Documentation
¶
Index ¶
- func BearerTokenFromHeader(authHeader string) string
- func GeneratePasswordResetToken() (string, error)
- func GenerateVerificationCode(extraHardened bool) (string, error)
- func LoginCodeGamma(extraHardened bool) string
- func LoginCodeLength(extraHardened bool) int
- func ValidateEmailFormat(email string) string
- func ValidatePasswordStrength(password string, cfg *authtypes.PasswordStrengthConfig) error
- type InMemoryRateLimiter
- type RateLimitResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BearerTokenFromHeader ¶ added in v0.29.0
BearerTokenFromHeader extracts the bearer token from the passed authorization header value. If a bearer token is not found, an empty string is returned.
Parameters:
- authHeader: a string representing the authorization header
Returns:
- a string representing the extracted bearer token
Example:
authHeader := r.Header.Get("Authorization")
authTokenFromBearerToken := BearerTokenFromHeader(authHeader)
or simplified
authTokenFromBearerToken := BearerTokenFromHeader(r.Header.Get("Authorization"))
func GeneratePasswordResetToken ¶ added in v0.29.0
GeneratePasswordResetToken generates a random password reset token.
func GenerateVerificationCode ¶ added in v0.29.0
GenerateVerificationCode generates a random verification code using the configured length and gamma.
func LoginCodeGamma ¶
LoginCodeGamma returns the character set (gamma) used for verification/ login codes. extraHardened should be false in normal operation; it is only set to true when rate limiting is explicitly disabled (again, not recommended for production). In that hardened mode it returns a much larger alphabet to drastically increase entropy; combined with the hardened length, this makes brute-force attacks negligible even without rate limiting.
func LoginCodeLength ¶
LoginCodeLength returns the length of verification/login codes. extraHardened should be false in normal operation; it is only set to true when rate limiting is explicitly disabled (which should never happen in production). In that hardened mode it returns a longer length to significantly increase the search space; together with the hardened gamma this yields an astronomically large space.
func ValidateEmailFormat ¶ added in v0.29.0
func ValidatePasswordStrength ¶ added in v0.29.0
func ValidatePasswordStrength(password string, cfg *authtypes.PasswordStrengthConfig) error
ValidatePasswordStrength validates the provided password against the supplied PasswordStrengthConfig. If cfg is nil, no checks are applied.
Types ¶
type InMemoryRateLimiter ¶ added in v0.29.0
type InMemoryRateLimiter struct {
// contains filtered or unexported fields
}
InMemoryRateLimiter provides thread-safe in-memory rate limiting
func NewInMemoryRateLimiter ¶ added in v0.29.0
func NewInMemoryRateLimiter(maxAttempts int, windowDuration time.Duration, lockoutDuration time.Duration) *InMemoryRateLimiter
NewInMemoryRateLimiter creates a new in-memory rate limiter with default settings
func (*InMemoryRateLimiter) Check ¶ added in v0.29.0
func (r *InMemoryRateLimiter) Check(ip string, endpoint string) RateLimitResult
Check verifies if a request from the given IP to the given endpoint should be allowed
func (*InMemoryRateLimiter) Stop ¶ added in v0.29.0
func (r *InMemoryRateLimiter) Stop()
Stop gracefully stops the rate limiter's background cleanup
type RateLimitResult ¶ added in v0.29.0
RateLimitResult represents the result of a rate limit check
Source Files