Back to godoc.org

Package model

v0.9.0
Latest Go to latest

The latest major version is .

Published: Apr 7, 2020 | License: MIT | Module: github.com/ofte-auth/dogpark

Index

Constants

const (
	SessionTTL = 40

	CollectionSessions = "sessions"
)

Constants for KV

const (
	Issued State = iota
	Active
	Revoked

	StateIssued  = "issued"
	StateActive  = "active"
	StateRevoked = "revoked"
)

Constants for State

Variables

var ErrRecordNotFound error = gorm.ErrRecordNotFound

ErrRecordNotFound : localize "record not found" to model package.

func BlacklistAAGUIDs

func BlacklistAAGUIDs(ctx context.Context, db db.DB) (util.StringSet, error)

BlacklistAAGUIDs returns a list of all AAGUIDs that are in the blacklist.

func Migrate

func Migrate(db *gorm.DB) error

Migrate ...

func WhitelistAAGUIDs

func WhitelistAAGUIDs(ctx context.Context, db db.DB) (util.StringSet, error)

WhitelistAAGUIDs returns a list of all AAGUIDs that are in the whitelist.

type AAGUID

type AAGUID struct {
	ID       string `json:"id"`
	Label    string `json:"label" gorm:"index"`
	State    string `json:"state" gorm:"index"`
	Metadata []byte `json:"metadata"`
}

AAGUID represents a Authenticator Attestation GUID. AAGUIDs uniquely identify a group (>100k) of authenticators. See https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-statement-v2.0-rd-20180702.html

You can control whitelisting and blacklisting of AAGUIDs by updating an AAGUID's `State` variable. For instance, to block a AAGUID, update the record's State variable to 'revoked'. This will prevent any authenticator with that AAGUID from authenticating. To whitelist one or more AAGUIDs, update a record's State variable to 'active'. Once one or more records have an 'active' State, a whitelist is, in effect, created; authenticators with other AAGUIDs will not be able to authenticate. If `State` is empty or `issued`, the authenticator is neither explicitly blacklisted nor whitelisted.

func AAGUIDByID

func AAGUIDByID(ctx context.Context, db db.DB, id string) (*AAGUID, error)

AAGUIDByID returns a stored AAGUID by ID.

func AAGUIDs

func AAGUIDs(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*AAGUID, int64, error)

AAGUIDs returns a list of AAGUIDs.

func (*AAGUID) AllowedUpdateFields

func (guid *AAGUID) AllowedUpdateFields() map[string]bool

AllowedUpdateFields returns the fields that are mutable.

func (*AAGUID) ApplyChanges

func (guid *AAGUID) ApplyChanges(values map[string]string) (string, error)

ApplyChanges updates the object with values found in the map and returns a description of the changes.

func (*AAGUID) Update

func (guid *AAGUID) Update(ctx context.Context, db db.DB, values map[string]string) (string, error)

Update ...

type AuditEntry

type AuditEntry struct {
	ID                int64     `json:"id" gorm:"auto_increment;unique_index"`
	Group             string    `json:"group" gorm:"index"`
	Anomaly           string    `json:"anomaly" gorm:"index"`
	FidoKeyID         string    `json:"fidoKeyId" gorm:"index"`
	FidoAAGUID        string    `json:"fidoAAGUID" gorm:"index"`
	PrincipalID       string    `json:"principalId" gorm:"index"`
	PrincipalUsername string    `json:"principalUsername" gorm:"index"`
	SessionID         string    `json:"sessionId" gorm:"index"`
	Action            string    `json:"action" gorm:"index"`
	Data              string    `json:"data,omitempty"`
	IPAddr            string    `json:"ipAaddr,omitempty" gorm:"index"`
	UserAgent         string    `json:"userAgent,omitempty"`
	Latitude          float64   `json:"latitude"`
	Longitude         float64   `json:"longitude"`
	Country           string    `json:"country,omitempty" gorm:"index"`
	Region            string    `json:"region,omitempty" gorm:"index"`
	City              string    `json:"city,omitempty" gorm:"index"`
	CreatedAt         time.Time `json:"createdAt" gorm:"index"`
}

AuditEntry defines auditing entries stored in the audit table.

func AuditEntries

func AuditEntries(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*AuditEntry, int64, error)

AuditEntries returns audit entries.

func AuditEntryByID

func AuditEntryByID(db *gorm.DB, id int64) (*AuditEntry, error)

AuditEntryByID retrieves audit entries by ID.

type CAKey

type CAKey struct {
	// Ofte key handle
	ID          string    `json:"id"`
	FIDOKeyID   string    `gorm:"column:fidokey_id" json:"fidoKeyId"`
	PrincipalID string    `gorm:"index" json:"principalId"`
	Raw         []byte    `json:"raw"`
	CreatedAt   time.Time `gorm:"index" json:"createdAt"`
	ModifiedAt  time.Time `gorm:"index" json:"modifiedAt"`
}

CAKey represents an Ofte-specific key generated by an Ofte key device that implements continuous authentication. Only used when Ofte CA is integrated, see https://ofte.io.

func (CAKey) TableName

func (CAKey) TableName() string

TableName overrides the naming of this table in the DB.

type FIDOKey

type FIDOKey struct {
	ID                string    `json:"id"`
	AAGUID            string    `json:"aaguid" gorm:"index"`
	State             string    `json:"state" gorm:"index"`
	CertCommonName    string    `json:"certCommonName" gorm:"index"`
	CertOrganization  string    `json:"certOrganization" gorm:"index"`
	CertSerial        int64     `json:"certSerial" gorm:"index"`
	PrincipalID       string    `gorm:"index" json:"principalId"`
	PrincipalUsername string    `gorm:"index" json:"username"`
	PublicKey         []byte    `json:"publicKey"`
	AttestationType   string    `json:"attestationType"`
	NotValidBefore    time.Time `gorm:"index" json:"notValidBefore"`
	NotValidAfter     time.Time `gorm:"index" json:"notValidAfter"`
	Nonce             uint32    `json:"-"`
	CAKey             *CAKey    `json:"caKey,omitempty"`
	LastUsed          time.Time `gorm:"index" json:"lastUsed"`
	CreatedAt         time.Time `gorm:"index" json:"createdAt"`
	ModifiedAt        time.Time `gorm:"index" json:"modifiedAt"`
}

FIDOKey represents a FIDO key generated by an authenticator.

func FIDOKeyByID

func FIDOKeyByID(ctx context.Context, db db.DB, id string) (*FIDOKey, error)

FIDOKeyByID returns a stored FIDO key by ID.

func FIDOKeys

func FIDOKeys(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*FIDOKey, int64, error)

FIDOKeys returns a list of managed FIDOKeys.

func (*FIDOKey) AllowedUpdateFields

func (fk *FIDOKey) AllowedUpdateFields() map[string]bool

AllowedUpdateFields returns the fields that are mutable.

func (*FIDOKey) ApplyChanges

func (fk *FIDOKey) ApplyChanges(values map[string]string) (string, error)

ApplyChanges updates the object with values found in the map and returns the "delta" of the changes.

func (FIDOKey) TableName

func (FIDOKey) TableName() string

TableName overrides the naming of this table in the DB.

func (*FIDOKey) TouchLastUsed

func (fk *FIDOKey) TouchLastUsed(ctx context.Context, db db.DB) error

TouchLastUsed updates the last used field with the current time.

func (*FIDOKey) Update

func (fk *FIDOKey) Update(ctx context.Context, db db.DB, values map[string]string) (string, error)

Update ...

type Principal

type Principal struct {
	ID          string     `json:"id"`
	Username    string     `gorm:"index" json:"username"`
	State       string     `gorm:"index" json:"state"`
	DisplayName string     `json:"displayName"`
	Icon        string     `json:"icon"`
	CreatedAt   time.Time  `gorm:"index" json:"createdAt"`
	FIDOKeys    []*FIDOKey `json:"fidoKeys,omitempty"`
}

Principal identifies a person in the system. Only publicly available data is stored.

func NewPrincipal

func NewPrincipal(id string, username string, state string, displayName string, icon string) *Principal

NewPrincipal creates a new Principal.

func PrincipalByID

func PrincipalByID(ctx context.Context, db db.DB, id string, preload bool) (*Principal, error)

PrincipalByID returns a `Principal` by id.

func PrincipalByUsername

func PrincipalByUsername(ctx context.Context, db db.DB, username string, preload bool) (*Principal, error)

PrincipalByUsername returns a `Principal` by username.

func Principals

func Principals(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*Principal, int64, error)

Principals returns a list of principals.

func (*Principal) AddFIDOKey

func (p *Principal) AddFIDOKey(fk *FIDOKey) error

AddFIDOKey ...

func (*Principal) AllowedUpdateFields

func (p *Principal) AllowedUpdateFields() map[string]bool

AllowedUpdateFields returns the fields that are mutable.

func (*Principal) ApplyChanges

func (p *Principal) ApplyChanges(values map[string]string) (string, error)

ApplyChanges updates the object with values found in the map and returns the "delta" of the changes.

func (*Principal) BeforeCreate

func (p *Principal) BeforeCreate(scope *gorm.Scope) error

BeforeCreate performs pre-insert steps.

func (*Principal) CredentialList

func (p *Principal) CredentialList() []protocol.CredentialDescriptor

CredentialList returns an array filled with all the principal's credentials.

func (*Principal) Insert

func (p *Principal) Insert(ctx context.Context, db db.DB) error

Insert ...

func (*Principal) Update

func (p *Principal) Update(ctx context.Context, db db.DB, values map[string]string) (string, error)

Update ...

func (*Principal) WebAuthnCredentials

func (p *Principal) WebAuthnCredentials() []webauthn.Credential

WebAuthnCredentials returns credentials owned by the user.

func (*Principal) WebAuthnDisplayName

func (p *Principal) WebAuthnDisplayName() string

WebAuthnDisplayName return the principal's display name according to the RP.

func (*Principal) WebAuthnID

func (p *Principal) WebAuthnID() []byte

WebAuthnID return the principal's ID according to the RP.

func (*Principal) WebAuthnIcon

func (p *Principal) WebAuthnIcon() string

WebAuthnIcon return the principal's icon URL according to the RP.

func (*Principal) WebAuthnName

func (p *Principal) WebAuthnName() string

WebAuthnName return the principal's username according to the RP.

type Session

type Session struct {
	ID                string
	PrincipalID       string
	PrincipalUsername string
	FIDOKeyID         string
	AAGUID            string
	State             string
	IPAddr            string
	UserAgent         string
	AgentSalt         string // TBD: See https://github.com/ofte-auth/dogpark/issues/2
	Nonce             uint32
	CreatedAt         time.Time
	UpdatedAt         time.Time
}

Session represents a CA session.

func NewSession

func NewSession(principalID, fidoKeyID, aaguid, ipaddr, userAgent string) (*Session, error)

NewSession creates a CA session.

func SessionByID

func SessionByID(ctx context.Context, manager store.Manager, id string) (*Session, error)

SessionByID gets a Session by its ID.

func Sessions

func Sessions(ctx context.Context, manager store.Manager, params *util.APIParams) ([]*Session, int64, error)

Sessions returns sessions from the store.

func (*Session) Decode

func (s *Session) Decode(b []byte) error

Decode gobs a serialized []byte to a Session.

func (*Session) Delete

func (s *Session) Delete(ctx context.Context, manager store.Manager, sessionID string) error

Delete removes the `Session`.

func (*Session) Encode

func (s *Session) Encode() ([]byte, error)

Encode gobs a Session to serialized []byte.

func (*Session) Put

func (s *Session) Put(ctx context.Context, manager store.Manager, ttlSeconds int64) error

Put or Update a Session in the kv store.

type State

type State int

State ...

func NewState

func NewState(state string) (State, error)

NewState creates a new `State` from a string.

func (State) String

func (s State) String() string

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier