schema

package
v4.38.16 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 6, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// TLSVersion13 is the textual representation of TLS 1.3.
	TLSVersion13 = "TLS1.3"

	// TLSVersion12 is the textual representation of TLS 1.2.
	TLSVersion12 = "TLS1.2"

	// TLSVersion11 is the textual representation of TLS 1.1.
	TLSVersion11 = "TLS1.1"

	// TLSVersion10 is the textual representation of TLS 1.0.
	TLSVersion10 = "TLS1.0"

	// SSLVersion30 is the textual representation of SSL 3.0.
	SSLVersion30 = "SSL3.0"

	// Version13 is the textual representation of version 1.3.
	Version13 = "1.3"

	// Version12 is the textual representation of version 1.2.
	Version12 = "1.2"

	// Version11 is the textual representation of version 1.1.
	Version11 = "1.1"

	// Version10 is the textual representation of version 1.0.
	Version10 = "1.0"
)
View Source
const (
	// ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
	ProfileRefreshAlways = "always"

	// ProfileRefreshDisabled represents a Value for refresh_interval that disables the check entirely.
	ProfileRefreshDisabled = "disable"

	// RefreshIntervalDefault represents the default value of refresh_interval.
	RefreshIntervalDefault = time.Minute * 5
)
View Source
const (
	// LDAPImplementationCustom is the string for the custom LDAP implementation.
	LDAPImplementationCustom = "custom"

	// LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation.
	LDAPImplementationActiveDirectory = "activedirectory"

	// LDAPImplementationRFC2307bis is the string for the RFC2307bis LDAP implementation.
	LDAPImplementationRFC2307bis = "rfc2307bis"

	// LDAPImplementationFreeIPA is the string for the FreeIPA LDAP implementation.
	LDAPImplementationFreeIPA = "freeipa"

	// LDAPImplementationLLDAP is the string for the lldap LDAP implementation.
	LDAPImplementationLLDAP = "lldap"

	// LDAPImplementationGLAuth is the string for the GLAuth LDAP implementation.
	LDAPImplementationGLAuth = "glauth"
)
View Source
const (
	// LDAPGroupSearchModeFilter is the string for the filter group search mode.
	LDAPGroupSearchModeFilter = "filter"

	// LDAPGroupSearchModeMemberOf is the string for the memberOf group search mode.
	LDAPGroupSearchModeMemberOf = "memberof"
)
View Source
const (
	TOTPAlgorithmSHA1   = "SHA1"
	TOTPAlgorithmSHA256 = "SHA256"
	TOTPAlgorithmSHA512 = "SHA512"
)

TOTP Algorithm.

View Source
const (
	// TOTPSecretSizeDefault is the default secret size.
	TOTPSecretSizeDefault = 32

	// TOTPSecretSizeMinimum is the minimum secret size.
	TOTPSecretSizeMinimum = 20
)
View Source
const (
	SchemeBasic  = "basic"
	SchemeBearer = "bearer"
)

Authorization Schemes.

View Source
const (
	AuthzEndpointNameLegacy      = "legacy"
	AuthzEndpointNameAuthRequest = "auth-request"
	AuthzEndpointNameExtAuthz    = "ext-authz"
	AuthzEndpointNameForwardAuth = "forward-auth"

	AuthzImplementationLegacy      = "Legacy"
	AuthzImplementationAuthRequest = "AuthRequest"
	AuthzImplementationExtAuthz    = "ExtAuthz"
	AuthzImplementationForwardAuth = "ForwardAuth"

	AuthzStrategyHeaderCookieSession                 = "CookieSession"
	AuthzStrategyHeaderAuthorization                 = "HeaderAuthorization"
	AuthzStrategyHeaderProxyAuthorization            = "HeaderProxyAuthorization"
	AuthzStrategyHeaderAuthRequestProxyAuthorization = "HeaderAuthRequestProxyAuthorization"
	AuthzStrategyHeaderLegacy                        = "HeaderLegacy"
)

Authz values.

View Source
const (
	AddressSchemeTCP         = "tcp"
	AddressSchemeTCP4        = "tcp4"
	AddressSchemeTCP6        = "tcp6"
	AddressSchemeUDP         = "udp"
	AddressSchemeUDP4        = "udp4"
	AddressSchemeUDP6        = "udp6"
	AddressSchemeUnix        = "unix"
	AddressSchemeLDAP        = "ldap"
	AddressSchemeLDAPS       = "ldaps"
	AddressSchemeLDAPI       = "ldapi"
	AddressSchemeSMTP        = "smtp"
	AddressSchemeSUBMISSION  = "submission"
	AddressSchemeSUBMISSIONS = "submissions"
)

Address Schemes.

View Source
const (
	// RememberMeDisabled represents the duration for a disabled remember me session configuration.
	RememberMeDisabled = time.Second * -1
)

Variables

View Source
var DefaultACLNetwork = []AccessControlNetwork{
	{
		Name:     "localhost",
		Networks: []string{"127.0.0.1"},
	},
	{
		Name:     "internal",
		Networks: []string{"10.0.0.0/8"},
	},
}

DefaultACLNetwork represents the default configuration related to access control network group configuration.

View Source
var DefaultACLRule = []AccessControlRule{
	{
		Domains: []string{"public.example.com"},
		Policy:  "bypass",
	},
	{
		Domains: []string{"singlefactor.example.com"},
		Policy:  "one_factor",
	},
	{
		Domains: []string{"secure.example.com"},
		Policy:  policyTwoFactor,
	},
}

DefaultACLRule represents the default configuration related to access control rule configuration.

View Source
var DefaultAuthenticationBackendConfig = AuthenticationBackend{
	RefreshInterval: NewRefreshIntervalDuration(time.Minute * 5),
}
View Source
var DefaultCIPasswordConfig = AuthenticationBackendFilePassword{
	Algorithm: argon2,
	Argon2: AuthenticationBackendFilePasswordArgon2{
		Iterations:  3,
		Memory:      64,
		Parallelism: 4,
		KeyLength:   32,
		SaltLength:  16,
	},
	SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{
		Variant:    sha512,
		Iterations: 50000,
		SaltLength: 16,
	},
}

DefaultCIPasswordConfig represents the default configuration related to Argon2id hashing for CI.

View Source
var DefaultIdentityValidation = IdentityValidation{
	ResetPassword: IdentityValidationResetPassword{
		JWTExpiration: time.Minute * 5,
		JWTAlgorithm:  "HS256",
	},
	ElevatedSession: IdentityValidationElevatedSession{
		CodeLifespan:      time.Minute * 5,
		ElevationLifespan: time.Minute * 10,
		Characters:        8,
	},
}

DefaultIdentityValidation has the default values for the IdentityValidation configuration.

View Source
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = AuthenticationBackendLDAP{
	UsersFilter:     "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt})))",
	GroupsFilter:    "(&(member={dn})(|(sAMAccountType=268435456)(sAMAccountType=536870912)))",
	GroupSearchMode: ldapGroupSearchModeFilter,
	Attributes: AuthenticationBackendLDAPAttributes{
		DistinguishedName: ldapAttrDistinguishedName,
		Username:          ldapAttrSAMAccountName,
		DisplayName:       ldapAttrDisplayName,
		Mail:              ldapAttrMail,
		MemberOf:          ldapAttrMemberOf,
		GroupName:         ldapAttrCommonName,
	},
	Timeout: time.Second * 5,
	TLS: &TLS{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the LDAPImplementationActiveDirectory Implementation.

View Source
var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = AuthenticationBackendLDAP{
	GroupSearchMode: ldapGroupSearchModeFilter,
	Attributes: AuthenticationBackendLDAPAttributes{
		Username:    ldapAttrUserID,
		DisplayName: ldapAttrDisplayName,
		Mail:        ldapAttrMail,
		GroupName:   ldapAttrCommonName,
	},
	Timeout: time.Second * 5,
	TLS: &TLS{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultLDAPAuthenticationBackendConfigurationImplementationCustom represents the default LDAP config.

View Source
var DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA = AuthenticationBackendLDAP{
	UsersFilter:     "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(!(nsAccountLock=TRUE))(krbPasswordExpiration>={date-time:generalized})(|(!(krbPrincipalExpiration=*))(krbPrincipalExpiration>={date-time:generalized})))",
	GroupsFilter:    "(&(member={dn})(objectClass=groupOfNames))",
	GroupSearchMode: ldapGroupSearchModeFilter,
	Attributes: AuthenticationBackendLDAPAttributes{
		Username:    ldapAttrUserID,
		DisplayName: ldapAttrDisplayName,
		Mail:        ldapAttrMail,
		MemberOf:    ldapAttrMemberOf,
		GroupName:   ldapAttrCommonName,
	},
	Timeout: time.Second * 5,
	TLS: &TLS{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA represents the default LDAP config for the LDAPImplementationFreeIPA Implementation.

View Source
var DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth = AuthenticationBackendLDAP{
	UsersFilter:     "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=posixAccount)(!(accountStatus=inactive)))",
	GroupsFilter:    "(&(uniqueMember={dn})(objectClass=posixGroup))",
	GroupSearchMode: ldapGroupSearchModeFilter,
	Attributes: AuthenticationBackendLDAPAttributes{
		Username:    ldapAttrCommonName,
		DisplayName: ldapAttrDescription,
		Mail:        ldapAttrMail,
		MemberOf:    ldapAttrMemberOf,
		GroupName:   ldapAttrCommonName,
	},
	Timeout: time.Second * 5,
	TLS: &TLS{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth represents the default LDAP config for the LDAPImplementationGLAuth Implementation.

View Source
var DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP = AuthenticationBackendLDAP{
	AdditionalUsersDN:  "OU=people",
	AdditionalGroupsDN: "OU=groups",
	UsersFilter:        "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))",
	GroupsFilter:       "(&(member={dn})(objectClass=groupOfUniqueNames))",
	GroupSearchMode:    ldapGroupSearchModeFilter,
	Attributes: AuthenticationBackendLDAPAttributes{
		Username:    ldapAttrUserID,
		DisplayName: ldapAttrCommonName,
		Mail:        ldapAttrMail,
		MemberOf:    ldapAttrMemberOf,
		GroupName:   ldapAttrCommonName,
	},
	Timeout: time.Second * 5,
	TLS: &TLS{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP represents the default LDAP config for the LDAPImplementationLLDAP Implementation.

