Token 

const (
	// JWTAuthentication is the authentication type for JWT tokens
	JWTAuthentication AuthenticationType = "jwt"
	// PATAuthentication is the authentication type for personal access tokens
	PATAuthentication AuthenticationType = "pat"
	// APITokenAuthentication is the authentication type for API tokens, commonly used for service authentication for machine-to-machine communication
	APITokenAuthentication AuthenticationType = "api_token"
)

func GetAuthTypeFromContext 

func GetAuthTypeFromContext(ctx context.Context) AuthenticationType

GetAuthTypeFromEchoContext retrieves the authentication type from the context if it was set

func GetAuthTypeFromEchoContext 

func GetAuthTypeFromEchoContext(ctx echo.Context) AuthenticationType

GetAuthTypeFromEchoContext retrieves the authentication type from the context

type ContextAccessToken 

type ContextAccessToken struct {
	// contains filtered or unexported fields
}

ContextAccessToken is the context key for the access token

type ContextRefreshToken 

type ContextRefreshToken struct {
	// contains filtered or unexported fields
}

ContextRefreshToken is the context key for the refresh token

type ContextRequestID 

type ContextRequestID struct {
	// contains filtered or unexported fields
}

ContextRequestID is the context key for the request ID

type ImpersonatedUser added in v0.14.3 

type ImpersonatedUser struct {
	*AuthenticatedUser
	// ImpersonationContext contains details about the active impersonation
	ImpersonationContext *ImpersonationContext
	// OriginalUser is the user who initiated the impersonation (support staff, etc.)
	OriginalUser *AuthenticatedUser
}

ImpersonatedUser extends AuthenticatedUser with impersonation information

func ImpersonatedUserFromContext added in v0.14.3 

func ImpersonatedUserFromContext(ctx context.Context) (*ImpersonatedUser, bool)

ImpersonatedUserFromContext retrieves an impersonated user from the context

func MustImpersonatedUserFromContext added in v0.14.3 

func MustImpersonatedUserFromContext(ctx context.Context) *ImpersonatedUser

MustImpersonatedUserFromContext retrieves an impersonated user from the context or panics

func (*ImpersonatedUser) CanPerformAction added in v0.14.3 

func (i *ImpersonatedUser) CanPerformAction(scope string) bool

CanPerformAction checks if the current impersonation allows a specific action

func (*ImpersonatedUser) IsImpersonated added in v0.14.3 

func (i *ImpersonatedUser) IsImpersonated() bool

IsImpersonated returns true if this user is being impersonated

type ImpersonationAuditLog added in v0.14.3 

type ImpersonationAuditLog struct {
	SessionID         string            `json:"session_id"`
	Type              ImpersonationType `json:"type"`
	ImpersonatorID    string            `json:"impersonator_id"`
	ImpersonatorEmail string            `json:"impersonator_email"`
	TargetUserID      string            `json:"target_user_id"`
	TargetUserEmail   string            `json:"target_user_email"`
	Action            string            `json:"action"` // "start", "end", "action_performed"
	Reason            string            `json:"reason"`
	Timestamp         time.Time         `json:"timestamp"`
	IPAddress         string            `json:"ip_address,omitempty"`
	UserAgent         string            `json:"user_agent,omitempty"`
	OrganizationID    string            `json:"organization_id"`
	Scopes            []string          `json:"scopes"`
	AdditionalData    map[string]any    `json:"additional_data,omitempty"`
}

ImpersonationAuditLog represents an audit log entry for impersonation events

type ImpersonationContext added in v0.14.3 

type ImpersonationContext struct {
	// Type indicates what kind of impersonation this is
	Type ImpersonationType
	// ImpersonatorID is the user ID of the person doing the impersonation
	ImpersonatorID string
	// ImpersonatorEmail is the email of the person doing the impersonation
	ImpersonatorEmail string
	// TargetUserID is the user being impersonated
	TargetUserID string
	// TargetUserEmail is the email of the user being impersonated
	TargetUserEmail string
	// Reason is the justification for the impersonation
	Reason string
	// StartedAt is when the impersonation session began
	StartedAt time.Time
	// ExpiresAt is when the impersonation session expires
	ExpiresAt time.Time
	// SessionID is a unique identifier for this impersonation session
	SessionID string
	// Scopes defines what actions are allowed during impersonation
	Scopes []string
}

ImpersonationContext contains information about an active impersonation session

func (*ImpersonationContext) HasScope added in v0.14.3 

func (i *ImpersonationContext) HasScope(scope string) bool

HasScope checks if the impersonation session allows a specific scope

func (*ImpersonationContext) IsExpired added in v0.14.3 

func (i *ImpersonationContext) IsExpired() bool

IsExpired checks if the impersonation session has expired

type ImpersonationType added in v0.14.3 

type ImpersonationType string

ImpersonationType represents the type of impersonation being performed 

const (
	// SupportImpersonation is for support staff helping users debug issues
	SupportImpersonation ImpersonationType = "support"
	// JobImpersonation is for async jobs running with user context
	JobImpersonation ImpersonationType = "job"
	// AdminImpersonation is for admin operations that need to act as a user
	AdminImpersonation ImpersonationType = "admin"
)

type KeyStoreContextKey added in v0.22.5 

type KeyStoreContextKey struct{}

KeyStoreContextKey is the context key name for the keystore context

type ManagedGroupContextKey added in v0.9.1 

type ManagedGroupContextKey struct{}

ManagedGroupContextKey is the context key name for the managed group context

type OrgSubscriptionContextKey added in v0.9.1 

type OrgSubscriptionContextKey struct{}

OrgSubscriptionContextKey is the context key name for the organization subscription context

type OrganizationCreationContextKey added in v0.8.6 

type OrganizationCreationContextKey struct{}

OrganizationCreationContextKey is the context key name for the organization creation context

type QuestionnaireContextKey added in v0.22.1 

type QuestionnaireContextKey struct{}

QuestionnaireContextKey is the context key name for the questionnaire context

type SystemAdminContextKey added in v0.14.3 

type SystemAdminContextKey struct {
	AdminUser *AuthenticatedUser
}

SystemAdminContextKey holds the original system admin user when user context switching occurs

type TrustCenterContextKey added in v0.13.3 

type TrustCenterContextKey struct{}

TrustCenterContextKey is the context key name for the trust center context

type TrustCenterNDAContextKey added in v0.17.2 

type TrustCenterNDAContextKey struct {
	OrgID string
}

TrustCenterNDAContextKey is the context key name for the trust center NDA context

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.