yubikey

package module
v0.0.0-...-8419e78 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2023 License: BSD-3-Clause Imports: 27 Imported by: 0

README

Yubikey

Messing with yubikeys and the web authentication protocol.

Excellent blog post on the topic: www.herbie.dev/blog/webauthn-basic-web-client-server/.

Networking

Edit the /etc/hosts file on your computer and add the following line:

127.0.0.1 yubikey.local

Note you will have to edit this file in sudo mode to save it.

TLS Certificates

Generate self-signed certificates as follows:

$ openssl genrsa -out tmp/server.key 2048
$ openssl req -new -x509 -sha256 -key tmp/server.key -out tmp/server.crt -days 3650

Make sure that the FQDN is yubikey.local or whatever you added for networking above.

Documentation

Index

Constants

View Source 
const (
	VersionMajor         = 0
	VersionMinor         = 2
	VersionPatch         = 0
	VersionReleaseLevel  = "alpha"
	VersionReleaseNumber = 2
)

Version component constants for the current build.

Variables

View Source 
var (
	ErrUserNotFound      = errors.New("user not found")
	ErrUserAlreadyExists = errors.New("user already exists")
	ErrUnknownIDType     = errors.New("unknown user ID type must be uuid")
)
View Source 
var GitVersion string

Set the GitVersion via -ldflags="-X 'github.com/bbengfort/yubikey.GitVersion=$(git rev-parse --short HEAD)'"

Functions

func Version 

func Version() string

Version returns the semantic version for the current build.

Types

type LoginForm 

type LoginForm struct {
	Email string `json:"email"`
}

type RegistrationForm 

type RegistrationForm struct {
	Email string `json:"email"`
	Name  string `json:"name"`
}

type Render 

type Render struct {
	// contains filtered or unexported fields
}

func NewRender 

func NewRender(fsys fs.FS, pattern string, includes ...string) (_ *Render, err error)

func (*Render) Instance 

func (r *Render) Instance(name string, data any) render.Render

type Server 

type Server struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func New 

func New(conf config.Config) (s *Server, err error)

func (*Server) Available 

func (s *Server) Available() gin.HandlerFunc

Available is middleware that uses the healthy boolean to return a service unavailable http status code if the server is shutting down. It does this before all routes to ensure that complex handling doesn't bog down the server.

func (*Server) BeginLogin 

func (s *Server) BeginLogin(c *gin.Context)

func (*Server) BeginRegistration 

func (s *Server) BeginRegistration(c *gin.Context)

func (*Server) FinishLogin 

func (s *Server) FinishLogin(c *gin.Context)

func (*Server) FinishRegistration 

func (s *Server) FinishRegistration(c *gin.Context)

func (*Server) Healthz 

func (s *Server) Healthz(c *gin.Context)

Healthz is used to alert k8s to the health/liveness status of the server.

func (*Server) Index 

func (s *Server) Index(c *gin.Context)

func (*Server) Login 

func (s *Server) Login(c *gin.Context)

func (*Server) NotAllowed 

func (s *Server) NotAllowed(c *gin.Context)

func (*Server) NotFound 

func (s *Server) NotFound(c *gin.Context)

func (*Server) Readyz 

func (s *Server) Readyz(c *gin.Context)

Readyz is used to alert k8s to the readiness status of the server.

func (*Server) Register 

func (s *Server) Register(c *gin.Context)

func (*Server) Serve 

func (s *Server) Serve() (err error)

func (*Server) SetStatus 

func (s *Server) SetStatus(health, ready bool)

SetHealth sets the health status on the API server, putting it into unavailable mode if health is false, and removing maintenance mode if health is true. Here primarily for testing purposes since it is unlikely an outside caller can access this.

func (*Server) Shutdown 

func (s *Server) Shutdown() error

func (*Server) Status 

func (s *Server) Status(c *gin.Context)

Status is an unauthenticated endpoint that returns the status of the api server and can be used for heartbeats and liveness checks. This status method is the global status method, meaning it returns the latest version of the whipser service, no matter how many API versions are available.

func (*Server) URL 

func (s *Server) URL() string

URL returns the URL of the server determined by the socket addr.

type User 

type User struct {
	sync.RWMutex
	ID    uuid.UUID
	Name  string
	Email string
	// contains filtered or unexported fields
}

func (*User) AddCredential 

func (u *User) AddCredential(cred webauthn.Credential)

func (*User) CredentialExcludeList 

func (u *User) CredentialExcludeList() []protocol.CredentialDescriptor

func (*User) WebAuthnCredentials 

func (u *User) WebAuthnCredentials() []webauthn.Credential

WebAuthnCredentials provides the list of Credential objects owned by the user.

func (*User) WebAuthnDisplayName 

func (u *User) WebAuthnDisplayName() string

WebAuthnDisplayName provides the name attribute of the user account during registration and is a human-palatable name for the user account, intended only for display. For example, "Alex Müller" or "田中倫". The Relying Party SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary.

Specification: §5.4.3. User Account Parameters for Credential Generation (https://www.w3.org/TR/webauthn/#dom-publickeycredentialuserentity-displayname)

func (*User) WebAuthnID 

func (u *User) WebAuthnID() []byte

WebAuthnID provides the user handle of the user account. A user handle is an opaque byte sequence with a maximum size of 64 bytes, and is not meant to be displayed to the user.

To ensure secure operation, authentication and authorization decisions MUST be made on the basis of this id member, not the displayName nor name members. See Section 6.1 of [RFC8266].

It's recommended this value is completely random and uses the entire 64 bytes.

Specification: §5.4.3. User Account Parameters for Credential Generation (https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-id)

func (*User) WebAuthnIcon 

func (u *User) WebAuthnIcon() string

WebAuthnIcon is a deprecated option. Deprecated: this has been removed from the specification recommendation. Suggest a blank string.

func (*User) WebAuthnName 

func (u *User) WebAuthnName() string

WebAuthnName provides the name attribute of the user account during registration and is a human-palatable name for the user account, intended only for display. For example, "Alex Müller" or "田中倫". The Relying Party SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary.

Specification: §5.4.3. User Account Parameters for Credential Generation (https://w3c.github.io/webauthn/#dictdef-publickeycredentialuserentity)

type UserList 

type UserList struct {
	WebData
	Users []struct {
		ID          string
		Name        string
		Email       string
		Credentials int
	}
}

type Users 

type Users struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func NewUsers 

func NewUsers() *Users

func (*Users) CredentialExists 

func (db *Users) CredentialExists(creds *webauthn.Credential) bool

func (*Users) GetUser 

func (db *Users) GetUser(email string) (*User, error)

func (*Users) Lookup 

func (db *Users) Lookup(id interface{}) (_ *User, err error)

func (*Users) NewUser 

func (db *Users) NewUser(name, email string) (*User, error)

type WebData 

type WebData struct {
	Version string
}

Source Files

View all Source files

Directories

Path Synopsis
api
v1
cmd
yubikey

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.