View Source
var DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis = AuthenticationBackendLDAP{
	UsersFilter:     "(&(|({username_attribute}={input})({mail_attribute}={input}))(|(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))",
	GroupsFilter:    "(&(|(member={dn})(uniqueMember={dn}))(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=groupOfMembers))(!(pwdReset=TRUE)))",
	GroupSearchMode: ldapGroupSearchModeFilter,
	Attributes: AuthenticationBackendLDAPAttributes{
		Username:    ldapAttrUserID,
		DisplayName: ldapAttrDisplayName,
		Mail:        ldapAttrMail,
		MemberOf:    ldapAttrMemberOf,
		GroupName:   ldapAttrCommonName,
	},
	Timeout: time.Second * 5,
	TLS: &TLS{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis represents the default LDAP config for the LDAPImplementationRFC2307bis Implementation.

View Source
var DefaultLoggingConfiguration = Log{
	Level:  "info",
	Format: "text",
}

DefaultLoggingConfiguration is the default logging configuration.

View Source
var DefaultMySQLStorageConfiguration = StorageMySQL{
	StorageSQL: StorageSQL{
		Address: &AddressTCP{Address{true, false, -1, 3306, &url.URL{Scheme: AddressSchemeTCP, Host: "localhost:3306"}}},
	},
	TLS: &TLS{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultMySQLStorageConfiguration represents the default MySQL configuration.

View Source
var DefaultNTPConfiguration = NTP{
	Address:       &AddressUDP{Address{valid: true, socket: false, port: 123, url: &url.URL{Scheme: AddressSchemeUDP, Host: "time.cloudflare.com:123"}}},
	Version:       4,
	MaximumDesync: time.Second * 3,
}

DefaultNTPConfiguration represents default configuration parameters for the NTP server.

View Source
var DefaultOpenIDConnectClientConfiguration = IdentityProvidersOpenIDConnectClient{
	AuthorizationPolicy:            policyTwoFactor,
	Scopes:                         []string{"openid", "groups", "profile", "email"},
	ResponseTypes:                  []string{"code"},
	ResponseModes:                  []string{"form_post"},
	AuthorizationSignedResponseAlg: "none",
	IDTokenSignedResponseAlg:       "RS256",
	AccessTokenSignedResponseAlg:   "none",
	UserinfoSignedResponseAlg:      "none",
	IntrospectionSignedResponseAlg: "none",
	RequestedAudienceMode:          "explicit",
	ConsentMode:                    "auto",
	ConsentPreConfiguredDuration:   &defaultOIDCClientConsentPreConfiguredDuration,
}

DefaultOpenIDConnectClientConfiguration contains defaults for OIDC Clients.

View Source
var DefaultOpenIDConnectConfiguration = IdentityProvidersOpenIDConnect{
	Lifespans: IdentityProvidersOpenIDConnectLifespans{
		IdentityProvidersOpenIDConnectLifespanToken: IdentityProvidersOpenIDConnectLifespanToken{
			AccessToken:   time.Hour,
			AuthorizeCode: time.Minute,
			IDToken:       time.Hour,
			RefreshToken:  time.Minute * 90,
		},
	},
	EnforcePKCE: "public_clients_only",
}

DefaultOpenIDConnectConfiguration contains defaults for OIDC.

View Source
var DefaultOpenIDConnectPolicyConfiguration = IdentityProvidersOpenIDConnectPolicy{
	DefaultPolicy: policyTwoFactor,
}
View Source
var DefaultPasswordConfig = AuthenticationBackendFilePassword{
	Algorithm: argon2,
	Argon2: AuthenticationBackendFilePasswordArgon2{
		Variant:     argon2id,
		Iterations:  3,
		Memory:      64 * 1024,
		Parallelism: 4,
		KeyLength:   32,
		SaltLength:  16,
	},
	SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{
		Variant:    sha512,
		Iterations: 50000,
		SaltLength: 16,
	},
	PBKDF2: AuthenticationBackendFilePasswordPBKDF2{
		Variant:    sha512,
		Iterations: 310000,
		SaltLength: 16,
	},
	BCrypt: AuthenticationBackendFilePasswordBCrypt{
		Variant: "standard",
		Cost:    12,
	},
	SCrypt: AuthenticationBackendFilePasswordSCrypt{
		Iterations:  16,
		BlockSize:   8,
		Parallelism: 1,
		KeyLength:   32,
		SaltLength:  16,
	},
}

DefaultPasswordConfig represents the default configuration related to Argon2id hashing.

View Source
var DefaultPasswordPolicyConfiguration = PasswordPolicy{
	Standard: PasswordPolicyStandard{
		MinLength: 8,
		MaxLength: 0,
	},
	ZXCVBN: PasswordPolicyZXCVBN{
		MinScore: 3,
	},
}

DefaultPasswordPolicyConfiguration is the default password policy configuration.

View Source
var DefaultPostgreSQLStorageConfiguration = StoragePostgreSQL{
	StorageSQL: StorageSQL{
		Address: &AddressTCP{Address{true, false, -1, 5432, &url.URL{Scheme: AddressSchemeTCP, Host: "localhost:5432"}}},
	},
	Schema: "public",
	TLS: &TLS{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
	SSL: &StoragePostgreSQLSSL{
		Mode: "disable",
	},
}

DefaultPostgreSQLStorageConfiguration represents the default PostgreSQL configuration.

View Source
var DefaultRedisConfiguration = SessionRedis{
	Port:                     6379,
	MaximumActiveConnections: 8,
	TLS: &TLS{
		MinimumVersion: TLSVersion{Value: tls.VersionTLS12},
	},
}

DefaultRedisConfiguration is the default redis configuration.

View Source
var DefaultRedisHighAvailabilityConfiguration = SessionRedis{
	Port:                     26379,
	MaximumActiveConnections: 8,
	TLS: &TLS{
		MinimumVersion: TLSVersion{Value: tls.VersionTLS12},
	},
}

DefaultRedisHighAvailabilityConfiguration is the default redis configuration.

View Source
var DefaultRegulationConfiguration = Regulation{
	MaxRetries: 3,
	FindTime:   time.Minute * 2,
	BanTime:    time.Minute * 5,
}

DefaultRegulationConfiguration represents default configuration parameters for the regulator.

View Source
var DefaultSMTPNotifierConfiguration = NotifierSMTP{
	Address:             &AddressSMTP{Address{true, false, -1, 25, &url.URL{Scheme: AddressSchemeSMTP, Host: "localhost:25"}}},
	Timeout:             time.Second * 5,
	Subject:             "[Authelia] {title}",
	Identifier:          "localhost",
	StartupCheckAddress: mail.Address{Name: "Authelia Test", Address: "test@authelia.com"},
	TLS: &TLS{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultSMTPNotifierConfiguration represents default configuration parameters for the SMTP notifier.

View Source
var DefaultSQLStorageConfiguration = StorageSQL{
	Timeout: 5 * time.Second,
}

DefaultSQLStorageConfiguration represents the default SQL configuration.

View Source
var DefaultServerConfiguration = Server{
	Address: &AddressTCP{Address{true, false, -1, 9091, &url.URL{Scheme: AddressSchemeTCP, Host: ":9091", Path: "/"}}},
	Buffers: ServerBuffers{
		Read:  4096,
		Write: 4096,
	},
	Timeouts: ServerTimeouts{
		Read:  time.Second * 6,
		Write: time.Second * 6,
		Idle:  time.Second * 30,
	},
	Endpoints: ServerEndpoints{
		Authz: map[string]ServerEndpointsAuthz{
			AuthzEndpointNameLegacy: {
				Implementation: AuthzImplementationLegacy,
				AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{
					{
						Name: AuthzStrategyHeaderLegacy,
					},
					{
						Name: AuthzStrategyHeaderCookieSession,
					},
				},
			},
			AuthzEndpointNameAuthRequest: {
				Implementation: AuthzImplementationAuthRequest,
				AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{
					{
						Name:    AuthzStrategyHeaderAuthorization,
						Schemes: []string{SchemeBasic},
					},
					{
						Name: AuthzStrategyHeaderCookieSession,
					},
				},
			},
			AuthzEndpointNameExtAuthz: {
				Implementation: AuthzImplementationExtAuthz,
				AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{
					{
						Name:    AuthzStrategyHeaderAuthorization,
						Schemes: []string{SchemeBasic},
					},
					{
						Name: AuthzStrategyHeaderCookieSession,
					},
				},
			},
			AuthzEndpointNameForwardAuth: {
				Implementation: AuthzImplementationForwardAuth,
				AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{
					{
						Name:    AuthzStrategyHeaderAuthorization,
						Schemes: []string{SchemeBasic},
					},
					{
						Name: AuthzStrategyHeaderCookieSession,
					},
				},
			},
		},
	},
}

DefaultServerConfiguration represents the default values of the Server.

View Source
var DefaultSessionConfiguration = Session{
	SessionCookieCommon: SessionCookieCommon{
		Name:       "authelia_session",
		Expiration: time.Hour,
		Inactivity: time.Minute * 5,
		RememberMe: time.Hour * 24 * 30,
		SameSite:   "lax",
	},
}

DefaultSessionConfiguration is the default session configuration.

View Source
var DefaultTOTPConfiguration = TOTP{
	Issuer:            "Authelia",
	DefaultAlgorithm:  TOTPAlgorithmSHA1,
	DefaultDigits:     6,
	DefaultPeriod:     30,
	Skew:              &defaultTOTPSkew,
	SecretSize:        TOTPSecretSizeDefault,
	AllowedAlgorithms: []string{TOTPAlgorithmSHA1},
	AllowedDigits:     []int{6},
	AllowedPeriods:    []int{30},
}

DefaultTOTPConfiguration represents default configuration parameters for TOTP generation.

View Source
var DefaultTelemetryConfig = Telemetry{
	Metrics: TelemetryMetrics{
		Address: &AddressTCP{Address{true, false, -1, 9959, &url.URL{Scheme: AddressSchemeTCP, Host: ":9959", Path: "/metrics"}}},
		Buffers: ServerBuffers{
			Read:  4096,
			Write: 4096,
		},
		Timeouts: ServerTimeouts{
			Read:  time.Second * 6,
			Write: time.Second * 6,
			Idle:  time.Second * 30,
		},
	},
}

DefaultTelemetryConfig is the default telemetry configuration.

View Source
var DefaultWebAuthnConfiguration = WebAuthn{
	DisplayName: "Authelia",
	Timeout:     time.Second * 60,

	ConveyancePreference: protocol.PreferIndirectAttestation,
	UserVerification:     protocol.VerificationPreferred,
}

DefaultWebAuthnConfiguration describes the default values for the WebAuthn.

View Source
var ErrTLSVersionNotSupported = errors.New("supplied tls version isn't supported")

ErrTLSVersionNotSupported returned when an unknown TLS version supplied.

View Source
var Keys = []string{}/* 348 elements not displayed */

Keys is a list of valid schema keys detected by reflecting over a schema.Configuration struct.

View Source
var (
	// TOTPPossibleAlgorithms is a list of valid TOTP Algorithms.
	TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512}
)

Functions

func DecodeAlgorithmDigest added in v4.38.0

func DecodeAlgorithmDigest(encodedDigest string) (digest algorithm.Digest, err error)

DecodeAlgorithmDigest returns a new algorithm.Digest if it can be decoded.

Types

type AccessControl added in v4.38.0

type AccessControl struct {
	// The default policy if no other policy matches the request.
	DefaultPolicy string `` /* 262-byte string literal not displayed */

	// Represents a list of named network groups.
	Networks []AccessControlNetwork `` /* 155-byte string literal not displayed */

	// The ACL rules list.
	Rules []AccessControlRule `` /* 130-byte string literal not displayed */
}

AccessControl represents the configuration related to ACLs.

type AccessControlNetwork added in v4.38.0

type AccessControlNetwork struct {
	Name     string                       `` /* 172-byte string literal not displayed */
	Networks AccessControlNetworkNetworks `` /* 172-byte string literal not displayed */
}

AccessControlNetwork represents one ACL network group entry.

type AccessControlNetworkNetworks added in v4.38.0

type AccessControlNetworkNetworks []string

AccessControlNetworkNetworks represents the ACL AccessControlNetworkNetworks type.

func (AccessControlNetworkNetworks) JSONSchema added in v4.38.0

type AccessControlRule added in v4.38.0

type AccessControlRule struct {
	Domains      AccessControlRuleDomains   `` /* 197-byte string literal not displayed */
	DomainsRegex AccessControlRuleRegex     `` /* 208-byte string literal not displayed */
	Policy       string                     `` /* 201-byte string literal not displayed */
	Subjects     AccessControlRuleSubjects  `` /* 147-byte string literal not displayed */
	Networks     AccessControlRuleNetworks  `` /* 179-byte string literal not displayed */
	Resources    AccessControlRuleRegex     `` /* 171-byte string literal not displayed */
	Methods      AccessControlRuleMethods   `` /* 298-byte string literal not displayed */
	Query        [][]AccessControlRuleQuery `` /* 138-byte string literal not displayed */
}

AccessControlRule represents one ACL rule entry.

type AccessControlRuleDomains added in v4.38.0

type AccessControlRuleDomains []string

func (AccessControlRuleDomains) JSONSchema added in v4.38.0

type AccessControlRuleMethods added in v4.38.0

type AccessControlRuleMethods []string

func (AccessControlRuleMethods) JSONSchema added in v4.38.0

type AccessControlRuleNetworks added in v4.38.0

type AccessControlRuleNetworks []string

func (AccessControlRuleNetworks) JSONSchema added in v4.38.0

type AccessControlRuleQuery added in v4.38.0

type AccessControlRuleQuery struct {
	Operator string `` /* 222-byte string literal not displayed */
	Key      string `koanf:"key" json:"key" jsonschema:"required,title=Key" jsonschema_description:"The Query Parameter key this rule applies to."`
	Value    any    `koanf:"value" json:"value" jsonschema:"title=Value" jsonschema_description:"The Query Parameter value for this rule."`
}

AccessControlRuleQuery represents the ACL query criteria.

type AccessControlRuleRegex added in v4.38.0

type AccessControlRuleRegex []regexp.Regexp

AccessControlRuleRegex represents the ACL AccessControlRuleSubjects type.

func (AccessControlRuleRegex) JSONSchema added in v4.38.0

type AccessControlRuleSubjects added in v4.38.0

type AccessControlRuleSubjects [][]string

AccessControlRuleSubjects represents the ACL AccessControlRuleSubjects type.

func (AccessControlRuleSubjects) JSONSchema added in v4.38.0

type Address added in v4.36.0

type Address struct {
	// contains filtered or unexported fields
}

Address represents an address.

func NewAddress added in v4.36.0

func NewAddress(value string) (address *Address, err error)

NewAddress returns an *Address and error depending on the ability to parse the string as an Address. It also assumes any value without a scheme which looks like a path is the 'unix' scheme, and everything else without a scheme is the 'tcp' scheme.

func NewAddressDefault added in v4.38.0

func NewAddressDefault(value, schemeDefault, schemeDefaultPath string) (address *Address, err error)

NewAddressDefault returns an *Address and error depending on the ability to parse the string as an Address. It also assumes any value without a scheme which looks like a path is the schemeDefaultPath scheme, and everything else without a scheme is the schemeDefault scheme.

func NewAddressFromNetworkPathValues added in v4.38.0

func NewAddressFromNetworkPathValues(network, host string, port uint16, path string) Address

NewAddressFromNetworkPathValues returns an *Address from network values and a path.

func NewAddressFromNetworkValues added in v4.38.0

func NewAddressFromNetworkValues(network, host string, port uint16) Address

NewAddressFromNetworkValues returns an *Address from network values.

func NewAddressFromNetworkValuesDefault added in v4.38.0

func NewAddressFromNetworkValuesDefault(value string, port uint16, schemeDefault, schemeDefaultPath string) (address *Address, err error)

NewAddressFromNetworkValuesDefault returns an *Address and error depending on the ability to parse the string as an Address. It also assumes any value without a scheme which looks like a path is the schemeDefaultPath scheme, and everything else without a scheme is the schemeDefault scheme.

func NewAddressFromURL added in v4.36.2

func NewAddressFromURL(u *url.URL) (addr *Address, err error)

NewAddressFromURL returns an *Address and error depending on the ability to parse the *url.URL as an Address.

func NewAddressUnix added in v4.38.0

func NewAddressUnix(path string) Address

NewAddressUnix returns an *Address from a path value.

func (*Address) Dial added in v4.38.0

func (a *Address) Dial() (net.Conn, error)

Dial creates and returns a dialed net.Conn.

func (*Address) Host added in v4.38.0

func (a *Address) Host() string

Host returns the *url.URL Host field.

func (*Address) Hostname added in v4.38.0

func (a *Address) Hostname() string

Hostname returns the output of the *url.URL Hostname func.

func (*Address) IsExplicitlySecure added in v4.38.0

func (a *Address) IsExplicitlySecure() bool

IsExplicitlySecure returns true if the address is an explicitly secure.

func (*Address) IsTCP added in v4.38.0

func (a *Address) IsTCP() bool

IsTCP returns true if the address is one of the TCP schemes (not including application schemes that use TCP).

func (*Address) IsUDP added in v4.38.0

func (a *Address) IsUDP() bool

IsUDP returns true if the address is one of the UDP schemes (not including application schemes that use UDP).

func (*Address) IsUnixDomainSocket added in v4.38.0

func (a *Address) IsUnixDomainSocket() bool

IsUnixDomainSocket returns true if the address has been determined to be a Unix Domain Socket.

func (Address) JSONSchema added in v4.38.0

func (Address) JSONSchema() *jsonschema.Schema

JSONSchema returns the appropriate *jsonschema.Schema for this type.

func (*Address) Listener added in v4.36.0

func (a *Address) Listener() (ln net.Listener, err error)

Listener creates and returns a net.Listener.

func (*Address) Network added in v4.38.0

func (a *Address) Network() string

Network returns the Scheme() if it's appropriate for the net packages network arguments otherwise it returns tcp.

func (*Address) NetworkAddress added in v4.38.0

func (a *Address) NetworkAddress() string

NetworkAddress returns a string representation of the Address with just the host and port.

func (*Address) Path added in v4.38.0

func (a *Address) Path() string

Path returns the path.

func (*Address) Port added in v4.36.0

func (a *Address) Port() uint16

Port returns the port.

func (*Address) RouterPath added in v4.38.0

func (a *Address) RouterPath() string

RouterPath returns the path the server router uses for serving up requests. Should be the same as Path unless the path query parameter has been set.

func (*Address) Scheme added in v4.36.0

func (a *Address) Scheme() string

Scheme returns the *url.URL Scheme field.

func (*Address) SetHostname added in v4.38.0

func (a *Address) SetHostname(hostname string)

SetHostname sets the hostname preserving the port.

func (*Address) SetPath added in v4.38.0

func (a *Address) SetPath(path string)

SetPath sets the path.

func (*Address) SetPort added in v4.38.0

func (a *Address) SetPort(port uint16)

SetPort sets the port preserving the hostname.

func (*Address) SocketHostname added in v4.38.0

func (a *Address) SocketHostname() string

SocketHostname returns the correct hostname for a socket connection.

func (*Address) String added in v4.36.0

func (a *Address) String() string

String returns a string representation of the Address.

func (*Address) Umask added in v4.38.0

func (a *Address) Umask() string

Umask returns the formatted umask or an empty string.

func (*Address) Valid added in v4.36.0

func (a *Address) Valid() bool

Valid returns true if the Address is valid.

func (*Address) ValidateHTTP added in v4.38.0

func (a *Address) ValidateHTTP() error

ValidateHTTP returns true if the Address is valid for a HTTP connection listener.

func (*Address) ValidateLDAP added in v4.38.0

func (a *Address) ValidateLDAP() error

ValidateLDAP returns true if the Address has a value Scheme for an LDAP connection opener.

func (*Address) ValidateListener added in v4.38.0

func (a *Address) ValidateListener() error

ValidateListener returns true if the Address is valid for a connection listener.

func (*Address) ValidateSMTP added in v4.38.0

func (a *Address) ValidateSMTP() error

ValidateSMTP returns true if the Address is valid for a remote SMTP connection opener.

func (*Address) ValidateSQL added in v4.38.0

func (a *Address) ValidateSQL() error

ValidateSQL returns true if the Address is valid for a remote SQL connection opener.

type AddressLDAP added in v4.38.0

type AddressLDAP struct {
	Address
}

AddressLDAP is just a type with an underlying type of Address.

func (AddressLDAP) JSONSchema added in v4.38.0

func (AddressLDAP) JSONSchema() *jsonschema.Schema

JSONSchema returns the appropriate *jsonschema.Schema for this type.

type AddressSMTP added in v4.38.0

type AddressSMTP struct {
	Address
}

AddressSMTP is just a type with an underlying type of Address.

func NewSMTPAddress added in v4.38.0

func NewSMTPAddress(scheme, host string, port uint16) *AddressSMTP

NewSMTPAddress returns an *AddressSMTP from SMTP values.

func (AddressSMTP) JSONSchema added in v4.38.0

func (AddressSMTP) JSONSchema() *jsonschema.Schema

JSONSchema returns the appropriate *jsonschema.Schema for this type.

type AddressTCP added in v4.38.0

type AddressTCP struct {
	Address
}

AddressTCP is just a type with an underlying type of Address.

func (AddressTCP) JSONSchema added in v4.38.0

func (AddressTCP) JSONSchema() *jsonschema.Schema

JSONSchema returns the appropriate *jsonschema.Schema for this type.

type AddressUDP added in v4.38.0

type AddressUDP struct {
	Address
}

AddressUDP is just a type with an underlying type of Address.

func (AddressUDP) JSONSchema added in v4.38.0

func (AddressUDP) JSONSchema() *jsonschema.Schema

JSONSchema returns the appropriate *jsonschema.Schema for this type.

type AuthenticationBackend added in v4.37.0

type AuthenticationBackend struct {
	PasswordReset AuthenticationBackendPasswordReset `` /* 157-byte string literal not displayed */

	RefreshInterval RefreshIntervalDuration `` /* 191-byte string literal not displayed */

	// The file authentication backend configuration.
	File *AuthenticationBackendFile `` /* 128-byte string literal not displayed */
	LDAP *AuthenticationBackendLDAP `` /* 128-byte string literal not displayed */
}

AuthenticationBackend represents the configuration related to the authentication backend.

type AuthenticationBackendFile added in v4.38.0

type AuthenticationBackendFile struct {
	Path  string `koanf:"path" json:"path" jsonschema:"title=Path" jsonschema_description:"The file path to the user database."`
	Watch bool   `` /* 177-byte string literal not displayed */

	Password AuthenticationBackendFilePassword `` /* 204-byte string literal not displayed */

	Search AuthenticationBackendFileSearch `koanf:"search" json:"search" jsonschema:"title=Search" jsonschema_description:"Configures the user searching behaviour."`
}

AuthenticationBackendFile represents the configuration related to file-based backend.

type AuthenticationBackendFilePassword added in v4.38.0

type AuthenticationBackendFilePassword struct {
	Algorithm string `` /* 205-byte string literal not displayed */

	Argon2    AuthenticationBackendFilePasswordArgon2    `` /* 129-byte string literal not displayed */
	SHA2Crypt AuthenticationBackendFilePasswordSHA2Crypt `` /* 141-byte string literal not displayed */
	PBKDF2    AuthenticationBackendFilePasswordPBKDF2    `` /* 129-byte string literal not displayed */
	BCrypt    AuthenticationBackendFilePasswordBCrypt    `` /* 129-byte string literal not displayed */
	SCrypt    AuthenticationBackendFilePasswordSCrypt    `` /* 129-byte string literal not displayed */

	// Deprecated: Use individual password options instead.
	Iterations int `koanf:"iterations" json:"iterations" jsonschema:"deprecated,title=Iterations"`

	// Deprecated: Use individual password options instead.
	Memory int `koanf:"memory" json:"memory" jsonschema:"deprecated,title=Memory"`

	// Deprecated: Use individual password options instead.
	Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"deprecated,title=Parallelism"`

	// Deprecated: Use individual password options instead.
	KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"deprecated,title=Key Length"`

	// Deprecated: Use individual password options instead.
	SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"deprecated,title=Salt Length"`
}

AuthenticationBackendFilePassword represents the configuration related to password hashing.

type AuthenticationBackendFilePasswordArgon2 added in v4.38.0

type AuthenticationBackendFilePasswordArgon2 struct {
	Variant     string `` /* 170-byte string literal not displayed */
	Iterations  int    `` /* 159-byte string literal not displayed */
	Memory      int    `` /* 189-byte string literal not displayed */
	Parallelism int    `` /* 190-byte string literal not displayed */
	KeyLength   int    `` /* 161-byte string literal not displayed */
	SaltLength  int    `` /* 158-byte string literal not displayed */
}

AuthenticationBackendFilePasswordArgon2 represents the argon2 hashing settings.

type AuthenticationBackendFilePasswordBCrypt added in v4.38.0

type AuthenticationBackendFilePasswordBCrypt struct {
	Variant string `` /* 156-byte string literal not displayed */
	Cost    int    `` /* 134-byte string literal not displayed */
}

AuthenticationBackendFilePasswordBCrypt represents the bcrypt hashing settings.

type AuthenticationBackendFilePasswordPBKDF2 added in v4.38.0

type AuthenticationBackendFilePasswordPBKDF2 struct {
	Variant    string `` /* 186-byte string literal not displayed */
	Iterations int    `` /* 174-byte string literal not displayed */
	SaltLength int    `` /* 169-byte string literal not displayed */
}

AuthenticationBackendFilePasswordPBKDF2 represents the PBKDF2 hashing settings.

type AuthenticationBackendFilePasswordSCrypt added in v4.38.0

type AuthenticationBackendFilePasswordSCrypt struct {
	Iterations  int `` /* 157-byte string literal not displayed */
	BlockSize   int `` /* 171-byte string literal not displayed */
	Parallelism int `` /* 174-byte string literal not displayed */
	KeyLength   int `` /* 167-byte string literal not displayed */
	SaltLength  int `` /* 163-byte string literal not displayed */
}

AuthenticationBackendFilePasswordSCrypt represents the scrypt hashing settings.

type AuthenticationBackendFilePasswordSHA2Crypt added in v4.38.0

type AuthenticationBackendFilePasswordSHA2Crypt struct {
	Variant    string `` /* 155-byte string literal not displayed */
	Iterations int    `` /* 192-byte string literal not displayed */
	SaltLength int    `` /* 164-byte string literal not displayed */
}

AuthenticationBackendFilePasswordSHA2Crypt represents the sha2crypt hashing settings.

type AuthenticationBackendFileSearch added in v4.38.0

type AuthenticationBackendFileSearch struct {
	Email           bool `` /* 183-byte string literal not displayed */
	CaseInsensitive bool `` /* 184-byte string literal not displayed */
}

AuthenticationBackendFileSearch represents the configuration related to file-based backend searching.

type AuthenticationBackendLDAP added in v4.38.0

type AuthenticationBackendLDAP struct {
	Address        *AddressLDAP  `koanf:"address" json:"address" jsonschema:"title=Address" jsonschema_description:"The address of the LDAP directory server."`
	Implementation string        `` /* 263-byte string literal not displayed */
	Timeout        time.Duration `` /* 146-byte string literal not displayed */
	StartTLS       bool          `` /* 130-byte string literal not displayed */
	TLS            *TLS          `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The LDAP directory server TLS connection properties."`

	BaseDN string `` /* 128-byte string literal not displayed */

	AdditionalUsersDN string `` /* 202-byte string literal not displayed */
	UsersFilter       string `` /* 146-byte string literal not displayed */

	AdditionalGroupsDN string `` /* 206-byte string literal not displayed */
	GroupsFilter       string `` /* 150-byte string literal not displayed */
	GroupSearchMode    string `` /* 215-byte string literal not displayed */

	Attributes AuthenticationBackendLDAPAttributes `koanf:"attributes" json:"attributes"`

	PermitReferrals               bool `` /* 155-byte string literal not displayed */
	PermitUnauthenticatedBind     bool `` /* 225-byte string literal not displayed */
	PermitFeatureDetectionFailure bool `` /* 256-byte string literal not displayed */

	User     string `koanf:"user" json:"user" jsonschema:"title=User" jsonschema_description:"The user distinguished name for LDAP binding."`
	Password string `` /* 130-byte string literal not displayed */
}

AuthenticationBackendLDAP represents the configuration related to LDAP server.

type AuthenticationBackendLDAPAttributes added in v4.38.0

type AuthenticationBackendLDAPAttributes struct {
	DistinguishedName string `` /* 212-byte string literal not displayed */
	Username          string `` /* 175-byte string literal not displayed */
	DisplayName       string `` /* 191-byte string literal not displayed */
	Mail              string `` /* 178-byte string literal not displayed */
	MemberOf          string `` /* 171-byte string literal not displayed */
	GroupName         string `` /* 179-byte string literal not displayed */
}

AuthenticationBackendLDAPAttributes represents the configuration related to LDAP server attributes.

type AuthenticationBackendPasswordReset added in v4.38.0

type AuthenticationBackendPasswordReset struct {
	Disable   bool    `` /* 132-byte string literal not displayed */
	CustomURL url.URL `` /* 186-byte string literal not displayed */
}

AuthenticationBackendPasswordReset represents the configuration related to password reset functionality.

type CSPTemplate added in v4.38.0

type CSPTemplate string

type Configuration

type Configuration struct {
	Theme                 string `` /* 182-byte string literal not displayed */
	CertificatesDirectory string `` /* 218-byte string literal not displayed */
	Default2FAMethod      string `` /* 239-byte string literal not displayed */

	Log                   Log                   `koanf:"log" json:"log" jsonschema:"title=Log" jsonschema_description:"Logging Configuration."`
	IdentityProviders     IdentityProviders     `` /* 149-byte string literal not displayed */
	AuthenticationBackend AuthenticationBackend `` /* 165-byte string literal not displayed */
	Session               Session               `koanf:"session" json:"session" jsonschema:"title=Session" jsonschema_description:"Session Configuration."`
	TOTP                  TOTP                  `koanf:"totp" json:"totp" jsonschema:"title=TOTP" jsonschema_description:"Time-based One-Time Password Configuration."`
	DuoAPI                DuoAPI                `koanf:"duo_api" json:"duo_api" jsonschema:"title=Duo API" jsonschema_description:"Duo API Configuration."`
	AccessControl         AccessControl         `` /* 133-byte string literal not displayed */
	NTP                   NTP                   `koanf:"ntp" json:"ntp" jsonschema:"title=NTP" jsonschema_description:"Network Time Protocol Configuration."`
	Regulation            Regulation            `koanf:"regulation" json:"regulation" jsonschema:"title=Regulation" jsonschema_description:"Regulation Configuration."`
	Storage               Storage               `koanf:"storage" json:"storage" jsonschema:"title=Storage" jsonschema_description:"Storage Configuration."`
	Notifier              Notifier              `koanf:"notifier" json:"notifier" jsonschema:"title=Notifier" jsonschema_description:"Notifier Configuration."`
	Server                Server                `koanf:"server" json:"server" jsonschema:"title=Server" jsonschema_description:"Server Configuration."`
	Telemetry             Telemetry             `koanf:"telemetry" json:"telemetry" jsonschema:"title=Telemetry" jsonschema_description:"Telemetry Configuration."`
	WebAuthn              WebAuthn              `koanf:"webauthn" json:"webauthn" jsonschema:"title=WebAuthn" jsonschema_description:"WebAuthn Configuration."`
	PasswordPolicy        PasswordPolicy        `` /* 137-byte string literal not displayed */
	PrivacyPolicy         PrivacyPolicy         `` /* 133-byte string literal not displayed */
	IdentityValidation    IdentityValidation    `` /* 153-byte string literal not displayed */

	// Deprecated: Use the session cookies option with the same name instead.
	DefaultRedirectionURL *url.URL `` /* 131-byte string literal not displayed */
}

Configuration object extracted from YAML configuration file.

type CryptographicKey added in v4.38.0

type CryptographicKey any

CryptographicKey represents an artificial cryptographic public or private key.

type CryptographicPrivateKey added in v4.37.0

type CryptographicPrivateKey interface {
	Public() crypto.PublicKey
	Equal(x crypto.PrivateKey) bool
}

CryptographicPrivateKey represents the actual crypto.PrivateKey interface.

type DuoAPI added in v4.38.0

type DuoAPI struct {
	Disable              bool   `` /* 129-byte string literal not displayed */
	Hostname             string `` /* 150-byte string literal not displayed */
	IntegrationKey       string `` /* 162-byte string literal not displayed */
	SecretKey            string `` /* 142-byte string literal not displayed */
	EnableSelfEnrollment bool   `` /* 174-byte string literal not displayed */
}

DuoAPI represents the configuration related to Duo API.

type ErrorContainer

type ErrorContainer interface {
	Push(err error)
	PushWarning(err error)
	HasErrors() bool
	HasWarnings() bool
	Errors() []error
	Warnings() []error
}

ErrorContainer represents a container where we can add errors and retrieve them.

type IdentityProviders added in v4.38.0

type IdentityProviders struct {
	OIDC *IdentityProvidersOpenIDConnect `koanf:"oidc" json:"oidc"`
}

IdentityProviders represents the Identity Providers configuration for Authelia.

type IdentityProvidersOpenIDConnect added in v4.38.0

type IdentityProvidersOpenIDConnect struct {
	HMACSecret  string `` /* 138-byte string literal not displayed */
	JSONWebKeys []JWK  `` /* 160-byte string literal not displayed */

	EnableClientDebugMessages bool `` /* 206-byte string literal not displayed */
	MinimumParameterEntropy   int  `` /* 201-byte string literal not displayed */

	EnforcePKCE              string `` /* 252-byte string literal not displayed */
	EnablePKCEPlainChallenge bool   `` /* 233-byte string literal not displayed */

	EnableJWTAccessTokenStatelessIntrospection bool `` /* 291-byte string literal not displayed */

	DiscoverySignedResponseAlg   string `` /* 365-byte string literal not displayed */
	DiscoverySignedResponseKeyID string `` /* 291-byte string literal not displayed */

	RequirePushedAuthorizationRequests bool `` /* 244-byte string literal not displayed */

	CORS IdentityProvidersOpenIDConnectCORS `` /* 129-byte string literal not displayed */

	Clients []IdentityProvidersOpenIDConnectClient `koanf:"clients" json:"clients" jsonschema:"title=Clients" jsonschema_description:"OpenID Connect 1.0 clients registry."`

	AuthorizationPolicies map[string]IdentityProvidersOpenIDConnectPolicy `` /* 165-byte string literal not displayed */
	Lifespans             IdentityProvidersOpenIDConnectLifespans         `koanf:"lifespans" json:"lifespans" jsonschema:"title=Lifespans" jsonschema_description:"Token lifespans configuration."`

	Discovery IdentityProvidersOpenIDConnectDiscovery `json:"-"` // MetaData value. Not configurable by users.

	IssuerCertificateChain X509CertificateChain `` /* 220-byte string literal not displayed */
	IssuerPrivateKey       *rsa.PrivateKey      `` /* 197-byte string literal not displayed */
}

IdentityProvidersOpenIDConnect represents the configuration for OpenID Connect 1.0.

type IdentityProvidersOpenIDConnectCORS added in v4.38.0

type IdentityProvidersOpenIDConnectCORS struct {
	Endpoints      []string   `` /* 260-byte string literal not displayed */
	AllowedOrigins []*url.URL `` /* 170-byte string literal not displayed */

	AllowedOriginsFromClientRedirectURIs bool `` /* 267-byte string literal not displayed */
}

IdentityProvidersOpenIDConnectCORS represents an OpenID Connect 1.0 CORS config.

type IdentityProvidersOpenIDConnectClient added in v4.38.0

type IdentityProvidersOpenIDConnectClient struct {
	ID                  string          `koanf:"client_id" json:"client_id" jsonschema:"required,minLength=1,title=Client ID" jsonschema_description:"The Client ID."`
	Name                string          `` /* 134-byte string literal not displayed */
	Secret              *PasswordDigest `` /* 145-byte string literal not displayed */
	SectorIdentifierURI *url.URL        `` /* 207-byte string literal not displayed */
	Public              bool            `koanf:"public" json:"public" jsonschema:"default=false,title=Public" jsonschema_description:"Enables the Public Client Type."`

	RedirectURIs IdentityProvidersOpenIDConnectClientURIs `` /* 135-byte string literal not displayed */
	RequestURIs  IdentityProvidersOpenIDConnectClientURIs `` /* 131-byte string literal not displayed */

	Audience      []string `` /* 127-byte string literal not displayed */
	Scopes        []string `` /* 253-byte string literal not displayed */
	GrantTypes    []string `` /* 262-byte string literal not displayed */
	ResponseTypes []string `` /* 286-byte string literal not displayed */
	ResponseModes []string `` /* 270-byte string literal not displayed */

	AuthorizationPolicy string `` /* 171-byte string literal not displayed */
	Lifespan            string `` /* 150-byte string literal not displayed */

	RequestedAudienceMode        string         `` /* 208-byte string literal not displayed */
	ConsentMode                  string         `` /* 194-byte string literal not displayed */
	ConsentPreConfiguredDuration *time.Duration `` /* 261-byte string literal not displayed */

	RequirePushedAuthorizationRequests bool `` /* 270-byte string literal not displayed */
	RequirePKCE                        bool `` /* 174-byte string literal not displayed */

	PKCEChallengeMethod string `` /* 196-byte string literal not displayed */

	AuthorizationSignedResponseAlg   string `` /* 352-byte string literal not displayed */
	AuthorizationSignedResponseKeyID string `` /* 287-byte string literal not displayed */
	IDTokenSignedResponseAlg         string `` /* 312-byte string literal not displayed */
	IDTokenSignedResponseKeyID       string `` /* 232-byte string literal not displayed */
	AccessTokenSignedResponseAlg     string `` /* 337-byte string literal not displayed */
	AccessTokenSignedResponseKeyID   string `` /* 260-byte string literal not displayed */
	UserinfoSignedResponseAlg        string `` /* 332-byte string literal not displayed */
	UserinfoSignedResponseKeyID      string `` /* 262-byte string literal not displayed */
	IntrospectionSignedResponseAlg   string `` /* 352-byte string literal not displayed */
	IntrospectionSignedResponseKeyID string `` /* 287-byte string literal not displayed */
	RequestObjectSigningAlg          string `` /* 319-byte string literal not displayed */
	TokenEndpointAuthSigningAlg      string `` /* 372-byte string literal not displayed */

	TokenEndpointAuthMethod            string `` /* 315-byte string literal not displayed */
	AllowMultipleAuthenticationMethods bool   `` /* 320-byte string literal not displayed */

	JSONWebKeysURI *url.URL `` /* 255-byte string literal not displayed */
	JSONWebKeys    []JWK    `` /* 217-byte string literal not displayed */

	Discovery IdentityProvidersOpenIDConnectDiscovery `json:"-"` // MetaData value. Not configurable by users.
}

IdentityProvidersOpenIDConnectClient represents a configuration for an OpenID Connect 1.0 client.

type IdentityProvidersOpenIDConnectClientURIs added in v4.38.7

type IdentityProvidersOpenIDConnectClientURIs []string

func (IdentityProvidersOpenIDConnectClientURIs) JSONSchema added in v4.38.7

type IdentityProvidersOpenIDConnectDiscovery added in v4.38.0

type IdentityProvidersOpenIDConnectDiscovery struct {
	AuthorizationPolicies       []string
	Lifespans                   []string
	DefaultKeyIDs               map[string]string
	DefaultKeyID                string
	ResponseObjectSigningKeyIDs []string
	ResponseObjectSigningAlgs   []string
	RequestObjectSigningAlgs    []string
	JWTResponseAccessTokens     bool
	BearerAuthorization         bool
}

IdentityProvidersOpenIDConnectDiscovery is information discovered during validation reused for the discovery handlers.

type IdentityProvidersOpenIDConnectLifespan added in v4.38.0

type IdentityProvidersOpenIDConnectLifespan struct {
	IdentityProvidersOpenIDConnectLifespanToken `koanf:",squash"`

	Grants IdentityProvidersOpenIDConnectLifespanGrants `` /* 146-byte string literal not displayed */
}

IdentityProvidersOpenIDConnectLifespan allows tuning the lifespans for OpenID Connect 1.0 issued tokens.

