lualib

package
v3.1.0-beta.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 24, 2026 License: GPL-3.0 Imports: 49 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// RuntimeCancellationSourceNone means no inspected context has been canceled.
	RuntimeCancellationSourceNone = "none"

	// RuntimeCancellationSourceRequest means the parent request context was canceled.
	RuntimeCancellationSourceRequest = "request_context"

	// RuntimeCancellationSourceParallelGroup means a parallel Lua execution group canceled sibling work.
	RuntimeCancellationSourceParallelGroup = "parallel_group"

	// RuntimeCancellationSourceLuaTimeout means the per-script Lua runtime deadline expired.
	RuntimeCancellationSourceLuaTimeout = "lua_timeout"

	// RuntimeCancellationSourceLuaContext means the Lua runtime context was canceled without a deadline expiry.
	RuntimeCancellationSourceLuaContext = "lua_context"
)
View Source 
const (
	// LuaScriptKindSubject identifies subject source script execution.
	LuaScriptKindSubject = "subject"

	// LuaScriptKindEnvironment identifies environment source script execution.
	LuaScriptKindEnvironment = "environment"
)

Variables

This section is empty.

Functions

func BindRequestRuntimeContext 

func BindRequestRuntimeContext(ctx context.Context, L *lua.LState, mod *lua.LTable)

BindRequestRuntimeContext binds the Go runtime context to a request-bound Lua module table.

func BindRequestValuesToEnv 

func BindRequestValuesToEnv(L *lua.LState, req *lua.LTable, mod *lua.LTable)

BindRequestValuesToEnv copies request-bound module values into the active request environment.

func CompileLua 

func CompileLua(filePath string) (*lua.FunctionProto, error)

CompileLua reads the passed lua file from disk and compiles it.

func ConfigureDefaultI18NRuntime 

func ConfigureDefaultI18NRuntime(system localization.Catalog, defaultLanguage string, logger *slog.Logger) error

ConfigureDefaultI18NRuntime builds the process-wide runtime from a system catalog.

func CurrentHTTPResponseContext 

func CurrentHTTPResponseContext(L *lua.LState) *gin.Context

CurrentHTTPResponseContext returns the Gin response context bound to the current request environment.

func CurrentRuntimeContext 

func CurrentRuntimeContext(L *lua.LState) context.Context

CurrentRuntimeContext returns the Go runtime context bound to the current request environment.

func DoCompiledFile 

func DoCompiledFile(L *lua.LState, proto *lua.FunctionProto) error

DoCompiledFile takes a FunctionProto, as returned by CompileLua, and runs it in the LState. It is equivalent to calling DoFile on the LState with the original source file.

func LoaderBackendStateless 

func LoaderBackendStateless() lua.LGFunction

LoaderBackendStateless returns an empty, stateless module placeholder for nauthilus_backend. It allows require("nauthilus_backend") to succeed before per-request binding replaces it with a request-aware version via BindModuleIntoReq.

func LoaderContextStateless 

func LoaderContextStateless() lua.LGFunction

LoaderContextStateless returns an empty, stateless module table for nauthilus_context. It is intended to be preloaded once per VM (base environment). Per-request bindings will later clone this table and inject bound functions via WithCtx factories.

func LoaderDNSStateless 

func LoaderDNSStateless() lua.LGFunction

LoaderDNSStateless returns an empty, stateless module placeholder for nauthilus_dns. It allows require("nauthilus_dns") to succeed before per-request binding replaces it with a context-aware version via BindModuleIntoReq.

func LoaderHTTPRequestStateless 

func LoaderHTTPRequestStateless() lua.LGFunction

LoaderHTTPRequestStateless returns an empty, stateless module table for nauthilus_http_request. It is intended to be preloaded once per VM (base environment). Per-request bindings will later clone this table and inject bound functions via WithMeta factories.

func LoaderHTTPResponseStateless 

func LoaderHTTPResponseStateless() lua.LGFunction

LoaderHTTPResponseStateless returns an empty, stateless module table for nauthilus_http_response. It is intended to be preloaded once per VM (base environment). Per-request bindings will later clone this table and inject bound functions via WithCtx factories.

func LoaderI18NStateless 

func LoaderI18NStateless() lua.LGFunction

LoaderI18NStateless returns the default request-time i18n module.

func LoaderLDAPStateless 

func LoaderLDAPStateless() lua.LGFunction

LoaderLDAPStateless returns an empty, stateless module placeholder for nauthilus_ldap. It allows require("nauthilus_ldap") to succeed before per-request binding replaces it with a context-aware version via BindModuleIntoReq.

func LoaderModBackendResult 

func LoaderModBackendResult(ctx context.Context, cfg config.File, logger *slog.Logger) lua.LGFunction

LoaderModBackendResult initializes and loads the backend result module for Lua.

func LoaderModCBOR 

func LoaderModCBOR() lua.LGFunction

LoaderModCBOR loads CBOR encode and decode helpers into Lua.

func LoaderModCache 

func LoaderModCache(ctx context.Context, cfg config.File, logger *slog.Logger) lua.LGFunction

LoaderModCache registers the nauthilus_cache module into a Lua state. The module exposes cache_set/get/delete/exists/update/keys/size/flush/push/pop_all. The cache is process-wide (no per-request state needed).

func LoaderModConnection 

func LoaderModConnection(ctx context.Context, cfg config.File, logger *slog.Logger, monitor monitoring.Monitor) lua.LGFunction

LoaderModConnection initializes and loads the connection module for Lua.

func LoaderModContext 

func LoaderModContext(luaCtx *Context) lua.LGFunction

LoaderModContext initializes and loads the context module for Lua.

func LoaderModDNS 

func LoaderModDNS(ctx context.Context, cfg config.File, logger *slog.Logger) lua.LGFunction

LoaderModDNS initializes and loads the DNS module for Lua, providing functions for DNS lookups and managing records.

func LoaderModHTTP 

func LoaderModHTTP(meta HTTPRequestMeta) lua.LGFunction

LoaderModHTTP loads Lua functions based on an HTTPRequestMeta provider.

func LoaderModHTTPResponse 

func LoaderModHTTPResponse(ctx *gin.Context) lua.LGFunction

LoaderModHTTPResponse loads Lua functions to interact with the HTTP response using gin.Context.

func LoaderModI18N 

func LoaderModI18N(runtime *I18NRuntime, mode I18NMode) lua.LGFunction

LoaderModI18N returns the nauthilus_i18n Lua module.

func LoaderModLogging 

func LoaderModLogging(ctx context.Context, cfg config.File, logger *slog.Logger, keyval *CustomLogKeyValue) lua.LGFunction

LoaderModLogging initializes the logging module for Lua.

func LoaderModMail 

func LoaderModMail(ctx context.Context, cfg config.File, logger *slog.Logger) lua.LGFunction

LoaderModMail is a stateless module loader for nauthilus_mail. It pre-binds a real SMTP client implementation and exposes send_mail() to Lua. This module does not require request context and can be preloaded once per VM.

func LoaderModMisc 

func LoaderModMisc(ctx context.Context, cfg config.File, logger *slog.Logger) lua.LGFunction

LoaderModMisc registers the miscellaneous module in the Lua state and returns the module table.

func LoaderModOTEL 

func LoaderModOTEL(ctx context.Context, cfg config.File, logger *slog.Logger) lua.LGFunction

LoaderModOTEL provides a context-aware OpenTelemetry Lua module. It binds helper functions and userdata to create and manage spans from Lua.

func LoaderModPassword 

func LoaderModPassword(ctx context.Context, cfg config.File, logger *slog.Logger) lua.LGFunction

LoaderModPassword registers the password-related functions in the Lua runtime and returns the module.

func LoaderModPolicy 

func LoaderModPolicy(ctx *policycollection.DecisionContext, stage policy.Stage) lua.LGFunction

LoaderModPolicy returns the request-bound nauthilus_policy module.

func LoaderModSoftAllow 

func LoaderModSoftAllow(ctx context.Context, cfg config.File, logger *slog.Logger) lua.LGFunction

LoaderModSoftAllow initializes and loads the soft allow module for Lua.

func LoaderOTELStateless 

func LoaderOTELStateless() lua.LGFunction

LoaderOTELStateless returns an empty module so require("nauthilus_opentelemetry") never fails.

func LoaderPolicyStateless 

func LoaderPolicyStateless() lua.LGFunction

LoaderPolicyStateless returns a placeholder for Lua runtimes without a policy context.

func MergeStatusAndLogs 

func MergeStatusAndLogs(statusSet *bool, reqLogs **CustomLogKeyValue, reqStatus **string, scriptStatus *string, scriptLogs CustomLogKeyValue)

MergeStatusAndLogs merges a single script's status message and logs into the request-level fields. - statusSet controls that only the first non-nil status message is applied. - reqLogs points to the request's aggregated log slice; it will be initialized if nil. - reqStatus is the address of the request's status message pointer. - scriptStatus is the per-script status message pointer (may be nil). - scriptLogs is the per-script collected logs.

func PackagePath 

func PackagePath(L *lua.LState, cfg config.File) error

PackagePath ensures Lua package.path contains our required paths exactly once, without unbounded growth.

func PutCommonRequest 

func PutCommonRequest(cr *CommonRequest)

PutCommonRequest returns a CommonRequest to the pool after resetting it.

func RequireHTTPResponseContext 

func RequireHTTPResponseContext(L *lua.LState) *gin.Context

RequireHTTPResponseContext returns the current Gin response context or raises a Lua error if none is bound.

func RequireRuntimeContext 

func RequireRuntimeContext(L *lua.LState, moduleName string) context.Context

RequireRuntimeContext returns the current Go runtime context or raises a Lua error if none is bound.

func ScrubRequestBindings 

func ScrubRequestBindings(L *lua.LState, req *lua.LTable)

ScrubRequestBindings removes request-bound data from the request environment and from all tracked module tables.

func SetBuiltinTableForAction 

func SetBuiltinTableForAction(L *lua.LState, addCustomLog lua.LGFunction)

SetBuiltinTableForAction configures the nauthilus_builtin table for action scripts.

func SetBuiltinTableForAll 

func SetBuiltinTableForAll(L *lua.LState, addCustomLog lua.LGFunction, status **string)

SetBuiltinTableForAll configures the nauthilus_builtin table with all runtime constants.

func SetBuiltinTableForBackend 

func SetBuiltinTableForBackend(L *lua.LState, addCustomLog lua.LGFunction, status **string)

SetBuiltinTableForBackend configures the nauthilus_builtin table for backend scripts.

func SetBuiltinTableForCacheFlush 

func SetBuiltinTableForCacheFlush(L *lua.LState, addCustomLog lua.LGFunction, status **string)

SetBuiltinTableForCacheFlush configures the nauthilus_builtin table for cache flush scripts.

func SetBuiltinTableForEnvironment 

func SetBuiltinTableForEnvironment(L *lua.LState, addCustomLog lua.LGFunction, status **string)

SetBuiltinTableForEnvironment configures the nauthilus_builtin table for environment source scripts.

func SetBuiltinTableForSubject 

func SetBuiltinTableForSubject(L *lua.LState, addCustomLog lua.LGFunction, status **string)

SetBuiltinTableForSubject configures the nauthilus_builtin table for subject source scripts.

func SetDefaultI18NRuntime 

func SetDefaultI18NRuntime(runtime *I18NRuntime)

SetDefaultI18NRuntime replaces the process-wide Lua i18n runtime.

func SetStatusMessage 

func SetStatusMessage(status **string) lua.LGFunction

SetStatusMessage sets a new status message by updating the provided string pointer based on the input from the Lua state.

func StopGlobalCache 

func StopGlobalCache()

StopGlobalCache is an optional helper to stop the janitor; can be used by shutdown hooks. StopGlobalCache stops the background janitor of the process-wide cache. Call this during server shutdown to release goroutines promptly.

Types

type BackendConnectionManager 

type BackendConnectionManager struct {
	*BaseManager
	// contains filtered or unexported fields
}

BackendConnectionManager manages backend connection checks for Lua.

func NewBackendConnectionManager 

func NewBackendConnectionManager(ctx context.Context, cfg config.File, logger *slog.Logger, monitor monitoring.Monitor) *BackendConnectionManager

NewBackendConnectionManager creates a new BackendConnectionManager.

func (*BackendConnectionManager) CheckBackendConnection 

func (m *BackendConnectionManager) CheckBackendConnection(L *lua.LState) int

CheckBackendConnection verifies the connection to a backend server.

type BackendResultManager 

type BackendResultManager struct {
	*BaseManager
}

BackendResultManager manages backend result operations for Lua.

func NewBackendResultManager 

func NewBackendResultManager(ctx context.Context, cfg config.File, logger *slog.Logger) *BackendResultManager

NewBackendResultManager creates a new BackendResultManager.

func (*BackendResultManager) GetSetAccountField 

func (m *BackendResultManager) GetSetAccountField(L *lua.LState) int

GetSetAccountField sets or returns the value of the AccountField field.

func (*BackendResultManager) GetSetAttributes 

func (m *BackendResultManager) GetSetAttributes(L *lua.LState) int

GetSetAttributes sets or retrieves the Attributes field.

func (*BackendResultManager) GetSetAuthenticated 

func (m *BackendResultManager) GetSetAuthenticated(L *lua.LState) int

GetSetAuthenticated sets or retrieves the Authenticated field.

func (*BackendResultManager) GetSetDisplayNameField 

func (m *BackendResultManager) GetSetDisplayNameField(L *lua.LState) int

GetSetDisplayNameField sets or returns the value of the DisplayNameField field.

func (*BackendResultManager) GetSetGroupDistinguishedNames 

func (m *BackendResultManager) GetSetGroupDistinguishedNames(L *lua.LState) int

GetSetGroupDistinguishedNames sets or retrieves the GroupDistinguishedNames field.

func (*BackendResultManager) GetSetGroups 

func (m *BackendResultManager) GetSetGroups(L *lua.LState) int

GetSetGroups sets or retrieves the Groups field.

func (*BackendResultManager) GetSetTOTPRecoveryField 

func (m *BackendResultManager) GetSetTOTPRecoveryField(L *lua.LState) int

GetSetTOTPRecoveryField sets or returns the value of the TOTPRecoveryField field.

func (*BackendResultManager) GetSetTOTPSecretField 

func (m *BackendResultManager) GetSetTOTPSecretField(L *lua.LState) int

GetSetTOTPSecretField sets or returns the value of the TOTPSecretField field.

func (*BackendResultManager) GetSetUniqueUserIDField 

func (m *BackendResultManager) GetSetUniqueUserIDField(L *lua.LState) int

GetSetUniqueUserIDField sets or returns the value of the UniqueUserIDField field.

func (*BackendResultManager) GetSetUserFound 

func (m *BackendResultManager) GetSetUserFound(L *lua.LState) int

GetSetUserFound sets or returns the value of the UserFound field.

func (*BackendResultManager) GetSetWebAuthnCredentials 

func (m *BackendResultManager) GetSetWebAuthnCredentials(L *lua.LState) int

GetSetWebAuthnCredentials sets or retrieves the WebAuthnCredentials field.

func (*BackendResultManager) New 

func (m *BackendResultManager) New(L *lua.LState) int

New creates a new instance of LuaBackendResult, wraps it in a user data object, and sets its metatable.

type BaseManager 

type BaseManager struct {
	Ctx    context.Context
	Cfg    config.File
	Logger *slog.Logger
}

BaseManager provides common fields for all Lua module managers.

func NewBaseManager 

func NewBaseManager(ctx context.Context, cfg config.File, logger *slog.Logger) *BaseManager

NewBaseManager creates a new BaseManager.

type CBORManager 

type CBORManager struct {
	// contains filtered or unexported fields
}

CBORManager manages CBOR encode and decode helpers exposed to Lua.

func NewCBORManager 

func NewCBORManager(nullValue *lua.LUserData) *CBORManager

NewCBORManager creates a Lua CBOR manager with a stable null sentinel.

func (*CBORManager) Bytes 

func (m *CBORManager) Bytes(L *lua.LState) int

Bytes marks a Lua string for CBOR byte string encoding.

func (*CBORManager) Decode 

func (m *CBORManager) Decode(L *lua.LState) int

Decode converts a CBOR byte string into Lua values.

func (*CBORManager) Encode 

func (m *CBORManager) Encode(L *lua.LState) int

Encode converts a Lua value into a CBOR byte string.

type CacheManager 

type CacheManager struct {
	*BaseManager
}

CacheManager manages process-wide cache operations for Lua.

func NewCacheManager 

func NewCacheManager(ctx context.Context, cfg config.File, logger *slog.Logger) *CacheManager

NewCacheManager creates a new CacheManager.

func (*CacheManager) Delete 

func (m *CacheManager) Delete(L *lua.LState) int

Delete implements nauthilus_cache.cache_delete(key). Returns true if the key existed and was removed; otherwise false.

func (*CacheManager) Exists 

func (m *CacheManager) Exists(L *lua.LState) int

Exists implements nauthilus_cache.cache_exists(key). Returns true only if the key exists and has not expired.

func (*CacheManager) Flush 

func (m *CacheManager) Flush(_ *lua.LState) int

Flush implements nauthilus_cache.cache_flush(). Empties the entire cache.

func (*CacheManager) Get 

func (m *CacheManager) Get(L *lua.LState) int

Get implements nauthilus_cache.cache_get(key). Returns the stored value or nil if not present or expired.

func (*CacheManager) Keys 

func (m *CacheManager) Keys(L *lua.LState) int

Keys implements nauthilus_cache.cache_keys(). Returns an array (Lua table) with all current non-expired keys.

func (*CacheManager) PopAll 

func (m *CacheManager) PopAll(L *lua.LState) int

PopAll implements nauthilus_cache.cache_pop_all(key). Returns the list at key and clears it; if absent, returns an empty list.

func (*CacheManager) Push 

func (m *CacheManager) Push(L *lua.LState) int

Push implements nauthilus_cache.cache_push(key, value). Appends value to the list at key (creating it if needed). Returns the new length.

func (*CacheManager) Set 

func (m *CacheManager) Set(L *lua.LState) int

Set implements nauthilus_cache.cache_set(key, value[, ttl_seconds]). Parameters: key (string), value (any convertible), ttl_seconds (number|nil|0=no expiry). Returns: "OK", nil.

func (*CacheManager) Size 

func (m *CacheManager) Size(L *lua.LState) int

Size implements nauthilus_cache.cache_size(). Returns the number of non-expired entries in the cache.

func (*CacheManager) Update 

func (m *CacheManager) Update(L *lua.LState) int

Update implements nauthilus_cache.cache_update(key, updater_fn). Calls updater_fn(old_value) in Lua and stores its return value atomically. updater_fn must be synchronous (no yields). Returns the new value.

type CommonRequest 

type CommonRequest struct {
	// BackendServers holds the list of backend servers.
	BackendServers []*config.BackendServer

	// TOTPRecoveryCodes stores the user's TOTP recovery codes.
	TOTPRecoveryCodes []string

	// RequestedScopes holds the OIDC scopes requested by the client.
	RequestedScopes []string

	// UserGroups holds the user's group memberships (e.g. from LDAP memberOf).
	UserGroups []string

	// AllowedClientScopes holds the configured allowed scopes for the OIDC client.
	AllowedClientScopes []string

	// AllowedClientGrantTypes holds the configured allowed grant types for the OIDC client.
	AllowedClientGrantTypes []string

	// Service is the http routers endpoint name.
	Service string

	// Session stores the unique session identifier.
	Session string // GUID

	// ExternalSessionID stores an optional upstream session identifier.
	ExternalSessionID string

	// HealthCheck indicates that this request came from an internal backend health check.
	HealthCheck bool

	// ClientIP stores the IP address of the client.
	ClientIP string

	// ClientPort stores the port number used by the client.
	ClientPort string

	// ClientNet stores the network used by the client.
	ClientNet string

	// ClientHost stores the hostname of the client.
	ClientHost string

	// ClientID stores the unique identifier for the client.
	ClientID string

	// UserAgent stores toe User-Agent of the client.
	UserAgent string

	// LocalIP stores the IP address of the local machine.
	LocalIP string

	// LocalPort stores the port number used by the local machine.
	LocalPort string

	// Username stores the username of the user that was used to authenticate.
	Username string

	// Account stores the user's account information.
	Account string

	// AccountField stores the user's account field.
	AccountField string

	// UniqueUserID stores the unique user identifier.
	UniqueUserID string

	// DisplayName stores the user's display name.
	DisplayName string

	// Password stores the user's password.
	Password []byte

	// WebAuthnCredential stores a serialized WebAuthn credential (JSON).
	WebAuthnCredential string

	// WebAuthnOldCredential stores a serialized WebAuthn credential (JSON).
	WebAuthnOldCredential string

	// Protocol stores the protocol that the user used to authenticate.
	Protocol string

	// Method stores the authentication method used.
	Method string

	// OIDCCID represents the OpenID Connect Client ID used for authentication.
	OIDCCID string

	// SAMLEntityID represents the SAML Entity ID used for authentication.
	SAMLEntityID string

	// AuthLoginAttempt stores the incoming authentication attempt ordinal.
	AuthLoginAttempt uint

	// GrantType represents the OIDC grant type used for the current flow.
	GrantType string

	// OIDCClientName represents the human-readable OIDC client name.
	OIDCClientName string

	// RedirectURI represents the requested redirect URI for OIDC flows.
	RedirectURI string

	// MFAMethod represents the MFA method used (e.g. totp, webauthn, recovery).
	MFAMethod string

	// BruteForceName stores the name of the brute force protection mechanism.
	BruteForceName string

	// EnvironmentName is the environment control or source that triggered the action.
	EnvironmentName string

	// XSSL contains SSL information.
	XSSL string

	// XSSLSessionID is the SSL session identifier.
	XSSLSessionID string

	// XSSLClientVerify indicates whether SSL client is verified.
	XSSLClientVerify string

	// XSSLClientDN is the client's Distinguished Name in the SSL certificate.
	XSSLClientDN string

	// XSSLClientCN is the client's Common Name in the SSL certificate.
	XSSLClientCN string

	// XSSLIssuer is the issuer of the SSL certificate.
	XSSLIssuer string

	// XSSLClientNotBefore is the date before which the SSL certificate is not valid.
	XSSLClientNotBefore string

	// XSSLClientNotAfter is the date after which the SSL certificate is not valid.
	XSSLClientNotAfter string

	// XSSLSubjectDN is the Subject's Distinguished Name in the SSL certificate.
	XSSLSubjectDN string

	// XSSLIssuerDN is the Issuer's Distinguished Name in the SSL certificate.
	XSSLIssuerDN string

	// XSSLClientSubjectDN is the client's Subject Distinguished Name in the SSL certificate.
	XSSLClientSubjectDN string

	// XSSLClientIssuerDN is the client's Issuer Distinguished Name in the SSL certificate.
	XSSLClientIssuerDN string

	// XSSLProtocol is the SSL protocol used.
	XSSLProtocol string

	// XSSLCipher is the encryption cipher used in the SSL protocol.
	XSSLCipher string

	// SSLSerial is the serial number of the SSL certificate used for secure communication.
	SSLSerial string

	// SSLFingerprint represents the SSL certificate's fingerprint for the client in the request.
	SSLFingerprint string

	// RedisPrefix is the redis prefix for keys.
	RedisPrefix string

	// StatusMessage is a configurable message that is returned to the client upon errors (not tempfail).
	StatusMessage *string

	// UsedBackendAddr holds the address of the backend server used for authentication.
	UsedBackendAddr *string

	// UsedBackendPort holds the port of the backend server used for authentication.
	UsedBackendPort *int

	// Latency represents the request latency in milliseconds.
	Latency float64

	// BruteForceCounter keeps track of unsuccessful login attempts for the user.
	BruteForceCounter uint

	// HTTPStatus represents the HTTP status code.
	HTTPStatus int

	// Debug is a flag indicating if the action is executed in debug mode.
	Debug bool

	// Repeating is a flag indicating if the action would be repeated.
	Repeating bool

	// RWP indicates whether the request was identified as a Repeating Wrong Password.
	// When true, bucket counters were NOT increased because the same wrong password was repeated.
	RWP bool

	// UserFound is a flag indicating if the user executing the action was found in the system.
	UserFound bool

	// Authenticated is a flag indicating if the user is authenticated.
	Authenticated bool

	// NoAuth is a flag indicating if the action requires no authentication.
	NoAuth bool

	// EnvironmentRejected indicates that an environment source terminated the request before subject sources ran.
	EnvironmentRejected bool

	// EnvironmentStageExpected indicates whether the current request path should have passed through Lua environment sources.
	EnvironmentStageExpected bool

	// SubjectStageExpected indicates whether the current request path should have passed through Lua subject sources.
	SubjectStageExpected bool

	// MFACompleted indicates whether MFA verification was successfully completed.
	MFACompleted bool
}

CommonRequest represents a common request object with various properties used in different functionalities.

func GetCommonRequest 

func GetCommonRequest() *CommonRequest

GetCommonRequest gets a CommonRequest from the pool or creates a new one if the pool is empty.

func (*CommonRequest) Reset 

func (c *CommonRequest) Reset()

Reset resets all fields of the CommonRequest to their zero values.

func (*CommonRequest) SetupRequest 

func (c *CommonRequest) SetupRequest(L *lua.LState, cfg config.File, request *lua.LTable) *lua.LTable

SetupRequest sets up the request object with the common request properties.

type Context 

type Context struct {
	// contains filtered or unexported fields
}

Context is a system-wide Lua context designed to exchange Lua LValues between all Lua levels. Even it implements all methodes from Context, its use is limitted to data exchange. It can not be used to abort running threads. Usage of this context is thread safe.

func CurrentLuaContext 

func CurrentLuaContext(L *lua.LState) *Context

CurrentLuaContext returns the Lua request context bound to the current request environment.

func NewContext 

func NewContext() *Context

NewContext initializes a new Lua Context.

func RequireLuaContext 

func RequireLuaContext(L *lua.LState) *Context

RequireLuaContext returns the current Lua request context or raises a Lua error if none is bound.

func (*Context) ApplyDelta 

func (c *Context) ApplyDelta(delta ContextDelta)

ApplyDelta merges a script delta into the shared request context.

func (*Context) Clone 

func (c *Context) Clone() *Context

Clone returns an independent context copy for isolated script execution.

func (*Context) Deadline 

func (c *Context) Deadline() (deadline time.Time, ok bool)

Deadline is not currently used

func (*Context) Delete 

func (c *Context) Delete(key string)

Delete removes a key and its value from the Lua Context.

func (*Context) Diff 

func (c *Context) Diff(before map[string]any) ContextDelta

Diff computes changes between a previous snapshot and the current context state.

func (*Context) Done 

func (c *Context) Done() <-chan struct{}

Done is not currently used

func (*Context) Err 

func (c *Context) Err() error

Err is not currently used

func (*Context) Get 

func (c *Context) Get(key string) any

Get returns the lua.LValue value aquired by key from the Lua Context. If no key was found, it returns nil.

func (*Context) GetExists 

func (c *Context) GetExists(key string) (any, bool)

GetExists retrieves the value associated with the given key and returns a boolean indicating its existence in the context.

func (*Context) Set 

func (c *Context) Set(key string, value any)

Set sets or replaces a new key/value pair in the Lua Context map.

func (*Context) Snapshot 

func (c *Context) Snapshot() map[string]any

Snapshot returns a shallowly typed but recursively copied view of all context values.

func (*Context) Value 

func (c *Context) Value(_ any) lua.LValue

Value not currently used

type ContextDelta 

type ContextDelta struct {
	Set    map[string]any
	Delete []string
}

ContextDelta describes request-local Lua context changes made by one script.

type ContextManager 

type ContextManager struct{}

ContextManager manages Lua context operations.

func NewContextManager 

func NewContextManager() *ContextManager

NewContextManager creates a new ContextManager.

func (*ContextManager) ContextDelete 

func (m *ContextManager) ContextDelete(L *lua.LState) int

ContextDelete is a wrapper function to Context.Delete(...).

func (*ContextManager) ContextGet 

func (m *ContextManager) ContextGet(L *lua.LState) int

ContextGet is a wrapper function to Context.Get(...).

func (*ContextManager) ContextSet 

func (m *ContextManager) ContextSet(L *lua.LState) int

ContextSet is a wrapper function to Context.Set(...).

type CustomLogKeyValue 

type CustomLogKeyValue []any

CustomLogKeyValue describes the exported CustomLogKeyValue type.

func (*CustomLogKeyValue) Set 

func (c *CustomLogKeyValue) Set(key string, value any)

Set appends a key-value pair to the CustomLogKeyValue slice. If the receiver pointer c is nil, no action is taken. The key is appended to the slice followed by the value.

type DNSManager 

type DNSManager struct {
	*BaseManager
}

DNSManager manages DNS operations for Lua.

func NewDNSManager 

func NewDNSManager(ctx context.Context, cfg config.File, logger *slog.Logger) *DNSManager

NewDNSManager creates a new DNSManager.

func (*DNSManager) Resolve 

func (m *DNSManager) Resolve(L *lua.LState) int

Resolve performs a DNS record lookup for the specified domain and record type using Lua and the provided context. It supports record types such as A, AAAA, MX, NS, TXT, CNAME, and PTR and returns the result or an error to Lua.

type Done 

type Done struct{}

Done is the value for channels to finish workers

type HTTPRequestManager 

type HTTPRequestManager struct{}

HTTPRequestManager manages HTTP request data needed by Lua.

func NewHTTPRequestManager 

func NewHTTPRequestManager() *HTTPRequestManager

NewHTTPRequestManager creates a new HTTPRequestManager.

func (*HTTPRequestManager) GetAllHTTPRequestHeaders 

func (m *HTTPRequestManager) GetAllHTTPRequestHeaders(L *lua.LState) int

GetAllHTTPRequestHeaders retrieves all headers from an HTTP request. The returned function accepts no arguments and pushes a Lua table where header names are keys and values are lists.

func (*HTTPRequestManager) GetHTTPMethod 

func (m *HTTPRequestManager) GetHTTPMethod(L *lua.LState) int

GetHTTPMethod pushes the HTTP request method as a string onto the Lua stack.

func (*HTTPRequestManager) GetHTTPPath 

func (m *HTTPRequestManager) GetHTTPPath(L *lua.LState) int

GetHTTPPath pushes the HTTP request URL path onto the Lua stack when invoked.

func (*HTTPRequestManager) GetHTTPQueryParam 

func (m *HTTPRequestManager) GetHTTPQueryParam(L *lua.LState) int

GetHTTPQueryParam fetches a query parameter from the provided HTTP request.

func (*HTTPRequestManager) GetHTTPRequestBody 

func (m *HTTPRequestManager) GetHTTPRequestBody(L *lua.LState) int

GetHTTPRequestBody retrieves the body of an HTTP request as a Lua string. The returned function reads the HTTP request body, resets it for potential later use, and pushes it as a string to Lua.

func (*HTTPRequestManager) GetHTTPRequestHeader 

func (m *HTTPRequestManager) GetHTTPRequestHeader(L *lua.LState) int

GetHTTPRequestHeader retrieves specific HTTP request header values as a Lua table. The function expects one argument: the name of the header to retrieve (case-insensitive). It returns a Lua table containing the header values or an empty table if the header is not present.

func (*HTTPRequestManager) URLPartialDecode 

func (m *HTTPRequestManager) URLPartialDecode(L *lua.LState) int

URLPartialDecode decodes valid percent-escaped sequences while preserving invalid escapes and '+' characters.

type HTTPRequestMeta 

type HTTPRequestMeta interface {
	Header() http.Header
	Method() string
	URL() *url.URL
	Body() io.ReadCloser
	SetBody(io.ReadCloser)
}

HTTPRequestMeta is a thin abstraction over HTTP request data needed by Lua HTTP module. It allows sources other than *http.Request while keeping behavior identical for Lua code.

func CurrentHTTPRequestMeta 

func CurrentHTTPRequestMeta(L *lua.LState) HTTPRequestMeta

CurrentHTTPRequestMeta returns the HTTP request metadata bound to the current request environment.

func NewHTTPMetaFromRequest 

func NewHTTPMetaFromRequest(req *http.Request) HTTPRequestMeta

NewHTTPMetaFromRequest provides the exported NewHTTPMetaFromRequest function.

func RequireHTTPRequestMeta 

func RequireHTTPRequestMeta(L *lua.LState) HTTPRequestMeta

RequireHTTPRequestMeta returns the current HTTP request metadata or raises a Lua error if none is bound.

type HTTPResponseManager 

type HTTPResponseManager struct{}

HTTPResponseManager manages HTTP response operations for Lua.

func NewHTTPResponseManager 

func NewHTTPResponseManager() *HTTPResponseManager

NewHTTPResponseManager creates a new HTTPResponseManager.

func (*HTTPResponseManager) AddHTTPResponseHeader 

func (m *HTTPResponseManager) AddHTTPResponseHeader(L *lua.LState) int

AddHTTPResponseHeader adds a value to an HTTP response header. Usage from Lua: nauthilus_http_response.add_http_response_header(name, value)

func (*HTTPResponseManager) HTTPData 

func (m *HTTPResponseManager) HTTPData(L *lua.LState) int

HTTPData maps to Gin's ctx.Data(status, contentType, data). Usage from Lua: nauthilus_http_response.data(status_code, content_type, data)

func (*HTTPResponseManager) HTTPHTML 

func (m *HTTPResponseManager) HTTPHTML(L *lua.LState) int

HTTPHTML sends HTML content (uses Gin's Data with text/html). Usage from Lua: nauthilus_http_response.html(status_code, html_string)

func (*HTTPResponseManager) HTTPRedirect 

func (m *HTTPResponseManager) HTTPRedirect(L *lua.LState) int

HTTPRedirect maps to Gin's ctx.Redirect(status, location). Usage from Lua: nauthilus_http_response.redirect(status_code, location)

func (*HTTPResponseManager) HTTPString 

func (m *HTTPResponseManager) HTTPString(L *lua.LState) int

HTTPString maps to Gin's ctx.String(status, body). Usage from Lua: nauthilus_http_response.string(status_code, body)

func (*HTTPResponseManager) RemoveHTTPResponseHeader 

func (m *HTTPResponseManager) RemoveHTTPResponseHeader(L *lua.LState) int

RemoveHTTPResponseHeader removes an HTTP response header. Usage from Lua: nauthilus_http_response.remove_http_response_header(name)

func (*HTTPResponseManager) SetHTTPContentType 

func (m *HTTPResponseManager) SetHTTPContentType(L *lua.LState) int

SetHTTPContentType sets the Content-Type header explicitly. Usage from Lua: nauthilus_http_response.set_http_content_type(value)

func (*HTTPResponseManager) SetHTTPResponseHeader 

func (m *HTTPResponseManager) SetHTTPResponseHeader(L *lua.LState) int

SetHTTPResponseHeader sets (overwrites) an HTTP response header. Usage from Lua: nauthilus_http_response.set_http_response_header(name, value)

func (*HTTPResponseManager) SetHTTPStatus 

func (m *HTTPResponseManager) SetHTTPStatus(L *lua.LState) int

SetHTTPStatus sets the HTTP status code for the response. Usage from Lua: nauthilus_http_response.set_http_status(code)

func (*HTTPResponseManager) WriteHTTPResponseBody 

func (m *HTTPResponseManager) WriteHTTPResponseBody(L *lua.LState) int

WriteHTTPResponseBody writes raw data to the HTTP response body. Usage from Lua: nauthilus_http_response.write_http_response_body(data) Note: Set appropriate Content-Type header before writing if needed.

type I18NCatalogSession 

type I18NCatalogSession struct {
	// contains filtered or unexported fields
}

I18NCatalogSession collects startup overlays until the init script succeeds.

type I18NMode 

type I18NMode uint8

I18NMode controls whether the Lua module runs during startup or request time. 

const (
	// I18NModeRequest exposes read-only localization helpers.
	I18NModeRequest I18NMode = iota

	// I18NModeStartup allows deployment catalog registration.
	I18NModeStartup
)

type I18NRuntime 

type I18NRuntime struct {
	Registry *localization.CatalogRegistry
	Resolver localization.MessageResolver
	Logger   *slog.Logger

	DefaultPreference localization.LanguagePreference
	DefaultLanguage   string
	MaxLength         int
	// contains filtered or unexported fields
}

I18NRuntime owns resolver and catalog dependencies shared by Lua states.

func DefaultI18NRuntime 

func DefaultI18NRuntime() *I18NRuntime

DefaultI18NRuntime returns the currently configured process-wide Lua i18n runtime.

func NewI18NRuntime 

func NewI18NRuntime(options I18NRuntimeOptions) *I18NRuntime

NewI18NRuntime creates a Lua i18n runtime with safe empty defaults.

func (*I18NRuntime) CommitCatalogSession 

func (r *I18NRuntime) CommitCatalogSession() error

CommitCatalogSession activates collected startup overlays atomically.

func (*I18NRuntime) NewCatalogSession 

func (r *I18NRuntime) NewCatalogSession() *I18NRuntime

NewCatalogSession returns a runtime that validates startup catalog overlays before activation.

type I18NRuntimeOptions 

type I18NRuntimeOptions struct {
	Registry          *localization.CatalogRegistry
	Resolver          localization.MessageResolver
	Logger            *slog.Logger
	DefaultPreference localization.LanguagePreference
	DefaultLanguage   string
	MaxLength         int
}

I18NRuntimeOptions configures the Lua i18n runtime.

type LoggingManager 

type LoggingManager struct {
	*BaseManager
	// contains filtered or unexported fields
}

LoggingManager manages logging operations for Lua.

func NewLoggingManager 

func NewLoggingManager(ctx context.Context, cfg config.File, logger *slog.Logger, keyval *CustomLogKeyValue) *LoggingManager

NewLoggingManager creates a new LoggingManager.

func (*LoggingManager) AddCustomLog 

func (m *LoggingManager) AddCustomLog(L *lua.LState) int

AddCustomLog appends a key-value pair to a CustomLogKeyValue slice for logging purposes.

type LuaBackendResult 

type LuaBackendResult struct {
	// Authenticated represents whether the user is authenticated or not
	Authenticated bool

	// UserFound indicates whether the user was found in the system or not
	UserFound bool

	// AccountField is the field associated with the user's account
	AccountField string

	// TOTPSecretField is the field that holds the user's TOTP Secret
	TOTPSecretField string

	// TOTPRecoveryField is the field for the user's TOTP recovery code
	TOTPRecoveryField string

	// UniqueUserIDField is the unique user id field
	UniqueUserIDField string

	// DisplayNameField is the display name associated with the user's account
	DisplayNameField string

	// WebAuthnCredentials holds a list of serialized WebAuthn credentials (JSON)
	WebAuthnCredentials []string

	// Err captures any error that occurred during the backend process
	Err error

	// Attributes holds any other attributes related to the user's account
	Attributes map[any]any

	// Groups holds resolved group names.
	Groups []string

	// GroupDistinguishedNames holds resolved group distinguished names.
	GroupDistinguishedNames []string

	// Logs is a pointer to a custom log key-value pair associated with the Lua script.
	Logs *CustomLogKeyValue
}

LuaBackendResult holds the response returned by the Lua backend. Information about user authentication, user account, and error details are encapsulated in this data structure.

type LuaScriptTrace 

type LuaScriptTrace struct {
	// contains filtered or unexported fields
}

LuaScriptTrace starts child spans for the common Lua execution phases.

func NewLuaScriptTrace 

func NewLuaScriptTrace(options LuaScriptTraceOptions) LuaScriptTrace

NewLuaScriptTrace creates a trace helper with stable Lua script attributes.

func (LuaScriptTrace) Start 

func (t LuaScriptTrace) Start(ctx context.Context, spanName string, attrs ...attribute.KeyValue) (context.Context, trace.Span)

Start begins a Lua script phase span and attaches stable script attributes plus extra attributes.

type LuaScriptTraceOptions 

type LuaScriptTraceOptions struct {
	Kind       string
	ScriptName string
	Mode       string
	Level      int
}

LuaScriptTraceOptions describes stable attributes shared by all spans of one Lua script execution.

type MailManager 

type MailManager struct {
	*BaseManager
	// contains filtered or unexported fields
}

MailManager provides functionalities for sending emails using an SMTP client.

func NewMailManager 

func NewMailManager(ctx context.Context, cfg config.File, logger *slog.Logger, smtpClient smtp.Client) *MailManager

NewMailManager creates a new MailManager instance with the provided smtp.Client.

func (*MailManager) SendMail 

func (m *MailManager) SendMail(L *lua.LState) int

SendMail sends an email using the provided smtp.Client and Lua table parameters for configuration and recipient data. It extracts settings like server, port, credentials, and email content from the Lua table and invokes the SMTP client.

type MiscManager 

type MiscManager struct {
	*BaseManager
}

MiscManager manages miscellaneous operations for Lua.

func NewMiscManager 

func NewMiscManager(ctx context.Context, cfg config.File, logger *slog.Logger) *MiscManager

NewMiscManager creates a new MiscManager.

type OTELManager 

type OTELManager struct {
	*BaseManager
	// contains filtered or unexported fields
}

OTELManager describes the exported OTELManager type.

func NewOTELManager 

func NewOTELManager(ctx context.Context, cfg config.File, logger *slog.Logger) *OTELManager

NewOTELManager creates a new OTELManager.

type PasswordManager 

type PasswordManager struct {
	*BaseManager
}

PasswordManager manages password-related operations for Lua.

func NewPasswordManager 

func NewPasswordManager(ctx context.Context, cfg config.File, logger *slog.Logger) *PasswordManager

NewPasswordManager creates a new PasswordManager.

type PolicyEmitter 

type PolicyEmitter struct {
	// contains filtered or unexported fields
}

PolicyEmitter records Lua-owned attributes into the request-local policy context.

type RuntimeCancellationDiagnostics 

type RuntimeCancellationDiagnostics struct {
	Source     string
	RuntimeErr string
	GroupErr   string
	RequestErr string
}

RuntimeCancellationDiagnostics describes the cancellation state around one Lua script failure.

func NewRuntimeCancellationDiagnostics 

func NewRuntimeCancellationDiagnostics(runtimeCtx context.Context, groupCtx context.Context, requestCtx context.Context) RuntimeCancellationDiagnostics

NewRuntimeCancellationDiagnostics inspects related contexts and returns a stable cancellation source.

func (RuntimeCancellationDiagnostics) LogValues 

func (d RuntimeCancellationDiagnostics) LogValues() []any

LogValues returns structured slog key-value pairs for cancellation diagnostics.

type SoftAllowManager 

type SoftAllowManager struct {
	*BaseManager
}

SoftAllowManager manages soft whitelist operations for Lua.

func NewSoftAllowManager 

func NewSoftAllowManager(ctx context.Context, cfg config.File, logger *slog.Logger) *SoftAllowManager

NewSoftAllowManager creates a new SoftAllowManager.

func (*SoftAllowManager) SoftWhitelistDelete 

func (m *SoftAllowManager) SoftWhitelistDelete(L *lua.LState) int

SoftWhitelistDelete removes a soft whitelist entry.

func (*SoftAllowManager) SoftWhitelistGet 

func (m *SoftAllowManager) SoftWhitelistGet(L *lua.LState) int

SoftWhitelistGet retrieves soft whitelist entries.

func (*SoftAllowManager) SoftWhitelistSet 

func (m *SoftAllowManager) SoftWhitelistSet(L *lua.LState) int

SoftWhitelistSet sets a soft whitelist entry.

Source Files

View all Source files

Directories

Path Synopsis
Package action provides action functionality.
 Package action provides action functionality.
Package bruteforce provides bruteforce functionality.
 Package bruteforce provides bruteforce functionality.
Package cacheflush executes the optional Lua callback used by cache flush endpoints.
 Package cacheflush executes the optional Lua callback used by cache flush endpoints.
Package connmgr provides connmgr functionality.
 Package connmgr provides connmgr functionality.
Package convert provides convert functionality.
 Package convert provides convert functionality.
Package environment executes Lua environment source scripts.
 Package environment executes Lua environment source scripts.
Package hook provides hook functionality.
 Package hook provides hook functionality.
Package luamod provides luamod functionality.
 Package luamod provides luamod functionality.
Package luapool provides a pool for reusing Lua states.
 Package luapool provides a pool for reusing Lua states.
Package luastack provides luastack functionality.
 Package luastack provides luastack functionality.
Package metrics provides metrics functionality.
 Package metrics provides metrics functionality.
Package pipeline plans deterministic dependency levels for request-local Lua execution.
 Package pipeline plans deterministic dependency levels for request-local Lua execution.
Package policyschedule adapts policy script schedules to Lua execution plans.
 Package policyschedule adapts policy script schedules to Lua execution plans.
Package redislib provides redislib functionality.
 Package redislib provides redislib functionality.
Package smtp provides smtp functionality.
 Package smtp provides smtp functionality.
Package subject executes Lua subject source scripts.
 Package subject executes Lua subject source scripts.
Package vmpool provides per-key (backend/category) pools of reusable Lua VMs.
 Package vmpool provides per-key (backend/category) pools of reusable Lua VMs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.