Documentation
¶
Index ¶
- Variables
- type Server
- type Token
- type TokenListEntry
- type TokenScope
- type TokenStore
- func (ts *TokenStore) Create(scope TokenScope) (*Token, error)
- func (ts *TokenStore) List() []*Token
- func (ts *TokenStore) Revoke(id string)
- func (ts *TokenStore) RevokeAll()
- func (ts *TokenStore) RevokeByPrefix(prefix string) error
- func (ts *TokenStore) StartCleanup(interval time.Duration)
- func (ts *TokenStore) Validate(id string) (*Token, error)
Constants ¶
This section is empty.
Variables ¶
var OnRefreshFailHook func(service string, err error)
OnRefreshFail is the callback invoked when a background refresh fails. It can be overridden to send alerts (e.g., Telegram notification).
Functions ¶
This section is empty.
Types ¶
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the vault HTTP API server.
func NewServer ¶
NewServer creates a new API server. httpProxyURL, if non-empty, routes all outbound proxy requests through the given HTTP proxy (e.g. "http://127.0.0.1:4751"). The proxy's IP is exempted from SSRF checks.
func (*Server) CancelTokenRefresh ¶
CancelTokenRefresh cancels the refresh timer for a service.
func (*Server) ScheduleTokenRefresh ¶
ScheduleTokenRefresh schedules a proactive refresh for a specific service.
func (*Server) ServeHTTP ¶
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements http.Handler.
func (*Server) StartTokenRefresh ¶
func (s *Server) StartTokenRefresh()
StartTokenRefresh initializes proactive refresh timers for all OAuth2/SA services. Should be called after the vault is unlocked.
type Token ¶
type Token struct {
ID string `json:"id"`
Scope TokenScope `json:"scope"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at"`
}
Token represents an active session token.
type TokenListEntry ¶
type TokenListEntry struct {
IDPrefix string `json:"id_prefix"`
Scope TokenScope `json:"scope"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at"`
}
TokenListEntry is a safe view for token listing (masks the full ID).
type TokenScope ¶
type TokenScope string
TokenScope defines what a token can do.
const ( ScopeAdmin TokenScope = "admin" ScopeProxy TokenScope = "proxy" )
type TokenStore ¶
type TokenStore struct {
// contains filtered or unexported fields
}
TokenStore manages session tokens in memory.
func NewTokenStore ¶
func NewTokenStore(ttl time.Duration) *TokenStore
NewTokenStore creates a token store with the given TTL.
func (*TokenStore) Create ¶
func (ts *TokenStore) Create(scope TokenScope) (*Token, error)
Create generates a new token with the given scope.
func (*TokenStore) List ¶
func (ts *TokenStore) List() []*Token
List returns all active (non-expired) tokens.
func (*TokenStore) RevokeAll ¶
func (ts *TokenStore) RevokeAll()
RevokeAll clears all tokens (used on lock).
func (*TokenStore) RevokeByPrefix ¶
func (ts *TokenStore) RevokeByPrefix(prefix string) error
RevokeByPrefix revokes a token matching the given prefix. Returns an error if no match or ambiguous (multiple matches).
func (*TokenStore) StartCleanup ¶
func (ts *TokenStore) StartCleanup(interval time.Duration)
StartCleanup runs a background goroutine that periodically purges expired tokens.
Source Files