schema

package
v4.33.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 4, 2021 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

View Source
const (
	TOTPAlgorithmSHA1   = "SHA1"
	TOTPAlgorithmSHA256 = "SHA256"
	TOTPAlgorithmSHA512 = "SHA512"
)

TOTP Algorithm.

View Source
const LDAPImplementationActiveDirectory = "activedirectory"

LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation.

View Source
const LDAPImplementationCustom = "custom"

LDAPImplementationCustom is the string for the custom LDAP implementation.

View Source
const ProfileRefreshAlways = "always"

ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.

View Source
const ProfileRefreshDisabled = "disable"

ProfileRefreshDisabled represents a value for refresh_interval that disables the check entirely.

View Source
const RefreshIntervalAlways = 0 * time.Millisecond

RefreshIntervalAlways represents the duration value refresh interval should have if set to always.

View Source
const RefreshIntervalDefault = "5m"

RefreshIntervalDefault represents the default value of refresh_interval.

Variables

View Source
var DefaultACLNetwork = []ACLNetwork{
	{
		Name:     "localhost",
		Networks: []string{"127.0.0.1"},
	},
	{
		Name:     "internal",
		Networks: []string{"10.0.0.0/8"},
	},
}

DefaultACLNetwork represents the default configuration related to access control network group configuration.

View Source
var DefaultACLRule = []ACLRule{
	{
		Domains: []string{"public.example.com"},
		Policy:  "bypass",
	},
	{
		Domains: []string{"singlefactor.example.com"},
		Policy:  "one_factor",
	},
	{
		Domains: []string{"secure.example.com"},
		Policy:  "two_factor",
	},
}

DefaultACLRule represents the default configuration related to access control rule configuration.

View Source
var DefaultCIPasswordConfiguration = PasswordConfiguration{
	Iterations:  1,
	KeyLength:   32,
	SaltLength:  16,
	Algorithm:   argon2id,
	Memory:      64,
	Parallelism: 8,
}

DefaultCIPasswordConfiguration represents the default configuration related to Argon2id hashing for CI.

View Source
var DefaultLDAPAuthenticationBackendConfiguration = LDAPAuthenticationBackendConfiguration{
	Implementation:       LDAPImplementationCustom,
	UsernameAttribute:    "uid",
	MailAttribute:        "mail",
	DisplayNameAttribute: "displayName",
	GroupNameAttribute:   "cn",
	Timeout:              time.Second * 5,
	TLS: &TLSConfig{
		MinimumVersion: "TLS1.2",
	},
}

DefaultLDAPAuthenticationBackendConfiguration represents the default LDAP config.

View Source
var DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration = LDAPAuthenticationBackendConfiguration{
	UsersFilter:          "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0)))",
	UsernameAttribute:    "sAMAccountName",
	MailAttribute:        "mail",
	DisplayNameAttribute: "displayName",
	GroupsFilter:         "(&(member={dn})(objectClass=group))",
	GroupNameAttribute:   "cn",
}

DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration represents the default LDAP config for the MSAD Implementation.

View Source
var DefaultLoggingConfiguration = LogConfiguration{
	Level:  "info",
	Format: "text",
}

DefaultLoggingConfiguration is the default logging configuration.

View Source
var DefaultNTPConfiguration = NTPConfiguration{
	Address:       "time.cloudflare.com:123",
	Version:       4,
	MaximumDesync: "3s",
}

DefaultNTPConfiguration represents default configuration parameters for the NTP server.

View Source
var DefaultOpenIDConnectClientConfiguration = OpenIDConnectClientConfiguration{
	Policy:        "two_factor",
	Scopes:        []string{"openid", "groups", "profile", "email"},
	GrantTypes:    []string{"refresh_token", "authorization_code"},
	ResponseTypes: []string{"code"},
	ResponseModes: []string{"form_post", "query", "fragment"},

	UserinfoSigningAlgorithm: "none",
}

DefaultOpenIDConnectClientConfiguration contains defaults for OIDC Clients.

