schema

package
Version: v4.37.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// TLSVersion13 is the textual representation of TLS 1.3.
	TLSVersion13 = "TLS1.3"

	// TLSVersion12 is the textual representation of TLS 1.2.
	TLSVersion12 = "TLS1.2"

	// TLSVersion11 is the textual representation of TLS 1.1.
	TLSVersion11 = "TLS1.1"

	// TLSVersion10 is the textual representation of TLS 1.0.
	TLSVersion10 = "TLS1.0"

	// SSLVersion30 is the textual representation of SSL 3.0.
	SSLVersion30 = "SSL3.0"

	// Version13 is the textual representation of version 1.3.
	Version13 = "1.3"

	// Version12 is the textual representation of version 1.2.
	Version12 = "1.2"

	// Version11 is the textual representation of version 1.1.
	Version11 = "1.1"

	// Version10 is the textual representation of version 1.0.
	Version10 = "1.0"
)
View Source
const (
	// ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
	ProfileRefreshAlways = "always"

	// RefreshIntervalDefault represents the default value of refresh_interval.
	RefreshIntervalDefault = "5m"

	// RefreshIntervalAlways represents the duration value refresh interval should have if set to always.
	RefreshIntervalAlways = 0 * time.Millisecond
)
View Source
const (
	// LDAPImplementationCustom is the string for the custom LDAP implementation.
	LDAPImplementationCustom = "custom"

	// LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation.
	LDAPImplementationActiveDirectory = "activedirectory"
)
View Source
const (
	TOTPAlgorithmSHA1   = "SHA1"
	TOTPAlgorithmSHA256 = "SHA256"
	TOTPAlgorithmSHA512 = "SHA512"
)

TOTP Algorithm.

View Source
const (
	// TOTPSecretSizeDefault is the default secret size.
	TOTPSecretSizeDefault = 32

	// TOTPSecretSizeMinimum is the minimum secret size.
	TOTPSecretSizeMinimum = 20
)
View Source
const ProfileRefreshDisabled = "disable"

ProfileRefreshDisabled represents a Value for refresh_interval that disables the check entirely.

View Source
const (
	// RememberMeDisabled represents the duration for a disabled remember me session configuration.
	RememberMeDisabled = time.Second * -1
)

Variables

View Source
var DefaultACLNetwork = []ACLNetwork{
	{
		Name:     "localhost",
		Networks: []string{"127.0.0.1"},
	},
	{
		Name:     "internal",
		Networks: []string{"10.0.0.0/8"},
	},
}

DefaultACLNetwork represents the default configuration related to access control network group configuration.

View Source
var DefaultACLRule = []ACLRule{
	{
		Domains: []string{"public.example.com"},
		Policy:  "bypass",
	},
	{
		Domains: []string{"singlefactor.example.com"},
		Policy:  "one_factor",
	},
	{
		Domains: []string{"secure.example.com"},
		Policy:  "two_factor",
	},
}

DefaultACLRule represents the default configuration related to access control rule configuration.

View Source
var DefaultCIPasswordConfig = Password{
	Algorithm: argon2,
	Argon2: Argon2Password{
		Iterations:  3,
		Memory:      64,
		Parallelism: 4,
		KeyLength:   32,
		SaltLength:  16,
	},
	SHA2Crypt: SHA2CryptPassword{
		Variant:    sha512,
		Iterations: 50000,
		SaltLength: 16,
	},
}

DefaultCIPasswordConfig represents the default configuration related to Argon2id hashing for CI.

View Source
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = LDAPAuthenticationBackend{
	UsersFilter:          "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0)))",
	UsernameAttribute:    "sAMAccountName",
	MailAttribute:        "mail",
	DisplayNameAttribute: "displayName",
	GroupsFilter:         "(&(member={dn})(objectClass=group))",
	GroupNameAttribute:   "cn",
	Timeout:              time.Second * 5,
	TLS: &TLSConfig{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the MSAD Implementation.

View Source
var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = LDAPAuthenticationBackend{
	UsernameAttribute:    "uid",
	MailAttribute:        "mail",
	DisplayNameAttribute: "displayName",
	GroupNameAttribute:   "cn",
	Timeout:              time.Second * 5,
	TLS: &TLSConfig{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultLDAPAuthenticationBackendConfigurationImplementationCustom represents the default LDAP config.

View Source
var DefaultLoggingConfiguration = LogConfiguration{
	Level:  "info",
	Format: "text",
}

DefaultLoggingConfiguration is the default logging configuration.

View Source
var DefaultMySQLStorageConfiguration = MySQLStorageConfiguration{
	TLS: &TLSConfig{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultMySQLStorageConfiguration represents the default MySQL configuration.

View Source
var DefaultNTPConfiguration = NTPConfiguration{
	Address:       "time.cloudflare.com:123",
	Version:       4,
	MaximumDesync: time.Second * 3,
}

DefaultNTPConfiguration represents default configuration parameters for the NTP server.

View Source
var DefaultOpenIDConnectClientConfiguration = OpenIDConnectClientConfiguration{
	Policy:        "two_factor",
	Scopes:        []string{"openid", "groups", "profile", "email"},
	GrantTypes:    []string{"refresh_token", "authorization_code"},
	ResponseTypes: []string{"code"},
	ResponseModes: []string{"form_post", "query", "fragment"},

	UserinfoSigningAlgorithm:     "none",
	ConsentMode:                  "auto",
	ConsentPreConfiguredDuration: &defaultOIDCClientConsentPreConfiguredDuration,
}

DefaultOpenIDConnectClientConfiguration contains defaults for OIDC Clients.

View Source
var DefaultOpenIDConnectConfiguration = OpenIDConnectConfiguration{
	AccessTokenLifespan:   time.Hour,
	AuthorizeCodeLifespan: time.Minute,
	IDTokenLifespan:       time.Hour,
	RefreshTokenLifespan:  time.Minute * 90,
	EnforcePKCE:           "public_clients_only",
}

DefaultOpenIDConnectConfiguration contains defaults for OIDC.

View Source
var DefaultPasswordConfig = Password{
	Algorithm: argon2,
	Argon2: Argon2Password{
		Variant:     argon2id,
		Iterations:  3,
		Memory:      64 * 1024,
		Parallelism: 4,
		KeyLength:   32,
		SaltLength:  16,
	},
	SHA2Crypt: SHA2CryptPassword{
		Variant:    sha512,
		Iterations: 50000,
		SaltLength: 16,
	},
	PBKDF2: PBKDF2Password{
		Variant:    sha512,
		Iterations: 310000,
		SaltLength: 16,
	},
	BCrypt: BCryptPassword{
		Variant: "standard",
		Cost:    12,
	},
	SCrypt: SCryptPassword{
		Iterations:  16,
		BlockSize:   8,
		Parallelism: 1,
		KeyLength:   32,
		SaltLength:  16,
	},
}

DefaultPasswordConfig represents the default configuration related to Argon2id hashing.

View Source
var DefaultPasswordPolicyConfiguration = PasswordPolicyConfiguration{
	Standard: PasswordPolicyStandardParams{
		Enabled:   false,
		MinLength: 8,
		MaxLength: 0,
	},
	ZXCVBN: PasswordPolicyZXCVBNParams{
		Enabled:  false,
		MinScore: 3,
	},
}

DefaultPasswordPolicyConfiguration is the default password policy configuration.

View Source
var DefaultPostgreSQLStorageConfiguration = PostgreSQLStorageConfiguration{
	Schema: "public",
	TLS: &TLSConfig{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
	SSL: &PostgreSQLSSLStorageConfiguration{
		Mode: "disable",
	},
}

DefaultPostgreSQLStorageConfiguration represents the default PostgreSQL configuration.

View Source
var DefaultRedisConfiguration = RedisSessionConfiguration{
	TLS: &TLSConfig{
		MinimumVersion: TLSVersion{Value: tls.VersionTLS12},
	},
}

DefaultRedisConfiguration is the default redis configuration.

View Source
var DefaultRegulationConfiguration = RegulationConfiguration{
	MaxRetries: 3,
	FindTime:   time.Minute * 2,
	BanTime:    time.Minute * 5,
}

DefaultRegulationConfiguration represents default configuration parameters for the regulator.

View Source
var DefaultSMTPNotifierConfiguration = SMTPNotifierConfiguration{
	Timeout:             time.Second * 5,
	Subject:             "[Authelia] {title}",
	Identifier:          "localhost",
	StartupCheckAddress: mail.Address{Name: "Authelia Test", Address: "test@authelia.com"},
	TLS: &TLSConfig{
		MinimumVersion: TLSVersion{tls.VersionTLS12},
	},
}

DefaultSMTPNotifierConfiguration represents default configuration parameters for the SMTP notifier.

View Source
var DefaultSQLStorageConfiguration = SQLStorageConfiguration{
	Timeout: 5 * time.Second,
}

DefaultSQLStorageConfiguration represents the default SQL configuration.

View Source
var DefaultServerConfiguration = ServerConfiguration{
	Host: "0.0.0.0",
	Port: 9091,
	Buffers: ServerBuffers{
		Read:  4096,
		Write: 4096,
	},
	Timeouts: ServerTimeouts{
		Read:  time.Second * 6,
		Write: time.Second * 6,
		Idle:  time.Second * 30,
	},
}

DefaultServerConfiguration represents the default values of the ServerConfiguration.

View Source
var DefaultSessionConfiguration = SessionConfiguration{
	Name:               "authelia_session",
	Expiration:         time.Hour,
	Inactivity:         time.Minute * 5,
	RememberMeDuration: time.Hour * 24 * 30,
	SameSite:           "lax",
}

DefaultSessionConfiguration is the default session configuration.

View Source
var DefaultTOTPConfiguration = TOTPConfiguration{
	Issuer:     "Authelia",
	Algorithm:  TOTPAlgorithmSHA1,
	Digits:     6,
	Period:     30,
	Skew:       &defaultOtpSkew,
	SecretSize: TOTPSecretSizeDefault,
}

DefaultTOTPConfiguration represents default configuration parameters for TOTP generation.

View Source
var DefaultTelemetryConfig = TelemetryConfig{
	Metrics: TelemetryMetricsConfig{
		Address: &Address{true, "tcp", net.ParseIP("0.0.0.0"), 9959},
		Buffers: ServerBuffers{
			Read:  4096,
			Write: 4096,
		},
		Timeouts: ServerTimeouts{
			Read:  time.Second * 6,
			Write: time.Second * 6,
			Idle:  time.Second * 30,
		},
	},
}

DefaultTelemetryConfig is the default telemetry configuration.

View Source
var DefaultWebauthnConfiguration = WebauthnConfiguration{
	DisplayName: "Authelia",
	Timeout:     time.Second * 60,

	ConveyancePreference: protocol.PreferIndirectAttestation,
	UserVerification:     protocol.VerificationPreferred,
}

DefaultWebauthnConfiguration describes the default values for the WebauthnConfiguration.

View Source
var ErrTLSVersionNotSupported = errors.New("supplied tls version isn't supported")

ErrTLSVersionNotSupported returned when an unknown TLS version supplied.

View Source
var Keys = []string{}/* 248 elements not displayed */

Keys is a list of valid schema keys detected by reflecting over a schema.Configuration struct.

View Source
var (
	// TOTPPossibleAlgorithms is a list of valid TOTP Algorithms.
	TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512}
)

Functions

This section is empty.

Types

type ACLNetwork

type ACLNetwork struct {
	Name     string   `koanf:"name"`
	Networks []string `koanf:"networks"`
}

ACLNetwork represents one ACL network group entry.

type ACLQueryRule added in v4.37.0

type ACLQueryRule struct {
	Operator string `koanf:"operator"`
	Key      string `koanf:"key"`
	Value    any    `koanf:"value"`
}

ACLQueryRule represents the ACL query criteria.

type ACLRule

type ACLRule struct {
	Domains      []string         `koanf:"domain"`
	DomainsRegex []regexp.Regexp  `koanf:"domain_regex"`
	Policy       string           `koanf:"policy"`
	Subjects     [][]string       `koanf:"subject"`
	Networks     []string         `koanf:"networks"`
	Resources    []regexp.Regexp  `koanf:"resources"`
	Methods      []string         `koanf:"methods"`
	Query        [][]ACLQueryRule `koanf:"query"`
}

ACLRule represents one ACL rule entry.

type AccessControlConfiguration

type AccessControlConfiguration struct {
	DefaultPolicy string       `koanf:"default_policy"`
	Networks      []ACLNetwork `koanf:"networks"`
	Rules         []ACLRule    `koanf:"rules"`
}

AccessControlConfiguration represents the configuration related to ACLs.

type Address added in v4.36.0

type Address struct {
	Scheme string
	IP     net.IP
	Port   int
	// contains filtered or unexported fields
}

Address represents an address.

func NewAddressFromString added in v4.36.0

func NewAddressFromString(a string) (addr *Address, err error)

NewAddressFromString returns an *Address and error depending on the ability to parse the string as an Address.

func NewAddressFromURL added in v4.36.2

func NewAddressFromURL(u *url.URL) (addr *Address, err error)

NewAddressFromURL returns an *Address and error depending on the ability to parse the *url.URL as an Address.

func (Address) HostPort added in v4.36.0

func (a Address) HostPort() string

HostPort returns a string representation of the Address with just the host and port.

func (Address) Listener added in v4.36.0

func (a Address) Listener() (net.Listener, error)

Listener creates and returns a net.Listener.

func (Address) String added in v4.36.0

func (a Address) String() string

String returns a string representation of the Address.

func (Address) Valid added in v4.36.0

func (a Address) Valid() bool

Valid returns true if the Address is valid.

type Argon2Password added in v4.37.0

type Argon2Password struct {
	Variant     string `koanf:"variant"`
	Iterations  int    `koanf:"iterations"`
	Memory      int    `koanf:"memory"`
	Parallelism int    `koanf:"parallelism"`
	KeyLength   int    `koanf:"key_length"`
	SaltLength  int    `koanf:"salt_length"`
}

Argon2Password represents the argon2 hashing settings.

type AuthenticationBackend added in v4.37.0

type AuthenticationBackend struct {
	PasswordReset PasswordResetAuthenticationBackend `koanf:"password_reset"`

	RefreshInterval string `koanf:"refresh_interval"`

	File *FileAuthenticationBackend `koanf:"file"`
	LDAP *LDAPAuthenticationBackend `koanf:"ldap"`
}

AuthenticationBackend represents the configuration related to the authentication backend.

type BCryptPassword added in v4.37.0

type BCryptPassword struct {
	Variant string `koanf:"variant"`
	Cost    int    `koanf:"cost"`
}

BCryptPassword represents the bcrypt hashing settings.

type Configuration

type Configuration struct {
	Theme                 string `koanf:"theme"`
	CertificatesDirectory string `koanf:"certificates_directory"`
	JWTSecret             string `koanf:"jwt_secret"`
	DefaultRedirectionURL string `koanf:"default_redirection_url"`
	Default2FAMethod      string `koanf:"default_2fa_method"`

	Log                   LogConfiguration               `koanf:"log"`
	IdentityProviders     IdentityProvidersConfiguration `koanf:"identity_providers"`
	AuthenticationBackend AuthenticationBackend          `koanf:"authentication_backend"`
	Session               SessionConfiguration           `koanf:"session"`
	TOTP                  TOTPConfiguration              `koanf:"totp"`
	DuoAPI                DuoAPIConfiguration            `koanf:"duo_api"`
	AccessControl         AccessControlConfiguration     `koanf:"access_control"`
	NTP                   NTPConfiguration               `koanf:"ntp"`
	Regulation            RegulationConfiguration        `koanf:"regulation"`
	Storage               StorageConfiguration           `koanf:"storage"`
	Notifier              NotifierConfiguration          `koanf:"notifier"`
	Server                ServerConfiguration            `koanf:"server"`
	Telemetry             TelemetryConfig                `koanf:"telemetry"`
	Webauthn              WebauthnConfiguration          `koanf:"webauthn"`
	PasswordPolicy        PasswordPolicyConfiguration    `koanf:"password_policy"`
}

Configuration object extracted from YAML configuration file.

type CryptographicPrivateKey added in v4.37.0

type CryptographicPrivateKey interface {
	Public() crypto.PublicKey
	Equal(x crypto.PrivateKey) bool
}

CryptographicPrivateKey represents the actual crypto.PrivateKey interface.

type DuoAPIConfiguration

type DuoAPIConfiguration struct {
	Disable              bool   `koanf:"disable"`
	Hostname             string `koanf:"hostname"`
	IntegrationKey       string `koanf:"integration_key"`
	SecretKey            string `koanf:"secret_key"`
	EnableSelfEnrollment bool   `koanf:"enable_self_enrollment"`
}

DuoAPIConfiguration represents the configuration related to Duo API.

type ErrorContainer

type ErrorContainer interface {
	Push(err error)
	PushWarning(err error)
	HasErrors() bool
	HasWarnings() bool
	Errors() []error
	Warnings() []error
}

ErrorContainer represents a container where we can add errors and retrieve them.

type FileAuthenticationBackend added in v4.37.0

type FileAuthenticationBackend struct {
	Path     string   `koanf:"path"`
	Watch    bool     `koanf:"watch"`
	Password Password `koanf:"password"`

	Search FileSearchAuthenticationBackend `koanf:"search"`
}

FileAuthenticationBackend represents the configuration related to file-based backend.

type FileSearchAuthenticationBackend added in v4.37.0

type FileSearchAuthenticationBackend struct {
	Email           bool `koanf:"email"`
	CaseInsensitive bool `koanf:"case_insensitive"`
}

FileSearchAuthenticationBackend represents the configuration related to file-based backend searching.

type FileSystemNotifierConfiguration

type FileSystemNotifierConfiguration struct {
	Filename string `koanf:"filename"`
}

FileSystemNotifierConfiguration represents the configuration of the notifier writing emails in a file.

type IdentityProvidersConfiguration

type IdentityProvidersConfiguration struct {
	OIDC *OpenIDConnectConfiguration `koanf:"oidc"`
}

IdentityProvidersConfiguration represents the IdentityProviders 2.0 configuration for Authelia.

type LDAPAuthenticationBackend added in v4.37.0

type LDAPAuthenticationBackend struct {
	Implementation string        `koanf:"implementation"`
	URL            string        `koanf:"url"`
	Timeout        time.Duration `koanf:"timeout"`
	StartTLS       bool          `koanf:"start_tls"`
	TLS            *TLSConfig    `koanf:"tls"`

	BaseDN string `koanf:"base_dn"`

	AdditionalUsersDN string `koanf:"additional_users_dn"`
	UsersFilter       string `koanf:"users_filter"`

	AdditionalGroupsDN string `koanf:"additional_groups_dn"`
	GroupsFilter       string `koanf:"groups_filter"`

	GroupNameAttribute   string `koanf:"group_name_attribute"`
	UsernameAttribute    string `koanf:"username_attribute"`
	MailAttribute        string `koanf:"mail_attribute"`
	DisplayNameAttribute string `koanf:"display_name_attribute"`

	PermitReferrals               bool `koanf:"permit_referrals"`
	PermitUnauthenticatedBind     bool `koanf:"permit_unauthenticated_bind"`
	PermitFeatureDetectionFailure bool `koanf:"permit_feature_detection_failure"`

	User     string `koanf:"user"`
	Password string `koanf:"password"`
}

LDAPAuthenticationBackend represents the configuration related to LDAP server.

type LocalStorageConfiguration

type LocalStorageConfiguration struct {
	Path string `koanf:"path"`
}

LocalStorageConfiguration represents the configuration when using local storage.

type LogConfiguration

type LogConfiguration struct {
	Level      string `koanf:"level"`
	Format     string `koanf:"format"`
	FilePath   string `koanf:"file_path"`
	KeepStdout bool   `koanf:"keep_stdout"`
}

LogConfiguration represents the logging configuration.

type MySQLStorageConfiguration

type MySQLStorageConfiguration struct {
	SQLStorageConfiguration `koanf:",squash"`

	TLS *TLSConfig `koanf:"tls"`
}

MySQLStorageConfiguration represents the configuration of a MySQL database.

type NTPConfiguration added in v4.31.0

type NTPConfiguration struct {
	Address             string        `koanf:"address"`
	Version             int           `koanf:"version"`
	MaximumDesync       time.Duration `koanf:"max_desync"`
	DisableStartupCheck bool          `koanf:"disable_startup_check"`
	DisableFailure      bool          `koanf:"disable_failure"`
}

NTPConfiguration represents the configuration related to ntp server.

type NotifierConfiguration

type NotifierConfiguration struct {
	DisableStartupCheck bool                             `koanf:"disable_startup_check"`
	FileSystem          *FileSystemNotifierConfiguration `koanf:"filesystem"`
	SMTP                *SMTPNotifierConfiguration       `koanf:"smtp"`
	TemplatePath        string                           `koanf:"template_path"`
}

NotifierConfiguration represents the configuration of the notifier to use when sending notifications to users.

type OpenIDConnectCORSConfiguration added in v4.35.0

type OpenIDConnectCORSConfiguration struct {
	Endpoints      []string  `koanf:"endpoints"`
	AllowedOrigins []url.URL `koanf:"allowed_origins"`

	AllowedOriginsFromClientRedirectURIs bool `koanf:"allowed_origins_from_client_redirect_uris"`
}

OpenIDConnectCORSConfiguration represents an OpenID Connect CORS config.

type OpenIDConnectClientConfiguration

type OpenIDConnectClientConfiguration struct {
	ID               string          `koanf:"id"`
	Description      string          `koanf:"description"`
	Secret           *PasswordDigest `koanf:"secret"`
	SectorIdentifier url.URL         `koanf:"sector_identifier"`
	Public           bool            `koanf:"public"`

	RedirectURIs []string `koanf:"redirect_uris"`

	Audience      []string `koanf:"audience"`
	Scopes        []string `koanf:"scopes"`
	GrantTypes    []string `koanf:"grant_types"`
	ResponseTypes []string `koanf:"response_types"`
	ResponseModes []string `koanf:"response_modes"`

	UserinfoSigningAlgorithm string `koanf:"userinfo_signing_algorithm"`

	Policy string `koanf:"authorization_policy"`

	ConsentMode                  string         `koanf:"consent_mode"`
	ConsentPreConfiguredDuration *time.Duration `koanf:"pre_configured_consent_duration"`
}

OpenIDConnectClientConfiguration configuration for an OpenID Connect client.

type OpenIDConnectConfiguration

type OpenIDConnectConfiguration struct {
	HMACSecret             string               `koanf:"hmac_secret"`
	IssuerCertificateChain X509CertificateChain `koanf:"issuer_certificate_chain"`
	IssuerPrivateKey       *rsa.PrivateKey      `koanf:"issuer_private_key"`

	AccessTokenLifespan   time.Duration `koanf:"access_token_lifespan"`
	AuthorizeCodeLifespan time.Duration `koanf:"authorize_code_lifespan"`
	IDTokenLifespan       time.Duration `koanf:"id_token_lifespan"`
	RefreshTokenLifespan  time.Duration `koanf:"refresh_token_lifespan"`

	EnableClientDebugMessages bool `koanf:"enable_client_debug_messages"`
	MinimumParameterEntropy   int  `koanf:"minimum_parameter_entropy"`

	EnforcePKCE              string `koanf:"enforce_pkce"`
	EnablePKCEPlainChallenge bool   `koanf:"enable_pkce_plain_challenge"`

	CORS OpenIDConnectCORSConfiguration `koanf:"cors"`

	Clients []OpenIDConnectClientConfiguration `koanf:"clients"`
}

OpenIDConnectConfiguration configuration for OpenID Connect.

type PBKDF2Password added in v4.37.0

type PBKDF2Password struct {
	Variant    string `koanf:"variant"`
	Iterations int    `koanf:"iterations"`
	SaltLength int    `koanf:"salt_length"`
}

PBKDF2Password represents the PBKDF2 hashing settings.

type Password added in v4.37.0

type Password struct {
	Algorithm string `koanf:"algorithm"`

	Argon2    Argon2Password    `koanf:"argon2"`
	SHA2Crypt SHA2CryptPassword `koanf:"sha2crypt"`
	PBKDF2    PBKDF2Password    `koanf:"pbkdf2"`
	BCrypt    BCryptPassword    `koanf:"bcrypt"`
	SCrypt    SCryptPassword    `koanf:"scrypt"`

	Iterations  int `koanf:"iterations"`
	Memory      int `koanf:"memory"`
	Parallelism int `koanf:"parallelism"`
	KeyLength   int `koanf:"key_length"`
	SaltLength  int `koanf:"salt_length"`
}

Password represents the configuration related to password hashing.

type PasswordDigest added in v4.37.0

type PasswordDigest struct {
	crypt.Digest
}

PasswordDigest is a configuration type for the crypt.Digest.

func NewPasswordDigest added in v4.37.0

func NewPasswordDigest(value string, plaintext bool) (digest *PasswordDigest, err error)

NewPasswordDigest returns a new PasswordDigest.

type PasswordPolicyConfiguration added in v4.35.0

type PasswordPolicyConfiguration struct {
	Standard PasswordPolicyStandardParams `koanf:"standard"`
	ZXCVBN   PasswordPolicyZXCVBNParams   `koanf:"zxcvbn"`
}

PasswordPolicyConfiguration represents the configuration related to password policy.

type PasswordPolicyStandardParams added in v4.35.0

type PasswordPolicyStandardParams struct {
	Enabled          bool `koanf:"enabled"`
	MinLength        int  `koanf:"min_length"`
	MaxLength        int  `koanf:"max_length"`
	RequireUppercase bool `koanf:"require_uppercase"`
	RequireLowercase bool `koanf:"require_lowercase"`
	RequireNumber    bool `koanf:"require_number"`
	RequireSpecial   bool `koanf:"require_special"`
}

PasswordPolicyStandardParams represents the configuration related to standard parameters of password policy.

type PasswordPolicyZXCVBNParams added in v4.35.0

type PasswordPolicyZXCVBNParams struct {
	Enabled  bool `koanf:"enabled"`
	MinScore int  `koanf:"min_score"`
}

PasswordPolicyZXCVBNParams represents the configuration related to ZXCVBN parameters of password policy.

type PasswordResetAuthenticationBackend added in v4.37.0

type PasswordResetAuthenticationBackend struct {
	Disable   bool    `koanf:"disable"`
	CustomURL url.URL `koanf:"custom_url"`
}

PasswordResetAuthenticationBackend represents the configuration related to password reset functionality.

type PostgreSQLSSLStorageConfiguration added in v4.33.0

type PostgreSQLSSLStorageConfiguration struct {
	Mode            string `koanf:"mode"`
	RootCertificate string `koanf:"root_certificate"`
	Certificate     string `koanf:"certificate"`
	Key             string `koanf:"key"`
}

PostgreSQLSSLStorageConfiguration represents the SSL configuration of a PostgreSQL database.

type PostgreSQLStorageConfiguration

type PostgreSQLStorageConfiguration struct {
	SQLStorageConfiguration `koanf:",squash"`
	Schema                  string `koanf:"schema"`

	TLS *TLSConfig `koanf:"tls"`

	SSL *PostgreSQLSSLStorageConfiguration `koanf:"ssl"`
}

PostgreSQLStorageConfiguration represents the configuration of a PostgreSQL database.

type RedisHighAvailabilityConfiguration

type RedisHighAvailabilityConfiguration struct {
	SentinelName     string      `koanf:"sentinel_name"`
	SentinelUsername string      `koanf:"sentinel_username"`
	SentinelPassword string      `koanf:"sentinel_password"`
	Nodes            []RedisNode `koanf:"nodes"`
	RouteByLatency   bool        `koanf:"route_by_latency"`
	RouteRandomly    bool        `koanf:"route_randomly"`
}

RedisHighAvailabilityConfiguration holds configuration variables for Redis Cluster/Sentinel.

type RedisNode

type RedisNode struct {
	Host string `koanf:"host"`
	Port int    `koanf:"port"`
}

RedisNode Represents a Node.

type RedisSessionConfiguration

type RedisSessionConfiguration struct {
	Host                     string                              `koanf:"host"`
	Port                     int                                 `koanf:"port"`
	Username                 string                              `koanf:"username"`
	Password                 string                              `koanf:"password"`
	DatabaseIndex            int                                 `koanf:"database_index"`
	MaximumActiveConnections int                                 `koanf:"maximum_active_connections"`
	MinimumIdleConnections   int                                 `koanf:"minimum_idle_connections"`
	TLS                      *TLSConfig                          `koanf:"tls"`
	HighAvailability         *RedisHighAvailabilityConfiguration `koanf:"high_availability"`
}

RedisSessionConfiguration represents the configuration related to redis session store.

type RegulationConfiguration

type RegulationConfiguration struct {
	MaxRetries int           `koanf:"max_retries"`
	FindTime   time.Duration `koanf:"find_time,weak"`
	BanTime    time.Duration `koanf:"ban_time,weak"`
}

RegulationConfiguration represents the configuration related to regulation.

type SCryptPassword added in v4.37.0

type SCryptPassword struct {
	Iterations  int `koanf:"iterations"`
	BlockSize   int `koanf:"block_size"`
	Parallelism int `koanf:"parallelism"`
	KeyLength   int `koanf:"key_length"`
	SaltLength  int `koanf:"salt_length"`
}

SCryptPassword represents the scrypt hashing settings.

type SHA2CryptPassword added in v4.37.0

type SHA2CryptPassword struct {
	Variant    string `koanf:"variant"`
	Iterations int    `koanf:"iterations"`
	SaltLength int    `koanf:"salt_length"`
}

SHA2CryptPassword represents the sha2crypt hashing settings.

type SMTPNotifierConfiguration

type SMTPNotifierConfiguration struct {
	Host                string        `koanf:"host"`
	Port                int           `koanf:"port"`
	Timeout             time.Duration `koanf:"timeout"`
	Username            string        `koanf:"username"`
	Password            string        `koanf:"password"`
	Identifier          string        `koanf:"identifier"`
	Sender              mail.Address  `koanf:"sender"`
	Subject             string        `koanf:"subject"`
	StartupCheckAddress mail.Address  `koanf:"startup_check_address"`
	DisableRequireTLS   bool          `koanf:"disable_require_tls"`
	DisableHTMLEmails   bool          `koanf:"disable_html_emails"`
	DisableStartTLS     bool          `koanf:"disable_starttls"`
	TLS                 *TLSConfig    `koanf:"tls"`
}

SMTPNotifierConfiguration represents the configuration of the SMTP server to send emails with.

type SQLStorageConfiguration

type SQLStorageConfiguration struct {
	Host     string        `koanf:"host"`
	Port     int           `koanf:"port"`
	Database string        `koanf:"database"`
	Username string        `koanf:"username"`
	Password string        `koanf:"password"`
	Timeout  time.Duration `koanf:"timeout"`
}

SQLStorageConfiguration represents the configuration of the SQL database.

type ServerBuffers added in v4.36.4

type ServerBuffers struct {
	Read  int `koanf:"read"`
	Write int `koanf:"write"`
}

ServerBuffers represents server buffer configurations.

type ServerConfiguration

type ServerConfiguration struct {
	Host               string `koanf:"host"`
	Port               int    `koanf:"port"`
	Path               string `koanf:"path"`
	AssetPath          string `koanf:"asset_path"`
	EnablePprof        bool   `koanf:"enable_pprof"`
	EnableExpvars      bool   `koanf:"enable_expvars"`
	DisableHealthcheck bool   `koanf:"disable_healthcheck"`

	TLS     ServerTLSConfiguration     `koanf:"tls"`
	Headers ServerHeadersConfiguration `koanf:"headers"`

	Buffers  ServerBuffers  `koanf:"buffers"`
	Timeouts ServerTimeouts `koanf:"timeouts"`
}

ServerConfiguration represents the configuration of the http server.

type ServerHeadersConfiguration added in v4.34.0

type ServerHeadersConfiguration struct {
	CSPTemplate string `koanf:"csp_template"`
}

ServerHeadersConfiguration represents the customization of the http server headers.

type ServerTLSConfiguration

type ServerTLSConfiguration struct {
	Certificate        string   `koanf:"certificate"`
	Key                string   `koanf:"key"`
	ClientCertificates []string `koanf:"client_certificates"`
}

ServerTLSConfiguration represents the configuration of the http servers TLS options.

type ServerTimeouts added in v4.36.4

type ServerTimeouts struct {
	Read  time.Duration `koanf:"read"`
	Write time.Duration `koanf:"write"`
	Idle  time.Duration `koanf:"idle"`
}

ServerTimeouts represents server timeout configurations.

type SessionConfiguration

type SessionConfiguration struct {
	Name               string        `koanf:"name"`
	Domain             string        `koanf:"domain"`
	SameSite           string        `koanf:"same_site"`
	Secret             string        `koanf:"secret"`
	Expiration         time.Duration `koanf:"expiration"`
	Inactivity         time.Duration `koanf:"inactivity"`
	RememberMeDuration time.Duration `koanf:"remember_me_duration"`

	Redis *RedisSessionConfiguration `koanf:"redis"`
}

SessionConfiguration represents the configuration related to user sessions.

type StorageConfiguration

type StorageConfiguration struct {
	Local      *LocalStorageConfiguration      `koanf:"local"`
	MySQL      *MySQLStorageConfiguration      `koanf:"mysql"`
	PostgreSQL *PostgreSQLStorageConfiguration `koanf:"postgres"`

	EncryptionKey string `koanf:"encryption_key"`
}

StorageConfiguration represents the configuration of the storage backend.

type StructValidator

type StructValidator struct {
	// contains filtered or unexported fields
}

StructValidator is a validator for structs.

func NewStructValidator

func NewStructValidator() *StructValidator

NewStructValidator is a constructor of struct validator.

func (*StructValidator) Clear

func (v *StructValidator) Clear()

Clear errors and warnings.

func (*StructValidator) Errors

func (v *StructValidator) Errors() []error

Errors returns the errors.

func (*StructValidator) HasErrors

func (v *StructValidator) HasErrors() bool

HasErrors checks whether the validator contains errors.

func (*StructValidator) HasWarnings

func (v *StructValidator) HasWarnings() bool

HasWarnings checks whether the validator contains warning errors.

func (*StructValidator) Push

func (v *StructValidator) Push(err error)

Push an error to the validator.

func (*StructValidator) PushWarning

func (v *StructValidator) PushWarning(err error)

PushWarning error to the validator.

func (*StructValidator) Warnings

func (v *StructValidator) Warnings() []error

Warnings returns the warnings.

type TLSCertificateConfig added in v4.37.0

type TLSCertificateConfig struct {
	Key              CryptographicPrivateKey `koanf:"key"`
	CertificateChain X509CertificateChain    `koanf:"certificate_chain"`
}

TLSCertificateConfig is a representation of the TLS Certificate configuration.

type TLSConfig

type TLSConfig struct {
	MinimumVersion TLSVersion `koanf:"minimum_version"`
	MaximumVersion TLSVersion `koanf:"maximum_version"`

	SkipVerify bool   `koanf:"skip_verify"`
	ServerName string `koanf:"server_name"`

	PrivateKey       CryptographicPrivateKey `koanf:"private_key"`
	CertificateChain X509CertificateChain    `koanf:"certificate_chain"`
}

TLSConfig is a representation of the TLS configuration.

type TLSVersion added in v4.37.0

type TLSVersion struct {
	Value uint16
}

TLSVersion is a struct which handles tls.Config versions.

func NewTLSVersion added in v4.37.0

func NewTLSVersion(input string) (version *TLSVersion, err error)

NewTLSVersion returns a new TLSVersion given a string.

func (*TLSVersion) MaxVersion added in v4.37.0

func (v *TLSVersion) MaxVersion() uint16

MaxVersion returns the value of this as a MaxVersion value.

func (*TLSVersion) MinVersion added in v4.37.0

func (v *TLSVersion) MinVersion() uint16

MinVersion returns the value of this as a MinVersion value.

func (*TLSVersion) String added in v4.37.0

func (v *TLSVersion) String() string

String provides the Stringer.

type TOTPConfiguration

type TOTPConfiguration struct {
	Disable    bool   `koanf:"disable"`
	Issuer     string `koanf:"issuer"`
	Algorithm  string `koanf:"algorithm"`
	Digits     uint   `koanf:"digits"`
	Period     uint   `koanf:"period"`
	Skew       *uint  `koanf:"skew"`
	SecretSize uint   `koanf:"secret_size"`
}

TOTPConfiguration represents the configuration related to TOTP options.

type TelemetryConfig added in v4.36.0

type TelemetryConfig struct {
	Metrics TelemetryMetricsConfig `koanf:"metrics"`
}

TelemetryConfig represents the telemetry config.

type TelemetryMetricsConfig added in v4.36.0

type TelemetryMetricsConfig struct {
	Enabled bool     `koanf:"enabled"`
	Address *Address `koanf:"address"`

	Buffers  ServerBuffers  `koanf:"buffers"`
	Timeouts ServerTimeouts `koanf:"timeouts"`
}

TelemetryMetricsConfig represents the telemetry metrics config.

type WebauthnConfiguration added in v4.34.0

type WebauthnConfiguration struct {
	Disable     bool   `koanf:"disable"`
	DisplayName string `koanf:"display_name"`

	ConveyancePreference protocol.ConveyancePreference        `koanf:"attestation_conveyance_preference"`
	UserVerification     protocol.UserVerificationRequirement `koanf:"user_verification"`

	Timeout time.Duration `koanf:"timeout"`
}

WebauthnConfiguration represents the webauthn config.

type X509CertificateChain added in v4.37.0

type X509CertificateChain struct {
	// contains filtered or unexported fields
}

X509CertificateChain is a helper struct that holds a list of *x509.Certificate's.

func NewX509CertificateChain added in v4.37.0

func NewX509CertificateChain(in string) (chain *X509CertificateChain, err error)

NewX509CertificateChain creates a new *X509CertificateChain from a given string, parsing each PEM block one by one.

func (*X509CertificateChain) Certificates added in v4.37.0

func (c *X509CertificateChain) Certificates() (certificates []*x509.Certificate)

Certificates for this X509CertificateChain.

func (*X509CertificateChain) CertificatesRaw added in v4.37.0

func (c *X509CertificateChain) CertificatesRaw() (certificates [][]byte)

CertificatesRaw for this X509CertificateChain.

func (*X509CertificateChain) Equal added in v4.37.0

func (c *X509CertificateChain) Equal(other *x509.Certificate) (equal bool)

Equal checks if the provided *x509.Certificate is equal to the first *x509.Certificate in the chain.

func (*X509CertificateChain) EqualKey added in v4.37.0

func (c *X509CertificateChain) EqualKey(other any) (equal bool)

EqualKey checks if the provided key (public or private) has a public key equal to the first public key in this chain.

func (*X509CertificateChain) HasCertificates added in v4.37.0

func (c *X509CertificateChain) HasCertificates() (has bool)

HasCertificates returns true if the chain has any certificates.

func (*X509CertificateChain) Leaf added in v4.37.0

func (c *X509CertificateChain) Leaf() (leaf *x509.Certificate)

Leaf returns the first certificate if available for use with tls.Certificate.

func (*X509CertificateChain) Thumbprint added in v4.37.0

func (c *X509CertificateChain) Thumbprint(hash crypto.Hash) []byte

Thumbprint returns the Thumbprint for the first certificate.

func (*X509CertificateChain) Validate added in v4.37.0

func (c *X509CertificateChain) Validate() (err error)

Validate the X509CertificateChain ensuring the certificates were provided in the correct order (with nth being signed by the nth+1), and that all of the certificates are valid based on the current time.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL