core

package
v1.7.19 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 7, 2025 License: GPL-3.0 Imports: 81 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// HTTPEndChan is a channel of type `Done` used to signal the completion of HTTP server operations.
	HTTPEndChan chan Done

	// HTTP3EndChan is a channel of type `Done` used to signal the completion of HTTP3 server operations.
	HTTP3EndChan chan Done

	// LangBundle is a pointer to an instance of the i18n.Bundle type.
	// It represents a language bundle which is used for localization and internationalization purposes in the application.
	LangBundle *i18n.Bundle
)
View Source 
var BackendServers = NewBackendServer()

Functions

func BasicAuthMiddleware added in v1.3.9 

func BasicAuthMiddleware() gin.HandlerFunc

BasicAuthMiddleware returns a gin middleware handler dedicated for performing HTTP Basic AuthState. It first checks for specified parameters in the incoming request context. If the request already contains BasicAuth in its header, it attempts to authenticate the credentials. Hashed values of the supplied username and password are compared in constant time against expected username and password hashes. If the credentials match, it allows the equest to proceed; else terminates the request with HTTP 403 Forbidden status. If BasicAuth wasn't provided in request, it asks the client to provide credentials responding with HTTP 401 Unauthorized, and inserts a WWW-Authenticate field into response header.

func BeginRegistration added in v1.3.9 

func BeginRegistration(ctx *gin.Context)

BeginRegistration Page: '/2fa/v1/webauthn/register/begin'

func CacheHandler added in v1.3.9 

func CacheHandler(ctx *gin.Context)

CacheHandler handles the HTTP requests for cache related operations. It takes a gin.Context as a parameter.

Procedure:

  1. The function retrieves the "category" parameter from the request context.
  2. It uses a switch statement to handle different category values.
  3. For the "cache" category, it retrieves the "service" parameter and uses a switch statement to handle different service values.
  4. For the "flush" service, it calls the HandleUserFlush function.
  5. For the "bruteforce" category, it retrieves the "service" parameter and uses a switch statement to handle different service values.
  6. For the "flush" service, it calls the HandleBruteForceRuleFlush function.

func CompressionMiddleware added in v1.7.3 

func CompressionMiddleware() gin.HandlerFunc

CompressionMiddleware returns a middleware that compresses HTTP responses based on the configuration settings. It uses the gzip compression algorithm with the configured level and only compresses responses with the configured content types and minimum length.

func ConsentGETHandler added in v1.3.9 

func ConsentGETHandler(ctx *gin.Context)

ConsentGETHandler Page '/consent'

func ConsentPOSTHandler added in v1.3.9 

func ConsentPOSTHandler(ctx *gin.Context)

ConsentPOSTHandler Page '/consent/post'

func CustomRequestHandler added in v1.3.9 

func CustomRequestHandler(ctx *gin.Context)

CustomRequestHandler processes custom Lua hooks. Responds with JSON if hook returns a result, otherwise handles errors. If JWT is enabled, it checks if the user has the required roles for the hook.

func DecompressRequestMiddleware added in v1.7.3 

func DecompressRequestMiddleware() gin.HandlerFunc

DecompressRequestMiddleware returns a middleware that decompresses HTTP requests with gzip Content-Encoding. It checks if the request has a Content-Encoding header with value "gzip" and if so, replaces the request body with a decompressed version.

func DeviceGETHandler added in v1.3.9 

func DeviceGETHandler(ctx *gin.Context)

DeviceGETHandler Page '/device'

func DevicePOSTHandler added in v1.3.9 

func DevicePOSTHandler(ctx *gin.Context)

DevicePOSTHandler Page '/device/post'

func ExtractJWTToken added in v1.7.0 

func ExtractJWTToken(ctx *gin.Context) (string, error)

ExtractJWTToken extracts the JWT token from the Authorization header

func FinishRegistration added in v1.3.9 

func FinishRegistration(ctx *gin.Context)

FinishRegistration Page: '/2fa/v1/webauthn/register/finish'

func GenerateJWTToken added in v1.7.0 

func GenerateJWTToken(username string, roles []string) (string, int64, error)

GenerateJWTToken generates a JWT token for the given username and roles

func GenerateRefreshToken added in v1.7.0 

func GenerateRefreshToken(username string) (string, error)

GenerateRefreshToken generates a refresh token for the given username

func GetRefreshTokenFromRedis added in v1.7.0 

func GetRefreshTokenFromRedis(ctx context.Context, username string) (string, error)

GetRefreshTokenFromRedis retrieves a JWT refresh token from Redis

func GetTokenFromRedis added in v1.7.0 

func GetTokenFromRedis(ctx context.Context, username string) (string, error)

GetTokenFromRedis retrieves a JWT token from Redis

func HTTPApp 

func HTTPApp(ctx context.Context)

HTTPApp is a function that starts the HTTP server and sets up the necessary middlewares and endpoints. It takes a context.Context parameter.

func HandleBruteForceRuleFlush added in v1.3.9 

func HandleBruteForceRuleFlush(ctx *gin.Context)

HandleBruteForceRuleFlush handles the flushing of a brute force rule by processing the provided IP command and updating the necessary data. It logs information about the action, including the GUID, brute force category, and flush operation. If the IP command fails to bind, an error is logged, and a bad request status is returned. If there is an error processing the brute force rules, an error is logged, and an internal server error status is returned. If the rule flush error flag is true, the status message is set to "not flushed". The function then logs the status message and returns a JSON response containing the GUID, brute force category, flush operation, and the result of the command, including the IP address

func HandleConfigLoad added in v1.7.11 

func HandleConfigLoad(ctx *gin.Context)

HandleConfigLoad handles loading the server configuration and applies necessary JWT authentication checks. This function validates a provided JWT token for required roles when authentication is enabled. If JWT authentication fails, appropriate HTTP error responses are returned, such as Unauthorized or Forbidden. On success, it retrieves the server configuration as JSON and binds it to the request context.

func HandleErr added in v1.3.9 

func HandleErr(ctx *gin.Context, err error)

HandleErr handles an error by logging the error details and printing a goroutine dump. It sets the "failure" and "message" values in the context, and then calls the notifyGETHandler function. If the error is of type *errors.DetailedError, it logs the error details along with the error message. Otherwise, it logs only the error message. The function also prints the goroutine dump with the corresponding GUID. Finally, it cleans up the session using the sessionCleaner function.

ctx: The Gin context. err: The error to handle.

func HandleJSONError added in v1.3.9 

func HandleJSONError(ctx *gin.Context, err error)

HandleJSONError handles JSON validation errors by aborting the request and returning a JSON response with error details.

func HandleJWTTokenGeneration added in v1.7.0 

func HandleJWTTokenGeneration(ctx *gin.Context)

HandleJWTTokenGeneration handles the JWT token generation endpoint

func HandleJWTTokenRefresh added in v1.7.0 

func HandleJWTTokenRefresh(ctx *gin.Context)

HandleJWTTokenRefresh handles the JWT token refresh endpoint

func HandleUserFlush added in v1.3.9 

func HandleUserFlush(ctx *gin.Context)

HandleUserFlush is a handler function for a Gin HTTP server. It takes a gin.Context as a parameter and attempts to flush the cache according to the *FlushUserCmd in the request's JSON body.

Parameters:

  • ctx: A pointer to gin.Context. The context is used for retrieving a *FlushUserCmd payload from the request and for sending HTTP responses. The context also carries a globally unique identifier (GUID) for logging purposes.

Local variables:

  • userCmd: A pointer to a FlushUserCmd object. This object is populated with data from the request's JSON body.
  • guid: The globally unique identifier retrieved from the context for logging.
  • useCache: A flag indicating whether the cache backend is currently in use by the application. When true, the function can remove password history keys from the cache.
  • statusMsg: A variable for storing the status message. This message will be either "flushed" or "not flushed", based on the outcome of the cache flush operation.

Procedure:

  1. The function first retrieves the GUID from the context.
  2. Then, it logs the GUID along with the flushing information.
  3. It attempts to bind the JSON payload from the request to a FlushUserCmd object.
  4. If any error occurs during this binding, the function logs the error and the GUID. After that, it aborts the current HTTP request by sending a 400 (Bad Request) status code as a response. Then the function returns.
  5. If there are no binding errors, the function processes the cache flush.
  6. Based on the useCache flag and the outcome of the cache flush operation, the function updates the statusMsg and sends the cache status to the client.

func HanldeBruteForceList added in v1.3.9 

func HanldeBruteForceList(ctx *gin.Context)

HanldeBruteForceList lists all blocked IP addresses and accounts in response to a brute force attack event.

func HealthCheck added in v1.3.9 

func HealthCheck(ctx *gin.Context)

HealthCheck handles the health check functionality by logging a message and returning "pong" as the response.

func InitHTTPClient added in v1.3.0 

func InitHTTPClient()

InitHTTPClient initializes the global httpClient variable with a pre-configured instance from util.NewHTTPClient.

func InitPassDBResultPool added in v1.7.3 

func InitPassDBResultPool()

InitPassDBResultPool initializes the PassDBResultPool in the objpool package This function should be called during application initialization

func JWTAuthMiddleware added in v1.7.0 

func JWTAuthMiddleware() gin.HandlerFunc

JWTAuthMiddleware is a middleware that validates JWT tokens

func LoadStatsFromRedis 

func LoadStatsFromRedis(ctx context.Context)

LoadStatsFromRedis loads the prometheus statistics at startup from a Redis server.

func LoggerMiddleware added in v1.3.9 

func LoggerMiddleware() gin.HandlerFunc

LoggerMiddleware is a middleware function that logs information about the incoming HTTP request and response. It sets a GUID (generated using ksuid.New().String()) in the Gin context with the key defined by definitions.CtxGUIDKey. The function starts a timer to measure the latency of the request. It then proceeds to the next middleware or handler in the chain by calling ctx.Next(). After the request is processed, it checks for any errors in the context using ctx.Errors.Last(). Based on the presence of an error, it decides which logger, logWrapper, and logKey to use. The logWrapper is either level.Error or level.Info. The logKey is either definitions.LogKeyMsg or global.LogKeyMsg. The function stops the timer and calculates the latency. It then collects additional information about the request, such as negotiatedProtocol and cipherSuiteName. Finally, it calls logWrapper(logger).Log() to log the request information with the appropriate logger, logKey, and values.

func LoginGET2FAHandler added in v1.3.9 

func LoginGET2FAHandler(ctx *gin.Context)

LoginGET2FAHandler Page '/2fa/v1/register'

func LoginGETHandler added in v1.3.9 

func LoginGETHandler(ctx *gin.Context)

LoginGETHandler Page '/login'

func LoginPOST2FAHandler added in v1.3.9 

func LoginPOST2FAHandler(ctx *gin.Context)

LoginPOST2FAHandler Page '/2fa/v1/register/post'

func LoginPOSTHandler added in v1.3.9 

func LoginPOSTHandler(ctx *gin.Context)

LoginPOSTHandler Page '/login/post'

func LogoutGETHandler added in v1.3.9 

func LogoutGETHandler(ctx *gin.Context)

LogoutGETHandler Page '/logout'

func LogoutPOSTHandler added in v1.3.9 

func LogoutPOSTHandler(ctx *gin.Context)

LogoutPOSTHandler Page '/logout/post'

func LuaContextMiddleware added in v1.3.9 

func LuaContextMiddleware() gin.HandlerFunc

LuaContextMiddleware is a middleware function that adds a Lua context to the Gin context. It sets the value of definitions.CtxDataExchangeKey in the Gin context to a new instance of Context created by lualib.NewContext(). The function then calls the Next() method in the Gin context to proceed to the next middleware or handler in the chain.

func NotifyGETHandler added in v1.3.9 

func NotifyGETHandler(ctx *gin.Context)

NotifyGETHandler handles the GET request for the notification page. It sets the HTTP status code, status title, and notification message based on the context. It also prepares the data for rendering the notify.html template and executes the HTML rendering.

func PrometheusMiddleware added in v1.3.9 

func PrometheusMiddleware() gin.HandlerFunc

PrometheusMiddleware is a middleware function for Gin Web Framework that collects metrics using Prometheus. It measures the duration of the HTTP request and increments a counter for the number of requests for each path. The collected metrics are stored in the Prometheus histogram, counter, and summary variables. This middleware function should be used in the setup of routing to collect metrics for each HTTP request.

func ProtectEndpointMiddleware added in v1.3.9 

func ProtectEndpointMiddleware() gin.HandlerFunc

ProtectEndpointMiddleware is a middleware function for Gin Web Framework that provides security features for an endpoint. It extracts the request's client information such as GUID, Client-IP, Protocol, and UserAgent from the context of the request. The function also checks for brute force attacks, and if detected, it updates the counter for brute force attempts and fails the authentication. Further, it handles security features such as TLS, Domain Relay, RBL, and Lua, and in case of their failure, it stops further execution of the request. This middleware function should be used in the setup of routing to ensure the security of the endpoint it is applied to.

func PutAuthState added in v1.7.2 

func PutAuthState(auth State)

PutAuthState returns an AuthState to the pool after resetting it

func PutPassDBResultToPool added in v1.7.3 

func PutPassDBResultToPool(obj *PassDBResult)

PutPassDBResultToPool returns a PassDBResult object to the pool The object is reset before being returned to the pool

func Register2FAHomeHandler added in v1.3.9 

func Register2FAHomeHandler(ctx *gin.Context)

Register2FAHomeHandler Page '/2fa/v1/register/home'

func RegisterTotpGETHandler added in v1.3.9 

func RegisterTotpGETHandler(ctx *gin.Context)

RegisterTotpGETHandler Page '/2fa/v1/totp'

func RegisterTotpPOSTHandler added in v1.3.9 

func RegisterTotpPOSTHandler(ctx *gin.Context)

RegisterTotpPOSTHandler Page '/2fa/v1/totp/post'

func RequestHandler added in v1.3.9 

func RequestHandler(ctx *gin.Context)

func SaveStatsToRedis 

func SaveStatsToRedis(ctx context.Context)

SaveStatsToRedis saves the prometheus statistics to a Redis server.

func StoreRefreshTokenInRedis added in v1.7.0 

func StoreRefreshTokenInRedis(ctx context.Context, username, refreshToken string) error

StoreRefreshTokenInRedis stores a JWT refresh token in Redis for multi-instance compatibility

func StoreTokenInRedis added in v1.7.0 

func StoreTokenInRedis(ctx context.Context, username, token string, expiresAt int64) error

StoreTokenInRedis stores a JWT token in Redis for multi-instance compatibility

func UpdateRedisPoolStats added in v1.3.3 

func UpdateRedisPoolStats()

UpdateRedisPoolStats updates and tracks Redis pool statistics such as hits, misses, timeouts, and connection counts.

func WithLanguageMiddleware added in v1.3.9 

func WithLanguageMiddleware() gin.HandlerFunc

WithLanguageMiddleware is a middleware function that handles the language setup for the application. It tries to get the language tag from the URL and the cookie. It sets the language details and creates a localizer based on the selected language. It also handles CSRF token and localization in the context. If the language is not found in the catalog, it aborts the request with a "Language Not Found" error. If the language needs to be saved in a cookie or redirection is required, it does so accordingly. Finally, it calls the next handler in the chain.

Types

type AccountList 

type AccountList []string

AccountList is a slice of strings containing the list of all user accounts.

type AccountListMap 

type AccountListMap struct {
	// contains filtered or unexported fields
}

AccountListMap is a struct type that represents a mapping between a backend and an account list option function for authentication.

type AccountListOption 

type AccountListOption func(a *AuthState) (AccountList, error)

AccountListOption is the function signature for an account Database.

type AddTOTPSecretFunc 

type AddTOTPSecretFunc func(auth *AuthState, totp *TOTPSecret) (err error)

AddTOTPSecretFunc is a function signature that takes a *AuthState and *TOTPSecret as arguments and returns an error.

type ApiConfig 

type ApiConfig struct {
	// contains filtered or unexported fields
}

ApiConfig is a struct that encapsulates configuration and parameters for HTTP communication with OAuth2 OpenID-Connect server via OpenAPI. This includes configurations for HTTP client, authorization parameters, and request context.

func (*ApiConfig) HandleConsentSkip 

func (a *ApiConfig) HandleConsentSkip()

HandleConsentSkip handles the consent skipping logic. If the consent request skip flag is false and the skip consent config flag is false, it processes the consent. Otherwise, it redirects with consent.

Example usage: 

apiConfig := &ApiConfig{ctx: ctx}
apiConfig.initialize()
apiConfig.HandleConsentSkip()

Dependencies:

  • a.consentRequest.GetSkip() (from initialize)
  • config.GetSkipConsent(*a.clientId) (from initialize)

Note: This method assumes that the ApiConfig object is properly initialized with the ctx field set.

type AuthState added in v1.1.2 

type AuthState struct {
	// StartTime represents the starting time of a client request.
	StartTime time.Time

	// NoAuth is a flag that is set if the request mode does not require authentication.
	NoAuth bool

	// ListAccounts is a flag that is set if Nauthilus is requested to send a full list of available user accounts.
	ListAccounts bool

	// UserFound is a flag that is set if a password Database found the user.
	UserFound bool

	// PasswordsAccountSeen is a counter increased whenever a new failed password was detected for the current account.
	PasswordsAccountSeen uint

	// PasswordsTotalSeen is a counter increased whenever a new failed password was detected.
	PasswordsTotalSeen uint

	// LoginAttempts is a counter incremented for each failed login request
	LoginAttempts uint

	// StatusCodeOk is the HTTP status code that is set by SetStatusCodes.
	StatusCodeOK int

	// StatusCodeInternalError is the HTTP status code that is set by SetStatusCodes.
	StatusCodeInternalError int

	// StatusCodeFail is the HTTP status code that is set by SetStatusCodes.
	StatusCodeFail int

	// GUID is a global unique identifier inherited in all functions and methods that deal with the
	// authentication process. It is necessary to track log lines belonging to one request.
	GUID *string

	// Method is set by the "Auth-Method" HTTP request header (Nginx protocol). It is typically something like "plain"
	// or "login".
	Method *string

	// AccountField is the name of either an SQL field name or an LDAP attribute that was used to retrieve a user account.
	AccountField *string

	// Username is the value taken from the HTTP header "Auth-User" (Nginx protocol).
	Username string

	// Password is the value taken from the HTTP header "Auth-Pass" (Nginx protocol).
	Password string

	// ClientIP is the IP of a client that is to be authenticated. The value is set by the HTTP request header
	// "Client-IP" (Nginx protocol).
	ClientIP string

	// XClientPort adds the remote client TCP port, which is set by the HTTP request header "X-Client-Port".
	XClientPort string

	// ClientHost is the DNS A name of the remote client. It is set with the HTTP request header "Client-Host" (Nginx
	// protocol).
	ClientHost string

	// HAProxy specific headers
	XSSL                string // %[ssl_fc]
	XSSLSessionID       string // %[ssl_fc_session_id,hex]
	XSSLClientVerify    string // %[ssl_c_verify]
	XSSLClientDN        string // %{+Q}[ssl_c_s_dn]
	XSSLClientCN        string // %{+Q}[ssl_c_s_dn(cn)]
	XSSLIssuer          string // %{+Q}[ssl_c_i_dn]
	XSSLClientNotBefore string // %{+Q}[ssl_c_notbefore]
	XSSLClientNotAfter  string // %{+Q}[ssl_c_notafter]
	XSSLSubjectDN       string // %{+Q}[ssl_c_s_dn]
	XSSLIssuerDN        string // %{+Q}[ssl_c_i_dn]
	XSSLClientSubjectDN string // %{+Q}[ssl_c_s_dn]
	XSSLClientIssuerDN  string // %{+Q}[ssl_c_i_dn]
	XSSLProtocol        string // %[ssl_fc_protocol]
	XSSLCipher          string // %[ssl_fc_cipher]

	// SSLSerial represents the serial number of an SSL certificate as a string.
	SSLSerial string

	// SSLFingerprint represents the fingerprint of an SSL certificate.
	SSLFingerprint string

	// XClientID is delivered by some mail user agents when using IMAP. This value is set by the HTTP request header
	// "X-Client-Id".
	XClientID string

	// XLocalIP is the TCP/IP address of the server that asks for authentication. Its value is set by the HTTP request
	// header "X-Local-IP".
	XLocalIP string

	// XPort is the TCP port of the server that asks for authentication. Its value is set by the HTTP request
	// header "X-Local-Port".
	XPort string

	// UserAgent may have been seent by a mail user agent and is set by the HTTP request header "User-Agent".
	UserAgent *string

	// StatusMessage is the HTTP response payload that is sent to the remote server that asked for authentication.
	StatusMessage string

	// Service is set by Nauthilus depending on the router endpoint. Look at requestHandler for the structure of available
	// endpoints.
	Service string

	// BruteForceName is the canonical name of a brute force bucket that was triggered by a rule.
	BruteForceName string

	// FeatureName is the name of a feature that has triggered a reject.
	FeatureName string

	BackendName string

	// OIDCCID is the OIDC Client ID used for authentication.
	OIDCCID string

	// TOTPSecret is used to store a TOTP secret in an SQL Database.
	TOTPSecret *string

	// TOTPSecretField is the SQL field or LDAP attribute that resolves the TOTP secret for two-factor authentication.
	TOTPSecretField *string

	// TOTPRecoveryField NYI
	TOTPRecoveryField *string

	// UniqueUserIDField is a string representing a unique user identifier.
	UniqueUserIDField *string

	// DisplayNameField is the display name of a user
	DisplayNameField *string

	// AdditionalLogging is a slice of strings that can be filled from Lua features and a Lua backend. Its result will be
	// added to the regular log lines.
	AdditionalLogs []any

	// BruteForceCounter is a map that increments failed login requests. The key is a rule name defined in the
	// configuration file.
	BruteForceCounter map[string]uint

	// SourcePassDBBackend is a marker for the Database that is responsible for a specific user. It is set by the
	// password Database and stored in Redis to track the authentication flow across databases (including proxy).
	SourcePassDBBackend definitions.Backend

	// UsedPassDBBackend is set by the password Database that answered the current authentication request.
	UsedPassDBBackend definitions.Backend

	// UsedBackendIP is set by a filter Lua script for the Nginx endpoint to set the HTTP response header 'Auth-Server'.
	UsedBackendIP string

	// UsedBackendPort is set by a filter Lua script for the Nginx endpoint to set the HTTP response header 'Auth-Port'.
	UsedBackendPort int

	// Attributes is a result container for SQL and LDAP queries. Databases store their result by using a field or
	// attribute name as a key and the corresponding result as a value.
	Attributes bktype.AttributeMapping

	// Protocol is set by the HTTP request header "Auth-Protocol" (Nginx protocol).
	Protocol *config.Protocol

	// HTTPClientContext tracks the context for an HTTP client connection.
	HTTPClientContext *gin.Context

	// MonitoringFlags is a slice of definitions.Monitoring that is used to skip certain steps while processing an authentication request.
	MonitoringFlags []definitions.Monitoring

	// MasterUserMode is a flag for a backend to indicate a master user mode is ongoing.
	MasterUserMode bool

	*bruteforce.PasswordHistory
	*lualib.Context
}

AuthState represents a struct that holds information related to an authentication process.

func (*AuthState) AuthFail added in v1.3.9 

func (a *AuthState) AuthFail(ctx *gin.Context)

AuthFail handles the failure of authentication. It increases the login attempts, sets failure headers on the context, and performs login attempt processing.

func (*AuthState) AuthOK added in v1.3.9 

func (a *AuthState) AuthOK(ctx *gin.Context)

AuthOK is the general method to indicate authentication success.

func (*AuthState) AuthTempFail added in v1.3.9 

func (a *AuthState) AuthTempFail(ctx *gin.Context, reason string)

AuthTempFail sets the necessary headers and status message for temporary authentication failure. If the service is "user", it also sets headers specific to user information. After setting the headers, it returns the appropriate response based on the service. If the service is not "user", it returns an internal server error response with the status message. If the service is "user", it calls the sendAuthResponse method to set additional headers and returns.

Parameters: - ctx: The gin context object. - reason: The reason for the authentication failure.

Usage example: 

  func (a *AuthState) handleAuthentication(ctx *gin.Context) {
    ...
    a.authTempFail(ctx, global.TempFailDefault)
    ...
  }
  func (a *AuthState) handleSASLAuthdAuthentication(ctx *gin.Context) {
	   ...
    a.authTempFail(ctx, global.TempFailDefault)
    ...
  }

Declaration and usage of AuthTempFail: 

A: func (a *AuthState) authTempFail(ctx *gin.Context, reason string) {
  ...
}

func (*AuthState) CheckBruteForce added in v1.3.9 

func (a *AuthState) CheckBruteForce() (blockClientIP bool)

CheckBruteForce checks if a client is triggering brute force detection based on predefined rules and configurations. It evaluates conditions like authentication state, IP whitelisting, protocol enforcement, and bucket rate limits. Returns true if brute force detection is triggered, and false otherwise.

func (*AuthState) FeatureLua added in v1.3.9 

func (a *AuthState) FeatureLua(ctx *gin.Context) (triggered bool, abortFeatures bool, err error)

FeatureLua runs Lua scripts and returns a trigger result.

func (*AuthState) FeatureRBLs added in v1.3.9 

func (a *AuthState) FeatureRBLs(ctx *gin.Context) (triggered bool, err error)

FeatureRBLs is a method that checks if the client IP address is whitelisted, and then performs an RBL check on the client's IP address. If the RBL score exceeds the configured threshold, the 'triggered' flag is set to true. It returns the 'triggered' flag and any error that occurred during the check.

func (*AuthState) FeatureRelayDomains added in v1.3.9 

func (a *AuthState) FeatureRelayDomains() (triggered bool)

FeatureRelayDomains triggers if a user sent an email address as a login name and the domain component does not match the list of known domains.

func (*AuthState) FeatureTLSEncryption added in v1.3.9 

func (a *AuthState) FeatureTLSEncryption() (triggered bool)

FeatureTLSEncryption checks, if the remote client connection was secured.

func (*AuthState) FilterLua added in v1.3.9 

func (a *AuthState) FilterLua(passDBResult *PassDBResult, ctx *gin.Context) definitions.AuthResult

FilterLua calls Lua filters which can change the backend result.

func (*AuthState) GetAccount added in v1.3.9 

func (a *AuthState) GetAccount() string

GetAccount returns the account value from the AuthState object. If the account field is not set or the account value is not found in the attributes, an empty string is returned

func (*AuthState) GetAccountField added in v1.3.9 

func (a *AuthState) GetAccountField() string

GetAccountField returns the value of the AccountField field in the AuthState struct. If the AccountField field is nil, it returns an empty string.

func (*AuthState) GetAccountOk added in v1.3.9 

func (a *AuthState) GetAccountOk() (string, bool)

GetAccountOk returns the account name of a user. If there is no account, it returns the empty string "". A boolean is set to return a "found" flag.

func (*AuthState) GetAdditionalLogs added in v1.4.3 

func (a *AuthState) GetAdditionalLogs() []any

GetAdditionalLogs returns a slice of additional logs associated with the AuthState instance.

func (*AuthState) GetAttributes added in v1.4.3 

func (a *AuthState) GetAttributes() bktype.AttributeMapping

GetAttributes retrieves the stored database attributes from the AuthState and returns them as a AttributeMapping.

func (*AuthState) GetClientIP added in v1.5.1 

func (a *AuthState) GetClientIP() string

GetClientIP returns the client's IP address stored in the AuthState instance.

func (*AuthState) GetDisplayName added in v1.3.9 

func (a *AuthState) GetDisplayName() string

GetDisplayName returns the display name for a user. If there is no account, it returns the empty string "".

func (*AuthState) GetDisplayNameField added in v1.4.3 

func (a *AuthState) GetDisplayNameField() string

GetDisplayNameField retrieves the display name field from the AuthState. Returns an empty string if it's nil.

func (*AuthState) GetDisplayNameOk added in v1.1.2 

func (a *AuthState) GetDisplayNameOk() (string, bool)

GetDisplayNameOk returns the display name of a user. If there is no account, it returns the empty string "". A boolean is set to return a "found" flag.

func (*AuthState) GetFromLocalCache added in v1.3.9 

func (a *AuthState) GetFromLocalCache(ctx *gin.Context) bool

GetFromLocalCache retrieves the AuthState object from the local cache using the generateLocalChacheKey() as the key. If the object is found in the cache, it updates the fields of the current AuthState object with the cached values. It also sets the a.GUID field with the original value to avoid losing the GUID from the previous object. If the a.HTTPClientContext field is not nil, it sets it to nil and restores it after updating the AuthState object. It sets the a.UsedPassDBBackend field to BackendLocalCache to indicate that the cache was used. Finally, it sets the "local_cache_auth" key to true in the gin.Context using ctx.Set() and returns true if the object is found in the cache; otherwise, it returns false.

func (*AuthState) GetGUID added in v1.4.3 

func (a *AuthState) GetGUID() string

GetGUID retrieves the GUID from the AuthState. Returns an empty string if the GUID is nil.

func (*AuthState) GetOauth2SubjectAndClaims added in v1.3.9 

func (a *AuthState) GetOauth2SubjectAndClaims(oauth2Client openapi.OAuth2Client) (string, map[string]any)

GetOauth2SubjectAndClaims retrieves the subject and claims for an OAuth2 client. It takes an OAuth2 client as a parameter and returns the subject and claims as a string and a map

func (*AuthState) GetPassword added in v1.4.3 

func (a *AuthState) GetPassword() string

GetPassword retrieves the password stored in the AuthState instance. It returns the password as a string.

func (*AuthState) GetProtocol added in v1.4.3 

func (a *AuthState) GetProtocol() *config.Protocol

GetProtocol retrieves the configured Protocol for the AuthState. If no Protocol is set, it returns a default Protocol instance.

func (*AuthState) GetTOTPRecoveryField added in v1.4.3 

func (a *AuthState) GetTOTPRecoveryField() string

GetTOTPRecoveryField retrieves the TOTP recovery field value from AuthState. Returns an empty string if not set.

func (*AuthState) GetTOTPSecret added in v1.3.9 

func (a *AuthState) GetTOTPSecret() string

GetTOTPSecret returns the TOTP secret for a user. If there is no secret, it returns the empty string "".

func (*AuthState) GetTOTPSecretField added in v1.4.3 

func (a *AuthState) GetTOTPSecretField() string

GetTOTPSecretField retrieves the TOTP secret field from the AuthState. Returns an empty string if the field is nil.

func (*AuthState) GetTOTPSecretOk added in v1.3.9 

func (a *AuthState) GetTOTPSecretOk() (string, bool)

GetTOTPSecretOk returns the TOTP secret for a user. If there is no secret, it returns the empty string "". A boolean is set to return a "found" flag.

func (*AuthState) GetUniqueUserID added in v1.3.9 

func (a *AuthState) GetUniqueUserID() string

GetUniqueUserID returns the unique WebAuthn user identifier for a user. If there is no id, it returns the empty string "".

func (*AuthState) GetUniqueUserIDField added in v1.4.3 

func (a *AuthState) GetUniqueUserIDField() string

GetUniqueUserIDField retrieves the value of the UniqueUserIDField if set; returns an empty string otherwise.

func (*AuthState) GetUniqueUserIDOk added in v1.1.2 

func (a *AuthState) GetUniqueUserIDOk() (string, bool)

GetUniqueUserIDOk returns the unique identifier for a user. If there is no id, it returns the empty string "". A boolean is set to return a "found" flag.

func (*AuthState) GetUsedPassDBBackend added in v1.4.3 

func (a *AuthState) GetUsedPassDBBackend() definitions.Backend

GetUsedPassDBBackend returns the currently used backend for password database operations.

func (*AuthState) GetUsername added in v1.4.3 

func (a *AuthState) GetUsername() string

GetUsername retrieves the username from the AuthState structure.

func (*AuthState) HandleAuthentication added in v1.3.9 

func (a *AuthState) HandleAuthentication(ctx *gin.Context)

HandleAuthentication handles the authentication logic based on the selected service type.

func (*AuthState) HandleFeatures added in v1.3.9 

func (a *AuthState) HandleFeatures(ctx *gin.Context) definitions.AuthResult

HandleFeatures processes multiple security features associated with authentication requests and returns the result. It checks for various features like TLS encryption, relay domains, RBL, and Lua scripting. The method returns an appropriate authentication result based on the features that are triggered or aborted.

func (*AuthState) HandlePassword added in v1.3.9 

func (a *AuthState) HandlePassword(ctx *gin.Context) (authResult definitions.AuthResult)

HandlePassword handles the authentication process for the password flow. It performs common validation checks and then proceeds based on the value of ctx.Value(definitions.CtxLocalCacheAuthKey). If it is true, it calls the handleLocalCache function. Otherwise, it calls the handleBackendTypes function to determine the cache usage, backend position, and password databases. In the next step, it calls the authenticateUser function to perform further control flow based on cache usage and authentication status. Finally, it returns the authResult which indicates the authentication result of the process.

func (*AuthState) HandleSASLAuthdAuthentication added in v1.3.9 

func (a *AuthState) HandleSASLAuthdAuthentication(ctx *gin.Context)

HandleSASLAuthdAuthentication handles the authentication logic for the HandleSASLAuthdAuthentication service.

func (*AuthState) HasJWTRole added in v1.7.0 

func (a *AuthState) HasJWTRole(ctx *gin.Context, role string) bool

HasJWTRole checks if the user has the specified role in their JWT token. It retrieves the JWT claims from the context and checks if the user has the required role. If JWT authentication is not enabled or no claims are found, it returns false.

func (*AuthState) HaveMonitoringFlag added in v1.3.9 

func (a *AuthState) HaveMonitoringFlag(flag definitions.Monitoring) bool

HaveMonitoringFlag checks if the provided flag exists in the MonitoringFlags slice of the AuthState object. It iterates over the MonitoringFlags slice and returns true if the flag is found, otherwise it returns false.

func (*AuthState) InitMethodAndUserAgent added in v1.4.3 

func (a *AuthState) InitMethodAndUserAgent() State

InitMethodAndUserAgent initializes the authentication method and user agent fields if they are not already set.

func (*AuthState) IsInNetwork added in v1.3.9 

func (a *AuthState) IsInNetwork(networkList []string) (matchIP bool)

IsInNetwork checks an IP address against a network and returns true if it matches.

func (*AuthState) IsMasterUser added in v1.3.9 

func (a *AuthState) IsMasterUser() bool

IsMasterUser checks whether the current user is a master user based on the MasterUser configuration in the GetFile(). It returns true if MasterUser is enabled and the number of occurrences of the delimiter in the Username is equal to 1, otherwise it returns false.

func (*AuthState) ListUserAccounts added in v1.3.9 

func (a *AuthState) ListUserAccounts() (accountList AccountList)

ListUserAccounts returns the list of all known users from the account databases.

func (*AuthState) LogLineTemplate added in v1.3.9 

func (a *AuthState) LogLineTemplate(status string, endpoint string) []any

LogLineTemplate constructs a key-value slice for logging authentication state and related metadata.

func (*AuthState) PostLuaAction added in v1.3.9 

func (a *AuthState) PostLuaAction(passDBResult *PassDBResult)

PostLuaAction sends a Lua action to be executed asynchronously.

func (*AuthState) PreproccessAuthRequest added in v1.3.9 

func (a *AuthState) PreproccessAuthRequest(ctx *gin.Context) (reject bool)

PreproccessAuthRequest preprocesses the authentication request by checking if the request is already in the local cache. If not found in the cache, it checks if the request is a brute force attack and updates the brute force counter. It then performs a post Lua action and triggers a failed authentication response. If a brute force attack is detected, it returns true, otherwise false.

func (*AuthState) SetClientHost added in v1.4.3 

func (a *AuthState) SetClientHost(clientHost string)

SetClientHost sets the client host value in the AuthState instance.

func (*AuthState) SetClientID added in v1.4.3 

func (a *AuthState) SetClientID(clientID string)

SetClientID sets the client ID for the authentication state using the provided clientID string.

func (*AuthState) SetClientIP added in v1.4.3 

func (a *AuthState) SetClientIP(clientIP string)

SetClientIP sets the client's IP address in the AuthState structure.

func (*AuthState) SetClientPort added in v1.4.3 

func (a *AuthState) SetClientPort(clientPort string)

SetClientPort sets the client's port information to the provided clientPort value.

func (*AuthState) SetLocalIP added in v1.4.3 

func (a *AuthState) SetLocalIP(localIP string)

SetLocalIP sets the local IP address for the AuthState instance.

func (*AuthState) SetLocalPort added in v1.4.3 

func (a *AuthState) SetLocalPort(port string)

SetLocalPort sets the local port for the AuthState instance to the given port string.

func (*AuthState) SetLoginAttempts added in v1.4.3 

func (a *AuthState) SetLoginAttempts(loginAttempts uint)

SetLoginAttempts sets the number of login attempts for the AuthState instance.

func (*AuthState) SetMethod added in v1.4.3 

func (a *AuthState) SetMethod(method string)

SetMethod sets the authentication method for the AuthState instance by assigning it to the Method field.

func (*AuthState) SetNoAuth added in v1.4.3 

func (a *AuthState) SetNoAuth(noAuth bool)

SetNoAuth configures the authentication state to enable or disable "NoAuth" mode based on the provided boolean value.

func (*AuthState) SetOIDCCID added in v1.7.5 

func (a *AuthState) SetOIDCCID(oidcCID string)

SetOIDCCID sets the OIDC Client ID for the AuthState instance. It updates the OIDCCID field with the provided value.

func (*AuthState) SetOperationMode added in v1.4.3 

func (a *AuthState) SetOperationMode(ctx *gin.Context)

SetOperationMode sets the operation mode of the AuthState object based on the "mode" query parameter from the provided gin context. It retrieves the GUID from the gin context and uses it for logging purposes. The operation mode can be "no-auth" or "list-accounts". If the mode is "no-auth", it sets the NoAuth field of the AuthState object to true. If the mode is "list-accounts", it sets the ListAccounts field of the AuthState object to true. The function "util.DebugModule" is used for logging debug messages with the appropriate module name and function name. Example usage of SetOperationMode: 

a.setOperationMode(ctx)

func setupAuth(ctx *gin.Context, auth *AuthState) {
  //...
  auth.setOperationMode(ctx)
}

func (*AuthState) SetPassword added in v1.4.3 

func (a *AuthState) SetPassword(password string)

SetPassword sets the password for the AuthState instance.

func (*AuthState) SetProtocol added in v1.4.3 

func (a *AuthState) SetProtocol(protocol *config.Protocol)

SetProtocol sets the protocol for the AuthState using the given Protocol configuration.

func (*AuthState) SetSSL added in v1.4.3 

func (a *AuthState) SetSSL(ssl string)

SetSSL sets the XSSL property of the AuthState to the provided SSL value.

func (*AuthState) SetSSLCipher added in v1.4.3 

func (a *AuthState) SetSSLCipher(sslCipher string)

SetSSLCipher sets the SSL cipher suite for the current authentication state.

func (*AuthState) SetSSLClientCN added in v1.4.3 

func (a *AuthState) SetSSLClientCN(sslClientCN string)

SetSSLClientCN sets the value of the SSL client common name (CN) for the AuthState instance.

func (*AuthState) SetSSLClientDN added in v1.4.3 

func (a *AuthState) SetSSLClientDN(sslClientDN string)

SetSSLClientDN sets the distinguished name (DN) of the SSL client in the AuthState struct.

func (*AuthState) SetSSLClientIssuerDN added in v1.4.3 

func (a *AuthState) SetSSLClientIssuerDN(sslClientIssuerDN string)

SetSSLClientIssuerDN sets the SSL client issuer distinguished name for the authentication state.

func (*AuthState) SetSSLClientNotAfter added in v1.4.3 

func (a *AuthState) SetSSLClientNotAfter(sslClientNotAfter string)

SetSSLClientNotAfter sets the XSSLClientNotAfter field with the provided SSL client expiration date.

func (*AuthState) SetSSLClientNotBefore added in v1.4.3 

func (a *AuthState) SetSSLClientNotBefore(sslClientNotBefore string)

SetSSLClientNotBefore sets the SSL client certificate's "Not Before" value in the AuthState.

func (*AuthState) SetSSLClientSubjectDN added in v1.4.3 

func (a *AuthState) SetSSLClientSubjectDN(sslClientSubjectDN string)

SetSSLClientSubjectDN sets the subject distinguished name (DN) for the SSL client in the AuthState object.

func (*AuthState) SetSSLClientVerify added in v1.4.3 

func (a *AuthState) SetSSLClientVerify(sslClientVerify string)

SetSSLClientVerify sets the SSL client verification value for the AuthState.

func (*AuthState) SetSSLFingerprint added in v1.4.3 

func (a *AuthState) SetSSLFingerprint(sslFingerprint string)

SetSSLFingerprint sets the SSL fingerprint for the AuthState instance. It updates the SSLFingerprint field with the provided value.

func (*AuthState) SetSSLIssuer added in v1.4.3 

func (a *AuthState) SetSSLIssuer(xSSLIssuer string)

SetSSLIssuer sets the issuer for the XSSL certificate in the AuthState.

func (*AuthState) SetSSLIssuerDN added in v1.4.3 

func (a *AuthState) SetSSLIssuerDN(xSSLIssuerDN string)

SetSSLIssuerDN sets the X.509 SSL issuer distinguished name for the AuthState.

func (*AuthState) SetSSLProtocol added in v1.4.3 

func (a *AuthState) SetSSLProtocol(sslProtocol string)

SetSSLProtocol sets the SSL protocol version to be used for the connection by updating the XSSLProtocol field.

func (*AuthState) SetSSLSerial added in v1.4.3 

func (a *AuthState) SetSSLSerial(sslSerial string)

SetSSLSerial sets the SSL serial number for the AuthState instance.

func (*AuthState) SetSSLSessionID added in v1.4.3 

func (a *AuthState) SetSSLSessionID(sslSessionID string)

SetSSLSessionID sets the SSL session ID for the AuthState instance.

func (*AuthState) SetSSLSubjectDN added in v1.4.3 

func (a *AuthState) SetSSLSubjectDN(sslSubjectDN string)

SetSSLSubjectDN sets the SSL subject distinguished name to the provided string value.

func (*AuthState) SetStatusCodes added in v1.4.3 

func (a *AuthState) SetStatusCodes(service string)

SetStatusCodes sets different status codes for various services.

func (*AuthState) SetUserAgent added in v1.4.3 

func (a *AuthState) SetUserAgent(userAgent string)

SetUserAgent sets the UserAgent field for the AuthState with the provided userAgent value.

func (*AuthState) SetUsername added in v1.4.3 

func (a *AuthState) SetUsername(username string)

SetUsername sets the username for the AuthState instance to the given value.

func (*AuthState) String added in v1.1.2 

func (a *AuthState) String() string

String returns an AuthState object as string excluding the user password.

func (*AuthState) UpdateBruteForceBucketsCounter added in v1.3.9 

func (a *AuthState) UpdateBruteForceBucketsCounter()

UpdateBruteForceBucketsCounter updates brute force protection rules based on client and protocol details.

func (*AuthState) WithClientInfo added in v1.3.9 

func (a *AuthState) WithClientInfo(ctx *gin.Context) State

WithClientInfo adds the client IP, -port and -ID headers to the AuthState structure.

func (*AuthState) WithDefaults added in v1.3.9 

func (a *AuthState) WithDefaults(ctx *gin.Context) State

WithDefaults sets default values for the AuthState structure including the GUID session value.

func (*AuthState) WithLocalInfo added in v1.3.9 

func (a *AuthState) WithLocalInfo(ctx *gin.Context) State

WithLocalInfo adds the local IP and -port headers to the AuthState structure.

func (*AuthState) WithUserAgent added in v1.3.9 

func (a *AuthState) WithUserAgent(ctx *gin.Context) State

WithUserAgent adds the User-Agent header to the AuthState structure.

func (*AuthState) WithXSSL added in v1.3.9 

func (a *AuthState) WithXSSL(ctx *gin.Context) State

WithXSSL adds HAProxy header processing to the AuthState structure.

type BackendManager added in v1.5.0 

type BackendManager interface {
	// PassDB authenticates a user through a password database using the provided AuthState and returns the authentication result.
	PassDB(auth *AuthState) (passDBResult *PassDBResult, err error)

	// AccountDB retrieves a list of user accounts from the backend using the provided authentication state.
	AccountDB(auth *AuthState) (accounts AccountList, err error)

	// AddTOTPSecret adds the specified TOTP secret to the user's authentication state in the backend.
	AddTOTPSecret(auth *AuthState, totp *TOTPSecret) (err error)
}

BackendManager defines an interface for managing authentication backends with methods for user authentication and account handling.

func NewLDAPManager added in v1.5.0 

func NewLDAPManager(poolName string) BackendManager

NewLDAPManager creates and returns a BackendManager for managing LDAP authentication backends using the specified pool name.

func NewLuaManager added in v1.5.0 

func NewLuaManager(backendName string) BackendManager

NewLuaManager initializes and returns a new LuaManager instance with the specified backend name.

type BackendServer 

type BackendServer struct {
	// contains filtered or unexported fields
}

BackendServer represents a type for managing a slive of config.BackendServer

func NewBackendServer 

func NewBackendServer() *BackendServer

NewBackendServer creates a new instance of the BackendServer struct. It returns a pointer to the newly created BackendServer.

func (*BackendServer) GetTotalServers 

func (n *BackendServer) GetTotalServers() int

func (*BackendServer) Update 

func (n *BackendServer) Update(servers []*config.BackendServer)

Update updates the backendServer field of the BackendServer object with the provided servers slice.

type BlockedAccounts added in v1.3.2 

type BlockedAccounts struct {
	// Accounts represents a list of user accounts.
	Accounts map[string][]string `json:"accounts"`

	// Error represents the error message, if any, encountered during the account retrieval process.
	Error *string `json:"error"`
}

BlockedAccounts represents a list of blocked user accounts and potential error information.

type BlockedIPAddresses added in v1.3.2 

type BlockedIPAddresses struct {
	// IPAddresses maps IP addresses to their respective buckets/rules that triggered blocking.
	IPAddresses map[string]string `json:"ip_addresses"`

	// Error holds any error encountered during the retrieval process.
	Error *string `json:"error"`
}

BlockedIPAddresses represents a structure to hold blocked IP addresses retrieved from Redis. IPAddresses maps IP addresses to their corresponding rules/buckets. Error holds any error encountered during the retrieval process.

type ClaimHandler 

type ClaimHandler struct {
	// Type is the reflected Kind of the claim value.
	Type reflect.Kind

	// ApplyFunc is a function that takes in three parameters: the claim value, the map of claims and the claim key.
	// The function is intended to apply some process on the claim using the provided parameters,
	// and return a boolean result.
	ApplyFunc func(value any, claims map[string]any, claimKey string) bool
}

ClaimHandler represents a claim handler struct. A claim handler in this context is something to work with JSON Web Tokens (JWT), often used for APIs.

type ConsentPageData 

type ConsentPageData struct {
	// WantWelcome is a boolean to indicate if a welcome message is needed.
	WantWelcome bool

	// WantPolicy is a boolean to indicate if a policy is needed.
	WantPolicy bool

	// WantTos is a boolean to indicate if Terms of Service is required.
	WantTos bool

	// WantAbout is a boolean to indicate if an "About Us" section is needed.
	WantAbout bool

	// Title represents the title of the consent page.
	Title string

	// Welcome represents welcome text message on the page.
	Welcome string

	// LogoImage represents the URI to logo image on the page.
	LogoImage string

	// LogoImageAlt is the alternative text for the Logo Image.
	LogoImageAlt string

	// ConsentMessage is the message shown on the consent page.
	ConsentMessage string

	// ApplicationName represents the name of the application asking for consent.
	ApplicationName string

	// Policy represents the text of the policy.
	Policy string

	// PolicyUri represents the URI to the policy document.
	PolicyUri string

	// Tos represents the text of the Terms of Service (ToS).
	Tos string

	// TosUri represents the URI to the Terms of Service (ToS) document.
	TosUri string

	// About represents the text of the about section.
	About string

	// AboutUri represents the URI to the about information.
	AboutUri string

	// Remember is the text related to remember user preferences on the consent page.
	Remember string

	// AcceptSubmit represents the text on the Accept button.
	AcceptSubmit string

	// RejectSubmit represents the text on the Reject button.
	RejectSubmit string

	// CSRFToken is used for CSRF protection.
	CSRFToken string

	// ConsentChallenge holds the unique consent challenge string from ORY Hydra.
	ConsentChallenge string

	// PostConsentEndpoint is the endpoint where the browser will be redirected after consent is provided.
	PostConsentEndpoint string

	// LanguageTag represents the language preference of the client.
	LanguageTag string

	// LanguageCurrentName represents the current name of the language.
	LanguageCurrentName string

	// Scopes represents the list of scopes that the app is requesting access to.
	Scopes []Scope

	// LanguagePassive represents the list of passive languages.
	LanguagePassive []Language
}

ConsentPageData defines the data structure for managing user consent information on a web page.

type Done 

type Done struct{}

Done is the value for channels to finish workers

type FilterCmd added in v1.3.2 

type FilterCmd struct {
	// Accounts represents an optional filter criterion for user accounts in the FilterCmd struct.
	Accounts []string `json:"accounts,omitempty"`

	// IPAddress represents an optional filter criterion for IP addresses in the FilterCmd struct.
	IPAddress []string `json:"ip_addresses,omitempty"`
}

FilterCmd defines a struct for command filters with optional fields for Accounts and IP Address.

type FlushRuleCmd 

type FlushRuleCmd struct {
	// IPAddress is the IP address associated with the rule to be flushed.
	// It must be in a format valid for an IP address.
	IPAddress string `json:"ip_address" binding:"required,ip"`

	// RuleName is the name of the rule to be flushed.
	// This value should reference an existing rule.
	RuleName string `json:"rule_name" binding:"required"`

	// Protocol is the optional protocol associated with the rule to be flushed.
	// If specified, only rules with matching protocol will be flushed.
	Protocol string `json:"protocol,omitempty"`

	// OIDCCID is the optional OIDC Client ID associated with the rule to be flushed.
	// If specified, only rules with matching OIDC Client ID will be flushed.
	OIDCCID string `json:"oidc_cid,omitempty"`
}

FlushRuleCmd represents a command to flush a specific rule. It contains the necessary information needed to identify the rule to be flushed.

type FlushRuleCmdStatus 

type FlushRuleCmdStatus struct {
	// IPAddress is the IP address that the rule was applied to
	IPAddress string `json:"ip_address"`

	// RuleName is the name of the rule that was flushed
	RuleName string `json:"rule_name"`

	// Protocol is the protocol associated with the rule that was flushed
	Protocol string `json:"protocol,omitempty"`

	// OIDCCID is the OIDC Client ID associated with the rule that was flushed
	OIDCCID string `json:"oidc_cid,omitempty"`

	// RemovedKeys contains a list of Redis keys that were successfully removed during the flush operation.
	RemovedKeys []string `json:"removed_keys"`

	// Status is the current status of the rule following the Flush Command
	Status string `json:"status"`
}

FlushRuleCmdStatus is a structure representing the status of a Flush Rule command

type FlushUserCmd 

type FlushUserCmd struct {
	// User is the field representing the name of the user to be flushed.
	User string `json:"user" binding:"required"`
}

FlushUserCmd is a data structure used to handle user commands for flushing data.

type FlushUserCmdStatus 

type FlushUserCmdStatus struct {
	// User holds the identifier of a user.
	User string `json:"user"`

	// RemovedKeys contains a list of keys that have been removed during the user's command execution.
	RemovedKeys []string `json:"removed_keys"`

	// Status represents the status of the user's command.
	Status string `json:"status"`
}

FlushUserCmdStatus represents an user's command status.

type HomePageData 

type HomePageData struct {
	InDevelopment       bool
	WantWelcome         bool
	WantPolicy          bool
	WantTos             bool
	HaveTOTP            bool
	Title               string
	Welcome             string
	LogoImage           string
	LogoImageAlt        string
	HomeMessage         string
	RegisterTOTP        string
	EndpointTOTP        string
	Or                  string
	RegisterWebAuthn    string
	EndpointWebAuthn    string
	LanguageTag         string
	LanguageCurrentName string
	LanguagePassive     []Language
}

type JSONErrorMsg added in v1.3.8 

type JSONErrorMsg struct {
	// Field represents the name of the field that caused the validation error.
	Field string `json:"field"`

	// Message represents the error message associated with the validation error.
	Message string `json:"message"`
}

JSONErrorMsg represents an error message in JSON format with the field name and error message string.

type JSONRequest 

type JSONRequest struct {
	// Username is the identifier of the client/user sending the request.
	Username string `json:"username" binding:"required"`

	// Password is the authentication credential of the client/user sending the request.
	Password string `json:"password,omitempty"`

	// ClientIP is the IP address of the client/user making the request.
	ClientIP string `json:"client_ip,omitempty"`

	// ClientPort is the port number from which the client/user is sending the request.
	ClientPort string `json:"client_port,omitempty"`

	// ClientHostname is the hostname of the client which is sending the request.
	ClientHostname string `json:"client_hostname,omitempty"`

	// ClientID is the unique identifier of the client/user, usually assigned by the application.
	ClientID string `json:"client_id,omitempty"`

	// LocalIP is the IP address of the server or endpoint receiving the request.
	LocalIP string `json:"local_ip,omitempty"`

	// LocalPort is the port number of the server or endpoint receiving the request.
	LocalPort string `json:"local_port,omitempty"`

	// Service is the specific service that the client/user is trying to access with the request.
	Service string `json:"service"`

	// Method is the HTTP method used in the request (i.e., PLAIN, LOGIN, etc.)
	Method string `json:"method,omitempty"`

	// AuthLoginAttempt is a flag indicating if the request is an attempt to authenticate (login). This is expressed as an unsigned integer where applicable flags/types are usually interpreted from the application's specific logic.
	AuthLoginAttempt uint `json:"auth_login_attempt,omitempty"`

	XSSL                string `json:"ssl,omitempty"`
	XSSLSessionID       string `json:"ssl_session_id,omitempty"`
	XSSLClientVerify    string `json:"ssl_client_verify,omitempty"`
	XSSLClientDN        string `json:"ssl_client_dn,omitempty"`
	XSSLClientCN        string `json:"ssl_client_cn,omitempty"`
	XSSLIssuer          string `json:"ssl_issuer,omitempty"`
	XSSLClientNotBefore string `json:"ssl_client_notbefore,omitempty"`
	XSSLClientNotAfter  string `json:"ssl_client_notafter,omitempty"`
	XSSLSubjectDN       string `json:"ssl_subject_dn,omitempty"`
	XSSLIssuerDN        string `json:"ssl_issuer_dn,omitempty"`
	XSSLClientSubjectDN string `json:"ssl_client_subject_dn,omitempty"`
	XSSLClientIssuerDN  string `json:"ssl_client_issuer_dn,omitempty"`
	XSSLProtocol        string `json:"ssl_protocol,omitempty"`
	XSSLCipher          string `json:"ssl_cipher,omitempty"`

	// SSLSerial represents the serial number of an SSL certificate as a string.
	SSLSerial string `json:"ssl_serial,omitempty"`

	// SSLFingerprint represents the fingerprint of an SSL certificate.
	SSLFingerprint string `json:"ssl_fingerprint,omitempty"`

	// OIDCCID represents the OIDC Client ID used for authentication.
	OIDCCID string `json:"oidc_cid,omitempty"`
}

JSONRequest is a data structure containing the details of a client's request in JSON format.

type JWTClaims added in v1.7.0 

type JWTClaims = jwtclaims.JWTClaims

JWTClaims is an alias for jwtclaims.JWTClaims

func ValidateJWTToken added in v1.7.0 

func ValidateJWTToken(ctx context.Context, tokenString string) (*JWTClaims, error)

ValidateJWTToken validates a JWT token and returns the claims

type JWTRequest added in v1.7.0 

type JWTRequest struct {
	Username string `json:"username" binding:"required"`
	Password string `json:"password" binding:"required"`
}

JWTRequest represents the request body for JWT token generation

type JWTResponse added in v1.7.0 

type JWTResponse struct {
	Token        string `json:"token"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresAt    int64  `json:"expires_at"`
}

JWTResponse represents the response body for JWT token generation

type Language 

type Language struct {
	// LanguageLink represents the link associated with the language
	LanguageLink string

	// LanguageName represents the name of the language
	LanguageName string
}

Language represents a language used in various page data structs. Language represents a programming language

type LimitCounter added in v1.3.0 

type LimitCounter struct {
	// MaxConnections defines the maximum number of concurrent connections allowed.
	MaxConnections int32

	// CurrentConnections tracks the current number of active connections in the LimitCounter middleware.
	CurrentConnections int32
}

LimitCounter tracks the current number of active connections and limits them based on a specified maximum.

func NewLimitCounter added in v1.3.0 

func NewLimitCounter(maxConnections int32) *LimitCounter

NewLimitCounter creates a new LimitCounter instance with the specified maximum number of concurrent connections.

func (*LimitCounter) Middleware added in v1.3.0 

func (lc *LimitCounter) Middleware() gin.HandlerFunc

Middleware limits the number of concurrent connections handled by the server based on MaxConnections. It is context-aware and prioritizes certain types of requests.

type LoginPageData 

type LoginPageData struct {
	// InDevelopment is a flag that is true, if the build-tag dev is used.
	InDevelopment bool

	// Determines if the Welcome message should be displayed
	WantWelcome bool

	// Determines if the Policy should be displayed
	WantPolicy bool

	// Determines if the Terms of Service (TOS) should be displayed
	WantTos bool

	// Determines if the About information should be displayed
	WantAbout bool

	// WantRemember is a flag for the regular login page.
	WantRemember bool

	// Indicates if there was an error
	HaveError bool

	// The title of the Login page
	Title string

	// The Welcome message
	Welcome string

	// The path or URL to logo image to be displayed
	LogoImage string

	// The alternate text for the logo image
	LogoImageAlt string

	// The name of the application
	ApplicationName string

	// The login details
	Login string

	// The placeholder for the login input form
	LoginPlaceholder string

	// The Privacy statement
	Privacy string

	// User password
	Password string

	// Placeholder for password input form
	PasswordPlaceholder string

	// The Policy terms
	Policy string

	// The URL to the policy document
	PolicyUri string

	// The Terms of Service
	Tos string

	// The URL to the Terms of Service document
	TosUri string

	// Information about the service or company
	About string

	// The URL to more About information
	AboutUri string

	// Information regarding remember functionality
	Remember string

	// Text for Submit button
	Submit string

	// Error message if any
	ErrorMessage string

	// Alternate choices text
	Or string

	// Information on the device being used
	Device string

	// CSRF security token
	CSRFToken string

	// Login challenge token
	LoginChallenge string

	// Endpoint for submitting login
	PostLoginEndpoint string

	// Endpoint for device login
	DeviceLoginEndpoint string

	// Current language code
	LanguageTag string

	// Name of the current language
	LanguageCurrentName string

	// BlockedIPAddresses of other available languages
	LanguagePassive []Language
}

type LogoutPageData 

type LogoutPageData struct {
	// WantWelcome is a flag indicating if the welcome message should be displayed or not.
	WantWelcome bool

	// Title represents the title of the logout page.
	Title string

	// Welcome holds the welcome message to be displayed, if WantWelcome flag is set to true.
	Welcome string

	// LogoutMessage carries the logout message.
	LogoutMessage string

	// AcceptSubmit and RejectSubmit hold messages for submission options upon logout.
	// These could be used for multi-step or confirmation based logout procedures.
	AcceptSubmit string
	RejectSubmit string

	// CSRFToken represents the CSRF token for security measures.
	CSRFToken string

	// LogoutChallenge represents a challenge string for logout.
	// It can be used for additional validation on logout requests.
	LogoutChallenge string

	// PostLogoutEndpoint is the endpoint to which requests are made after logout.
	PostLogoutEndpoint string

	// LanguageTag refers to the IETF language tag for selected language (e.g. "en-US").
	LanguageTag string

	// LanguageCurrentName is the human-readable name of the current language (e.g. "English").
	LanguageCurrentName string

	// LanguagePassive is a slice of passive languages supported by the system.
	// These could be offered as alternative language options on the logout page.
	LanguagePassive []Language
}

LogoutPageData defines the data structure for details related to the logout page.

type MFA 

type MFA interface {
	// contains filtered or unexported methods
}

MFA is an interface that stores some information for multi factor authentication.

type Metric 

type Metric struct {
	Value float64 `redis:"value"`
	Label string  `redis:"label"`
}

Metric is a prometheus metric with a value and a label.

type NotifyPageData 

type NotifyPageData struct {
	// WantWelcome indicates if a welcome message is desired.
	WantWelcome bool

	// WantPolicy indicates if a policy notification is desired.
	WantPolicy bool

	// WantTos indicates if terms of service notification is desired.
	WantTos bool

	// Title represents the title of the notification page.
	Title string

	// Welcome represents the welcome message on the notification page.
	Welcome string

	// LogoImage represents the URL of the logo displayed on the notification page.
	LogoImage string

	// LogoImageAlt represents the alternative text for the logo image.
	LogoImageAlt string

	// NotifyMessage represents the notification message displayed on the page.
	NotifyMessage string

	// LanguageTag represents the IETF language tag for the current language.
	LanguageTag string

	// LanguageCurrentName represents the name of the current language in its language.
	LanguageCurrentName string

	// LanguagePassive represents a list of other available languages.
	LanguagePassive []Language
}

NotifyPageData represents page notification data.

type PassDBMap 

type PassDBMap struct {
	// contains filtered or unexported fields
}

PassDBMap is a struct type that represents a mapping between a backend type and a PassDBOption function. It is used in the verifyPassword method of the AuthState struct to perform password verification against multiple databases. The backend field represents the type of database backend (definitions.Backend), and the fn field represents the PassDBOption function. The PassDBOption function takes an AuthState pointer as input and returns a PassDBResult pointer and an error. The PassDBResult pointer contains the result of the password verification process. This struct is used to store the database mappings in an array and loop through them in the verifyPassword method.

type PassDBOption 

type PassDBOption func(auth *AuthState) (*PassDBResult, error)

PassDBOption This type specifies the signature of a password database.

type PassDBResult 

type PassDBResult struct {
	// Authenticated is a flag that is set if a user was not only found, but also succeeded authentication.
	Authenticated bool

	// UserFound is a flag that is set if the user was found in a password Database.
	UserFound bool

	// BackendName specifies the name of the backend that authenticated or found the user in the password database.
	BackendName string

	// AccountField is the SQL field or LDAP attribute that was used for the user account.
	AccountField *string

	// TOTPSecretField is set by the Database which has found the user.
	TOTPSecretField *string

	// TOTPRecoveryField NYI
	TOTPRecoveryField *string

	// UniqueUserIDField is a string representing a unique user identifier.
	UniqueUserIDField *string

	// DisplayNameField is the display name of a user
	DisplayNameField *string

	// Backend is set by the Database backend, which has found the user.
	Backend definitions.Backend

	// Attributes is the result catalog returned by the underlying password Database.
	Attributes bktype.AttributeMapping

	// AdditionalFeatures contains additional features for machine learning
	AdditionalFeatures map[string]any
}

PassDBResult is used in all password databases to store final results of an authentication process.

func CachePassDB added in v1.3.9 

func CachePassDB(auth *AuthState) (passDBResult *PassDBResult, err error)

CachePassDB implements the redis password database backend.

func GetPassDBResultFromPool added in v1.7.3 

func GetPassDBResultFromPool() *PassDBResult

GetPassDBResultFromPool retrieves a PassDBResult object from the pool If the pool is empty, a new PassDBResult object is created

func (*PassDBResult) IsPassDBResult added in v1.7.3 

func (p *PassDBResult) IsPassDBResult() bool

IsPassDBResult returns true to identify this as a PassDBResult This implements the PoolablePassDBResult interface from the localcache package

func (*PassDBResult) Reset added in v1.7.3 

func (p *PassDBResult) Reset()

Reset resets all fields of the PassDBResult to their zero values This is used when returning a PassDBResult to the pool It implements the Resettable interface

func (*PassDBResult) String 

func (p *PassDBResult) String() string

String returns the string for a PassDBResult object.

type RESTResult 

type RESTResult struct {
	// GUID represents a unique identifier for a session. It is a string field used in the RESTResult struct
	// and is also annotated with the json tag "session".
	GUID string `json:"session"`

	// Object represents a string field used in the RESTResult struct. It is annotated with the json tag "object".
	Object string `json:"object"`

	// Operation represents a string field used in the RESTResult struct. It is annotated with the json tag "operation".
	Operation string `json:"operation"`

	// Result represents the result field in the RESTResult struct. It can hold any type of value.
	// The field is annotated with the json tag "result".
	Result any `json:"result"`
}

RESTResult is a handleAuthentication JSON result object for the Nauthilus REST API.

type Scope 

type Scope struct {
	// ScopeName represents the name of the scope.
	ScopeName string

	// ScopeDescription represents a detailed description of the scope.
	ScopeDescription string
}

Scope represents a scope used in the ConsentPageData struct. It contains the name and description of the scope. Scope represents the scope of an object.

type State added in v1.4.3 

type State interface {
	// SetUsername sets the username for the current authentication state.
	SetUsername(username string)

	// SetPassword sets the password for the current authentication state.
	SetPassword(password string)

	// SetClientIP sets the client's IP address used during the authentication process.
	SetClientIP(clientIP string)

	// SetClientPort sets the client's port as a string.
	SetClientPort(clientPort string)

	// SetClientHost sets the client host information for the current state using the provided hostname string.
	SetClientHost(clientHost string)

	// SetStatusCodes sets the current status code associated with the authentication process.
	SetStatusCodes(statusCode string)

	// SetOperationMode sets the operation mode for the authentication process based on the provided gin context.
	SetOperationMode(ctx *gin.Context)

	// SetNoAuth sets the authentication state to no authentication required when true, or requires authentication when false.
	SetNoAuth(bool)

	// SetProtocol sets the authentication protocol to be used during the authentication process.
	SetProtocol(protocol *config.Protocol)

	// GetGUID retrieves the globally unique identifier (GUID) associated with the current authentication state.
	GetGUID() string

	// GetUsername retrieves the username currently stored in the state and returns it as a string.
	GetUsername() string

	// GetPassword retrieves the current password stored in the authentication state as a string.
	GetPassword() string

	// GetProtocol retrieves the protocol configuration associated with the current state.
	GetProtocol() *config.Protocol

	// SetLoginAttempts sets the number of login attempts for the current authentication process.
	SetLoginAttempts(uint)

	// SetMethod sets the authentication method used during the authentication process.
	SetMethod(method string)

	// SetUserAgent sets the user agent information for the current authentication state.
	SetUserAgent(userAgent string)

	// SetLocalIP sets the local IP address for the current state.
	SetLocalIP(localIP string)

	// SetLocalPort sets the local port for the authentication state.
	SetLocalPort(localPort string)

	// SetSSL sets the SSL parameter to the specified value for the authentication process.
	SetSSL(ssl string)

	// SetSSLSessionID sets the SSL session ID associated with the current state for tracking and verification purposes.
	SetSSLSessionID(sslSessionID string)

	// SetSSLClientVerify sets the verification result of the SSL client as a string. Typically used for SSL client validation.
	SetSSLClientVerify(sslClientVerify string)

	// SetSSLClientDN sets the SSL client distinguished name (DN) for the current authentication state.
	SetSSLClientDN(sslClientDN string)

	// SetSSLClientCN sets the Common Name (CN) from the SSL client certificate for the current authentication state.
	SetSSLClientCN(sslClientCN string)

	// SetSSLIssuer sets the SSL issuer string for the current authentication state.
	SetSSLIssuer(sslIssuer string)

	// SetSSLClientNotBefore sets the "not before" validity period for the SSL client certificate.
	SetSSLClientNotBefore(sslClientNotBefore string)

	// SetSSLClientNotAfter sets the expiration date and time of the SSL client certificate.
	SetSSLClientNotAfter(sslClientNotAfter string)

	// SetSSLSubjectDN sets the SSL subject distinguished name (DN) associated with the current authentication state.
	SetSSLSubjectDN(sslSubjectDN string)

	// SetSSLIssuerDN sets the distinguished name (DN) of the SSL issuer for the current state.
	SetSSLIssuerDN(sslIssuerDN string)

	// SetSSLClientSubjectDN sets the distinguished name (DN) of the SSL client certificate's subject.
	SetSSLClientSubjectDN(sslClientSubjectDN string)

	// SetSSLClientIssuerDN sets the distinguished name (DN) of the SSL client issuer to the provided string value.
	SetSSLClientIssuerDN(sslClientIssuerDN string)

	// SetSSLProtocol sets the SSL security protocol for the current authentication session.
	SetSSLProtocol(sslProtocol string)

	// SetSSLCipher sets the SSL cipher used for the client connection.
	SetSSLCipher(sslCipher string)

	// SetSSLSerial sets the SSL serial number for the authentication state.
	SetSSLSerial(sslSerial string)

	// SetSSLFingerprint sets the SSL fingerprint value for the current state.
	SetSSLFingerprint(sslFingerprint string)

	// SetOIDCCID sets the OIDC Client ID for the authentication state.
	SetOIDCCID(oidcCID string)

	// GetAccountOk returns the account field value and a boolean indicating if the account field is present and valid.
	GetAccountOk() (string, bool)

	// GetTOTPSecretOk retrieves the TOTP secret if available and returns it along with a bool indicating its presence.
	GetTOTPSecretOk() (string, bool)

	// GetAccountField retrieves the current account field associated with the authentication process.
	GetAccountField() string

	// GetTOTPSecretField retrieves the TOTP secret field associated with the current authentication state.
	GetTOTPSecretField() string

	// GetTOTPRecoveryField retrieves the TOTP recovery field used during the authentication process.
	GetTOTPRecoveryField() string

	// GetUniqueUserIDField returns the name of the field or attribute that represents a unique user identifier in the database.
	GetUniqueUserIDField() string

	// GetDisplayNameField retrieves the display name field of a user from the current state.
	GetDisplayNameField() string

	// GetUsedPassDBBackend returns the backend used for the password database during the authentication process.
	GetUsedPassDBBackend() definitions.Backend

	// GetAttributes retrieves a map of database attributes where keys are field names and values are the corresponding data.
	GetAttributes() bktype.AttributeMapping

	// GetAdditionalLogs retrieves a slice of additional log entries, useful for appending context-specific logging details.
	GetAdditionalLogs() []any

	// GetClientIP retrieves the client's IP address associated with the current authentication or request context.
	GetClientIP() string

	// GetOauth2SubjectAndClaims retrieves the OAuth2 subject and claims for a given OAuth2 client.
	// Returns the subject as a string and the claims as a map.
	GetOauth2SubjectAndClaims(oauth2Client openapi.OAuth2Client) (string, map[string]any)

	// PreproccessAuthRequest preprocesses the authentication request and determines if it should be rejected.
	PreproccessAuthRequest(ctx *gin.Context) bool

	// UpdateBruteForceBucketsCounter increments counters to track brute-force attack attempts for the associated client IP.
	UpdateBruteForceBucketsCounter()

	// HandleAuthentication processes the primary authentication logic based on the request context and service parameters.
	HandleAuthentication(ctx *gin.Context)

	// HandlePassword processes the password-based authentication for a user and returns the authentication result.
	HandlePassword(ctx *gin.Context) definitions.AuthResult

	// HandleSASLAuthdAuthentication processes authentication requests using the SASL auth daemon protocol.
	HandleSASLAuthdAuthentication(ctx *gin.Context)

	// FilterLua applies Lua-based filtering logic to the provided PassDBResult and execution context.
	// It returns an AuthResult indicating the outcome of the filtering process.
	FilterLua(passDBResult *PassDBResult, ctx *gin.Context) definitions.AuthResult

	// PostLuaAction performs actions or post-processing after executing Lua scripts during authentication workflow.
	PostLuaAction(passDBResult *PassDBResult)

	// WithDefaults configures the State with default values derived from the provided gin.Context.
	WithDefaults(ctx *gin.Context) State

	// WithClientInfo adds client-related information from the provided context to the current authentication state and returns it.
	WithClientInfo(ctx *gin.Context) State

	// WithLocalInfo enriches the authentication state with the client's local information based on the provided context.
	WithLocalInfo(ctx *gin.Context) State

	// WithUserAgent updates the State object with information extracted from the request's User-Agent header.
	WithUserAgent(ctx *gin.Context) State

	// WithXSSL sets XSSL-related context for the authentication process and returns the updated State object.
	WithXSSL(ctx *gin.Context) State

	// InitMethodAndUserAgent initializes the authentication method and user agent fields if they are not already set.
	InitMethodAndUserAgent() State

	// IsMasterUser determines if the authenticated user has master-level privileges, returning true if they do.
	IsMasterUser() bool
	// contains filtered or unexported methods
}

State is implemented by AuthState and defines the methods to interact with the authentication process.

func NewAuthStateFromContext added in v1.4.3 

func NewAuthStateFromContext(ctx *gin.Context) State

NewAuthStateFromContext initializes and returns an AuthState using the provided gin.Context. It gets an AuthState from the pool, sets the context to a copied HTTPClientContext and assigns the current time to the StartTime field.

func NewAuthStateWithSetup added in v1.4.3 

func NewAuthStateWithSetup(ctx *gin.Context) State

NewAuthStateWithSetup creates a new instance of the AuthState struct. It takes a gin.Context object as a parameter and sets it as the HTTPClientContext field of the AuthState struct. If an error occurs while setting the StatusCode field using the SetStatusCodes function, it logs the error and returns nil. Otherwise, it calls the setupAuth function to setup the AuthState struct based on the service parameter from the gin.Context object. Finally, it returns the created AuthState struct.

type TOTPPageData 

type TOTPPageData struct {
	WantWelcome         bool
	WantPolicy          bool
	WantTos             bool
	HaveError           bool
	Title               string
	Welcome             string
	LogoImage           string
	LogoImageAlt        string
	TOTPMessage         string
	TOTPCopied          string
	Code                string
	Submit              string
	ErrorMessage        string
	CSRFToken           string
	QRCode              string
	PostTOTPEndpoint    string
	LanguageTag         string
	LanguageCurrentName string
	LanguagePassive     []Language
}

type TOTPSecret 

type TOTPSecret struct {
	// contains filtered or unexported fields
}

func NewTOTPSecret 

func NewTOTPSecret(value string) *TOTPSecret

type TwoFactorData 

type TwoFactorData struct {
	// WantWelcome indicates if a welcome message is desired
	WantWelcome bool

	// WantPolicy indicates if a policy message is required
	WantPolicy bool

	// WantTos indicates if Terms of Service is mandatory
	WantTos bool

	// WantAbout indicates if displaying 'About' information is desired
	WantAbout bool

	// Title is the title of the webpage or context
	Title string

	// Welcome is the welcome message
	Welcome string

	// LogoImage is the link of the logo image
	LogoImage string

	// LogoImageAlt is the alt text of the logo image
	LogoImageAlt string

	// ApplicationName is the name of the application
	ApplicationName string

	// Code is the two-factor authentication code
	Code string

	// Policy is the policy text
	Policy string

	// PolicyUri is the link to the policy document
	PolicyUri string

	// Tos is the Terms of Service text
	Tos string

	// TosUri is the URL to the Terms of Service document
	TosUri string

	// About holds content related to 'About Us' or 'About the Application'
	About string

	// AboutUri is the URL to the 'About Us' or 'About the application' page
	AboutUri string

	// Submit is the label for the submit action
	Submit string

	// CSRFToken is the token used for Cross-Site Request Forgery protection
	CSRFToken string

	// LoginChallenge represents the challenge used for login
	LoginChallenge string

	// User is the User ID or Name
	User string

	// PostLoginEndpoint is the API endpoint to submit login data
	PostLoginEndpoint string

	// LanguageTag houses the language tag, e.g., 'en-US'
	LanguageTag string

	// LanguageCurrentName is the fullname of the current language (e.g., 'English')
	LanguageCurrentName string

	// LanguagePassive houses a slice of the languages that are passively being used/available
	LanguagePassive []Language
}

TwoFactorData is a struct that includes parameters for processing two-factor authentication. It handles various attributes ranging from welcome messages, terms of service, about sections, among others.

type WebAuthn 

type WebAuthn struct {
	Value string
}

func NewWebAuthn 

func NewWebAuthn(value string) *WebAuthn

type WebAuthnCredentialDBFunc 

type WebAuthnCredentialDBFunc func(uniqueUserID string) ([]webauthn.Credential, error)

WebAuthnCredentialDBFunc defines a signature for WebAuthn credential object lookups

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.