type IdentityProvidersOpenIDConnectLifespanGrants added in v4.38.0

type IdentityProvidersOpenIDConnectLifespanGrants struct {
	AuthorizeCode     IdentityProvidersOpenIDConnectLifespanToken `` /* 173-byte string literal not displayed */
	Implicit          IdentityProvidersOpenIDConnectLifespanToken `` /* 158-byte string literal not displayed */
	ClientCredentials IdentityProvidersOpenIDConnectLifespanToken `` /* 189-byte string literal not displayed */
	RefreshToken      IdentityProvidersOpenIDConnectLifespanToken `` /* 169-byte string literal not displayed */
	JWTBearer         IdentityProvidersOpenIDConnectLifespanToken `` /* 157-byte string literal not displayed */
}

IdentityProvidersOpenIDConnectLifespanGrants allows tuning the lifespans for each grant type.

type IdentityProvidersOpenIDConnectLifespanToken added in v4.38.0

type IdentityProvidersOpenIDConnectLifespanToken struct {
	AccessToken   time.Duration `` /* 168-byte string literal not displayed */
	AuthorizeCode time.Duration `` /* 178-byte string literal not displayed */
	IDToken       time.Duration `` /* 152-byte string literal not displayed */
	RefreshToken  time.Duration `` /* 171-byte string literal not displayed */
}

IdentityProvidersOpenIDConnectLifespanToken allows tuning the lifespans for each token type.

type IdentityProvidersOpenIDConnectLifespans added in v4.38.0

type IdentityProvidersOpenIDConnectLifespans struct {
	IdentityProvidersOpenIDConnectLifespanToken `koanf:",squash"`
	JWTSecuredAuthorization                     time.Duration `` /* 222-byte string literal not displayed */

	Custom map[string]IdentityProvidersOpenIDConnectLifespan `` /* 156-byte string literal not displayed */
}

type IdentityProvidersOpenIDConnectPolicy added in v4.38.0

type IdentityProvidersOpenIDConnectPolicy struct {
	DefaultPolicy string `` /* 188-byte string literal not displayed */

	Rules []IdentityProvidersOpenIDConnectPolicyRule `koanf:"rules" json:"rules" jsonschema:"title=Rules" jsonschema_description:"The list of rules for this policy."`
}

IdentityProvidersOpenIDConnectPolicy configuration for OpenID Connect 1.0 authorization policies.

type IdentityProvidersOpenIDConnectPolicyRule added in v4.38.0

type IdentityProvidersOpenIDConnectPolicyRule struct {
	Policy   string                    `` /* 155-byte string literal not displayed */
	Subjects AccessControlRuleSubjects `` /* 146-byte string literal not displayed */
}

IdentityProvidersOpenIDConnectPolicyRule configuration for OpenID Connect 1.0 authorization policies rules.

type IdentityValidation added in v4.38.0

type IdentityValidation struct {
	ResetPassword   IdentityValidationResetPassword   `` /* 160-byte string literal not displayed */
	ElevatedSession IdentityValidationElevatedSession `` /* 222-byte string literal not displayed */
}

IdentityValidation represents the configuration for identity verification actions/flows.

type IdentityValidationElevatedSession added in v4.38.0

type IdentityValidationElevatedSession struct {
	CodeLifespan        time.Duration `` /* 208-byte string literal not displayed */
	ElevationLifespan   time.Duration `` /* 228-byte string literal not displayed */
	Characters          int           `` /* 179-byte string literal not displayed */
	RequireSecondFactor bool          `` /* 222-byte string literal not displayed */
	SkipSecondFactor    bool          `` /* 229-byte string literal not displayed */
}

IdentityValidationElevatedSession represents the tunable aspects of the credential control identity verification action/flow.

type IdentityValidationResetPassword added in v4.38.0

type IdentityValidationResetPassword struct {
	JWTExpiration time.Duration `` /* 218-byte string literal not displayed */
	JWTAlgorithm  string        `` /* 237-byte string literal not displayed */
	JWTSecret     string        `` /* 161-byte string literal not displayed */
}

IdentityValidationResetPassword represents the tunable aspects of the reset password identity verification action/flow.

type JWK added in v4.38.0

type JWK struct {
	KeyID            string               `koanf:"key_id" json:"key_id" jsonschema:"maxLength=100,title=Key ID" jsonschema_description:"The ID of this JWK."`
	Use              string               `koanf:"use" json:"use" jsonschema:"default=sig,enum=sig,title=Use" jsonschema_description:"The Use of this JWK."`
	Algorithm        string               `` /* 247-byte string literal not displayed */
	Key              CryptographicKey     `koanf:"key" json:"key" jsonschema_description:"The Private/Public key material of this JWK in Base64 PEM format."`
	CertificateChain X509CertificateChain `` /* 203-byte string literal not displayed */
}

JWK represents a JWK.

type Log added in v4.38.0

type Log struct {
	Level      string `` /* 199-byte string literal not displayed */
	Format     string `` /* 127-byte string literal not displayed */
	FilePath   string `` /* 244-byte string literal not displayed */
	KeepStdout bool   `` /* 164-byte string literal not displayed */
}

Log represents the logging configuration.

type NTP added in v4.38.0

type NTP struct {
	Address             *AddressUDP   `koanf:"address" json:"address" jsonschema:"title=NTP Address" jsonschema_description:"The remote address of the NTP server."`
	Version             int           `koanf:"version" json:"version" jsonschema:"enum=3,enum=4,title=NTP Version" jsonschema_description:"The NTP Version to use."`
	MaximumDesync       time.Duration `` /* 176-byte string literal not displayed */
	DisableStartupCheck bool          `` /* 179-byte string literal not displayed */
	DisableFailure      bool          `` /* 207-byte string literal not displayed */
}

NTP represents the configuration related to ntp server.

type Notifier added in v4.38.0

type Notifier struct {
	DisableStartupCheck bool                `` /* 176-byte string literal not displayed */
	FileSystem          *NotifierFileSystem `koanf:"filesystem" json:"filesystem" jsonschema:"title=File System" jsonschema_description:"The File System notifier."`
	SMTP                *NotifierSMTP       `koanf:"smtp" json:"smtp" jsonschema:"title=SMTP" jsonschema_description:"The SMTP notifier."`
	TemplatePath        string              `` /* 142-byte string literal not displayed */
}

Notifier represents the configuration of the notifier to use when sending notifications to users.

type NotifierFileSystem added in v4.38.0

type NotifierFileSystem struct {
	Filename string `koanf:"filename" json:"filename" jsonschema:"title=Filename" jsonschema_description:"The file path of the notifications."`
}

NotifierFileSystem represents the configuration of the notifier writing emails in a file.

type NotifierSMTP added in v4.38.0

type NotifierSMTP struct {
	Address             *AddressSMTP  `` /* 135-byte string literal not displayed */
	Timeout             time.Duration `` /* 136-byte string literal not displayed */
	Username            string        `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The username for SMTP authentication."`
	Password            string        `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password for SMTP authentication."`
	Identifier          string        `` /* 159-byte string literal not displayed */
	Sender              mail.Address  `koanf:"sender" json:"sender" jsonschema:"title=Sender" jsonschema_description:"The sender used for SMTP."`
	Subject             string        `` /* 134-byte string literal not displayed */
	StartupCheckAddress mail.Address  `` /* 223-byte string literal not displayed */
	DisableRequireTLS   bool          `` /* 169-byte string literal not displayed */
	DisableHTMLEmails   bool          `` /* 212-byte string literal not displayed */
	DisableStartTLS     bool          `` /* 272-byte string literal not displayed */
	TLS                 *TLS          `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The SMTP server TLS connection properties."`

	// Deprecated: use address instead.
	Host string `koanf:"host" json:"host" jsonschema:"deprecated"`

	// Deprecated: use address instead.
	Port int `koanf:"port" json:"port" jsonschema:"deprecated"`
}

NotifierSMTP represents the configuration of the SMTP server to send emails with.

type PasswordDigest added in v4.37.0

type PasswordDigest struct {
	algorithm.Digest
}

PasswordDigest is a configuration type for the crypt.Digest.

func DecodePasswordDigest added in v4.37.3

func DecodePasswordDigest(encodedDigest string) (digest *PasswordDigest, err error)

DecodePasswordDigest returns a new PasswordDigest if it can be decoded.

func NewPasswordDigest added in v4.37.0

func NewPasswordDigest(digest algorithm.Digest) *PasswordDigest

NewPasswordDigest returns a new *PasswordDigest from an algorithm.Digest.

func (*PasswordDigest) GetPlainTextValue added in v4.38.0

func (d *PasswordDigest) GetPlainTextValue() (value []byte, err error)

GetPlainTextValue returns a *plaintext.Digest's byte value from Key() and an error. If the PasswordDigest is not a plaintext.Digest then it returns nil and an error, otherwise it returns the value and nil.

func (*PasswordDigest) IsPlainText added in v4.38.0

func (d *PasswordDigest) IsPlainText() (is bool)

IsPlainText returns true if the underlying algorithm.Digest is a *plaintext.Digest.

func (PasswordDigest) JSONSchema added in v4.38.0

func (PasswordDigest) JSONSchema() *jsonschema.Schema

JSONSchema returns the JSON Schema information for the PasswordDigest type.

func (*PasswordDigest) PlainText added in v4.38.0

func (d *PasswordDigest) PlainText() (digest *plaintext.Digest, ok bool)

PlainText returns a *plaintext.Digest and boolean. If the PasswordDigest is not a plaintext.Digest then it returns nil, false, otherwise it returns the value and true.

func (*PasswordDigest) UnmarshalYAML added in v4.38.0

func (d *PasswordDigest) UnmarshalYAML(value *yaml.Node) (err error)

func (*PasswordDigest) Valid added in v4.38.8

func (d *PasswordDigest) Valid() (valid bool)

Valid returns true if this digest has a value.

type PasswordPolicy added in v4.38.0

type PasswordPolicy struct {
	Standard PasswordPolicyStandard `koanf:"standard" json:"standard" jsonschema:"title=Standard" jsonschema_description:"The standard password policy engine."`
	ZXCVBN   PasswordPolicyZXCVBN   `koanf:"zxcvbn" json:"zxcvbn" jsonschema:"title=ZXCVBN" jsonschema_description:"The ZXCVBN password policy engine."`
}

PasswordPolicy represents the configuration related to password policy.

type PasswordPolicyStandard added in v4.38.0

type PasswordPolicyStandard struct {
	Enabled          bool `` /* 141-byte string literal not displayed */
	MinLength        int  `koanf:"min_length" json:"min_length" jsonschema:"title=Minimum Length" jsonschema_description:"Minimum password length."`
	MaxLength        int  `` /* 130-byte string literal not displayed */
	RequireUppercase bool `` /* 156-byte string literal not displayed */
	RequireLowercase bool `` /* 156-byte string literal not displayed */
	RequireNumber    bool `` /* 145-byte string literal not displayed */
	RequireSpecial   bool `` /* 149-byte string literal not displayed */
}

PasswordPolicyStandard represents the configuration related to standard parameters of password policy.

type PasswordPolicyZXCVBN added in v4.38.0

type PasswordPolicyZXCVBN struct {
	Enabled  bool `` /* 139-byte string literal not displayed */
	MinScore int  `` /* 136-byte string literal not displayed */
}

PasswordPolicyZXCVBN represents the configuration related to ZXCVBN parameters of password policy.

type PrivacyPolicy added in v4.38.0

type PrivacyPolicy struct {
	Enabled               bool     `` /* 138-byte string literal not displayed */
	RequireUserAcceptance bool     `` /* 200-byte string literal not displayed */
	PolicyURL             *url.URL `koanf:"policy_url" json:"policy_url" jsonschema:"title=Policy URL" jsonschema_description:"The URL of the privacy policy."`
}

PrivacyPolicy is the privacy policy configuration.

type RefreshIntervalDuration added in v4.38.0

type RefreshIntervalDuration struct {
	// contains filtered or unexported fields
}

RefreshIntervalDuration is a special time.Duration for the refresh interval.

func NewRefreshIntervalDuration added in v4.38.0

func NewRefreshIntervalDuration(value time.Duration) RefreshIntervalDuration

NewRefreshIntervalDuration returns a RefreshIntervalDuration given a time.Duration.

func NewRefreshIntervalDurationAlways added in v4.38.0

func NewRefreshIntervalDurationAlways() RefreshIntervalDuration

NewRefreshIntervalDurationAlways returns a RefreshIntervalDuration with an always value.

func NewRefreshIntervalDurationNever added in v4.38.0

func NewRefreshIntervalDurationNever() RefreshIntervalDuration

NewRefreshIntervalDurationNever returns a RefreshIntervalDuration with a never value.

func (RefreshIntervalDuration) Always added in v4.38.0

func (d RefreshIntervalDuration) Always() bool

Always returns true if the interval is always.

func (RefreshIntervalDuration) JSONSchema added in v4.38.0

JSONSchema provides the json-schema formatting.

func (RefreshIntervalDuration) Never added in v4.38.0

func (d RefreshIntervalDuration) Never() bool

Never returns true if the interval is never.

func (RefreshIntervalDuration) Update added in v4.38.0

func (d RefreshIntervalDuration) Update() bool

Update returns true if the session could require updates.

func (RefreshIntervalDuration) Valid added in v4.38.0

func (d RefreshIntervalDuration) Valid() bool

Valid returns true if the value was correctly newed up.

func (RefreshIntervalDuration) Value added in v4.38.0

Value returns the time.Duration.

type Regulation added in v4.38.0

type Regulation struct {
	MaxRetries int           `` /* 179-byte string literal not displayed */
	FindTime   time.Duration `` /* 185-byte string literal not displayed */
	BanTime    time.Duration `` /* 202-byte string literal not displayed */
}

Regulation represents the configuration related to regulation.

type Server added in v4.38.0

type Server struct {
	Address            *AddressTCP `` /* 129-byte string literal not displayed */
	AssetPath          string      `` /* 146-byte string literal not displayed */
	DisableHealthcheck bool        `` /* 172-byte string literal not displayed */

	TLS       ServerTLS       `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The server TLS configuration."`
	Headers   ServerHeaders   `koanf:"headers" json:"headers" jsonschema:"title=Headers" jsonschema_description:"The server headers configuration."`
	Endpoints ServerEndpoints `koanf:"endpoints" json:"endpoints" jsonschema:"title=Endpoints" jsonschema_description:"The server endpoints configuration."`

	Buffers  ServerBuffers  `koanf:"buffers" json:"buffers" jsonschema:"title=Buffers" jsonschema_description:"The server buffers configuration."`
	Timeouts ServerTimeouts `koanf:"timeouts" json:"timeouts" jsonschema:"title=Timeouts" jsonschema_description:"The server timeouts configuration."`
}

Server represents the configuration of the http server.

type ServerBuffers added in v4.36.4

type ServerBuffers struct {
	Read  int `koanf:"read" json:"read" jsonschema:"default=4096,title=Read" jsonschema_description:"The read buffer size."`
	Write int `koanf:"write" json:"write" jsonschema:"default=4096,title=Write" jsonschema_description:"The write buffer size."`
}

ServerBuffers represents server buffer configurations.

type ServerEndpoints added in v4.38.0

type ServerEndpoints struct {
	EnablePprof   bool `` /* 235-byte string literal not displayed */
	EnableExpvars bool `` /* 243-byte string literal not displayed */

	Authz map[string]ServerEndpointsAuthz `koanf:"authz" json:"authz" jsonschema:"title=Authz" jsonschema_description:"Configures the Authorization endpoints."`
}

ServerEndpoints is the endpoints configuration for the HTTP server.

type ServerEndpointsAuthz added in v4.38.0

type ServerEndpointsAuthz struct {
	Implementation string `` /* 231-byte string literal not displayed */

	AuthnStrategies []ServerEndpointsAuthzAuthnStrategy `` /* 173-byte string literal not displayed */
}

ServerEndpointsAuthz is the Authz endpoints configuration for the HTTP server.

type ServerEndpointsAuthzAuthnStrategy added in v4.38.0

type ServerEndpointsAuthzAuthnStrategy struct {
	Name    string   `` /* 253-byte string literal not displayed */
	Schemes []string `` /* 208-byte string literal not displayed */
}

ServerEndpointsAuthzAuthnStrategy is the Authz endpoints configuration for the HTTP server.

type ServerHeaders added in v4.38.0

type ServerHeaders struct {
	CSPTemplate CSPTemplate `` /* 135-byte string literal not displayed */
}

ServerHeaders represents the customization of the http server headers.

type ServerTLS added in v4.38.0

type ServerTLS struct {
	Certificate        string   `koanf:"certificate" json:"certificate" jsonschema:"title=Certificate" jsonschema_description:"Path to the Certificate."`
	Key                string   `koanf:"key" json:"key" jsonschema:"title=Key" jsonschema_description:"Path to the Private Key."`
	ClientCertificates []string `` /* 181-byte string literal not displayed */
}

ServerTLS represents the configuration of the http servers TLS options.

type ServerTimeouts added in v4.36.4

type ServerTimeouts struct {
	Read  time.Duration `koanf:"read" json:"read" jsonschema:"default=6 seconds,title=Read" jsonschema_description:"The read timeout."`
	Write time.Duration `koanf:"write" json:"write" jsonschema:"default=6 seconds,title=Write" jsonschema_description:"The write timeout."`
	Idle  time.Duration `koanf:"idle" json:"idle" jsonschema:"default=30 seconds,title=Idle" jsonschema_description:"The idle timeout."`
}

ServerTimeouts represents server timeout configurations.

type Session added in v4.38.0

type Session struct {
	SessionCookieCommon `koanf:",squash"`

	Secret string `koanf:"secret" json:"secret" jsonschema:"title=Secret" jsonschema_description:"Secret used to encrypt the session data."`

	Cookies []SessionCookie `koanf:"cookies" json:"cookies" jsonschema:"title=Cookies" jsonschema_description:"List of cookie domain configurations."`

	Redis *SessionRedis `koanf:"redis" json:"redis" jsonschema:"title=Redis" jsonschema_description:"Redis Session Provider configuration."`

	// Deprecated: Use the session cookies option with the same name instead.
	Domain string `koanf:"domain" json:"domain" jsonschema:"deprecated,title=Domain"`
}

Session represents the configuration related to user sessions.

type SessionCookie added in v4.38.0

type SessionCookie struct {
	SessionCookieCommon `koanf:",squash"`

	Domain                string   `` /* 145-byte string literal not displayed */
	AutheliaURL           *url.URL `` /* 190-byte string literal not displayed */
	DefaultRedirectionURL *url.URL `` /* 208-byte string literal not displayed */

	Legacy bool `json:"-"`
}

SessionCookie represents the configuration for a cookie domain.

type SessionCookieCommon added in v4.38.0

type SessionCookieCommon struct {
	Name       string        `koanf:"name" json:"name" jsonschema:"default=authelia_session" jsonschema_description:"The session cookie name."`
	SameSite   string        `` /* 151-byte string literal not displayed */
	Expiration time.Duration `` /* 152-byte string literal not displayed */
	Inactivity time.Duration `koanf:"inactivity" json:"inactivity" jsonschema:"default=5 minutes" jsonschema_description:"The session inactivity timeout."`
	RememberMe time.Duration `` /* 151-byte string literal not displayed */

	DisableRememberMe bool `json:"-"`
}

type SessionRedis added in v4.38.0

type SessionRedis struct {
	Host                     string `koanf:"host" json:"host" jsonschema:"title=Host" jsonschema_description:"The redis server host."`
	Port                     int    `koanf:"port" json:"port" jsonschema:"default=6379,title=Host" jsonschema_description:"The redis server port."`
	Username                 string `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The redis username."`
	Password                 string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The redis password."`
	DatabaseIndex            int    `` /* 139-byte string literal not displayed */
	MaximumActiveConnections int    `` /* 212-byte string literal not displayed */
	MinimumIdleConnections   int    `` /* 192-byte string literal not displayed */
	TLS                      *TLS   `koanf:"tls" json:"tls"`

	HighAvailability *SessionRedisHighAvailability `koanf:"high_availability" json:"high_availability"`
}

SessionRedis represents the configuration related to redis session store.

type SessionRedisHighAvailability added in v4.38.0

type SessionRedisHighAvailability struct {
	SentinelName     string `` /* 135-byte string literal not displayed */
	SentinelUsername string `` /* 152-byte string literal not displayed */
	SentinelPassword string `` /* 152-byte string literal not displayed */
	RouteByLatency   bool   `` /* 155-byte string literal not displayed */
	RouteRandomly    bool   `` /* 147-byte string literal not displayed */

	Nodes []SessionRedisHighAvailabilityNode `` /* 135-byte string literal not displayed */
}

SessionRedisHighAvailability holds configuration variables for Redis Cluster/Sentinel.

type SessionRedisHighAvailabilityNode added in v4.38.0

type SessionRedisHighAvailabilityNode struct {
	Host string `koanf:"host" json:"host" jsonschema:"title=Host" jsonschema_description:"The redis sentinel node host."`
	Port int    `koanf:"port" json:"port" jsonschema:"default=26379,title=Port" jsonschema_description:"The redis sentinel node port."`
}

SessionRedisHighAvailabilityNode Represents a Node.

type Storage added in v4.38.0

type Storage struct {
	Local      *StorageLocal      `` /* 126-byte string literal not displayed */
	MySQL      *StorageMySQL      `` /* 126-byte string literal not displayed */
	PostgreSQL *StoragePostgreSQL `` /* 134-byte string literal not displayed */

	EncryptionKey string `` /* 194-byte string literal not displayed */
}

Storage represents the configuration of the storage backend.

type StorageLocal added in v4.38.0

type StorageLocal struct {
	Path string `koanf:"path" json:"path" jsonschema:"title=Path" jsonschema_description:"The Path for the SQLite3 database file."`
}

StorageLocal represents the configuration when using local storage.

type StorageMySQL added in v4.38.0

type StorageMySQL struct {
	StorageSQL `koanf:",squash"`

	TLS *TLS `koanf:"tls" json:"tls"`
}

StorageMySQL represents the configuration of a MySQL database.

type StoragePostgreSQL added in v4.38.0

type StoragePostgreSQL struct {
	StorageSQL `koanf:",squash"`
	Schema     string `` /* 126-byte string literal not displayed */

	TLS *TLS `koanf:"tls" json:"tls"`

	// Deprecated: Use the TLS configuration instead.
	SSL *StoragePostgreSQLSSL `koanf:"ssl" json:"ssl" jsonschema:"deprecated,title=SSL"`
}

StoragePostgreSQL represents the configuration of a PostgreSQL database.

type StoragePostgreSQLSSL added in v4.38.0

type StoragePostgreSQLSSL struct {
	Mode            string `` /* 209-byte string literal not displayed */
	RootCertificate string `` /* 203-byte string literal not displayed */
	Certificate     string `` /* 183-byte string literal not displayed */
	Key             string `` /* 159-byte string literal not displayed */
}

StoragePostgreSQLSSL represents the SSL configuration of a PostgreSQL database.

type StorageSQL added in v4.38.0

type StorageSQL struct {
	Address  *AddressTCP   `koanf:"address" json:"address" jsonschema:"title=Address" jsonschema_description:"The address of the database."`
	Database string        `` /* 140-byte string literal not displayed */
	Username string        `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The username to use to authenticate."`
	Password string        `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password to use to authenticate."`
	Timeout  time.Duration `` /* 141-byte string literal not displayed */
}

StorageSQL represents the configuration of the SQL database.

type StructValidator

type StructValidator struct {
	// contains filtered or unexported fields
}

StructValidator is a validator for structs.

func NewStructValidator

func NewStructValidator() *StructValidator

NewStructValidator is a constructor of struct validator.

func (*StructValidator) Clear

func (v *StructValidator) Clear()

Clear errors and warnings.

func (*StructValidator) Errors

func (v *StructValidator) Errors() []error

Errors returns the errors.

func (*StructValidator) HasErrors

func (v *StructValidator) HasErrors() bool

HasErrors checks whether the validator contains errors.

func (*StructValidator) HasWarnings

func (v *StructValidator) HasWarnings() bool

HasWarnings checks whether the validator contains warning errors.

func (*StructValidator) Push

func (v *StructValidator) Push(err error)

Push an error to the validator.

func (*StructValidator) PushWarning

func (v *StructValidator) PushWarning(err error)

PushWarning error to the validator.

func (*StructValidator) Warnings

func (v *StructValidator) Warnings() []error

Warnings returns the warnings.

type TLS added in v4.38.0

type TLS struct {
	MinimumVersion TLSVersion `` /* 155-byte string literal not displayed */
	MaximumVersion TLSVersion `` /* 155-byte string literal not displayed */

	SkipVerify bool   `` /* 156-byte string literal not displayed */
	ServerName string `` /* 169-byte string literal not displayed */

	PrivateKey       CryptographicPrivateKey `koanf:"private_key" json:"private_key" jsonschema:"title=Private Key" jsonschema_description:"The private key."`
	CertificateChain X509CertificateChain    `` /* 135-byte string literal not displayed */
}

TLS is a representation of the TLS configuration.

type TLSVersion added in v4.37.0

type TLSVersion struct {
	Value uint16
}

TLSVersion is a struct which handles tls.Config versions.

func NewTLSVersion added in v4.37.0

func NewTLSVersion(input string) (version *TLSVersion, err error)

NewTLSVersion returns a new TLSVersion given a string.

func (TLSVersion) JSONSchema added in v4.38.0

func (TLSVersion) JSONSchema() *jsonschema.Schema

JSONSchema returns the JSON Schema information for the TLSVersion type.

func (*TLSVersion) MaxVersion added in v4.37.0

func (v *TLSVersion) MaxVersion() uint16

MaxVersion returns the value of this as a MaxVersion value.

func (*TLSVersion) MinVersion added in v4.37.0

func (v *TLSVersion) MinVersion() uint16

MinVersion returns the value of this as a MinVersion value.

func (*TLSVersion) String added in v4.37.0

func (v *TLSVersion) String() string

String provides the Stringer.

type TOTP added in v4.38.0

type TOTP struct {
	Disable          bool   `` /* 133-byte string literal not displayed */
	Issuer           string `` /* 138-byte string literal not displayed */
	DefaultAlgorithm string `` /* 180-byte string literal not displayed */
	DefaultDigits    int    `` /* 145-byte string literal not displayed */
	DefaultPeriod    int    `` /* 132-byte string literal not displayed */
	Skew             *int   `` /* 127-byte string literal not displayed */
	SecretSize       int    `` /* 157-byte string literal not displayed */

	AllowedAlgorithms []string `` /* 239-byte string literal not displayed */
	AllowedDigits     []int    `` /* 200-byte string literal not displayed */
	AllowedPeriods    []int    `` /* 191-byte string literal not displayed */

	DisableReuseSecurityPolicy bool `` /* 227-byte string literal not displayed */
}

TOTP represents the configuration related to TOTP options.

type Telemetry added in v4.38.0

type Telemetry struct {
	Metrics TelemetryMetrics `` /* 126-byte string literal not displayed */
}

Telemetry represents the telemetry config.

type TelemetryMetrics added in v4.38.0

type TelemetryMetrics struct {
	Enabled bool        `koanf:"enabled" json:"enabled" jsonschema:"default=false,title=Enabled" jsonschema_description:"Enables the metrics server."`
	Address *AddressTCP `` /* 152-byte string literal not displayed */

	Buffers  ServerBuffers  `` /* 139-byte string literal not displayed */
	Timeouts ServerTimeouts `` /* 143-byte string literal not displayed */
}

TelemetryMetrics represents the telemetry metrics config.

type WebAuthn added in v4.38.0

type WebAuthn struct {
	Disable     bool   `` /* 137-byte string literal not displayed */
	DisplayName string `` /* 173-byte string literal not displayed */

	ConveyancePreference protocol.ConveyancePreference        `` /* 265-byte string literal not displayed */
	UserVerification     protocol.UserVerificationRequirement `` /* 247-byte string literal not displayed */

	Timeout time.Duration `` /* 150-byte string literal not displayed */
}

WebAuthn represents the webauthn config.

type X509CertificateChain added in v4.37.0

type X509CertificateChain struct {
	// contains filtered or unexported fields
}

X509CertificateChain is a helper struct that holds a list of *x509.Certificate's.

func NewX509CertificateChain added in v4.37.0

func NewX509CertificateChain(in string) (chain *X509CertificateChain, err error)

NewX509CertificateChain creates a new *X509CertificateChain from a given string, parsing each PEM block one by one.

func NewX509CertificateChainFromCerts added in v4.38.0

func NewX509CertificateChainFromCerts(in []*x509.Certificate) (chain X509CertificateChain)

NewX509CertificateChainFromCerts returns a chain from a given list of certificates without validation.

func (*X509CertificateChain) Certificates added in v4.37.0

func (c *X509CertificateChain) Certificates() (certificates []*x509.Certificate)

Certificates for this X509CertificateChain.

func (*X509CertificateChain) CertificatesRaw added in v4.37.0

func (c *X509CertificateChain) CertificatesRaw() (certificates [][]byte)

CertificatesRaw for this X509CertificateChain.

func (*X509CertificateChain) EncodePEM added in v4.38.0

func (c *X509CertificateChain) EncodePEM() (encoded []byte, err error)

EncodePEM encodes the entire chain as PEM bytes.

func (*X509CertificateChain) Equal added in v4.37.0

func (c *X509CertificateChain) Equal(other *x509.Certificate) (equal bool)

Equal checks if the provided *x509.Certificate is equal to the first *x509.Certificate in the chain.

func (*X509CertificateChain) EqualKey added in v4.37.0

func (c *X509CertificateChain) EqualKey(other any) (equal bool)

EqualKey checks if the provided key (public or private) has a public key equal to the first public key in this chain.

func (*X509CertificateChain) HasCertificates added in v4.37.0

func (c *X509CertificateChain) HasCertificates() (has bool)

HasCertificates returns true if the chain has any certificates.

func (X509CertificateChain) JSONSchema added in v4.38.0

func (X509CertificateChain) JSONSchema() *jsonschema.Schema

JSONSchema returns the JSON Schema information for the X509CertificateChain type.

func (*X509CertificateChain) Leaf added in v4.37.0

func (c *X509CertificateChain) Leaf() (leaf *x509.Certificate)

Leaf returns the first certificate if available for use with tls.Certificate.

func (*X509CertificateChain) Thumbprint added in v4.37.0

func (c *X509CertificateChain) Thumbprint(hash crypto.Hash) []byte

Thumbprint returns the Thumbprint for the first certificate.

func (*X509CertificateChain) Validate added in v4.37.0

func (c *X509CertificateChain) Validate() (err error)

Validate the X509CertificateChain ensuring the certificates were provided in the correct order (with nth being signed by the nth+1), and that all of the certificates are valid based on the current time.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL