audit

package

v0.0.3 Latest Latest Go to latest Published: May 3, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/depthmark/github-sts

Links

Open Source Insights

Documentation ¶

Overview ¶

Package audit provides structured audit logging for token exchange events.

Index ¶

func TruncateJTI(jti string, max int) string
func TruncateUserAgent(ua string, max int) string
type Event
type ExchangeResult
type FileLogger
- func NewFileLogger(path string, bufferSize int, slogger *slog.Logger) (*FileLogger, error)
- func (fl *FileLogger) Close() error
- func (fl *FileLogger) Log(event Event)
type Logger
type NopLogger
- func (NopLogger) Close() error
- func (NopLogger) Log(Event)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func TruncateJTI ¶

func TruncateJTI(jti string, max int) string

TruncateJTI truncates a JTI string to the given maximum length.

func TruncateUserAgent ¶

func TruncateUserAgent(ua string, max int) string

TruncateUserAgent truncates a user agent string to the given maximum length.

Types ¶

type Event ¶

type Event struct {
	Timestamp   time.Time      `json:"timestamp"`
	TraceID     string         `json:"trace_id"`
	Scope       string         `json:"scope"`
	AppName     string         `json:"app"`
	Identity    string         `json:"identity"`
	Issuer      string         `json:"issuer"`
	Subject     string         `json:"subject"`
	JTI         string         `json:"jti,omitempty"`
	Result      ExchangeResult `json:"result"`
	ErrorReason string         `json:"error_reason,omitempty"`
	DurationMS  int64          `json:"duration_ms"`
	UserAgent   string         `json:"user_agent,omitempty"`
	RemoteIP    string         `json:"remote_ip,omitempty"`
}

Event represents a single token exchange audit event.

type ExchangeResult ¶

type ExchangeResult string

ExchangeResult represents the outcome of a token exchange attempt.

const (
	ResultSuccess      ExchangeResult = "success"
	ResultPolicyDenied ExchangeResult = "policy_denied"
	ResultOIDCInvalid  ExchangeResult = "oidc_invalid"
	ResultJTIReplay    ExchangeResult = "jti_replay"
	ResultNotFound     ExchangeResult = "policy_not_found"
	ResultCacheError   ExchangeResult = "cache_error"
	ResultGitHubError  ExchangeResult = "github_error"
	ResultUnknownError ExchangeResult = "unknown_error"
)

type FileLogger ¶

type FileLogger struct {
	// contains filtered or unexported fields
}

FileLogger writes audit events as JSON lines to a file using a buffered channel for non-blocking writes.

func NewFileLogger ¶

func NewFileLogger(path string, bufferSize int, slogger *slog.Logger) (*FileLogger, error)

NewFileLogger creates a FileLogger that writes to the given path. If path is empty, events are only emitted to the slog logger.

func (*FileLogger) Close ¶

func (fl *FileLogger) Close() error

Close drains remaining events and closes the file. Waits up to 5 seconds.

func (*FileLogger) Log ¶

func (fl *FileLogger) Log(event Event)

Log queues an audit event for writing. Non-blocking — if the channel is full, the event is dropped and a warning is logged.

type Logger ¶

type Logger interface {
	Log(event Event)
	Close() error
}

Logger is the interface for audit event logging.

type NopLogger ¶

type NopLogger struct{}

NopLogger is a no-op audit logger for testing.

func (NopLogger) Close ¶

func (NopLogger) Close() error

func (NopLogger) Log ¶

func (NopLogger) Log(Event)

Source Files ¶

View all Source files

audit.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL