auth

package
v0.0.0-...-5c5ef0c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2026 License: GPL-3.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrPasswordTooShort = errors.New("password too short")
	ErrPasswordTooLong  = errors.New("password too long")
	ErrInvalidHash      = errors.New("invalid password hash")
)
View Source 
var ErrChallengeNotFound = errors.New("challenge not found")
View Source 
var ErrSessionNotFound = errors.New("session not found")

Functions

func BuildSessionCookie 

func BuildSessionCookie(cfg config.AuthConfig, session *orm.Session) *http.Cookie

func CSRFTTL 

func CSRFTTL(cfg config.AuthConfig) time.Duration

func ClearSessionCookie 

func ClearSessionCookie(cfg config.AuthConfig) *http.Cookie

func CreateSession 

func CreateSession(accountID string, ip string, userAgent string, cfg config.AuthConfig) (*orm.Session, error)

func DeleteChallenge 

func DeleteChallenge(id string) error

func EnsureUserHandle 

func EnsureUserHandle(user *orm.Account) error

func ExtractChallenge 

func ExtractChallenge(clientDataBase64 string) (string, error)

func HashPassword 

func HashPassword(password string, cfg config.AuthConfig) (string, string, error)

func LoadChallengeByChallenge 

func LoadChallengeByChallenge(challenge string, challengeType string) (*orm.AuthChallenge, *webauthn.SessionData, error)

func LoadChallengeByUser 

func LoadChallengeByUser(userID string, challengeType string) (*orm.AuthChallenge, *webauthn.SessionData, error)

func LoadSession 

func LoadSession(sessionID string) (*orm.Session, *orm.Account, error)

func LogAudit 

func LogAudit(action string, actorUserID *string, targetUserID *string, metadata map[string]interface{})

func LogUserAudit 

func LogUserAudit(action string, actorUserID *string, targetCommanderID *uint32, metadata map[string]interface{})

func NewToken 

func NewToken(size int) (string, error)

func NormalizeConfig 

func NormalizeConfig(cfg config.AuthConfig) config.AuthConfig

func NormalizeIP 

func NormalizeIP(addr string) string

func NormalizeUserConfig 

func NormalizeUserConfig(cfg config.AuthConfig) config.AuthConfig

func NormalizeUsername 

func NormalizeUsername(username string) string

func RateLimitWindow 

func RateLimitWindow(cfg config.AuthConfig) time.Duration

func RefreshCSRF 

func RefreshCSRF(sessionID string, cfg config.AuthConfig) (string, time.Time, error)

func RevokeSession 

func RevokeSession(sessionID string) error

func RevokeSessions 

func RevokeSessions(accountID string, exceptSessionID string) error

func SessionTTL 

func SessionTTL(cfg config.AuthConfig) time.Duration

func StoreChallenge 

func StoreChallenge(userID *string, challengeType string, session webauthn.SessionData, expiresAt time.Time) (*orm.AuthChallenge, error)

func TouchSession 

func TouchSession(sessionID string, lastSeen time.Time, expiresAt time.Time) error

func VerifyPassword 

func VerifyPassword(password string, encoded string) (bool, error)

func WebAuthnChallengeTTL 

func WebAuthnChallengeTTL(cfg config.AuthConfig) time.Duration

Types

type Manager 

type Manager struct {
	Config    config.AuthConfig
	WebAuthn  WebAuthnProvider
	Limiter   *RateLimiter
	Selection protocol.AuthenticatorSelection
}

func NewManager 

func NewManager(cfg config.AuthConfig) (*Manager, error)

func (*Manager) EnsureWebAuthn 

func (manager *Manager) EnsureWebAuthn() error

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

func NewRateLimiter 

func NewRateLimiter() *RateLimiter

func (*RateLimiter) Allow 

func (limiter *RateLimiter) Allow(key string, limit int, window time.Duration) bool

type WebAuthnProvider 

type WebAuthnProvider interface {
	BeginRegistration(user webauthn.User, opts ...webauthn.RegistrationOption) (*protocol.CredentialCreation, *webauthn.SessionData, error)
	FinishRegistration(user webauthn.User, session webauthn.SessionData, r *http.Request) (*webauthn.Credential, error)
	BeginLogin(user webauthn.User, opts ...webauthn.LoginOption) (*protocol.CredentialAssertion, *webauthn.SessionData, error)
	BeginDiscoverableLogin(opts ...webauthn.LoginOption) (*protocol.CredentialAssertion, *webauthn.SessionData, error)
	FinishLogin(user webauthn.User, session webauthn.SessionData, r *http.Request) (*webauthn.Credential, error)
	FinishPasskeyLogin(handler webauthn.DiscoverableUserHandler, session webauthn.SessionData, r *http.Request) (webauthn.User, *webauthn.Credential, error)
}

type WebAuthnUser 

type WebAuthnUser struct {
	ID          []byte
	Name        string
	DisplayName string
	Credentials []webauthn.Credential
}

func BuildWebAuthnUser 

func BuildWebAuthnUser(account orm.Account, credentials []orm.WebAuthnCredential) (WebAuthnUser, error)

func (WebAuthnUser) WebAuthnCredentials 

func (user WebAuthnUser) WebAuthnCredentials() []webauthn.Credential

func (WebAuthnUser) WebAuthnDisplayName 

func (user WebAuthnUser) WebAuthnDisplayName() string

func (WebAuthnUser) WebAuthnID 

func (user WebAuthnUser) WebAuthnID() []byte

func (WebAuthnUser) WebAuthnName 

func (user WebAuthnUser) WebAuthnName() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.