security

package

v0.0.0-...-cc5222e Latest Latest Go to latest Published: Mar 8, 2026 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bycmd/GoRouter-kit

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type AuthConfig
type AuthType
type Authenticator
type CheckInput
type Config
type CustomAuthenticator
type DangerousArgumentsConfig
type EventHandler
type Guard
type Limiter
- func NewLimiter() *Limiter
- func (l *Limiter) Allow(key string, limit int, window time.Duration) (bool, time.Duration)
- func (l *Limiter) Reset()
- func (l *Limiter) ResetUser(userID string)
type Manager
- func NewManager(cfg Config) *Manager
- func (m *Manager) Authenticate(ctx context.Context, token string) (*User, error)
- func (m *Manager) Check(_ context.Context, in CheckInput) error
- func (m *Manager) ClearRateLimitCounters(userID string)
- func (m *Manager) ClearTokenCache()
- func (m *Manager) CreateAccessToken(user User, expiresIn time.Duration) (string, error)
- func (m *Manager) Destroy()
- func (m *Manager) GetConfig() Config
- func (m *Manager) LogToolCall(event ToolCallEvent)
- func (m *Manager) Off(event string, id int)
- func (m *Manager) On(event string, fn EventHandler) int
- func (m *Manager) UpdateConfig(cfg Config)
type RateLimit
type RolePolicy
type SimpleGuard
- func NewSimpleGuard() *SimpleGuard
- func (g *SimpleGuard) Check(_ context.Context, in CheckInput) error
type ToolCallAuditor
type ToolCallEvent
type ToolPolicy
type User

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrAccessDenied      = errors.New("access denied")
	ErrAuthRequired      = errors.New("authentication required")
	ErrRateLimited       = errors.New("rate limit exceeded")
	ErrInvalidToken      = errors.New("invalid token")
	ErrTokenCreate       = errors.New("token creation failed")
	ErrDangerousArgument = errors.New("dangerous argument detected")
	ErrAuthConfig        = errors.New("invalid authentication config")
)

Functions ¶

This section is empty.

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	Type                AuthType
	APIKeys             map[string]User
	JWTSecret           string
	TokenTTL            time.Duration
	CustomAuthenticator CustomAuthenticator
}

type AuthType ¶

type AuthType string

const (
	AuthTypeAPIKey AuthType = "api-key"
	AuthTypeJWT    AuthType = "jwt"
	AuthTypeCustom AuthType = "custom"
)

type Authenticator ¶

type Authenticator interface {
	Authenticate(ctx context.Context, token string) (*User, error)
}

type CheckInput ¶

type CheckInput struct {
	Tool schema.Tool
	Call schema.ToolCall
	Args any
	User *User
}

type Config ¶

type Config struct {
	DefaultPolicy              string
	RequireAuthentication      bool
	AllowUnauthenticatedAccess bool
	Debug                      bool
	TokenCacheTTL              time.Duration
	DangerousArguments         DangerousArgumentsConfig
	Auth                       AuthConfig
	Tools                      map[string]ToolPolicy
	Roles                      map[string]RolePolicy
}

type CustomAuthenticator ¶

type CustomAuthenticator func(ctx context.Context, token string) (*User, error)

type DangerousArgumentsConfig ¶

type DangerousArgumentsConfig struct {
	GlobalPatterns []string
	ToolPatterns   map[string][]string
	BlockedValues  []string
	AuditOnly      bool
}

type EventHandler ¶

type EventHandler func(payload any)

type Guard ¶

type Guard interface {
	Check(ctx context.Context, input CheckInput) error
}

type Limiter ¶

type Limiter struct {
	// contains filtered or unexported fields
}

func NewLimiter ¶

func NewLimiter() *Limiter

func (*Limiter) Allow ¶

func (l *Limiter) Allow(key string, limit int, window time.Duration) (bool, time.Duration)

func (*Limiter) Reset ¶

func (l *Limiter) Reset()

func (*Limiter) ResetUser ¶

func (l *Limiter) ResetUser(userID string)

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager ¶

func NewManager(cfg Config) *Manager

func (*Manager) Authenticate ¶

func (m *Manager) Authenticate(ctx context.Context, token string) (*User, error)

func (*Manager) Check ¶

func (m *Manager) Check(_ context.Context, in CheckInput) error

func (*Manager) ClearRateLimitCounters ¶

func (m *Manager) ClearRateLimitCounters(userID string)

func (*Manager) ClearTokenCache ¶

func (m *Manager) ClearTokenCache()

func (*Manager) CreateAccessToken ¶

func (m *Manager) CreateAccessToken(user User, expiresIn time.Duration) (string, error)

func (*Manager) Destroy ¶

func (m *Manager) Destroy()

func (*Manager) GetConfig ¶

func (m *Manager) GetConfig() Config

func (*Manager) LogToolCall ¶

func (m *Manager) LogToolCall(event ToolCallEvent)

func (*Manager) Off ¶

func (m *Manager) Off(event string, id int)

func (*Manager) On ¶

func (m *Manager) On(event string, fn EventHandler) int

func (*Manager) UpdateConfig ¶

func (m *Manager) UpdateConfig(cfg Config)

type RateLimit ¶

type RateLimit struct {
	Limit  int
	Window time.Duration
}

type RolePolicy ¶

type RolePolicy struct {
	AllowedTools []string
	RateLimits   map[string]RateLimit
}

type SimpleGuard ¶

type SimpleGuard struct{}

func NewSimpleGuard ¶

func NewSimpleGuard() *SimpleGuard

func (*SimpleGuard) Check ¶

func (g *SimpleGuard) Check(_ context.Context, in CheckInput) error

type ToolCallAuditor ¶

type ToolCallAuditor interface {
	LogToolCall(event ToolCallEvent)
}

type ToolCallEvent ¶

type ToolCallEvent struct {
	ToolName string
	UserID   string
	Args     any
	Result   any
	Success  bool
	Error    error
	TimeUnix int64
}

type ToolPolicy ¶

type ToolPolicy struct {
	Allow     *bool
	Roles     []string
	Scopes    []string
	RateLimit *RateLimit
}

type User ¶

type User struct {
	ID        string
	Role      string
	Roles     []string
	Scopes    []string
	Username  string
	ExpiresAt int64
	Metadata  map[string]any
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL