secure_boilerplate

package module
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 1, 2026 License: MIT Imports: 18 Imported by: 0

README

Zero-Trust Identity Hub

A robust, modular Go-based backend framework designed for secure identity management, zero-trust network integration, and automated service synchronization. This package provides the core infrastructure to boot a hardened identity portal.

Overview

The secure_boilerplate package streamlines the initialization of a high-security identity ecosystem by orchestrating several critical components:

  • Secure Networking: Utilizes secure_network for mesh-node communication and TLS-encrypted routing.
  • Identity Management: Integrates webauthnext for authentication and provides dedicated controllers for administrative tasks and auditing.
  • Zero-Trust Policy Engine: Enforces security policies via secure_policy powered by a backend database.
  • Database: Leverages ultimate_db for centralized data persistence and transaction handling.
  • Synchronization: Employs orchid_sync for real-time data synchronization across edge nodes.

Core Features

  • Config-Driven Initialization: Automatically parses YAML configurations for application and user registration.
  • SCIM Support: Includes an integrated SCIM (System for Cross-domain Identity Management) daemon to handle user provisioning.
  • Mesh Integration: Facilitates secure bootstrapping of mesh nodes using public key infrastructure.
  • Extensible Routing: Provides a flexible Server struct and routeRegister callback to inject custom application-specific logic.

Getting Started

Prerequisites

Ensure your environment is configured with the necessary dependencies:

  • Go 1.x+
  • The gddisney internal module suite (guikit, identity_provider, orchid_sync, etc.).
Initialization

To start the Identity Hub, invoke the Start function within your main entry point:

package main

import (
	"github.com/gddisney/guikit"
	"github.com/gddisney/webauthnext"
	"yourproject/boilerplate"
)

func main() {
	ui := guikit.New()
	provider := &webauthnext.Provider{}
	
	boilerplate.Start(ui, "config.yaml", provider, func(s *boilerplate.Server) {
		// Register custom routes or additional services here
	})
}
Configuration (config.yaml)

The system expects a YAML file containing the initial state of your identity environment:

apps:
  - id: "app-01"
    name: "Internal Portal"
users:
  - username: "admin"
    session_id: "..."

Security Model

The system follows a Zero-Trust architecture. All network traffic is expected to be encrypted over port 443. Access is guarded by the secure_bootstrap.RequireAuth middleware, ensuring that only authenticated sessions can access the dashboard or internal resources.

Architectural Notes

  • Nil-Safety: The Start function accepts a guikit.GUIKit pointer to explicitly prevent nil-pointer panics during startup.
  • Event Handling: A local bus (chan secure_network.SystemEvent) facilitates internal communication between the policy engine, the admin controller, and the SCIM daemon.
  • Lifecycle: The service runs a blocking edgeNode.Start call at the end of the initialization sequence.

This module is part of the internal identity infrastructure and requires access to the gddisney private repository.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ABACConfig added in v1.0.8 

type ABACConfig struct {
	Policies []struct {
		Subject  string `yaml:"subject"`
		Action   string `yaml:"action"`
		Resource string `yaml:"resource"`
		Effect   string `yaml:"effect"`
	} `yaml:"policies"`
}

type IdentityProvider added in v1.0.1 

type IdentityProvider interface{}

type MasterConfig added in v1.0.8 

type MasterConfig struct {
	Server struct {
		ServiceName string `yaml:"service_name"`
		Host        string `yaml:"host"`
		Domain      string `yaml:"domain"`
	} `yaml:"server"`
	Files struct {
		RbacPath  string `yaml:"rbac_path"`
		AbacPath  string `yaml:"abac_path"`
		ViewsPath string `yaml:"views_path"`
	} `yaml:"files"`
	Views []ViewDefinition                `yaml:"views"`
	Apps  []identity_provider.Application `yaml:"apps"`
	Users []identity_provider.Identity    `yaml:"users"`
}

type PlatformControl added in v1.0.2 

type PlatformControl struct {
	Router *secure_network.Router
}

func Start 

func Start(
	ui *guikit.GUIKit,
	configPath string,
	provider IdentityProvider,
	routeRegister func(routes *RouteModule),
) *PlatformControl

func (*PlatformControl) Shutdown added in v1.0.2 

func (pc *PlatformControl) Shutdown(ctx context.Context) error

type RBACConfig added in v1.0.8 

type RBACConfig struct {
	Roles []struct {
		Name        string   `yaml:"name"`
		Permissions []string `yaml:"permissions"`
	} `yaml:"roles"`
}

type RouteModule added in v1.0.1 

type RouteModule struct {
	Server *Server
	Views  []ViewDefinition
}

func (*RouteModule) Public added in v1.0.1 

func (rm *RouteModule) Public(pattern string, handler http.HandlerFunc)

func (*RouteModule) Secure added in v1.0.1 

func (rm *RouteModule) Secure(pattern string, handler http.HandlerFunc)

type Server 

type Server struct {
	UI           *guikit.GUIKit
	AuthProvider IdentityProvider
	SearchEngine *orchid_sync.Engine
	DB           *ultimate_db.DB
	Router       *secure_network.Router
	Admin        *identity_provider.AdminController
	Audit        *identity_provider.AuditController
	Logger       *logger.LogDispatcher
	MeshNode     *secure_network.MeshNode
	ServiceKeys  *service_keys.ServiceKeyManager
}

type ViewDefinition added in v1.0.8 

type ViewDefinition struct {
	Name        string   `yaml:"name"`
	Path        string   `yaml:"path"`
	Template    string   `yaml:"template"`
	Policy      string   `yaml:"policy"` // "public" or "secure"
	DataSources []string `yaml:"data_sources"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.