Documentation ¶
Index ¶
- Constants
- Variables
- type ACLNetwork
- type ACLQueryRule
- type ACLRule
- type AccessControlConfiguration
- type Address
- type Argon2Password
- type AuthenticationBackend
- type BCryptPassword
- type Configuration
- type CryptographicPrivateKey
- type DuoAPIConfiguration
- type ErrorContainer
- type FileAuthenticationBackend
- type FileSearchAuthenticationBackend
- type FileSystemNotifierConfiguration
- type IdentityProvidersConfiguration
- type LDAPAuthenticationBackend
- type LocalStorageConfiguration
- type LogConfiguration
- type MySQLStorageConfiguration
- type NTPConfiguration
- type NotifierConfiguration
- type OpenIDConnectCORSConfiguration
- type OpenIDConnectClientConfiguration
- type OpenIDConnectConfiguration
- type PBKDF2Password
- type Password
- type PasswordDigest
- type PasswordPolicyConfiguration
- type PasswordPolicyStandardParams
- type PasswordPolicyZXCVBNParams
- type PasswordResetAuthenticationBackend
- type PostgreSQLSSLStorageConfiguration
- type PostgreSQLStorageConfiguration
- type RedisHighAvailabilityConfiguration
- type RedisNode
- type RedisSessionConfiguration
- type RegulationConfiguration
- type SCryptPassword
- type SHA2CryptPassword
- type SMTPNotifierConfiguration
- type SQLStorageConfiguration
- type ServerBuffers
- type ServerConfiguration
- type ServerHeadersConfiguration
- type ServerTLSConfiguration
- type ServerTimeouts
- type SessionConfiguration
- type StorageConfiguration
- type StructValidator
- func (v *StructValidator) Clear()
- func (v *StructValidator) Errors() []error
- func (v *StructValidator) HasErrors() bool
- func (v *StructValidator) HasWarnings() bool
- func (v *StructValidator) Push(err error)
- func (v *StructValidator) PushWarning(err error)
- func (v *StructValidator) Warnings() []error
- type TLSCertificateConfig
- type TLSConfig
- type TLSVersion
- type TOTPConfiguration
- type TelemetryConfig
- type TelemetryMetricsConfig
- type WebauthnConfiguration
- type X509CertificateChain
- func (c *X509CertificateChain) Certificates() (certificates []*x509.Certificate)
- func (c *X509CertificateChain) CertificatesRaw() (certificates [][]byte)
- func (c *X509CertificateChain) Equal(other *x509.Certificate) (equal bool)
- func (c *X509CertificateChain) EqualKey(other any) (equal bool)
- func (c *X509CertificateChain) HasCertificates() (has bool)
- func (c *X509CertificateChain) Leaf() (leaf *x509.Certificate)
- func (c *X509CertificateChain) Thumbprint(hash crypto.Hash) []byte
- func (c *X509CertificateChain) Validate() (err error)
Constants ¶
const ( // TLSVersion13 is the textual representation of TLS 1.3. TLSVersion13 = "TLS1.3" // TLSVersion12 is the textual representation of TLS 1.2. TLSVersion12 = "TLS1.2" // TLSVersion11 is the textual representation of TLS 1.1. TLSVersion11 = "TLS1.1" // TLSVersion10 is the textual representation of TLS 1.0. TLSVersion10 = "TLS1.0" // SSLVersion30 is the textual representation of SSL 3.0. SSLVersion30 = "SSL3.0" // Version13 is the textual representation of version 1.3. Version13 = "1.3" // Version12 is the textual representation of version 1.2. Version12 = "1.2" // Version11 is the textual representation of version 1.1. Version11 = "1.1" // Version10 is the textual representation of version 1.0. Version10 = "1.0" )
const ( // ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms. ProfileRefreshAlways = "always" // RefreshIntervalDefault represents the default value of refresh_interval. RefreshIntervalDefault = "5m" // RefreshIntervalAlways represents the duration value refresh interval should have if set to always. RefreshIntervalAlways = 0 * time.Millisecond )
const ( // LDAPImplementationCustom is the string for the custom LDAP implementation. LDAPImplementationCustom = "custom" // LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation. LDAPImplementationActiveDirectory = "activedirectory" )
const ( TOTPAlgorithmSHA1 = "SHA1" TOTPAlgorithmSHA256 = "SHA256" TOTPAlgorithmSHA512 = "SHA512" )
TOTP Algorithm.
const ( // TOTPSecretSizeDefault is the default secret size. TOTPSecretSizeDefault = 32 // TOTPSecretSizeMinimum is the minimum secret size. TOTPSecretSizeMinimum = 20 )
const ProfileRefreshDisabled = "disable"
ProfileRefreshDisabled represents a Value for refresh_interval that disables the check entirely.
const ( // RememberMeDisabled represents the duration for a disabled remember me session configuration. RememberMeDisabled = time.Second * -1 )
Variables ¶
var DefaultACLNetwork = []ACLNetwork{ { Name: "localhost", Networks: []string{"127.0.0.1"}, }, { Name: "internal", Networks: []string{"10.0.0.0/8"}, }, }
DefaultACLNetwork represents the default configuration related to access control network group configuration.
var DefaultACLRule = []ACLRule{ { Domains: []string{"public.example.com"}, Policy: "bypass", }, { Domains: []string{"singlefactor.example.com"}, Policy: "one_factor", }, { Domains: []string{"secure.example.com"}, Policy: "two_factor", }, }
DefaultACLRule represents the default configuration related to access control rule configuration.
var DefaultCIPasswordConfig = Password{ Algorithm: argon2, Argon2: Argon2Password{ Iterations: 3, Memory: 64, Parallelism: 4, KeyLength: 32, SaltLength: 16, }, SHA2Crypt: SHA2CryptPassword{ Variant: sha512, Iterations: 50000, SaltLength: 16, }, }
DefaultCIPasswordConfig represents the default configuration related to Argon2id hashing for CI.
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = LDAPAuthenticationBackend{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0)))", UsernameAttribute: "sAMAccountName", MailAttribute: "mail", DisplayNameAttribute: "displayName", GroupsFilter: "(&(member={dn})(|(sAMAccountType=268435456)(sAMAccountType=536870912)))", GroupNameAttribute: "cn", Timeout: time.Second * 5, TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the MSAD Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = LDAPAuthenticationBackend{ UsernameAttribute: "uid", MailAttribute: "mail", DisplayNameAttribute: "displayName", GroupNameAttribute: "cn", Timeout: time.Second * 5, TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationCustom represents the default LDAP config.
var DefaultLoggingConfiguration = LogConfiguration{
Level: "info",
Format: "text",
}
DefaultLoggingConfiguration is the default logging configuration.
var DefaultMySQLStorageConfiguration = MySQLStorageConfiguration{ TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultMySQLStorageConfiguration represents the default MySQL configuration.
var DefaultNTPConfiguration = NTPConfiguration{ Address: "time.cloudflare.com:123", Version: 4, MaximumDesync: time.Second * 3, }
DefaultNTPConfiguration represents default configuration parameters for the NTP server.
var DefaultOpenIDConnectClientConfiguration = OpenIDConnectClientConfiguration{ Policy: "two_factor", Scopes: []string{"openid", "groups", "profile", "email"}, GrantTypes: []string{"refresh_token", "authorization_code"}, ResponseTypes: []string{"code"}, ResponseModes: []string{"form_post", "query", "fragment"}, UserinfoSigningAlgorithm: "none", ConsentMode: "auto", ConsentPreConfiguredDuration: &defaultOIDCClientConsentPreConfiguredDuration, }
DefaultOpenIDConnectClientConfiguration contains defaults for OIDC Clients.
var DefaultOpenIDConnectConfiguration = OpenIDConnectConfiguration{ AccessTokenLifespan: time.Hour, AuthorizeCodeLifespan: time.Minute, IDTokenLifespan: time.Hour, RefreshTokenLifespan: time.Minute * 90, EnforcePKCE: "public_clients_only", }
DefaultOpenIDConnectConfiguration contains defaults for OIDC.
var DefaultPasswordConfig = Password{ Algorithm: argon2, Argon2: Argon2Password{ Variant: argon2id, Iterations: 3, Memory: 64 * 1024, Parallelism: 4, KeyLength: 32, SaltLength: 16, }, SHA2Crypt: SHA2CryptPassword{ Variant: sha512, Iterations: 50000, SaltLength: 16, }, PBKDF2: PBKDF2Password{ Variant: sha512, Iterations: 310000, SaltLength: 16, }, BCrypt: BCryptPassword{ Variant: "standard", Cost: 12, }, SCrypt: SCryptPassword{ Iterations: 16, BlockSize: 8, Parallelism: 1, KeyLength: 32, SaltLength: 16, }, }
DefaultPasswordConfig represents the default configuration related to Argon2id hashing.
var DefaultPasswordPolicyConfiguration = PasswordPolicyConfiguration{ Standard: PasswordPolicyStandardParams{ Enabled: false, MinLength: 8, MaxLength: 0, }, ZXCVBN: PasswordPolicyZXCVBNParams{ Enabled: false, MinScore: 3, }, }
DefaultPasswordPolicyConfiguration is the default password policy configuration.
var DefaultPostgreSQLStorageConfiguration = PostgreSQLStorageConfiguration{ Schema: "public", TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, SSL: &PostgreSQLSSLStorageConfiguration{ Mode: "disable", }, }
DefaultPostgreSQLStorageConfiguration represents the default PostgreSQL configuration.
var DefaultRedisConfiguration = RedisSessionConfiguration{ TLS: &TLSConfig{ MinimumVersion: TLSVersion{Value: tls.VersionTLS12}, }, }
DefaultRedisConfiguration is the default redis configuration.
var DefaultRegulationConfiguration = RegulationConfiguration{ MaxRetries: 3, FindTime: time.Minute * 2, BanTime: time.Minute * 5, }
DefaultRegulationConfiguration represents default configuration parameters for the regulator.
var DefaultSMTPNotifierConfiguration = SMTPNotifierConfiguration{ Timeout: time.Second * 5, Subject: "[Authelia] {title}", Identifier: "localhost", StartupCheckAddress: mail.Address{Name: "Authelia Test", Address: "test@authelia.com"}, TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultSMTPNotifierConfiguration represents default configuration parameters for the SMTP notifier.
var DefaultSQLStorageConfiguration = SQLStorageConfiguration{ Timeout: 5 * time.Second, }
DefaultSQLStorageConfiguration represents the default SQL configuration.
var DefaultServerConfiguration = ServerConfiguration{ Host: "0.0.0.0", Port: 9091, Buffers: ServerBuffers{ Read: 4096, Write: 4096, }, Timeouts: ServerTimeouts{ Read: time.Second * 6, Write: time.Second * 6, Idle: time.Second * 30, }, }
DefaultServerConfiguration represents the default values of the ServerConfiguration.
var DefaultSessionConfiguration = SessionConfiguration{ Name: "authelia_session", Expiration: time.Hour, Inactivity: time.Minute * 5, RememberMeDuration: time.Hour * 24 * 30, SameSite: "lax", }
DefaultSessionConfiguration is the default session configuration.
var DefaultTOTPConfiguration = TOTPConfiguration{ Issuer: "Authelia", Algorithm: TOTPAlgorithmSHA1, Digits: 6, Period: 30, Skew: &defaultOtpSkew, SecretSize: TOTPSecretSizeDefault, }
DefaultTOTPConfiguration represents default configuration parameters for TOTP generation.
var DefaultTelemetryConfig = TelemetryConfig{ Metrics: TelemetryMetricsConfig{ Address: &Address{true, "tcp", net.ParseIP("0.0.0.0"), 9959}, Buffers: ServerBuffers{ Read: 4096, Write: 4096, }, Timeouts: ServerTimeouts{ Read: time.Second * 6, Write: time.Second * 6, Idle: time.Second * 30, }, }, }
DefaultTelemetryConfig is the default telemetry configuration.
var DefaultWebauthnConfiguration = WebauthnConfiguration{ DisplayName: "Authelia", Timeout: time.Second * 60, ConveyancePreference: protocol.PreferIndirectAttestation, UserVerification: protocol.VerificationPreferred, }
DefaultWebauthnConfiguration describes the default values for the WebauthnConfiguration.
var ErrTLSVersionNotSupported = errors.New("supplied tls version isn't supported")
ErrTLSVersionNotSupported returned when an unknown TLS version supplied.
var Keys = []string{}/* 248 elements not displayed */
Keys is a list of valid schema keys detected by reflecting over a schema.Configuration struct.
var ( // TOTPPossibleAlgorithms is a list of valid TOTP Algorithms. TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512} )
Functions ¶
This section is empty.
Types ¶
type ACLNetwork ¶
ACLNetwork represents one ACL network group entry.
type ACLQueryRule ¶ added in v4.37.0
type ACLQueryRule struct { Operator string `koanf:"operator"` Key string `koanf:"key"` Value any `koanf:"value"` }
ACLQueryRule represents the ACL query criteria.
type ACLRule ¶
type ACLRule struct { Domains []string `koanf:"domain"` DomainsRegex []regexp.Regexp `koanf:"domain_regex"` Policy string `koanf:"policy"` Subjects [][]string `koanf:"subject"` Networks []string `koanf:"networks"` Resources []regexp.Regexp `koanf:"resources"` Methods []string `koanf:"methods"` Query [][]ACLQueryRule `koanf:"query"` }
ACLRule represents one ACL rule entry.
type AccessControlConfiguration ¶
type AccessControlConfiguration struct { DefaultPolicy string `koanf:"default_policy"` Networks []ACLNetwork `koanf:"networks"` Rules []ACLRule `koanf:"rules"` }
AccessControlConfiguration represents the configuration related to ACLs.
type Address ¶ added in v4.36.0
Address represents an address.
func NewAddressFromString ¶ added in v4.36.0
NewAddressFromString returns an *Address and error depending on the ability to parse the string as an Address.
func NewAddressFromURL ¶ added in v4.36.2
NewAddressFromURL returns an *Address and error depending on the ability to parse the *url.URL as an Address.
func (Address) HostPort ¶ added in v4.36.0
HostPort returns a string representation of the Address with just the host and port.
type Argon2Password ¶ added in v4.37.0
type Argon2Password struct { Variant string `koanf:"variant"` Iterations int `koanf:"iterations"` Memory int `koanf:"memory"` Parallelism int `koanf:"parallelism"` KeyLength int `koanf:"key_length"` SaltLength int `koanf:"salt_length"` }
Argon2Password represents the argon2 hashing settings.
type AuthenticationBackend ¶ added in v4.37.0
type AuthenticationBackend struct { PasswordReset PasswordResetAuthenticationBackend `koanf:"password_reset"` RefreshInterval string `koanf:"refresh_interval"` File *FileAuthenticationBackend `koanf:"file"` LDAP *LDAPAuthenticationBackend `koanf:"ldap"` }
AuthenticationBackend represents the configuration related to the authentication backend.
type BCryptPassword ¶ added in v4.37.0
BCryptPassword represents the bcrypt hashing settings.
type Configuration ¶
type Configuration struct { Theme string `koanf:"theme"` CertificatesDirectory string `koanf:"certificates_directory"` JWTSecret string `koanf:"jwt_secret"` DefaultRedirectionURL string `koanf:"default_redirection_url"` Default2FAMethod string `koanf:"default_2fa_method"` Log LogConfiguration `koanf:"log"` IdentityProviders IdentityProvidersConfiguration `koanf:"identity_providers"` AuthenticationBackend AuthenticationBackend `koanf:"authentication_backend"` Session SessionConfiguration `koanf:"session"` TOTP TOTPConfiguration `koanf:"totp"` DuoAPI DuoAPIConfiguration `koanf:"duo_api"` AccessControl AccessControlConfiguration `koanf:"access_control"` NTP NTPConfiguration `koanf:"ntp"` Regulation RegulationConfiguration `koanf:"regulation"` Storage StorageConfiguration `koanf:"storage"` Notifier NotifierConfiguration `koanf:"notifier"` Server ServerConfiguration `koanf:"server"` Telemetry TelemetryConfig `koanf:"telemetry"` Webauthn WebauthnConfiguration `koanf:"webauthn"` PasswordPolicy PasswordPolicyConfiguration `koanf:"password_policy"` }
Configuration object extracted from YAML configuration file.
type CryptographicPrivateKey ¶ added in v4.37.0
type CryptographicPrivateKey interface { Public() crypto.PublicKey Equal(x crypto.PrivateKey) bool }
CryptographicPrivateKey represents the actual crypto.PrivateKey interface.
type DuoAPIConfiguration ¶
type DuoAPIConfiguration struct { Disable bool `koanf:"disable"` Hostname string `koanf:"hostname"` IntegrationKey string `koanf:"integration_key"` SecretKey string `koanf:"secret_key"` EnableSelfEnrollment bool `koanf:"enable_self_enrollment"` }
DuoAPIConfiguration represents the configuration related to Duo API.
type ErrorContainer ¶
type ErrorContainer interface { Push(err error) PushWarning(err error) HasErrors() bool HasWarnings() bool Errors() []error Warnings() []error }
ErrorContainer represents a container where we can add errors and retrieve them.
type FileAuthenticationBackend ¶ added in v4.37.0
type FileAuthenticationBackend struct { Path string `koanf:"path"` Watch bool `koanf:"watch"` Password Password `koanf:"password"` Search FileSearchAuthenticationBackend `koanf:"search"` }
FileAuthenticationBackend represents the configuration related to file-based backend.
type FileSearchAuthenticationBackend ¶ added in v4.37.0
type FileSearchAuthenticationBackend struct { Email bool `koanf:"email"` CaseInsensitive bool `koanf:"case_insensitive"` }
FileSearchAuthenticationBackend represents the configuration related to file-based backend searching.
type FileSystemNotifierConfiguration ¶
type FileSystemNotifierConfiguration struct {
Filename string `koanf:"filename"`
}
FileSystemNotifierConfiguration represents the configuration of the notifier writing emails in a file.
type IdentityProvidersConfiguration ¶
type IdentityProvidersConfiguration struct {
OIDC *OpenIDConnectConfiguration `koanf:"oidc"`
}
IdentityProvidersConfiguration represents the IdentityProviders 2.0 configuration for Authelia.
type LDAPAuthenticationBackend ¶ added in v4.37.0
type LDAPAuthenticationBackend struct { Implementation string `koanf:"implementation"` URL string `koanf:"url"` Timeout time.Duration `koanf:"timeout"` StartTLS bool `koanf:"start_tls"` TLS *TLSConfig `koanf:"tls"` BaseDN string `koanf:"base_dn"` AdditionalUsersDN string `koanf:"additional_users_dn"` UsersFilter string `koanf:"users_filter"` AdditionalGroupsDN string `koanf:"additional_groups_dn"` GroupsFilter string `koanf:"groups_filter"` GroupNameAttribute string `koanf:"group_name_attribute"` UsernameAttribute string `koanf:"username_attribute"` MailAttribute string `koanf:"mail_attribute"` DisplayNameAttribute string `koanf:"display_name_attribute"` PermitReferrals bool `koanf:"permit_referrals"` PermitUnauthenticatedBind bool `koanf:"permit_unauthenticated_bind"` PermitFeatureDetectionFailure bool `koanf:"permit_feature_detection_failure"` User string `koanf:"user"` Password string `koanf:"password"` }
LDAPAuthenticationBackend represents the configuration related to LDAP server.
type LocalStorageConfiguration ¶
type LocalStorageConfiguration struct {
Path string `koanf:"path"`
}
LocalStorageConfiguration represents the configuration when using local storage.
type LogConfiguration ¶
type LogConfiguration struct { Level string `koanf:"level"` Format string `koanf:"format"` FilePath string `koanf:"file_path"` KeepStdout bool `koanf:"keep_stdout"` }
LogConfiguration represents the logging configuration.
type MySQLStorageConfiguration ¶
type MySQLStorageConfiguration struct { SQLStorageConfiguration `koanf:",squash"` TLS *TLSConfig `koanf:"tls"` }
MySQLStorageConfiguration represents the configuration of a MySQL database.
type NTPConfiguration ¶ added in v4.31.0
type NTPConfiguration struct { Address string `koanf:"address"` Version int `koanf:"version"` MaximumDesync time.Duration `koanf:"max_desync"` DisableStartupCheck bool `koanf:"disable_startup_check"` DisableFailure bool `koanf:"disable_failure"` }
NTPConfiguration represents the configuration related to ntp server.
type NotifierConfiguration ¶
type NotifierConfiguration struct { DisableStartupCheck bool `koanf:"disable_startup_check"` FileSystem *FileSystemNotifierConfiguration `koanf:"filesystem"` SMTP *SMTPNotifierConfiguration `koanf:"smtp"` TemplatePath string `koanf:"template_path"` }
NotifierConfiguration represents the configuration of the notifier to use when sending notifications to users.
type OpenIDConnectCORSConfiguration ¶ added in v4.35.0
type OpenIDConnectCORSConfiguration struct { Endpoints []string `koanf:"endpoints"` AllowedOrigins []url.URL `koanf:"allowed_origins"` AllowedOriginsFromClientRedirectURIs bool `koanf:"allowed_origins_from_client_redirect_uris"` }
OpenIDConnectCORSConfiguration represents an OpenID Connect CORS config.
type OpenIDConnectClientConfiguration ¶
type OpenIDConnectClientConfiguration struct { ID string `koanf:"id"` Description string `koanf:"description"` Secret *PasswordDigest `koanf:"secret"` SectorIdentifier url.URL `koanf:"sector_identifier"` Public bool `koanf:"public"` RedirectURIs []string `koanf:"redirect_uris"` Audience []string `koanf:"audience"` Scopes []string `koanf:"scopes"` GrantTypes []string `koanf:"grant_types"` ResponseTypes []string `koanf:"response_types"` ResponseModes []string `koanf:"response_modes"` UserinfoSigningAlgorithm string `koanf:"userinfo_signing_algorithm"` Policy string `koanf:"authorization_policy"` ConsentMode string `koanf:"consent_mode"` ConsentPreConfiguredDuration *time.Duration `koanf:"pre_configured_consent_duration"` }
OpenIDConnectClientConfiguration configuration for an OpenID Connect client.
type OpenIDConnectConfiguration ¶
type OpenIDConnectConfiguration struct { HMACSecret string `koanf:"hmac_secret"` IssuerCertificateChain X509CertificateChain `koanf:"issuer_certificate_chain"` IssuerPrivateKey *rsa.PrivateKey `koanf:"issuer_private_key"` AccessTokenLifespan time.Duration `koanf:"access_token_lifespan"` AuthorizeCodeLifespan time.Duration `koanf:"authorize_code_lifespan"` IDTokenLifespan time.Duration `koanf:"id_token_lifespan"` RefreshTokenLifespan time.Duration `koanf:"refresh_token_lifespan"` EnableClientDebugMessages bool `koanf:"enable_client_debug_messages"` MinimumParameterEntropy int `koanf:"minimum_parameter_entropy"` EnforcePKCE string `koanf:"enforce_pkce"` EnablePKCEPlainChallenge bool `koanf:"enable_pkce_plain_challenge"` CORS OpenIDConnectCORSConfiguration `koanf:"cors"` Clients []OpenIDConnectClientConfiguration `koanf:"clients"` }
OpenIDConnectConfiguration configuration for OpenID Connect.
type PBKDF2Password ¶ added in v4.37.0
type PBKDF2Password struct { Variant string `koanf:"variant"` Iterations int `koanf:"iterations"` SaltLength int `koanf:"salt_length"` }
PBKDF2Password represents the PBKDF2 hashing settings.
type Password ¶ added in v4.37.0
type Password struct { Algorithm string `koanf:"algorithm"` Argon2 Argon2Password `koanf:"argon2"` SHA2Crypt SHA2CryptPassword `koanf:"sha2crypt"` PBKDF2 PBKDF2Password `koanf:"pbkdf2"` BCrypt BCryptPassword `koanf:"bcrypt"` SCrypt SCryptPassword `koanf:"scrypt"` Iterations int `koanf:"iterations"` Memory int `koanf:"memory"` Parallelism int `koanf:"parallelism"` KeyLength int `koanf:"key_length"` SaltLength int `koanf:"salt_length"` }
Password represents the configuration related to password hashing.
type PasswordDigest ¶ added in v4.37.0
PasswordDigest is a configuration type for the crypt.Digest.
func DecodePasswordDigest ¶ added in v4.37.3
func DecodePasswordDigest(encodedDigest string) (digest *PasswordDigest, err error)
DecodePasswordDigest returns a new PasswordDigest if it can be decoded.
type PasswordPolicyConfiguration ¶ added in v4.35.0
type PasswordPolicyConfiguration struct { Standard PasswordPolicyStandardParams `koanf:"standard"` ZXCVBN PasswordPolicyZXCVBNParams `koanf:"zxcvbn"` }
PasswordPolicyConfiguration represents the configuration related to password policy.
type PasswordPolicyStandardParams ¶ added in v4.35.0
type PasswordPolicyStandardParams struct { Enabled bool `koanf:"enabled"` MinLength int `koanf:"min_length"` MaxLength int `koanf:"max_length"` RequireUppercase bool `koanf:"require_uppercase"` RequireLowercase bool `koanf:"require_lowercase"` RequireNumber bool `koanf:"require_number"` RequireSpecial bool `koanf:"require_special"` }
PasswordPolicyStandardParams represents the configuration related to standard parameters of password policy.
type PasswordPolicyZXCVBNParams ¶ added in v4.35.0
type PasswordPolicyZXCVBNParams struct { Enabled bool `koanf:"enabled"` MinScore int `koanf:"min_score"` }
PasswordPolicyZXCVBNParams represents the configuration related to ZXCVBN parameters of password policy.
type PasswordResetAuthenticationBackend ¶ added in v4.37.0
type PasswordResetAuthenticationBackend struct { Disable bool `koanf:"disable"` CustomURL url.URL `koanf:"custom_url"` }
PasswordResetAuthenticationBackend represents the configuration related to password reset functionality.
type PostgreSQLSSLStorageConfiguration ¶ added in v4.33.0
type PostgreSQLSSLStorageConfiguration struct { Mode string `koanf:"mode"` RootCertificate string `koanf:"root_certificate"` Certificate string `koanf:"certificate"` Key string `koanf:"key"` }
PostgreSQLSSLStorageConfiguration represents the SSL configuration of a PostgreSQL database.
type PostgreSQLStorageConfiguration ¶
type PostgreSQLStorageConfiguration struct { SQLStorageConfiguration `koanf:",squash"` Schema string `koanf:"schema"` TLS *TLSConfig `koanf:"tls"` SSL *PostgreSQLSSLStorageConfiguration `koanf:"ssl"` }
PostgreSQLStorageConfiguration represents the configuration of a PostgreSQL database.
type RedisHighAvailabilityConfiguration ¶
type RedisHighAvailabilityConfiguration struct { SentinelName string `koanf:"sentinel_name"` SentinelUsername string `koanf:"sentinel_username"` SentinelPassword string `koanf:"sentinel_password"` Nodes []RedisNode `koanf:"nodes"` RouteByLatency bool `koanf:"route_by_latency"` RouteRandomly bool `koanf:"route_randomly"` }
RedisHighAvailabilityConfiguration holds configuration variables for Redis Cluster/Sentinel.
type RedisSessionConfiguration ¶
type RedisSessionConfiguration struct { Host string `koanf:"host"` Port int `koanf:"port"` Username string `koanf:"username"` Password string `koanf:"password"` DatabaseIndex int `koanf:"database_index"` MaximumActiveConnections int `koanf:"maximum_active_connections"` MinimumIdleConnections int `koanf:"minimum_idle_connections"` TLS *TLSConfig `koanf:"tls"` HighAvailability *RedisHighAvailabilityConfiguration `koanf:"high_availability"` }
RedisSessionConfiguration represents the configuration related to redis session store.
type RegulationConfiguration ¶
type RegulationConfiguration struct { MaxRetries int `koanf:"max_retries"` FindTime time.Duration `koanf:"find_time,weak"` BanTime time.Duration `koanf:"ban_time,weak"` }
RegulationConfiguration represents the configuration related to regulation.
type SCryptPassword ¶ added in v4.37.0
type SCryptPassword struct { Iterations int `koanf:"iterations"` BlockSize int `koanf:"block_size"` Parallelism int `koanf:"parallelism"` KeyLength int `koanf:"key_length"` SaltLength int `koanf:"salt_length"` }
SCryptPassword represents the scrypt hashing settings.
type SHA2CryptPassword ¶ added in v4.37.0
type SHA2CryptPassword struct { Variant string `koanf:"variant"` Iterations int `koanf:"iterations"` SaltLength int `koanf:"salt_length"` }
SHA2CryptPassword represents the sha2crypt hashing settings.
type SMTPNotifierConfiguration ¶
type SMTPNotifierConfiguration struct { Host string `koanf:"host"` Port int `koanf:"port"` Timeout time.Duration `koanf:"timeout"` Username string `koanf:"username"` Password string `koanf:"password"` Identifier string `koanf:"identifier"` Sender mail.Address `koanf:"sender"` Subject string `koanf:"subject"` StartupCheckAddress mail.Address `koanf:"startup_check_address"` DisableRequireTLS bool `koanf:"disable_require_tls"` DisableHTMLEmails bool `koanf:"disable_html_emails"` DisableStartTLS bool `koanf:"disable_starttls"` TLS *TLSConfig `koanf:"tls"` }
SMTPNotifierConfiguration represents the configuration of the SMTP server to send emails with.
type SQLStorageConfiguration ¶
type SQLStorageConfiguration struct { Host string `koanf:"host"` Port int `koanf:"port"` Database string `koanf:"database"` Username string `koanf:"username"` Password string `koanf:"password"` Timeout time.Duration `koanf:"timeout"` }
SQLStorageConfiguration represents the configuration of the SQL database.
type ServerBuffers ¶ added in v4.36.4
ServerBuffers represents server buffer configurations.
type ServerConfiguration ¶
type ServerConfiguration struct { Host string `koanf:"host"` Port int `koanf:"port"` Path string `koanf:"path"` AssetPath string `koanf:"asset_path"` EnablePprof bool `koanf:"enable_pprof"` EnableExpvars bool `koanf:"enable_expvars"` DisableHealthcheck bool `koanf:"disable_healthcheck"` TLS ServerTLSConfiguration `koanf:"tls"` Headers ServerHeadersConfiguration `koanf:"headers"` Buffers ServerBuffers `koanf:"buffers"` Timeouts ServerTimeouts `koanf:"timeouts"` }
ServerConfiguration represents the configuration of the http server.
type ServerHeadersConfiguration ¶ added in v4.34.0
type ServerHeadersConfiguration struct {
CSPTemplate string `koanf:"csp_template"`
}
ServerHeadersConfiguration represents the customization of the http server headers.
type ServerTLSConfiguration ¶
type ServerTLSConfiguration struct { Certificate string `koanf:"certificate"` Key string `koanf:"key"` ClientCertificates []string `koanf:"client_certificates"` }
ServerTLSConfiguration represents the configuration of the http servers TLS options.
type ServerTimeouts ¶ added in v4.36.4
type ServerTimeouts struct { Read time.Duration `koanf:"read"` Write time.Duration `koanf:"write"` Idle time.Duration `koanf:"idle"` }
ServerTimeouts represents server timeout configurations.
type SessionConfiguration ¶
type SessionConfiguration struct { Name string `koanf:"name"` Domain string `koanf:"domain"` SameSite string `koanf:"same_site"` Secret string `koanf:"secret"` Expiration time.Duration `koanf:"expiration"` Inactivity time.Duration `koanf:"inactivity"` RememberMeDuration time.Duration `koanf:"remember_me_duration"` Redis *RedisSessionConfiguration `koanf:"redis"` }
SessionConfiguration represents the configuration related to user sessions.
type StorageConfiguration ¶
type StorageConfiguration struct { Local *LocalStorageConfiguration `koanf:"local"` MySQL *MySQLStorageConfiguration `koanf:"mysql"` PostgreSQL *PostgreSQLStorageConfiguration `koanf:"postgres"` EncryptionKey string `koanf:"encryption_key"` }
StorageConfiguration represents the configuration of the storage backend.
type StructValidator ¶
type StructValidator struct {
// contains filtered or unexported fields
}
StructValidator is a validator for structs.
func NewStructValidator ¶
func NewStructValidator() *StructValidator
NewStructValidator is a constructor of struct validator.
func (*StructValidator) Errors ¶
func (v *StructValidator) Errors() []error
Errors returns the errors.
func (*StructValidator) HasErrors ¶
func (v *StructValidator) HasErrors() bool
HasErrors checks whether the validator contains errors.
func (*StructValidator) HasWarnings ¶
func (v *StructValidator) HasWarnings() bool
HasWarnings checks whether the validator contains warning errors.
func (*StructValidator) Push ¶
func (v *StructValidator) Push(err error)
Push an error to the validator.
func (*StructValidator) PushWarning ¶
func (v *StructValidator) PushWarning(err error)
PushWarning error to the validator.
func (*StructValidator) Warnings ¶
func (v *StructValidator) Warnings() []error
Warnings returns the warnings.
type TLSCertificateConfig ¶ added in v4.37.0
type TLSCertificateConfig struct { Key CryptographicPrivateKey `koanf:"key"` CertificateChain X509CertificateChain `koanf:"certificate_chain"` }
TLSCertificateConfig is a representation of the TLS Certificate configuration.
type TLSConfig ¶
type TLSConfig struct { MinimumVersion TLSVersion `koanf:"minimum_version"` MaximumVersion TLSVersion `koanf:"maximum_version"` SkipVerify bool `koanf:"skip_verify"` ServerName string `koanf:"server_name"` PrivateKey CryptographicPrivateKey `koanf:"private_key"` CertificateChain X509CertificateChain `koanf:"certificate_chain"` }
TLSConfig is a representation of the TLS configuration.
type TLSVersion ¶ added in v4.37.0
type TLSVersion struct {
Value uint16
}
TLSVersion is a struct which handles tls.Config versions.
func NewTLSVersion ¶ added in v4.37.0
func NewTLSVersion(input string) (version *TLSVersion, err error)
NewTLSVersion returns a new TLSVersion given a string.
func (*TLSVersion) MaxVersion ¶ added in v4.37.0
func (v *TLSVersion) MaxVersion() uint16
MaxVersion returns the value of this as a MaxVersion value.
func (*TLSVersion) MinVersion ¶ added in v4.37.0
func (v *TLSVersion) MinVersion() uint16
MinVersion returns the value of this as a MinVersion value.
func (*TLSVersion) String ¶ added in v4.37.0
func (v *TLSVersion) String() string
String provides the Stringer.
type TOTPConfiguration ¶
type TOTPConfiguration struct { Disable bool `koanf:"disable"` Issuer string `koanf:"issuer"` Algorithm string `koanf:"algorithm"` Digits uint `koanf:"digits"` Period uint `koanf:"period"` Skew *uint `koanf:"skew"` SecretSize uint `koanf:"secret_size"` }
TOTPConfiguration represents the configuration related to TOTP options.
type TelemetryConfig ¶ added in v4.36.0
type TelemetryConfig struct {
Metrics TelemetryMetricsConfig `koanf:"metrics"`
}
TelemetryConfig represents the telemetry config.
type TelemetryMetricsConfig ¶ added in v4.36.0
type TelemetryMetricsConfig struct { Enabled bool `koanf:"enabled"` Address *Address `koanf:"address"` Buffers ServerBuffers `koanf:"buffers"` Timeouts ServerTimeouts `koanf:"timeouts"` }
TelemetryMetricsConfig represents the telemetry metrics config.
type WebauthnConfiguration ¶ added in v4.34.0
type WebauthnConfiguration struct { Disable bool `koanf:"disable"` DisplayName string `koanf:"display_name"` ConveyancePreference protocol.ConveyancePreference `koanf:"attestation_conveyance_preference"` UserVerification protocol.UserVerificationRequirement `koanf:"user_verification"` Timeout time.Duration `koanf:"timeout"` }
WebauthnConfiguration represents the webauthn config.
type X509CertificateChain ¶ added in v4.37.0
type X509CertificateChain struct {
// contains filtered or unexported fields
}
X509CertificateChain is a helper struct that holds a list of *x509.Certificate's.
func NewX509CertificateChain ¶ added in v4.37.0
func NewX509CertificateChain(in string) (chain *X509CertificateChain, err error)
NewX509CertificateChain creates a new *X509CertificateChain from a given string, parsing each PEM block one by one.
func (*X509CertificateChain) Certificates ¶ added in v4.37.0
func (c *X509CertificateChain) Certificates() (certificates []*x509.Certificate)
Certificates for this X509CertificateChain.
func (*X509CertificateChain) CertificatesRaw ¶ added in v4.37.0
func (c *X509CertificateChain) CertificatesRaw() (certificates [][]byte)
CertificatesRaw for this X509CertificateChain.
func (*X509CertificateChain) Equal ¶ added in v4.37.0
func (c *X509CertificateChain) Equal(other *x509.Certificate) (equal bool)
Equal checks if the provided *x509.Certificate is equal to the first *x509.Certificate in the chain.
func (*X509CertificateChain) EqualKey ¶ added in v4.37.0
func (c *X509CertificateChain) EqualKey(other any) (equal bool)
EqualKey checks if the provided key (public or private) has a public key equal to the first public key in this chain.
func (*X509CertificateChain) HasCertificates ¶ added in v4.37.0
func (c *X509CertificateChain) HasCertificates() (has bool)
HasCertificates returns true if the chain has any certificates.
func (*X509CertificateChain) Leaf ¶ added in v4.37.0
func (c *X509CertificateChain) Leaf() (leaf *x509.Certificate)
Leaf returns the first certificate if available for use with tls.Certificate.
func (*X509CertificateChain) Thumbprint ¶ added in v4.37.0
func (c *X509CertificateChain) Thumbprint(hash crypto.Hash) []byte
Thumbprint returns the Thumbprint for the first certificate.
func (*X509CertificateChain) Validate ¶ added in v4.37.0
func (c *X509CertificateChain) Validate() (err error)
Validate the X509CertificateChain ensuring the certificates were provided in the correct order (with nth being signed by the nth+1), and that all of the certificates are valid based on the current time.