server

package

v0.0.0-...-0fd5418 Latest Latest Go to latest Published: Aug 17, 2023 License: MIT Imports: 32 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

git.autistici.org/id/auth

Links

Open Source Insights

Documentation ¶

Index ¶

type Blacklist
- func (b *Blacklist) Allow(key string) bool
- func (b *Blacklist) Incr(key string)
type Config
- func LoadConfig(path string) (*Config, error)
type OTPShortTermStorage
type Ratelimiter
- func (r *Ratelimiter) AllowIncr(key string) bool
type Server
- func NewServer(config *Config) (*Server, error)
- func (s *Server) Authenticate(ctx context.Context, req *auth.Request) *auth.Response
- func (s *Server) Close()
type ServiceConfig
type SocketServer
- func NewSocketServer(authServer *Server) *SocketServer
- func (s *SocketServer) ServeLine(ctx context.Context, lw lineproto.LineResponseWriter, line []byte) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Blacklist ¶

type Blacklist struct {
	// contains filtered or unexported fields
}

Blacklist can blacklist keys whose request rate is above a specified threshold.

func (*Blacklist) Allow ¶

func (b *Blacklist) Allow(key string) bool

Allow returns true if this request (identified by the given key) should be allowed.

func (*Blacklist) Incr ¶

func (b *Blacklist) Incr(key string)

Incr increments the counter for the given key for the current time period.

type Config ¶

type Config struct {
	// Service-specific configuration.
	Services map[string]*ServiceConfig `yaml:"services"`

	// If set, load more service definitions from *.yml files in this directory.
	ServicesDir string `yaml:"services_dir"`

	// Enabled backends.
	Backends map[string]yaml.Node `yaml:"backends"`

	// If set, load more backend definitions from *.yml files in this directory.
	BackendsDir string `yaml:"backends_dir"`

	// Named rate limiter configurations.
	RateLimiters map[string]*authRatelimiterConfig `yaml:"rate_limits"`

	// Configuration for the user-meta-server backend.
	UserMetaDBConfig *clientutil.BackendConfig `yaml:"user_meta_server"`

	// Memcache servers used for short-term storage.
	MemcacheServers []string `yaml:"memcache_servers"`

	// WebAuthN configuration.
	WebAuthn struct {
		RPDisplayName string `yaml:"rp_display_name"`
		RPID          string `yaml:"rp_id"`
		RPOrigin      string `yaml:"rp_origin"`
	} `yaml:"webauthn"`
	// contains filtered or unexported fields
}

Config for the authentication server.

func LoadConfig ¶

func LoadConfig(path string) (*Config, error)

LoadConfig loads the configuration from a YAML-encoded file.

type OTPShortTermStorage ¶

type OTPShortTermStorage interface {
	AddToken(string, string) error
	HasToken(string, string) bool
}

OTPShortTermStorage stores short-term otp tokens for replay protection purposes.

type Ratelimiter ¶

type Ratelimiter struct {
	// contains filtered or unexported fields
}

Ratelimiter is a simple counter-based rate limiter, allowing the first N requests over each period of time T.

func (*Ratelimiter) AllowIncr ¶

func (r *Ratelimiter) AllowIncr(key string) bool

AllowIncr performs a check and an increment at the same time, while holding a mutex, so it is robust in face of concurrent requests.

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server is the main authentication server object.

func NewServer ¶

func NewServer(config *Config) (*Server, error)

NewServer creates a Server using the given configuration.

func (*Server) Authenticate ¶

func (s *Server) Authenticate(ctx context.Context, req *auth.Request) *auth.Response

Authenticate a user with the parameters specified in the incoming AuthRequest.

func (*Server) Close ¶

func (s *Server) Close()

Close the authentication server and release all associated resources.

type ServiceConfig ¶

type ServiceConfig struct {
	BackendSpecs             []*backend.Spec `yaml:"backends"`
	ChallengeResponse        bool            `yaml:"challenge_response"`
	Enforce2FA               bool            `yaml:"enforce_2fa"`
	Ignore2FA                bool            `yaml:"ignore_2fa"`
	EnableLastLoginReporting bool            `yaml:"enable_last_login_reporting"`
	EnableDeviceTracking     bool            `yaml:"enable_device_tracking"`
	Ratelimits               []string        `yaml:"rate_limits"`
	ASPService               string          `yaml:"asp_service"`
}

ServiceConfig defines the authentication backends for a service.

type SocketServer ¶

type SocketServer struct {
	// contains filtered or unexported fields
}

SocketServer accepts connections on a UNIX socket, speaking the line-based wire protocol, and dispatches incoming requests to the wrapped Server.

func NewSocketServer ¶

func NewSocketServer(authServer *Server) *SocketServer

NewSocketServer returns a new SocketServer listening on the given path.

func (*SocketServer) ServeLine ¶

func (s *SocketServer) ServeLine(ctx context.Context, lw lineproto.LineResponseWriter, line []byte) error

ServeLine handles a single request and writes a response. Implements the unix.LineHandler interface.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL