Documentation
¶
Index ¶
- Constants
- Variables
- type ACLNetwork
- type ACLQueryRule
- type ACLRule
- type AccessControlConfiguration
- type Address
- type Argon2Password
- type AuthenticationBackend
- type BCryptPassword
- type Configuration
- type CryptographicPrivateKey
- type DuoAPIConfiguration
- type ErrorContainer
- type FileAuthenticationBackend
- type FileSearchAuthenticationBackend
- type FileSystemNotifierConfiguration
- type IdentityProvidersConfiguration
- type LDAPAuthenticationBackend
- type LocalStorageConfiguration
- type LogConfiguration
- type MySQLStorageConfiguration
- type NTPConfiguration
- type NotifierConfiguration
- type OpenIDConnectCORSConfiguration
- type OpenIDConnectClientConfiguration
- type OpenIDConnectConfiguration
- type PBKDF2Password
- type Password
- type PasswordDigest
- type PasswordPolicyConfiguration
- type PasswordPolicyStandardParams
- type PasswordPolicyZXCVBNParams
- type PasswordResetAuthenticationBackend
- type PostgreSQLSSLStorageConfiguration
- type PostgreSQLStorageConfiguration
- type RedisHighAvailabilityConfiguration
- type RedisNode
- type RedisSessionConfiguration
- type RegulationConfiguration
- type SCryptPassword
- type SHA2CryptPassword
- type SMTPNotifierConfiguration
- type SQLStorageConfiguration
- type ServerBuffers
- type ServerConfiguration
- type ServerHeadersConfiguration
- type ServerTLSConfiguration
- type ServerTimeouts
- type SessionConfiguration
- type StorageConfiguration
- type StructValidator
- func (v *StructValidator) Clear()
- func (v *StructValidator) Errors() []error
- func (v *StructValidator) HasErrors() bool
- func (v *StructValidator) HasWarnings() bool
- func (v *StructValidator) Push(err error)
- func (v *StructValidator) PushWarning(err error)
- func (v *StructValidator) Warnings() []error
- type TLSCertificateConfig
- type TLSConfig
- type TLSVersion
- type TOTPConfiguration
- type TelemetryConfig
- type TelemetryMetricsConfig
- type WebauthnConfiguration
- type X509CertificateChain
- func (c *X509CertificateChain) Certificates() (certificates []*x509.Certificate)
- func (c *X509CertificateChain) CertificatesRaw() (certificates [][]byte)
- func (c *X509CertificateChain) Equal(other *x509.Certificate) (equal bool)
- func (c *X509CertificateChain) EqualKey(other any) (equal bool)
- func (c *X509CertificateChain) HasCertificates() (has bool)
- func (c *X509CertificateChain) Leaf() (leaf *x509.Certificate)
- func (c *X509CertificateChain) Thumbprint(hash crypto.Hash) []byte
- func (c *X509CertificateChain) Validate() (err error)
Constants ¶
const ( // TLSVersion13 is the textual representation of TLS 1.3. TLSVersion13 = "TLS1.3" // TLSVersion12 is the textual representation of TLS 1.2. TLSVersion12 = "TLS1.2" // TLSVersion11 is the textual representation of TLS 1.1. TLSVersion11 = "TLS1.1" // TLSVersion10 is the textual representation of TLS 1.0. TLSVersion10 = "TLS1.0" // SSLVersion30 is the textual representation of SSL 3.0. SSLVersion30 = "SSL3.0" // Version13 is the textual representation of version 1.3. Version13 = "1.3" // Version12 is the textual representation of version 1.2. Version12 = "1.2" // Version11 is the textual representation of version 1.1. Version11 = "1.1" // Version10 is the textual representation of version 1.0. Version10 = "1.0" )
const ( // ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms. ProfileRefreshAlways = "always" // RefreshIntervalDefault represents the default value of refresh_interval. RefreshIntervalDefault = "5m" // RefreshIntervalAlways represents the duration value refresh interval should have if set to always. RefreshIntervalAlways = 0 * time.Millisecond )
const ( // LDAPImplementationCustom is the string for the custom LDAP implementation. LDAPImplementationCustom = "custom" // LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation. LDAPImplementationActiveDirectory = "activedirectory" )
const ( TOTPAlgorithmSHA1 = "SHA1" TOTPAlgorithmSHA256 = "SHA256" TOTPAlgorithmSHA512 = "SHA512" )
TOTP Algorithm.
const ( // TOTPSecretSizeDefault is the default secret size. TOTPSecretSizeDefault = 32 // TOTPSecretSizeMinimum is the minimum secret size. TOTPSecretSizeMinimum = 20 )
const ProfileRefreshDisabled = "disable"
ProfileRefreshDisabled represents a Value for refresh_interval that disables the check entirely.
const ( // RememberMeDisabled represents the duration for a disabled remember me session configuration. RememberMeDisabled = time.Second * -1 )
Variables ¶
var DefaultACLNetwork = []ACLNetwork{ { Name: "localhost", Networks: []string{"127.0.0.1"}, }, { Name: "internal", Networks: []string{"10.0.0.0/8"}, }, }
DefaultACLNetwork represents the default configuration related to access control network group configuration.
var DefaultACLRule = []ACLRule{ { Domains: []string{"public.example.com"}, Policy: "bypass", }, { Domains: []string{"singlefactor.example.com"}, Policy: "one_factor", }, { Domains: []string{"secure.example.com"}, Policy: "two_factor", }, }
DefaultACLRule represents the default configuration related to access control rule configuration.
var DefaultCIPasswordConfig = Password{ Algorithm: argon2, Argon2: Argon2Password{ Iterations: 3, Memory: 64, Parallelism: 4, KeyLength: 32, SaltLength: 16, }, SHA2Crypt: SHA2CryptPassword{ Variant: sha512, Iterations: 50000, SaltLength: 16, }, }
DefaultCIPasswordConfig represents the default configuration related to Argon2id hashing for CI.
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = LDAPAuthenticationBackend{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0)))", UsernameAttribute: "sAMAccountName", MailAttribute: "mail", DisplayNameAttribute: "displayName", GroupsFilter: "(&(member={dn})(|(sAMAccountType=268435456)(sAMAccountType=536870912)))", GroupNameAttribute: "cn", Timeout: time.Second * 5, TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the MSAD Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = LDAPAuthenticationBackend{ UsernameAttribute: "uid", MailAttribute: "mail", DisplayNameAttribute: "displayName", GroupNameAttribute: "cn", Timeout: time.Second * 5, TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationCustom represents the default LDAP config.
var DefaultLoggingConfiguration = LogConfiguration{
Level: "info",
Format: "text",
}
DefaultLoggingConfiguration is the default logging configuration.
var DefaultMySQLStorageConfiguration = MySQLStorageConfiguration{ TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultMySQLStorageConfiguration represents the default MySQL configuration.
var DefaultNTPConfiguration = NTPConfiguration{ Address: "time.cloudflare.com:123", Version: 4, MaximumDesync: time.Second * 3, }
DefaultNTPConfiguration represents default configuration parameters for the NTP server.
var DefaultOpenIDConnectClientConfiguration = OpenIDConnectClientConfiguration{ Policy: "two_factor", Scopes: []string{"openid", "groups", "profile", "email"}, GrantTypes: []string{"refresh_token", "authorization_code"}, ResponseTypes: []string{"code"}, ResponseModes: []string{"form_post", "query", "fragment"}, UserinfoSigningAlgorithm: "none", ConsentMode: "auto", ConsentPreConfiguredDuration: &defaultOIDCClientConsentPreConfiguredDuration, }
DefaultOpenIDConnectClientConfiguration contains defaults for OIDC Clients.
var DefaultOpenIDConnectConfiguration = OpenIDConnectConfiguration{ AccessTokenLifespan: time.Hour, AuthorizeCodeLifespan: time.Minute, IDTokenLifespan: time.Hour, RefreshTokenLifespan: time.Minute * 90, EnforcePKCE: "public_clients_only", }
DefaultOpenIDConnectConfiguration contains defaults for OIDC.
var DefaultPasswordConfig = Password{ Algorithm: argon2, Argon2: Argon2Password{ Variant: argon2id, Iterations: 3, Memory: 64 * 1024, Parallelism: 4, KeyLength: 32, SaltLength: 16, }, SHA2Crypt: SHA2CryptPassword{ Variant: sha512, Iterations: 50000, SaltLength: 16, }, PBKDF2: PBKDF2Password{ Variant: sha512, Iterations: 310000, SaltLength: 16, }, BCrypt: BCryptPassword{ Variant: "standard", Cost: 12, }, SCrypt: SCryptPassword{ Iterations: 16, BlockSize: 8, Parallelism: 1, KeyLength: 32, SaltLength: 16, }, }
DefaultPasswordConfig represents the default configuration related to Argon2id hashing.
var DefaultPasswordPolicyConfiguration = PasswordPolicyConfiguration{ Standard: PasswordPolicyStandardParams{ Enabled: false, MinLength: 8, MaxLength: 0, }, ZXCVBN: PasswordPolicyZXCVBNParams{ Enabled: false, MinScore: 3, }, }
DefaultPasswordPolicyConfiguration is the default password policy configuration.
var DefaultPostgreSQLStorageConfiguration = PostgreSQLStorageConfiguration{ Schema: "public", TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, SSL: &PostgreSQLSSLStorageConfiguration{ Mode: "disable", }, }
DefaultPostgreSQLStorageConfiguration represents the default PostgreSQL configuration.
var DefaultRedisConfiguration = RedisSessionConfiguration{ TLS: &TLSConfig{ MinimumVersion: TLSVersion{Value: tls.VersionTLS12}, }, }
DefaultRedisConfiguration is the default redis configuration.
var DefaultRegulationConfiguration = RegulationConfiguration{ MaxRetries: 3, FindTime: time.Minute * 2, BanTime: time.Minute * 5, }
DefaultRegulationConfiguration represents default configuration parameters for the regulator.
var DefaultSMTPNotifierConfiguration = SMTPNotifierConfiguration{ Timeout: time.Second * 5, Subject: "[Authelia] {title}", Identifier: "localhost", StartupCheckAddress: mail.Address{Name: "Authelia Test", Address: "test@authelia.com"}, TLS: &TLSConfig{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultSMTPNotifierConfiguration represents default configuration parameters for the SMTP notifier.
var DefaultSQLStorageConfiguration = SQLStorageConfiguration{ Timeout: 5 * time.Second, }
DefaultSQLStorageConfiguration represents the default SQL configuration.
var DefaultServerConfiguration = ServerConfiguration{ Host: "0.0.0.0", Port: 9091, Buffers: ServerBuffers{ Read: 4096, Write: 4096, }, Timeouts: ServerTimeouts{ Read: time.Second * 6, Write: time.Second * 6, Idle: time.Second * 30, }, }
DefaultServerConfiguration represents the default values of the ServerConfiguration.
var DefaultSessionConfiguration = SessionConfiguration{ Name: "authelia_session", Expiration: time.Hour, Inactivity: time.Minute * 5, RememberMeDuration: time.Hour * 24 * 30, SameSite: "lax", }
DefaultSessionConfiguration is the default session configuration.
var DefaultTOTPConfiguration = TOTPConfiguration{ Issuer: "Authelia", Algorithm: TOTPAlgorithmSHA1, Digits: 6, Period: 30, Skew: &defaultOtpSkew, SecretSize: TOTPSecretSizeDefault, }
DefaultTOTPConfiguration represents default configuration parameters for TOTP generation.
var DefaultTelemetryConfig = TelemetryConfig{ Metrics: TelemetryMetricsConfig{ Address: &Address{true, "tcp", net.ParseIP("0.0.0.0"), 9959}, Buffers: ServerBuffers{ Read: 4096, Write: 4096, }, Timeouts: ServerTimeouts{ Read: time.Second * 6, Write: time.Second * 6, Idle: time.Second * 30, }, }, }
DefaultTelemetryConfig is the default telemetry configuration.
var DefaultWebauthnConfiguration = WebauthnConfiguration{ DisplayName: "Authelia", Timeout: time.Second * 60, ConveyancePreference: protocol.PreferIndirectAttestation, UserVerification: protocol.VerificationPreferred, }
DefaultWebauthnConfiguration describes the default values for the WebauthnConfiguration.
var ErrTLSVersionNotSupported = errors.New("supplied tls version isn't supported")
ErrTLSVersionNotSupported returned when an unknown TLS version supplied.
var Keys = []string{}/* 248 elements not displayed */
Keys is a list of valid schema keys detected by reflecting over a schema.Configuration struct.
var ( // TOTPPossibleAlgorithms is a list of valid TOTP Algorithms. TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512} )
Functions ¶
This section is empty.
Types ¶
type ACLNetwork ¶
ACLNetwork represents one ACL network group entry.
type ACLQueryRule ¶ added in v4.37.0
type ACLQueryRule struct {
Operator string `koanf:"operator"`
Key string `koanf:"key"`
Value any `koanf:"value"`
}
ACLQueryRule represents the ACL query criteria.
type ACLRule ¶
type ACLRule struct {
Domains []string `koanf:"domain"`
DomainsRegex []regexp.Regexp `koanf:"domain_regex"`
Policy string `koanf:"policy"`
Subjects [][]string `koanf:"subject"`
Networks []string `koanf:"networks"`
Resources []regexp.Regexp `koanf:"resources"`
Methods []string `koanf:"methods"`
Query [][]ACLQueryRule `koanf:"query"`
}
ACLRule represents one ACL rule entry.
type AccessControlConfiguration ¶
type AccessControlConfiguration struct {
DefaultPolicy string `koanf:"default_policy"`
Networks []ACLNetwork `koanf:"networks"`
Rules []ACLRule `koanf:"rules"`
}
AccessControlConfiguration represents the configuration related to ACLs.
type Address ¶ added in v4.36.0
Address represents an address.
func NewAddressFromString ¶ added in v4.36.0
NewAddressFromString returns an *Address and error depending on the ability to parse the string as an Address.
func NewAddressFromURL ¶ added in v4.36.2
NewAddressFromURL returns an *Address and error depending on the ability to parse the *url.URL as an Address.
func (Address) HostPort ¶ added in v4.36.0
HostPort returns a string representation of the Address with just the host and port.
type Argon2Password ¶ added in v4.37.0
type Argon2Password struct {
Variant string `koanf:"variant"`
Iterations int `koanf:"iterations"`
Memory int `koanf:"memory"`
Parallelism int `koanf:"parallelism"`
KeyLength int `koanf:"key_length"`
SaltLength int `koanf:"salt_length"`
}
Argon2Password represents the argon2 hashing settings.
type AuthenticationBackend ¶ added in v4.37.0
type AuthenticationBackend struct {
PasswordReset PasswordResetAuthenticationBackend `koanf:"password_reset"`
RefreshInterval string `koanf:"refresh_interval"`
File *FileAuthenticationBackend `koanf:"file"`
LDAP *LDAPAuthenticationBackend `koanf:"ldap"`
}
AuthenticationBackend represents the configuration related to the authentication backend.
type BCryptPassword ¶ added in v4.37.0
BCryptPassword represents the bcrypt hashing settings.
type Configuration ¶
type Configuration struct {
Theme string `koanf:"theme"`
CertificatesDirectory string `koanf:"certificates_directory"`
JWTSecret string `koanf:"jwt_secret"`
DefaultRedirectionURL string `koanf:"default_redirection_url"`
Default2FAMethod string `koanf:"default_2fa_method"`
Log LogConfiguration `koanf:"log"`
IdentityProviders IdentityProvidersConfiguration `koanf:"identity_providers"`
AuthenticationBackend AuthenticationBackend `koanf:"authentication_backend"`
Session SessionConfiguration `koanf:"session"`
TOTP TOTPConfiguration `koanf:"totp"`
DuoAPI DuoAPIConfiguration `koanf:"duo_api"`
AccessControl AccessControlConfiguration `koanf:"access_control"`
NTP NTPConfiguration `koanf:"ntp"`
Regulation RegulationConfiguration `koanf:"regulation"`
Storage StorageConfiguration `koanf:"storage"`
Notifier NotifierConfiguration `koanf:"notifier"`
Server ServerConfiguration `koanf:"server"`
Telemetry TelemetryConfig `koanf:"telemetry"`
Webauthn WebauthnConfiguration `koanf:"webauthn"`
PasswordPolicy PasswordPolicyConfiguration `koanf:"password_policy"`
}
Configuration object extracted from YAML configuration file.
type CryptographicPrivateKey ¶ added in v4.37.0
type CryptographicPrivateKey interface {
Public() crypto.PublicKey
Equal(x crypto.PrivateKey) bool
}
CryptographicPrivateKey represents the actual crypto.PrivateKey interface.
type DuoAPIConfiguration ¶
type DuoAPIConfiguration struct {
Disable bool `koanf:"disable"`
Hostname string `koanf:"hostname"`
IntegrationKey string `koanf:"integration_key"`
SecretKey string `koanf:"secret_key"`
EnableSelfEnrollment bool `koanf:"enable_self_enrollment"`
}
DuoAPIConfiguration represents the configuration related to Duo API.
type ErrorContainer ¶
type ErrorContainer interface {
Push(err error)
PushWarning(err error)
HasErrors() bool
HasWarnings() bool
Errors() []error
Warnings() []error
}
ErrorContainer represents a container where we can add errors and retrieve them.
type FileAuthenticationBackend ¶ added in v4.37.0
type FileAuthenticationBackend struct {
Path string `koanf:"path"`
Watch bool `koanf:"watch"`
Password Password `koanf:"password"`
Search FileSearchAuthenticationBackend `koanf:"search"`
}
FileAuthenticationBackend represents the configuration related to file-based backend.
type FileSearchAuthenticationBackend ¶ added in v4.37.0
type FileSearchAuthenticationBackend struct {
Email bool `koanf:"email"`
CaseInsensitive bool `koanf:"case_insensitive"`
}
FileSearchAuthenticationBackend represents the configuration related to file-based backend searching.
type FileSystemNotifierConfiguration ¶
type FileSystemNotifierConfiguration struct {
Filename string `koanf:"filename"`
}
FileSystemNotifierConfiguration represents the configuration of the notifier writing emails in a file.
type IdentityProvidersConfiguration ¶
type IdentityProvidersConfiguration struct {
OIDC *OpenIDConnectConfiguration `koanf:"oidc"`
}
IdentityProvidersConfiguration represents the IdentityProviders 2.0 configuration for Authelia.
type LDAPAuthenticationBackend ¶ added in v4.37.0
type LDAPAuthenticationBackend struct {
Implementation string `koanf:"implementation"`
URL string `koanf:"url"`
Timeout time.Duration `koanf:"timeout"`
StartTLS bool `koanf:"start_tls"`
TLS *TLSConfig `koanf:"tls"`
BaseDN string `koanf:"base_dn"`
AdditionalUsersDN string `koanf:"additional_users_dn"`
UsersFilter string `koanf:"users_filter"`
AdditionalGroupsDN string `koanf:"additional_groups_dn"`
GroupsFilter string `koanf:"groups_filter"`
GroupNameAttribute string `koanf:"group_name_attribute"`
UsernameAttribute string `koanf:"username_attribute"`
MailAttribute string `koanf:"mail_attribute"`
DisplayNameAttribute string `koanf:"display_name_attribute"`
PermitReferrals bool `koanf:"permit_referrals"`
PermitUnauthenticatedBind bool `koanf:"permit_unauthenticated_bind"`
PermitFeatureDetectionFailure bool `koanf:"permit_feature_detection_failure"`
User string `koanf:"user"`
Password string `koanf:"password"`
}
LDAPAuthenticationBackend represents the configuration related to LDAP server.
type LocalStorageConfiguration ¶
type LocalStorageConfiguration struct {
Path string `koanf:"path"`
}
LocalStorageConfiguration represents the configuration when using local storage.
type LogConfiguration ¶
type LogConfiguration struct {
Level string `koanf:"level"`
Format string `koanf:"format"`
FilePath string `koanf:"file_path"`
KeepStdout bool `koanf:"keep_stdout"`
}
LogConfiguration represents the logging configuration.
type MySQLStorageConfiguration ¶
type MySQLStorageConfiguration struct {
SQLStorageConfiguration `koanf:",squash"`
TLS *TLSConfig `koanf:"tls"`
}
MySQLStorageConfiguration represents the configuration of a MySQL database.
type NTPConfiguration ¶ added in v4.31.0
type NTPConfiguration struct {
Address string `koanf:"address"`
Version int `koanf:"version"`
MaximumDesync time.Duration `koanf:"max_desync"`
DisableStartupCheck bool `koanf:"disable_startup_check"`
DisableFailure bool `koanf:"disable_failure"`
}
NTPConfiguration represents the configuration related to ntp server.
type NotifierConfiguration ¶
type NotifierConfiguration struct {
DisableStartupCheck bool `koanf:"disable_startup_check"`
FileSystem *FileSystemNotifierConfiguration `koanf:"filesystem"`
SMTP *SMTPNotifierConfiguration `koanf:"smtp"`
TemplatePath string `koanf:"template_path"`
}
NotifierConfiguration represents the configuration of the notifier to use when sending notifications to users.
type OpenIDConnectCORSConfiguration ¶ added in v4.35.0
type OpenIDConnectCORSConfiguration struct {
Endpoints []string `koanf:"endpoints"`
AllowedOrigins []url.URL `koanf:"allowed_origins"`
AllowedOriginsFromClientRedirectURIs bool `koanf:"allowed_origins_from_client_redirect_uris"`
}
OpenIDConnectCORSConfiguration represents an OpenID Connect CORS config.
type OpenIDConnectClientConfiguration ¶
type OpenIDConnectClientConfiguration struct {
ID string `koanf:"id"`
Description string `koanf:"description"`
Secret *PasswordDigest `koanf:"secret"`
SectorIdentifier url.URL `koanf:"sector_identifier"`
Public bool `koanf:"public"`
RedirectURIs []string `koanf:"redirect_uris"`
Audience []string `koanf:"audience"`
Scopes []string `koanf:"scopes"`
GrantTypes []string `koanf:"grant_types"`
ResponseTypes []string `koanf:"response_types"`
ResponseModes []string `koanf:"response_modes"`
UserinfoSigningAlgorithm string `koanf:"userinfo_signing_algorithm"`
Policy string `koanf:"authorization_policy"`
ConsentMode string `koanf:"consent_mode"`
ConsentPreConfiguredDuration *time.Duration `koanf:"pre_configured_consent_duration"`
}
OpenIDConnectClientConfiguration configuration for an OpenID Connect client.
type OpenIDConnectConfiguration ¶
type OpenIDConnectConfiguration struct {
HMACSecret string `koanf:"hmac_secret"`
IssuerCertificateChain X509CertificateChain `koanf:"issuer_certificate_chain"`
IssuerPrivateKey *rsa.PrivateKey `koanf:"issuer_private_key"`
AccessTokenLifespan time.Duration `koanf:"access_token_lifespan"`
AuthorizeCodeLifespan time.Duration `koanf:"authorize_code_lifespan"`
IDTokenLifespan time.Duration `koanf:"id_token_lifespan"`
RefreshTokenLifespan time.Duration `koanf:"refresh_token_lifespan"`
EnableClientDebugMessages bool `koanf:"enable_client_debug_messages"`
MinimumParameterEntropy int `koanf:"minimum_parameter_entropy"`
EnforcePKCE string `koanf:"enforce_pkce"`
EnablePKCEPlainChallenge bool `koanf:"enable_pkce_plain_challenge"`
CORS OpenIDConnectCORSConfiguration `koanf:"cors"`
Clients []OpenIDConnectClientConfiguration `koanf:"clients"`
}
OpenIDConnectConfiguration configuration for OpenID Connect.
type PBKDF2Password ¶ added in v4.37.0
type PBKDF2Password struct {
Variant string `koanf:"variant"`
Iterations int `koanf:"iterations"`
SaltLength int `koanf:"salt_length"`
}
PBKDF2Password represents the PBKDF2 hashing settings.
type Password ¶ added in v4.37.0
type Password struct {
Algorithm string `koanf:"algorithm"`
Argon2 Argon2Password `koanf:"argon2"`
SHA2Crypt SHA2CryptPassword `koanf:"sha2crypt"`
PBKDF2 PBKDF2Password `koanf:"pbkdf2"`
BCrypt BCryptPassword `koanf:"bcrypt"`
SCrypt SCryptPassword `koanf:"scrypt"`
Iterations int `koanf:"iterations"`
Memory int `koanf:"memory"`
Parallelism int `koanf:"parallelism"`
KeyLength int `koanf:"key_length"`
SaltLength int `koanf:"salt_length"`
}
Password represents the configuration related to password hashing.
type PasswordDigest ¶ added in v4.37.0
PasswordDigest is a configuration type for the crypt.Digest.
func DecodePasswordDigest ¶ added in v4.37.3
func DecodePasswordDigest(encodedDigest string) (digest *PasswordDigest, err error)
DecodePasswordDigest returns a new PasswordDigest if it can be decoded.
type PasswordPolicyConfiguration ¶ added in v4.35.0
type PasswordPolicyConfiguration struct {
Standard PasswordPolicyStandardParams `koanf:"standard"`
ZXCVBN PasswordPolicyZXCVBNParams `koanf:"zxcvbn"`
}
PasswordPolicyConfiguration represents the configuration related to password policy.
type PasswordPolicyStandardParams ¶ added in v4.35.0
type PasswordPolicyStandardParams struct {
Enabled bool `koanf:"enabled"`
MinLength int `koanf:"min_length"`
MaxLength int `koanf:"max_length"`
RequireUppercase bool `koanf:"require_uppercase"`
RequireLowercase bool `koanf:"require_lowercase"`
RequireNumber bool `koanf:"require_number"`
RequireSpecial bool `koanf:"require_special"`
}
PasswordPolicyStandardParams represents the configuration related to standard parameters of password policy.
type PasswordPolicyZXCVBNParams ¶ added in v4.35.0
type PasswordPolicyZXCVBNParams struct {
Enabled bool `koanf:"enabled"`
MinScore int `koanf:"min_score"`
}
PasswordPolicyZXCVBNParams represents the configuration related to ZXCVBN parameters of password policy.
type PasswordResetAuthenticationBackend ¶ added in v4.37.0
type PasswordResetAuthenticationBackend struct {
Disable bool `koanf:"disable"`
CustomURL url.URL `koanf:"custom_url"`
}
PasswordResetAuthenticationBackend represents the configuration related to password reset functionality.
type PostgreSQLSSLStorageConfiguration ¶ added in v4.33.0
type PostgreSQLSSLStorageConfiguration struct {
Mode string `koanf:"mode"`
RootCertificate string `koanf:"root_certificate"`
Certificate string `koanf:"certificate"`
Key string `koanf:"key"`
}
PostgreSQLSSLStorageConfiguration represents the SSL configuration of a PostgreSQL database.
type PostgreSQLStorageConfiguration ¶
type PostgreSQLStorageConfiguration struct {
SQLStorageConfiguration `koanf:",squash"`
Schema string `koanf:"schema"`
TLS *TLSConfig `koanf:"tls"`
SSL *PostgreSQLSSLStorageConfiguration `koanf:"ssl"`
}
PostgreSQLStorageConfiguration represents the configuration of a PostgreSQL database.
type RedisHighAvailabilityConfiguration ¶
type RedisHighAvailabilityConfiguration struct {
SentinelName string `koanf:"sentinel_name"`
SentinelUsername string `koanf:"sentinel_username"`
SentinelPassword string `koanf:"sentinel_password"`
Nodes []RedisNode `koanf:"nodes"`
RouteByLatency bool `koanf:"route_by_latency"`
RouteRandomly bool `koanf:"route_randomly"`
}
RedisHighAvailabilityConfiguration holds configuration variables for Redis Cluster/Sentinel.
type RedisSessionConfiguration ¶
type RedisSessionConfiguration struct {
Host string `koanf:"host"`
Port int `koanf:"port"`
Username string `koanf:"username"`
Password string `koanf:"password"`
DatabaseIndex int `koanf:"database_index"`
MaximumActiveConnections int `koanf:"maximum_active_connections"`
MinimumIdleConnections int `koanf:"minimum_idle_connections"`
TLS *TLSConfig `koanf:"tls"`
HighAvailability *RedisHighAvailabilityConfiguration `koanf:"high_availability"`
}
RedisSessionConfiguration represents the configuration related to redis session store.
type RegulationConfiguration ¶
type RegulationConfiguration struct {
MaxRetries int `koanf:"max_retries"`
FindTime time.Duration `koanf:"find_time,weak"`
BanTime time.Duration `koanf:"ban_time,weak"`
}
RegulationConfiguration represents the configuration related to regulation.
type SCryptPassword ¶ added in v4.37.0
type SCryptPassword struct {
Iterations int `koanf:"iterations"`
BlockSize int `koanf:"block_size"`
Parallelism int `koanf:"parallelism"`
KeyLength int `koanf:"key_length"`
SaltLength int `koanf:"salt_length"`
}
SCryptPassword represents the scrypt hashing settings.
type SHA2CryptPassword ¶ added in v4.37.0
type SHA2CryptPassword struct {
Variant string `koanf:"variant"`
Iterations int `koanf:"iterations"`
SaltLength int `koanf:"salt_length"`
}
SHA2CryptPassword represents the sha2crypt hashing settings.
type SMTPNotifierConfiguration ¶
type SMTPNotifierConfiguration struct {
Host string `koanf:"host"`
Port int `koanf:"port"`
Timeout time.Duration `koanf:"timeout"`
Username string `koanf:"username"`
Password string `koanf:"password"`
Identifier string `koanf:"identifier"`
Sender mail.Address `koanf:"sender"`
Subject string `koanf:"subject"`
StartupCheckAddress mail.Address `koanf:"startup_check_address"`
DisableRequireTLS bool `koanf:"disable_require_tls"`
DisableHTMLEmails bool `koanf:"disable_html_emails"`
DisableStartTLS bool `koanf:"disable_starttls"`
TLS *TLSConfig `koanf:"tls"`
}
SMTPNotifierConfiguration represents the configuration of the SMTP server to send emails with.
type SQLStorageConfiguration ¶
type SQLStorageConfiguration struct {
Host string `koanf:"host"`
Port int `koanf:"port"`
Database string `koanf:"database"`
Username string `koanf:"username"`
Password string `koanf:"password"`
Timeout time.Duration `koanf:"timeout"`
}
SQLStorageConfiguration represents the configuration of the SQL database.
type ServerBuffers ¶ added in v4.36.4
ServerBuffers represents server buffer configurations.
type ServerConfiguration ¶
type ServerConfiguration struct {
Host string `koanf:"host"`
Port int `koanf:"port"`
Path string `koanf:"path"`
AssetPath string `koanf:"asset_path"`
EnablePprof bool `koanf:"enable_pprof"`
EnableExpvars bool `koanf:"enable_expvars"`
DisableHealthcheck bool `koanf:"disable_healthcheck"`
TLS ServerTLSConfiguration `koanf:"tls"`
Headers ServerHeadersConfiguration `koanf:"headers"`
Buffers ServerBuffers `koanf:"buffers"`
Timeouts ServerTimeouts `koanf:"timeouts"`
}
ServerConfiguration represents the configuration of the http server.
type ServerHeadersConfiguration ¶ added in v4.34.0
type ServerHeadersConfiguration struct {
CSPTemplate string `koanf:"csp_template"`
}
ServerHeadersConfiguration represents the customization of the http server headers.
type ServerTLSConfiguration ¶
type ServerTLSConfiguration struct {
Certificate string `koanf:"certificate"`
Key string `koanf:"key"`
ClientCertificates []string `koanf:"client_certificates"`
}
ServerTLSConfiguration represents the configuration of the http servers TLS options.
type ServerTimeouts ¶ added in v4.36.4
type ServerTimeouts struct {
Read time.Duration `koanf:"read"`
Write time.Duration `koanf:"write"`
Idle time.Duration `koanf:"idle"`
}
ServerTimeouts represents server timeout configurations.
type SessionConfiguration ¶
type SessionConfiguration struct {
Name string `koanf:"name"`
Domain string `koanf:"domain"`
SameSite string `koanf:"same_site"`
Secret string `koanf:"secret"`
Expiration time.Duration `koanf:"expiration"`
Inactivity time.Duration `koanf:"inactivity"`
RememberMeDuration time.Duration `koanf:"remember_me_duration"`
Redis *RedisSessionConfiguration `koanf:"redis"`
}
SessionConfiguration represents the configuration related to user sessions.
type StorageConfiguration ¶
type StorageConfiguration struct {
Local *LocalStorageConfiguration `koanf:"local"`
MySQL *MySQLStorageConfiguration `koanf:"mysql"`
PostgreSQL *PostgreSQLStorageConfiguration `koanf:"postgres"`
EncryptionKey string `koanf:"encryption_key"`
}
StorageConfiguration represents the configuration of the storage backend.
type StructValidator ¶
type StructValidator struct {
// contains filtered or unexported fields
}
StructValidator is a validator for structs.
func NewStructValidator ¶
func NewStructValidator() *StructValidator
NewStructValidator is a constructor of struct validator.
func (*StructValidator) Errors ¶
func (v *StructValidator) Errors() []error
Errors returns the errors.
func (*StructValidator) HasErrors ¶
func (v *StructValidator) HasErrors() bool
HasErrors checks whether the validator contains errors.
func (*StructValidator) HasWarnings ¶
func (v *StructValidator) HasWarnings() bool
HasWarnings checks whether the validator contains warning errors.
func (*StructValidator) Push ¶
func (v *StructValidator) Push(err error)
Push an error to the validator.
func (*StructValidator) PushWarning ¶
func (v *StructValidator) PushWarning(err error)
PushWarning error to the validator.
func (*StructValidator) Warnings ¶
func (v *StructValidator) Warnings() []error
Warnings returns the warnings.
type TLSCertificateConfig ¶ added in v4.37.0
type TLSCertificateConfig struct {
Key CryptographicPrivateKey `koanf:"key"`
CertificateChain X509CertificateChain `koanf:"certificate_chain"`
}
TLSCertificateConfig is a representation of the TLS Certificate configuration.
type TLSConfig ¶
type TLSConfig struct {
MinimumVersion TLSVersion `koanf:"minimum_version"`
MaximumVersion TLSVersion `koanf:"maximum_version"`
SkipVerify bool `koanf:"skip_verify"`
ServerName string `koanf:"server_name"`
PrivateKey CryptographicPrivateKey `koanf:"private_key"`
CertificateChain X509CertificateChain `koanf:"certificate_chain"`
}
TLSConfig is a representation of the TLS configuration.
type TLSVersion ¶ added in v4.37.0
type TLSVersion struct {
Value uint16
}
TLSVersion is a struct which handles tls.Config versions.
func NewTLSVersion ¶ added in v4.37.0
func NewTLSVersion(input string) (version *TLSVersion, err error)
NewTLSVersion returns a new TLSVersion given a string.
func (*TLSVersion) MaxVersion ¶ added in v4.37.0
func (v *TLSVersion) MaxVersion() uint16
MaxVersion returns the value of this as a MaxVersion value.
func (*TLSVersion) MinVersion ¶ added in v4.37.0
func (v *TLSVersion) MinVersion() uint16
MinVersion returns the value of this as a MinVersion value.
func (*TLSVersion) String ¶ added in v4.37.0
func (v *TLSVersion) String() string
String provides the Stringer.
type TOTPConfiguration ¶
type TOTPConfiguration struct {
Disable bool `koanf:"disable"`
Issuer string `koanf:"issuer"`
Algorithm string `koanf:"algorithm"`
Digits uint `koanf:"digits"`
Period uint `koanf:"period"`
Skew *uint `koanf:"skew"`
SecretSize uint `koanf:"secret_size"`
}
TOTPConfiguration represents the configuration related to TOTP options.
type TelemetryConfig ¶ added in v4.36.0
type TelemetryConfig struct {
Metrics TelemetryMetricsConfig `koanf:"metrics"`
}
TelemetryConfig represents the telemetry config.
type TelemetryMetricsConfig ¶ added in v4.36.0
type TelemetryMetricsConfig struct {
Enabled bool `koanf:"enabled"`
Address *Address `koanf:"address"`
Buffers ServerBuffers `koanf:"buffers"`
Timeouts ServerTimeouts `koanf:"timeouts"`
}
TelemetryMetricsConfig represents the telemetry metrics config.
type WebauthnConfiguration ¶ added in v4.34.0
type WebauthnConfiguration struct {
Disable bool `koanf:"disable"`
DisplayName string `koanf:"display_name"`
ConveyancePreference protocol.ConveyancePreference `koanf:"attestation_conveyance_preference"`
UserVerification protocol.UserVerificationRequirement `koanf:"user_verification"`
Timeout time.Duration `koanf:"timeout"`
}
WebauthnConfiguration represents the webauthn config.
type X509CertificateChain ¶ added in v4.37.0
type X509CertificateChain struct {
// contains filtered or unexported fields
}
X509CertificateChain is a helper struct that holds a list of *x509.Certificate's.
func NewX509CertificateChain ¶ added in v4.37.0
func NewX509CertificateChain(in string) (chain *X509CertificateChain, err error)
NewX509CertificateChain creates a new *X509CertificateChain from a given string, parsing each PEM block one by one.
func (*X509CertificateChain) Certificates ¶ added in v4.37.0
func (c *X509CertificateChain) Certificates() (certificates []*x509.Certificate)
Certificates for this X509CertificateChain.
func (*X509CertificateChain) CertificatesRaw ¶ added in v4.37.0
func (c *X509CertificateChain) CertificatesRaw() (certificates [][]byte)
CertificatesRaw for this X509CertificateChain.
func (*X509CertificateChain) Equal ¶ added in v4.37.0
func (c *X509CertificateChain) Equal(other *x509.Certificate) (equal bool)
Equal checks if the provided *x509.Certificate is equal to the first *x509.Certificate in the chain.
func (*X509CertificateChain) EqualKey ¶ added in v4.37.0
func (c *X509CertificateChain) EqualKey(other any) (equal bool)
EqualKey checks if the provided key (public or private) has a public key equal to the first public key in this chain.
func (*X509CertificateChain) HasCertificates ¶ added in v4.37.0
func (c *X509CertificateChain) HasCertificates() (has bool)
HasCertificates returns true if the chain has any certificates.
func (*X509CertificateChain) Leaf ¶ added in v4.37.0
func (c *X509CertificateChain) Leaf() (leaf *x509.Certificate)
Leaf returns the first certificate if available for use with tls.Certificate.
func (*X509CertificateChain) Thumbprint ¶ added in v4.37.0
func (c *X509CertificateChain) Thumbprint(hash crypto.Hash) []byte
Thumbprint returns the Thumbprint for the first certificate.
func (*X509CertificateChain) Validate ¶ added in v4.37.0
func (c *X509CertificateChain) Validate() (err error)
Validate the X509CertificateChain ensuring the certificates were provided in the correct order (with nth being signed by the nth+1), and that all of the certificates are valid based on the current time.
Source Files