security

package

v0.0.0-...-9b5cd94 Latest Latest Go to latest Published: Apr 5, 2024 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

git.canopsis.net/canopsis/canopsis-community

Links

Open Source Insights

Documentation ¶

Overview ¶

security contains implementation of authentication and authorization methods.

Index ¶

Constants
type BasicConfig
type CasConfig
type Config
- func LoadConfig(configDir string) (Config, error)
type Enforcer
- func NewEnforcer(configDir string, client mongo.DbClient) (Enforcer, error)
type HttpProvider
type LdapConfig
type OAuth2Config
type OAuth2ProviderConfig
type Provider
type SamlConfig
type TokenProvider
type User
type UserProvider

Constants ¶

View Source

const (
	AuthMethodBasic  = "basic"
	AuthMethodApiKey = "apikey"
	AuthMethodCas    = "cas"
	AuthMethodSaml   = "saml"
	AuthMethodLdap   = "ldap"
	AuthMethodOAuth2 = "oauth2"
)

View Source

const (
	// QueryParamApiKey is the user api key for auth.
	QueryParamApiKey = "authkey"
	// HeaderApiKey is the user api key for auth.
	HeaderApiKey = "x-canopsis-authkey" //nolint:gosec
	// QueryParamCasTicket is CAS ticket for auth.
	QueryParamCasTicket = "ticket"
	// QueryParamCasService is CAS service for auth.
	QueryParamCasService = "service"
	// SessionKey is the session name in cookies.
	SessionKey = "session-id"
)

View Source

const (
	SourceLdap = "ldap"
	SourceCas  = "cas"
	SourceSaml = "saml"
)

View Source

const DefaultInactivityInterval = 24 // hours

View Source

const RoleAdmin = "admin"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BasicConfig ¶

type BasicConfig struct {
	InactivityInterval string `yaml:"inactivity_interval"`
	ExpirationInterval string `yaml:"expiration_interval"`
}

type CasConfig ¶

type CasConfig struct {
	InactivityInterval string `yaml:"inactivity_interval"`
	ExpirationInterval string `yaml:"expiration_interval"`
	Title              string `yaml:"title"`
	LoginUrl           string `yaml:"login_url"`
	ValidateUrl        string `yaml:"validate_url"`
	DefaultRole        string `yaml:"default_role"`
}

type Config ¶

type Config struct {
	Security struct {
		AuthProviders []string     `yaml:"auth_providers"`
		Basic         BasicConfig  `yaml:"basic"`
		Ldap          LdapConfig   `yaml:"ldap"`
		Cas           CasConfig    `yaml:"cas"`
		Saml          SamlConfig   `yaml:"saml"`
		OAuth2        OAuth2Config `yaml:"oauth2"`
	} `yaml:"security"`
}

Config providers which auth methods must be used.

func LoadConfig ¶

func LoadConfig(configDir string) (Config, error)

LoadConfig creates Config by config file.

type Enforcer ¶

type Enforcer interface {
	Enforce(rvals ...interface{}) (bool, error)
	StartAutoLoadPolicy(context.Context, time.Duration)
	LoadPolicy() error
	GetRolesForUser(name string, domain ...string) ([]string, error)
	GetPermissionsForUser(user string, domain ...string) [][]string
	HasPermissionForUser(user string, permission ...string) bool
}

Enforcer is the API interface of casbin enforcer. Interface casbin.IEnforcer is not used because if cannot be mocked by mockgen.

func NewEnforcer ¶

func NewEnforcer(configDir string, client mongo.DbClient) (Enforcer, error)

NewEnforcer creates new synced enforcer with mongo adapter.

type HttpProvider ¶

type HttpProvider interface {
	Auth(*http.Request) (*User, error, bool)
}

HttpProvider interface is used to implement user authentication by credentials which are retrieved from http request.

type LdapConfig ¶

type LdapConfig struct {
	InactivityInterval string            `yaml:"inactivity_interval"`
	ExpirationInterval string            `yaml:"expiration_interval"`
	Url                string            `yaml:"url"`
	AdminUsername      string            `yaml:"admin_dn"`
	AdminPassword      string            `yaml:"admin_passwd"`
	BaseDN             string            `yaml:"user_dn"`
	Attributes         map[string]string `yaml:"attrs"`
	UsernameAttr       string            `yaml:"username_attr"`
	Filter             string            `yaml:"ufilter"`
	DefaultRole        string            `yaml:"default_role"`
	InsecureSkipVerify bool              `yaml:"insecure_skip_verify"`
	MinTLSVersion      string            `yaml:"min_tls_ver"`
	MaxTLSVersion      string            `yaml:"max_tls_ver"`
}

type OAuth2Config ¶

type OAuth2Config struct {
	Providers map[string]OAuth2ProviderConfig `yaml:"providers"`
}

type OAuth2ProviderConfig ¶

type OAuth2ProviderConfig struct {
	InactivityInterval string            `yaml:"inactivity_interval"`
	ExpirationInterval string            `yaml:"expiration_interval"`
	Issuer             string            `yaml:"issuer"`
	ClientID           string            `yaml:"client_id"`
	ClientSecret       string            `yaml:"client_secret"`
	RedirectURL        string            `yaml:"redirect_url"`
	DefaultRole        string            `yaml:"default_role"`
	AuthURL            string            `yaml:"auth_url"`
	TokenURL           string            `yaml:"token_url"`
	UserURL            string            `yaml:"user_url"`
	UserID             string            `yaml:"user_id"`
	Scopes             []string          `yaml:"scopes"`
	AttributesMap      map[string]string `yaml:"attributes_map"`
	OpenID             bool              `yaml:"open_id"`
	PKCE               bool              `yaml:"pkce"`
}

type Provider ¶

type Provider interface {
	GetName() string
	Auth(ctx context.Context, username, password string) (*User, error)
}

Provider interface is used to implement user authentication by username and password.

type SamlConfig ¶

type SamlConfig struct {
	InactivityInterval      string            `yaml:"inactivity_interval"`
	ExpirationInterval      string            `yaml:"expiration_interval"`
	Title                   string            `yaml:"title"`
	X509Cert                string            `yaml:"x509_cert"`
	X509Key                 string            `yaml:"x509_key"`
	IdpMetadataUrl          string            `yaml:"idp_metadata_url"`
	IdpMetadataXml          string            `yaml:"idp_metadata_xml"`
	IdpAttributesMap        map[string]string `yaml:"idp_attributes_map"`
	CanopsisSamlUrl         string            `yaml:"canopsis_saml_url"`
	DefaultRole             string            `yaml:"default_role"`
	InsecureSkipVerify      bool              `yaml:"insecure_skip_verify"`
	CanopsisSSOBinding      string            `yaml:"canopsis_sso_binding"`
	CanopsisACSBinding      string            `yaml:"canopsis_acs_binding"`
	SignAuthRequest         bool              `yaml:"sign_auth_request"`
	NameIdFormat            string            `yaml:"name_id_format"`
	SkipSignatureValidation bool              `yaml:"skip_signature_validation"`
	ACSIndex                *int              `yaml:"acs_index"`
	AutoUserRegistration    bool              `yaml:"auto_user_registration"`
}

type TokenProvider ¶

type TokenProvider interface {
	Auth(ctx context.Context, token string) (*User, error)
}

TokenProvider interface is used to implement user authentication by token.

type User ¶

type User struct {
	ID             string   `bson:"_id"`
	Name           string   `bson:"name"`
	DisplayName    string   `bson:"display_name,omitempty"`
	Firstname      string   `bson:"firstname"`
	Lastname       string   `bson:"lastname"`
	Email          string   `bson:"email"`
	HashedPassword string   `bson:"password,omitempty"`
	AuthApiKey     string   `bson:"authkey"`
	Roles          []string `bson:"roles"`
	Contact        struct {
		Name    string `bson:"name"`
		Address string `bson:"address"`
	} `bson:"contact"`
	IsEnabled  bool   `bson:"enable"`
	ExternalID string `bson:"external_id"`
	Source     string `bson:"source"`
}

User represents user model.

type UserProvider ¶

type UserProvider interface {
	// FindByUsername returns user with username or nil.
	FindByUsername(ctx context.Context, username string) (*User, error)
	// FindByAuthApiKey returns user with api key or nil.
	FindByAuthApiKey(ctx context.Context, apiKey string) (*User, error)
	// FindByID returns user with ID or nil.
	FindByID(ctx context.Context, id string) (*User, error)
	// FindByExternalSource returns user with ID from source or nil.
	FindByExternalSource(ctx context.Context, externalID, source string) (*User, error)
	// FindWithoutPermission returns users without permission.
	FindWithoutPermission(ctx context.Context, perm string) ([]User, error)
	// Save updates user or inserts user if not exist.
	Save(ctx context.Context, user *User) error
}

UserProvider is decorator for requests to user storage.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
httpprovider httpprovider contains http authentication methods.	httpprovider contains http authentication methods.
model
mongoadapter Package mongoadapter contains casbin mongo adapter.	Package mongoadapter contains casbin mongo adapter.
password password contains password encoders.	password contains password encoders.
provider provider contains authentication methods.	provider contains authentication methods.
proxy
session Package session contains implementation of http session.	Package session contains implementation of http session.
mongostore mongostore contains gorilla session store.	mongostore contains gorilla session store.
sharetoken
token
tokenprovider
userprovider Package userprovider contains user storages.	Package userprovider contains user storages.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL