auth

package
v1.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RoleAdmin    = "admin"
	RoleOperator = "operator"
	RoleViewer   = "viewer"
)

Roles defined for RBAC

View Source 
const (
	MaxFailedAttempts = 5
	LockoutDuration   = 15 * time.Minute
)
View Source 
const (
	QueryCountUsers           = "SELECT COUNT(*) FROM users"
	QueryUserByUsername       = "" /* 151-byte string literal not displayed */
	QueryUserByID             = "" /* 145-byte string literal not displayed */
	QueryCountUsersSearch     = "SELECT COUNT(*) FROM users WHERE username LIKE ?"
	QueryListUsersBase        = "SELECT id, username, role, two_factor_enabled FROM users WHERE username LIKE ? ORDER BY username ASC"
	QueryListUsersLimitOffset = " LIMIT ? OFFSET ?"

	QueryIncrementFailedAttempts = "UPDATE users SET failed_attempts = failed_attempts + 1, locked_until = ? WHERE username = ?"
	QueryResetFailedAttempts     = "UPDATE users SET failed_attempts = 0, locked_until = NULL WHERE username = ?"

	QueryInsertUserSQLitePostgresWithPassword = `` /* 175-byte string literal not displayed */

	QueryInsertUserSQLitePostgresNoPassword = `` /* 147-byte string literal not displayed */

	QueryInsertUserMySQLWithPassword = `` /* 166-byte string literal not displayed */

	QueryInsertUserMySQLNoPassword = `` /* 139-byte string literal not displayed */

	QueryDeleteUser     = "DELETE FROM users WHERE id = ?"
	QueryUpdatePassword = "UPDATE users SET password = ? WHERE id = ?"
	QueryUpdate2FA      = "UPDATE users SET two_factor_enabled = ?, two_factor_secret = ?, recovery_codes = ? WHERE id = ?"
)

SQL queries for user management. Dialect.Rebind replaces ? with $N (Postgres) as needed.

Variables

View Source 
var (
	ErrInvalidCredentials   = errors.New("invalid credentials")
	ErrAccountLocked        = errors.New("account locked due to multiple failed attempts; please try again later")
	ErrTwoFactorRequired    = errors.New("two-factor authentication required")
	ErrInvalidTwoFactorCode = errors.New("invalid two-factor authentication code")
)

Functions

func Allowed 

func Allowed(role string, action Action, resource Resource) bool

Allowed returns whether the role can perform the action on the resource. admin: full access; operator: read all, write config entities (no users/global); viewer: read only.

func ValidRole 

func ValidRole(role string) bool

ValidRole returns true if the role is a known RBAC role.

Types

type Action 

type Action string

Action represents the type of operation. 

const (
	ActionRead  Action = "read"
	ActionWrite Action = "write"
)

type Claims 

type Claims struct {
	ID         string    `json:"id"`
	Username   string    `json:"username"`
	Role       string    `json:"role"`
	Audience   string    `json:"aud,omitzero"`
	Issuer     string    `json:"iss,omitzero"`
	Jti        string    `json:"jti,omitzero"`
	Subject    string    `json:"sub,omitzero"`
	Expiration time.Time `json:"exp,omitzero"`
	IssuedAt   time.Time `json:"iat,omitzero"`
	NotBefore  time.Time `json:"nbf,omitzero"`
}

func (*Claims) ToMap added in v0.6.3 

func (c *Claims) ToMap() map[string]any

func (*Claims) Validate 

func (c *Claims) Validate() error

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager 

func NewManager(databaseURL, symmetricKey string, l logger.Logger) (*Manager, error)

NewManager creates an auth manager using the given database URL.

func (*Manager) Authenticate 

func (m *Manager) Authenticate(username, password string) (string, *gateonv1.User, error)

func (*Manager) ChangePassword 

func (m *Manager) ChangePassword(id, password string) error

func (*Manager) Close 

func (m *Manager) Close() error

func (*Manager) DeleteUser 

func (m *Manager) DeleteUser(id string) error

func (*Manager) Disable2FA added in v0.9.0 

func (m *Manager) Disable2FA(id string) error

func (*Manager) IsSetupDone 

func (m *Manager) IsSetupDone() bool

func (*Manager) ListUsers 

func (m *Manager) ListUsers(page, pageSize int32, search string) ([]*gateonv1.User, int32, error)

func (*Manager) Setup2FA added in v0.9.0 

func (m *Manager) Setup2FA(id string) (string, string, []string, error)

func (*Manager) UpdateSymmetricKey 

func (m *Manager) UpdateSymmetricKey(key string)

func (*Manager) UpsertUser 

func (m *Manager) UpsertUser(u *gateonv1.User) error

func (*Manager) Verify2FA added in v0.9.0 

func (m *Manager) Verify2FA(id, code string) (bool, string, *gateonv1.User, error)

func (*Manager) VerifyToken 

func (m *Manager) VerifyToken(token string) (any, error)

type Resource 

type Resource string

Resource represents the target entity. 

const (
	ResourceRoutes      Resource = "routes"
	ResourceServices    Resource = "services"
	ResourceEntryPoints Resource = "entrypoints"
	ResourceMiddlewares Resource = "middlewares"
	ResourceTLSOptions  Resource = "tls_options"
	ResourceCerts       Resource = "certificates"
	ResourceGlobal      Resource = "global"
	ResourceUsers       Resource = "users"
	ResourceConfig      Resource = "config"
)

type Service 

type Service interface {
	IsSetupDone() bool
	Authenticate(username, password string) (string, *gateonv1.User, error)
	VerifyToken(token string) (any, error)
	ListUsers(page, pageSize int32, search string) ([]*gateonv1.User, int32, error)
	UpsertUser(u *gateonv1.User) error
	DeleteUser(id string) error
	ChangePassword(id, password string) error
	UpdateSymmetricKey(key string)

	// 2FA methods
	Setup2FA(id string) (string, string, []string, error)
	Verify2FA(id, code string) (bool, string, *gateonv1.User, error)
	Disable2FA(id string) error

	Close() error
}

Service defines the contract for authentication and user management. It is implemented by Manager.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.