Documentation
¶
Overview ¶
Package security includes encryption and decryption with AES-GCM, secure key generation, HMAC hashing, bcrypt-based password handling, and a preconfigured secure HTTP(S) server with liveness and readiness probes for robust application security.
Index ¶
- Variables
- func Decrypt(ciphertext []byte, key [32]byte) (plaintext []byte, err error)
- func Encrypt(plaintext []byte, key [32]byte) (ciphertext []byte)
- func GenerateID() string
- func GenerateKey() [32]byte
- func GeneratePKCE() (codeVerifier, challenge string)
- func Getenv(key string) (out [32]byte)
- func Hash(tag string, data []byte) (sum []byte)
- func IsPasswordValid(ciphertext, plaintext []byte) bool
- func NewClient() *http.Client
- func NewClientWithTLS(certFile, keyFile, caFile string) *http.Client
- func NewIdentityProvider() *identityProvider
- func NewServer(mux *http.ServeMux) *http.Server
- func ParseDuration(key string, def time.Duration) time.Duration
- func ParseInt(key string, def int) int
- func Password(plaintext []byte) ([]byte, error)
- func TLSClientConfig(certFile, keyFile, caFile string) *tls.Config
- func WithAuth(sessions *ServerSessions, next http.HandlerFunc) http.HandlerFunc
- type ContextKey
- type IdentityTokenClaims
- type ServerSession
- type ServerSessions
Constants ¶
This section is empty.
Variables ¶
var IdentityProvider = NewIdentityProvider()
IdentityProvider is a singleton instance of the identity provider.
Functions ¶
func Decrypt ¶
Decrypt takes an encrypted byte slice (ciphertext) and a 256-bit AES key, and decrypts the ciphertext using AES-GCM.
func Encrypt ¶
Encrypt takes an input byte slice (plaintext) and encrypts it using AES-GCM. It returns the encrypted data (ciphertext) and the key used for encryption.
func GenerateID ¶ added in v0.1.71
func GenerateID() string
GenerateID generates a unique ID using a secure random key.
func GenerateKey ¶
func GenerateKey() [32]byte
GenerateKey generates a 256-bit (32-byte) random key for AES encryption. It uses a cryptographically secure random number generator.
func GeneratePKCE ¶ added in v0.1.87
func GeneratePKCE() (codeVerifier, challenge string)
GeneratePKCE generates a OAuth 2.0 PKCE challenge by using a random string.
func Getenv ¶ added in v0.1.7
Getenv retrieves an environment variable by the given key, interprets its value as a hexadecimal string, and decodes it into a 32-byte array. If the environment variable is not set, the value is not a valid hex string, or the decoded byte length is not 32, the function returns an empty array.
func IsPasswordValid ¶
IsPasswordValid checks if a given plaintext password matches a hashed password.
func NewClient ¶ added in v0.1.25
NewClient creates and returns a new *http.Client with a default timeout of 5 seconds. The timeout can be adjusted by setting the CLIENT_TIMEOUT environment variable.
func NewClientWithTLS ¶ added in v0.1.39
NewClientWithTLS creates and returns a new *http.Client with mutual TLS authentication.
func NewIdentityProvider ¶ added in v0.1.89
func NewIdentityProvider() *identityProvider
NewIdentityProvider creates a new identity provider.
func NewServer ¶
NewServer creates and returns a configured HTTP server. It uses the PORT environment variable or defaults to port 8080. The server has a default timeout of 5 seconds for read, write, and idle connections. The timeout can be adjusted by setting the SERVER_*_TIMEOUT environment variables.
func ParseDuration ¶ added in v0.1.40
ParseDuration parses the value of the environment variable with the given key as a duration. If the value is not set or cannot be parsed, the default duration is returned.
func ParseInt ¶ added in v0.1.42
ParseInt parses the value of the environment variable with the given key as an integer. If the value is not set or cannot be parsed, the default integer is returned.
func TLSClientConfig ¶ added in v0.2.12
TLSClientConfig creates and returns a *tls.Config configured for mutual TLS authentication. It loads client specific certificates and adds server specific root CA certificates.
func WithAuth ¶ added in v0.1.96
func WithAuth(sessions *ServerSessions, next http.HandlerFunc) http.HandlerFunc
WithAuth adds authentication information to the context.
Types ¶
type ContextKey ¶ added in v0.1.93
type ContextKey string
const ( ContextSessionID ContextKey = "session_id" ContextEmail ContextKey = "email" ContextIssuer ContextKey = "issuer" ContextName ContextKey = "name" ContextSubject ContextKey = "subject" ContextVerified ContextKey = "verified" )
type IdentityTokenClaims ¶ added in v0.1.89
type IdentityTokenClaims struct {
Email string `json:"email"`
Issuer string `json:"iss"`
Name string `json:"name"`
Subject string `json:"sub"`
Verified bool `json:"email_verified"`
}
IdentityTokenClaims represents the claims of an identity token.
type ServerSession ¶ added in v0.1.35
ServerSession is a session for a user.
type ServerSessions ¶ added in v0.1.35
type ServerSessions struct {
// contains filtered or unexported fields
}
ServerSessions is a thread-safe map of session IDs to sessions.
func NewServeMux ¶ added in v0.1.44
func NewServeMux(ctx context.Context, efs embed.FS) (mux *http.ServeMux, serverSessions *ServerSessions)
NewServeMux creates a new mux with the liveness check endpoint (/liveness) and the readiness check endpoint (/readiness). The mux is returned along with a new ServerSessions instance.
func NewServerSessions ¶ added in v0.1.35
func NewServerSessions() *ServerSessions
NewServerSessions creates a new serverSessions.
func (*ServerSessions) Create ¶ added in v0.1.48
func (a *ServerSessions) Create(id string, data any) (s ServerSession)
Create adds a new session to the serverSessions.
func (*ServerSessions) Delete ¶ added in v0.1.48
func (a *ServerSessions) Delete(id string)
Delete removes the session with the given sessionID.
func (*ServerSessions) Read ¶ added in v0.1.48
func (a *ServerSessions) Read(id string) (*ServerSession, bool)
Get returns the session for the given sessionID.
func (*ServerSessions) Update ¶ added in v0.1.35
func (a *ServerSessions) Update(s ServerSession)
Update adds a new session to the serverSessions.
Source Files