View Source
var DefaultOpenIDConnectConfiguration = OpenIDConnectConfiguration{
	AccessTokenLifespan:   time.Hour,
	AuthorizeCodeLifespan: time.Minute,
	IDTokenLifespan:       time.Hour,
	RefreshTokenLifespan:  time.Minute * 90,
}

DefaultOpenIDConnectConfiguration contains defaults for OIDC.

View Source
var DefaultPasswordConfiguration = PasswordConfiguration{
	Iterations:  1,
	KeyLength:   32,
	SaltLength:  16,
	Algorithm:   argon2id,
	Memory:      64,
	Parallelism: 8,
}

DefaultPasswordConfiguration represents the default configuration related to Argon2id hashing.

View Source
var DefaultPasswordSHA512Configuration = PasswordConfiguration{
	Iterations: 50000,
	SaltLength: 16,
	Algorithm:  "sha512",
}

DefaultPasswordSHA512Configuration represents the default configuration related to SHA512 hashing.

View Source
var DefaultPostgreSQLStorageConfiguration = PostgreSQLStorageConfiguration{
	Schema: "public",
	SSL: PostgreSQLSSLStorageConfiguration{
		Mode: "disable",
	},
}

DefaultPostgreSQLStorageConfiguration represents the default PostgreSQL configuration.

View Source
var DefaultRegulationConfiguration = RegulationConfiguration{
	MaxRetries: 3,
	FindTime:   "2m",
	BanTime:    "5m",
}

DefaultRegulationConfiguration represents default configuration parameters for the regulator.

View Source
var DefaultSMTPNotifierConfiguration = SMTPNotifierConfiguration{
	Timeout:             time.Second * 5,
	Subject:             "[Authelia] {title}",
	Identifier:          "localhost",
	StartupCheckAddress: "test@authelia.com",
	TLS: &TLSConfig{
		MinimumVersion: "TLS1.2",
	},
}

DefaultSMTPNotifierConfiguration represents default configuration parameters for the SMTP notifier.

View Source
var DefaultSQLStorageConfiguration = SQLStorageConfiguration{
	Timeout: 5 * time.Second,
}

DefaultSQLStorageConfiguration represents the default SQL configuration.

View Source
var DefaultServerConfiguration = ServerConfiguration{
	Host:            "0.0.0.0",
	Port:            9091,
	ReadBufferSize:  4096,
	WriteBufferSize: 4096,
}

DefaultServerConfiguration represents the default values of the ServerConfiguration.

View Source
var DefaultSessionConfiguration = SessionConfiguration{
	Name:               "authelia_session",
	Expiration:         "1h",
	Inactivity:         "5m",
	RememberMeDuration: "1M",
	SameSite:           "lax",
}

DefaultSessionConfiguration is the default session configuration.

View Source
var DefaultTOTPConfiguration = TOTPConfiguration{
	Issuer:    "Authelia",
	Algorithm: TOTPAlgorithmSHA1,
	Digits:    6,
	Period:    30,
	Skew:      &defaultOtpSkew,
}

DefaultTOTPConfiguration represents default configuration parameters for TOTP generation.

View Source
var (
	// TOTPPossibleAlgorithms is a list of valid TOTP Algorithms.
	TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512}
)

Functions

This section is empty.

Types

type ACLNetwork

type ACLNetwork struct {
	Name     string   `koanf:"name"`
	Networks []string `koanf:"networks"`
}

ACLNetwork represents one ACL network group entry; "weak" coerces a single value into slice.

type ACLRule

type ACLRule struct {
	Domains   []string   `koanf:"domain"`
	Policy    string     `koanf:"policy"`
	Subjects  [][]string `koanf:"subject"`
	Networks  []string   `koanf:"networks"`
	Resources []string   `koanf:"resources"`
	Methods   []string   `koanf:"methods"`
}

ACLRule represents one ACL rule entry; "weak" coerces a single value into slice.

type AccessControlConfiguration

type AccessControlConfiguration struct {
	DefaultPolicy string       `koanf:"default_policy"`
	Networks      []ACLNetwork `koanf:"networks"`
	Rules         []ACLRule    `koanf:"rules"`
}

AccessControlConfiguration represents the configuration related to ACLs.

type AuthenticationBackendConfiguration

type AuthenticationBackendConfiguration struct {
	DisableResetPassword bool                                    `koanf:"disable_reset_password"`
	RefreshInterval      string                                  `koanf:"refresh_interval"`
	LDAP                 *LDAPAuthenticationBackendConfiguration `koanf:"ldap"`
	File                 *FileAuthenticationBackendConfiguration `koanf:"file"`
}

AuthenticationBackendConfiguration represents the configuration related to the authentication backend.

type Configuration

type Configuration struct {
	Theme                 string `koanf:"theme"`
	CertificatesDirectory string `koanf:"certificates_directory"`
	JWTSecret             string `koanf:"jwt_secret"`
	DefaultRedirectionURL string `koanf:"default_redirection_url"`

	Log                   LogConfiguration                   `koanf:"log"`
	IdentityProviders     IdentityProvidersConfiguration     `koanf:"identity_providers"`
	AuthenticationBackend AuthenticationBackendConfiguration `koanf:"authentication_backend"`
	Session               SessionConfiguration               `koanf:"session"`
	TOTP                  *TOTPConfiguration                 `koanf:"totp"`
	DuoAPI                *DuoAPIConfiguration               `koanf:"duo_api"`
	AccessControl         AccessControlConfiguration         `koanf:"access_control"`
	NTP                   *NTPConfiguration                  `koanf:"ntp"`
	Regulation            *RegulationConfiguration           `koanf:"regulation"`
	Storage               StorageConfiguration               `koanf:"storage"`
	Notifier              *NotifierConfiguration             `koanf:"notifier"`
	Server                ServerConfiguration                `koanf:"server"`
}

Configuration object extracted from YAML configuration file.

type DuoAPIConfiguration

type DuoAPIConfiguration struct {
	Hostname             string `koanf:"hostname"`
	EnableSelfEnrollment bool   `koanf:"enable_self_enrollment"`
	IntegrationKey       string `koanf:"integration_key"`
	SecretKey            string `koanf:"secret_key"`
}

DuoAPIConfiguration represents the configuration related to Duo API.

type ErrorContainer

type ErrorContainer interface {
	Push(err error)
	PushWarning(err error)
	HasErrors() bool
	HasWarnings() bool
	Errors() []error
	Warnings() []error
}

ErrorContainer represents a container where we can add errors and retrieve them.

type FileAuthenticationBackendConfiguration

type FileAuthenticationBackendConfiguration struct {
	Path     string                 `koanf:"path"`
	Password *PasswordConfiguration `koanf:"password"`
}

FileAuthenticationBackendConfiguration represents the configuration related to file-based backend.

type FileSystemNotifierConfiguration

type FileSystemNotifierConfiguration struct {
	Filename string `koanf:"filename"`
}

FileSystemNotifierConfiguration represents the configuration of the notifier writing emails in a file.

type IdentityProvidersConfiguration

type IdentityProvidersConfiguration struct {
	OIDC *OpenIDConnectConfiguration `koanf:"oidc"`
}

IdentityProvidersConfiguration represents the IdentityProviders 2.0 configuration for Authelia.

type LDAPAuthenticationBackendConfiguration

type LDAPAuthenticationBackendConfiguration struct {
	Implementation string        `koanf:"implementation"`
	URL            string        `koanf:"url"`
	Timeout        time.Duration `koanf:"timeout"`
	StartTLS       bool          `koanf:"start_tls"`
	TLS            *TLSConfig    `koanf:"tls"`

	BaseDN string `koanf:"base_dn"`

	AdditionalUsersDN string `koanf:"additional_users_dn"`
	UsersFilter       string `koanf:"users_filter"`

	AdditionalGroupsDN string `koanf:"additional_groups_dn"`
	GroupsFilter       string `koanf:"groups_filter"`

	GroupNameAttribute   string `koanf:"group_name_attribute"`
	UsernameAttribute    string `koanf:"username_attribute"`
	MailAttribute        string `koanf:"mail_attribute"`
	DisplayNameAttribute string `koanf:"display_name_attribute"`

	User     string `koanf:"user"`
	Password string `koanf:"password"`
}

LDAPAuthenticationBackendConfiguration represents the configuration related to LDAP server.

type LocalStorageConfiguration

type LocalStorageConfiguration struct {
	Path string `koanf:"path"`
}

LocalStorageConfiguration represents the configuration when using local storage.

type LogConfiguration

type LogConfiguration struct {
	Level      string `koanf:"level"`
	Format     string `koanf:"format"`
	FilePath   string `koanf:"file_path"`
	KeepStdout bool   `koanf:"keep_stdout"`
}

LogConfiguration represents the logging configuration.

type MySQLStorageConfiguration

type MySQLStorageConfiguration struct {
	SQLStorageConfiguration `koanf:",squash"`
}

MySQLStorageConfiguration represents the configuration of a MySQL database.

type NTPConfiguration added in v4.31.0

type NTPConfiguration struct {
	Address             string `koanf:"address"`
	Version             int    `koanf:"version"`
	MaximumDesync       string `koanf:"max_desync"`
	DisableStartupCheck bool   `koanf:"disable_startup_check"`
	DisableFailure      bool   `koanf:"disable_failure"`
}

NTPConfiguration represents the configuration related to ntp server.

type NotifierConfiguration

type NotifierConfiguration struct {
	DisableStartupCheck bool                             `koanf:"disable_startup_check"`
	FileSystem          *FileSystemNotifierConfiguration `koanf:"filesystem"`
	SMTP                *SMTPNotifierConfiguration       `koanf:"smtp"`
}

NotifierConfiguration represents the configuration of the notifier to use when sending notifications to users.

type OpenIDConnectClientConfiguration

type OpenIDConnectClientConfiguration struct {
	ID          string `koanf:"id"`
	Description string `koanf:"description"`
	Secret      string `koanf:"secret"`
	Public      bool   `koanf:"public"`

	Policy string `koanf:"authorization_policy"`

	Audience      []string `koanf:"audience"`
	Scopes        []string `koanf:"scopes"`
	RedirectURIs  []string `koanf:"redirect_uris"`
	GrantTypes    []string `koanf:"grant_types"`
	ResponseTypes []string `koanf:"response_types"`
	ResponseModes []string `koanf:"response_modes"`

	UserinfoSigningAlgorithm string `koanf:"userinfo_signing_algorithm"`
}

OpenIDConnectClientConfiguration configuration for an OpenID Connect client.

type OpenIDConnectConfiguration

type OpenIDConnectConfiguration struct {
	// This secret must be 32 bytes long
	HMACSecret       string `koanf:"hmac_secret"`
	IssuerPrivateKey string `koanf:"issuer_private_key"`

	AccessTokenLifespan   time.Duration `koanf:"access_token_lifespan"`
	AuthorizeCodeLifespan time.Duration `koanf:"authorize_code_lifespan"`
	IDTokenLifespan       time.Duration `koanf:"id_token_lifespan"`
	RefreshTokenLifespan  time.Duration `koanf:"refresh_token_lifespan"`

	EnableClientDebugMessages bool `koanf:"enable_client_debug_messages"`
	MinimumParameterEntropy   int  `koanf:"minimum_parameter_entropy"`

	Clients []OpenIDConnectClientConfiguration `koanf:"clients"`
}

OpenIDConnectConfiguration configuration for OpenID Connect.

type PasswordConfiguration

type PasswordConfiguration struct {
	Iterations  int    `koanf:"iterations"`
	KeyLength   int    `koanf:"key_length"`
	SaltLength  int    `koanf:"salt_length"`
	Algorithm   string `mapstrucutre:"algorithm"`
	Memory      int    `koanf:"memory"`
	Parallelism int    `koanf:"parallelism"`
}

PasswordConfiguration represents the configuration related to password hashing.

type PostgreSQLSSLStorageConfiguration added in v4.33.0

type PostgreSQLSSLStorageConfiguration struct {
	Mode            string `koanf:"mode"`
	RootCertificate string `koanf:"root_certificate"`
	Certificate     string `koanf:"certificate"`
	Key             string `koanf:"key"`
}

PostgreSQLSSLStorageConfiguration represents the SSL configuration of a PostgreSQL database.

type PostgreSQLStorageConfiguration

type PostgreSQLStorageConfiguration struct {
	SQLStorageConfiguration `koanf:",squash"`
	Schema                  string `koanf:"schema"`

	SSL PostgreSQLSSLStorageConfiguration `koanf:"ssl"`

	// Deprecated. TODO: Remove in v4.36.0.
	SSLMode string `koanf:"sslmode"`
}

PostgreSQLStorageConfiguration represents the configuration of a PostgreSQL database.

type RedisHighAvailabilityConfiguration

type RedisHighAvailabilityConfiguration struct {
	SentinelName     string      `koanf:"sentinel_name"`
	SentinelUsername string      `koanf:"sentinel_username"`
	SentinelPassword string      `koanf:"sentinel_password"`
	Nodes            []RedisNode `koanf:"nodes"`
	RouteByLatency   bool        `koanf:"route_by_latency"`
	RouteRandomly    bool        `koanf:"route_randomly"`
}

RedisHighAvailabilityConfiguration holds configuration variables for Redis Cluster/Sentinel.

type RedisNode

type RedisNode struct {
	Host string `koanf:"host"`
	Port int    `koanf:"port"`
}

RedisNode Represents a Node.

type RedisSessionConfiguration

type RedisSessionConfiguration struct {
	Host                     string                              `koanf:"host"`
	Port                     int                                 `koanf:"port"`
	Username                 string                              `koanf:"username"`
	Password                 string                              `koanf:"password"`
	DatabaseIndex            int                                 `koanf:"database_index"`
	MaximumActiveConnections int                                 `koanf:"maximum_active_connections"`
	MinimumIdleConnections   int                                 `koanf:"minimum_idle_connections"`
	TLS                      *TLSConfig                          `koanf:"tls"`
	HighAvailability         *RedisHighAvailabilityConfiguration `koanf:"high_availability"`
}

RedisSessionConfiguration represents the configuration related to redis session store.

type RegulationConfiguration

type RegulationConfiguration struct {
	MaxRetries int    `koanf:"max_retries"`
	FindTime   string `koanf:"find_time,weak"`
	BanTime    string `koanf:"ban_time,weak"`
}

RegulationConfiguration represents the configuration related to regulation.

type SMTPNotifierConfiguration

type SMTPNotifierConfiguration struct {
	Host                string        `koanf:"host"`
	Port                int           `koanf:"port"`
	Timeout             time.Duration `koanf:"timeout"`
	Username            string        `koanf:"username"`
	Password            string        `koanf:"password"`
	Identifier          string        `koanf:"identifier"`
	Sender              mail.Address  `koanf:"sender"`
	Subject             string        `koanf:"subject"`
	StartupCheckAddress string        `koanf:"startup_check_address"`
	DisableRequireTLS   bool          `koanf:"disable_require_tls"`
	DisableHTMLEmails   bool          `koanf:"disable_html_emails"`
	TLS                 *TLSConfig    `koanf:"tls"`
}

SMTPNotifierConfiguration represents the configuration of the SMTP server to send emails with.

type SQLStorageConfiguration

type SQLStorageConfiguration struct {
	Host     string        `koanf:"host"`
	Port     int           `koanf:"port"`
	Database string        `koanf:"database"`
	Username string        `koanf:"username"`
	Password string        `koanf:"password"`
	Timeout  time.Duration `koanf:"timeout"`
}

SQLStorageConfiguration represents the configuration of the SQL database.

type ServerConfiguration

type ServerConfiguration struct {
	Host               string `koanf:"host"`
	Port               int    `koanf:"port"`
	Path               string `koanf:"path"`
	AssetPath          string `koanf:"asset_path"`
	ReadBufferSize     int    `koanf:"read_buffer_size"`
	WriteBufferSize    int    `koanf:"write_buffer_size"`
	EnablePprof        bool   `koanf:"enable_endpoint_pprof"`
	EnableExpvars      bool   `koanf:"enable_endpoint_expvars"`
	DisableHealthcheck bool   `koanf:"disable_healthcheck"`

	TLS ServerTLSConfiguration `koanf:"tls"`
}

ServerConfiguration represents the configuration of the http server.

type ServerTLSConfiguration

type ServerTLSConfiguration struct {
	Certificate string `koanf:"certificate"`
	Key         string `koanf:"key"`
}

ServerTLSConfiguration represents the configuration of the http servers TLS options.

type SessionConfiguration

type SessionConfiguration struct {
	Name               string                     `koanf:"name"`
	Domain             string                     `koanf:"domain"`
	SameSite           string                     `koanf:"same_site"`
	Secret             string                     `koanf:"secret"`
	Expiration         string                     `koanf:"expiration"`
	Inactivity         string                     `koanf:"inactivity"`
	RememberMeDuration string                     `koanf:"remember_me_duration"`
	Redis              *RedisSessionConfiguration `koanf:"redis"`
}

SessionConfiguration represents the configuration related to user sessions.

type StorageConfiguration

type StorageConfiguration struct {
	Local      *LocalStorageConfiguration      `koanf:"local"`
	MySQL      *MySQLStorageConfiguration      `koanf:"mysql"`
	PostgreSQL *PostgreSQLStorageConfiguration `koanf:"postgres"`

	EncryptionKey string `koanf:"encryption_key"`
}

StorageConfiguration represents the configuration of the storage backend.

type StructValidator

type StructValidator struct {
	// contains filtered or unexported fields
}

StructValidator is a validator for structs.

func NewStructValidator

func NewStructValidator() *StructValidator

NewStructValidator is a constructor of struct validator.

func (*StructValidator) Clear

func (v *StructValidator) Clear()

Clear errors and warnings.

func (*StructValidator) Errors

func (v *StructValidator) Errors() []error

Errors returns the errors.

func (*StructValidator) HasErrors

func (v *StructValidator) HasErrors() bool

HasErrors checks whether the validator contains errors.

func (*StructValidator) HasWarnings

func (v *StructValidator) HasWarnings() bool

HasWarnings checks whether the validator contains warning errors.

func (*StructValidator) Push

func (v *StructValidator) Push(err error)

Push an error to the validator.

func (*StructValidator) PushWarning

func (v *StructValidator) PushWarning(err error)

PushWarning error to the validator.

func (*StructValidator) Warnings

func (v *StructValidator) Warnings() []error

Warnings returns the warnings.

type TLSConfig

type TLSConfig struct {
	MinimumVersion string `koanf:"minimum_version"`
	SkipVerify     bool   `koanf:"skip_verify"`
	ServerName     string `koanf:"server_name"`
}

TLSConfig is a representation of the TLS configuration.

type TOTPConfiguration

type TOTPConfiguration struct {
	Issuer    string `koanf:"issuer"`
	Algorithm string `koanf:"algorithm"`
	Digits    uint   `koanf:"digits"`
	Period    uint   `koanf:"period"`
	Skew      *uint  `koanf:"skew"`
}

TOTPConfiguration represents the configuration related to TOTP options.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL