security

package

v0.7.4 Latest Latest Go to latest Published: Dec 19, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/xraph/forge

Links

Open Source Insights

Documentation ¶

Index ¶

func CreateClientTLSConfig(certFile, keyFile, caFile string, insecureSkipVerify bool) (*tls.Config, error)
type AuthConfig
type AuthManager
- func NewAuthManager(config AuthConfig, logger forge.Logger) *AuthManager
type Permission
type Role
type TLSConfig
- func DefaultSecureTLSConfig() TLSConfig
type TLSManager
- func NewTLSManager(config TLSConfig, logger forge.Logger) (*TLSManager, error)
type TokenInfo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateClientTLSConfig ¶

func CreateClientTLSConfig(certFile, keyFile, caFile string, insecureSkipVerify bool) (*tls.Config, error)

CreateClientTLSConfig creates a TLS config for client connections.

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	Enabled      bool
	TokenTimeout time.Duration
	AdminTokens  []string
	ReadTokens   []string
	WriteTokens  []string
	RequireAuth  bool
}

AuthConfig contains authentication configuration.

type AuthManager ¶

type AuthManager struct {
	// contains filtered or unexported fields
}

AuthManager manages authentication and authorization.

func NewAuthManager ¶

func NewAuthManager(config AuthConfig, logger forge.Logger) *AuthManager

NewAuthManager creates a new authentication manager.

func (*AuthManager) AddToken ¶

func (am *AuthManager) AddToken(token string, role Role, timeout time.Duration)

AddToken dynamically adds a token.

func (*AuthManager) AuthMiddleware ¶

func (am *AuthManager) AuthMiddleware(permission Permission) func(forge.Context) error

AuthMiddleware returns a middleware that enforces authentication.

func (*AuthManager) Authenticate ¶

func (am *AuthManager) Authenticate(ctx context.Context, token string) (*TokenInfo, error)

Authenticate authenticates a token.

func (*AuthManager) AuthorizeRequest ¶

func (am *AuthManager) AuthorizeRequest(ctx context.Context, token string, permission Permission) error

AuthorizeRequest checks if a token has permission for a request.

func (*AuthManager) GetTokenInfo ¶

func (am *AuthManager) GetTokenInfo(token string) (*TokenInfo, error)

GetTokenInfo returns information about a token.

func (*AuthManager) IsEnabled ¶

func (am *AuthManager) IsEnabled() bool

IsEnabled returns true if authentication is enabled.

func (*AuthManager) ListTokens ¶

func (am *AuthManager) ListTokens() []TokenInfo

ListTokens returns all active tokens (masked).

func (*AuthManager) RemoveToken ¶

func (am *AuthManager) RemoveToken(token string)

RemoveToken removes a token.

func (*AuthManager) RevokeExpiredTokens ¶

func (am *AuthManager) RevokeExpiredTokens() int

RevokeExpiredTokens removes expired tokens.

func (*AuthManager) ValidateToken ¶

func (am *AuthManager) ValidateToken(provided, expected string) bool

ValidateToken validates a token using constant-time comparison.

type Permission ¶

type Permission string

Permission represents a permission type.

const (
	// PermissionRead allows read operations.
	PermissionRead Permission = "read"
	// PermissionWrite allows write operations.
	PermissionWrite Permission = "write"
	// PermissionAdmin allows admin operations.
	PermissionAdmin Permission = "admin"
)

type Role ¶

type Role string

Role represents an authorization role.

const (
	// RoleAdmin has full access.
	RoleAdmin Role = "admin"
	// RoleWrite has read and write access.
	RoleWrite Role = "write"
	// RoleRead has read-only access.
	RoleRead Role = "read"
	// RoleNone has no access.
	RoleNone Role = "none"
)

type TLSConfig ¶

type TLSConfig struct {
	Enabled            bool
	CertFile           string
	KeyFile            string
	CAFile             string
	ClientAuthRequired bool
	InsecureSkipVerify bool
	MinVersion         uint16
	MaxVersion         uint16
	CipherSuites       []uint16
}

TLSConfig contains TLS configuration.

func DefaultSecureTLSConfig ¶

func DefaultSecureTLSConfig() TLSConfig

DefaultSecureTLSConfig returns a secure default TLS configuration.

type TLSManager ¶

type TLSManager struct {
	// contains filtered or unexported fields
}

TLSManager manages TLS configuration.

func NewTLSManager ¶

func NewTLSManager(config TLSConfig, logger forge.Logger) (*TLSManager, error)

NewTLSManager creates a new TLS manager.

func (*TLSManager) GetTLSConfig ¶

func (tm *TLSManager) GetTLSConfig() *tls.Config

GetTLSConfig returns the TLS configuration.

func (*TLSManager) IsEnabled ¶

func (tm *TLSManager) IsEnabled() bool

IsEnabled returns true if TLS is enabled.

func (*TLSManager) IsMTLSEnabled ¶

func (tm *TLSManager) IsMTLSEnabled() bool

IsMTLSEnabled returns true if mTLS is enabled.

func (*TLSManager) VerifyPeerCertificate ¶

func (tm *TLSManager) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

VerifyPeerCertificate verifies a peer certificate.

type TokenInfo ¶

type TokenInfo struct {
	Token     string
	Role      Role
	CreatedAt time.Time
	LastUsed  time.Time
	ExpiresAt time.Time
	Metadata  map[string]string
}

TokenInfo contains information about an authentication token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL