model

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2020 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SessionTTL = 40

	CollectionSessions = "sessions"
)

Constants for KV

View Source 
const (
	Issued State = iota
	Active
	Revoked

	StateIssued  = "issued"
	StateActive  = "active"
	StateRevoked = "revoked"
)

Constants for State

Variables

View Source 
var ErrRecordNotFound error = gorm.ErrRecordNotFound

ErrRecordNotFound : localize "record not found" to model package.

Functions

func BlacklistAAGUIDs 

func BlacklistAAGUIDs(ctx context.Context, db db.DB) (util.StringSet, error)

BlacklistAAGUIDs returns a list of all AAGUIDs that are in the blacklist.

func Migrate 

func Migrate(db *gorm.DB) error

Migrate ...

func WhitelistAAGUIDs 

func WhitelistAAGUIDs(ctx context.Context, db db.DB) (util.StringSet, error)

WhitelistAAGUIDs returns a list of all AAGUIDs that are in the whitelist.

Types

type AAGUID 

type AAGUID struct {
	ID       string `json:"id"`
	Label    string `json:"label" gorm:"index"`
	State    string `json:"state" gorm:"index"`
	Metadata []byte `json:"metadata"`
}

AAGUID represents a Authenticator Attestation GUID. AAGUIDs uniquely identify a group (>100k) of authenticators. See https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-statement-v2.0-rd-20180702.html

You can control whitelisting and blacklisting of AAGUIDs by updating an AAGUID's `State` variable. For instance, to block a AAGUID, update the record's State variable to 'revoked'. This will prevent any authenticator with that AAGUID from authenticating. To whitelist one or more AAGUIDs, update a record's State variable to 'active'. Once one or more records have an 'active' State, a whitelist is, in effect, created; authenticators with other AAGUIDs will not be able to authenticate. If `State` is empty or `issued`, the authenticator is neither explicitly blacklisted nor whitelisted.

func AAGUIDByID 

func AAGUIDByID(ctx context.Context, db db.DB, id string) (*AAGUID, error)

AAGUIDByID returns a stored AAGUID by ID.

func AAGUIDs 

func AAGUIDs(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*AAGUID, int64, error)

AAGUIDs returns a list of AAGUIDs.

func (*AAGUID) AllowedUpdateFields 

func (guid *AAGUID) AllowedUpdateFields() map[string]bool

AllowedUpdateFields returns the fields that are mutable.

func (*AAGUID) ApplyChanges 

func (guid *AAGUID) ApplyChanges(values map[string]string) (string, error)

ApplyChanges updates the object with values found in the map and returns a description of the changes.

func (*AAGUID) Update 

func (guid *AAGUID) Update(ctx context.Context, db db.DB, values map[string]string) (string, error)

Update ...

type AuditEntry 

type AuditEntry struct {
	ID                int64     `json:"id" gorm:"auto_increment;unique_index"`
	Group             string    `json:"group" gorm:"index"`
	Anomaly           string    `json:"anomaly" gorm:"index"`
	FidoKeyID         string    `json:"fidoKeyId" gorm:"index"`
	FidoAAGUID        string    `json:"fidoAAGUID" gorm:"index"`
	PrincipalID       string    `json:"principalId" gorm:"index"`
	PrincipalUsername string    `json:"principalUsername" gorm:"index"`
	SessionID         string    `json:"sessionId" gorm:"index"`
	Action            string    `json:"action" gorm:"index"`
	Data              string    `json:"data,omitempty"`
	IPAddr            string    `json:"ipAaddr,omitempty" gorm:"index"`
	UserAgent         string    `json:"userAgent,omitempty"`
	Latitude          float64   `json:"latitude"`
	Longitude         float64   `json:"longitude"`
	Country           string    `json:"country,omitempty" gorm:"index"`
	Region            string    `json:"region,omitempty" gorm:"index"`
	City              string    `json:"city,omitempty" gorm:"index"`
	CreatedAt         time.Time `json:"createdAt" gorm:"index"`
}

AuditEntry defines auditing entries stored in the audit table.

func AuditEntries 

func AuditEntries(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*AuditEntry, int64, error)

AuditEntries returns audit entries.

func AuditEntryByID 

func AuditEntryByID(db *gorm.DB, id int64) (*AuditEntry, error)

AuditEntryByID retrieves audit entries by ID.

type CAKey 

type CAKey struct {
	// Ofte key handle
	ID          string    `json:"id"`
	FIDOKeyID   string    `gorm:"column:fidokey_id" json:"fidoKeyId"`
	PrincipalID string    `gorm:"index" json:"principalId"`
	Raw         []byte    `json:"raw"`
	CreatedAt   time.Time `gorm:"index" json:"createdAt"`
	ModifiedAt  time.Time `gorm:"index" json:"modifiedAt"`
}

CAKey represents an Ofte-specific key generated by an Ofte key device that implements continuous authentication. Only used when Ofte CA is integrated, see https://ofte.io.

func (CAKey) TableName 

func (CAKey) TableName() string

TableName overrides the naming of this table in the DB.

type FIDOKey 

type FIDOKey struct {
	ID                string    `json:"id"`
	AAGUID            string    `json:"aaguid" gorm:"index"`
	State             string    `json:"state" gorm:"index"`
	CertCommonName    string    `json:"certCommonName" gorm:"index"`
	CertOrganization  string    `json:"certOrganization" gorm:"index"`
	CertSerial        int64     `json:"certSerial" gorm:"index"`
	PrincipalID       string    `gorm:"index" json:"principalId"`
	PrincipalUsername string    `gorm:"index" json:"username"`
	PublicKey         []byte    `json:"publicKey"`
	AttestationType   string    `json:"attestationType"`
	NotValidBefore    time.Time `gorm:"index" json:"notValidBefore"`
	NotValidAfter     time.Time `gorm:"index" json:"notValidAfter"`
	Nonce             uint32    `json:"-"`
	CAKey             *CAKey    `json:"caKey,omitempty"`
	LastUsed          time.Time `gorm:"index" json:"lastUsed"`
	CreatedAt         time.Time `gorm:"index" json:"createdAt"`
	ModifiedAt        time.Time `gorm:"index" json:"modifiedAt"`
}

FIDOKey represents a FIDO key generated by an authenticator.

func FIDOKeyByID 

func FIDOKeyByID(ctx context.Context, db db.DB, id string) (*FIDOKey, error)

FIDOKeyByID returns a stored FIDO key by ID.

func FIDOKeys 

func FIDOKeys(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*FIDOKey, int64, error)

FIDOKeys returns a list of managed FIDOKeys.

func (*FIDOKey) AllowedUpdateFields 

func (fk *FIDOKey) AllowedUpdateFields() map[string]bool

AllowedUpdateFields returns the fields that are mutable.

func (*FIDOKey) ApplyChanges 

func (fk *FIDOKey) ApplyChanges(values map[string]string) (string, error)

ApplyChanges updates the object with values found in the map and returns the "delta" of the changes.

func (FIDOKey) TableName 

func (FIDOKey) TableName() string

TableName overrides the naming of this table in the DB.

func (*FIDOKey) TouchLastUsed 

func (fk *FIDOKey) TouchLastUsed(ctx context.Context, db db.DB) error

TouchLastUsed updates the last used field with the current time.

func (*FIDOKey) Update 

func (fk *FIDOKey) Update(ctx context.Context, db db.DB, values map[string]string) (string, error)

Update ...

type Principal 

type Principal struct {
	ID          string     `json:"id"`
	Username    string     `gorm:"index" json:"username"`
	State       string     `gorm:"index" json:"state"`
	DisplayName string     `json:"displayName"`
	Icon        string     `json:"icon"`
	CreatedAt   time.Time  `gorm:"index" json:"createdAt"`
	FIDOKeys    []*FIDOKey `json:"fidoKeys,omitempty"`
}

Principal identifies a person in the system. Only publicly available data is stored.

func NewPrincipal 

func NewPrincipal(id string, username string, state string, displayName string, icon string) *Principal

NewPrincipal creates a new Principal.

func PrincipalByID 

func PrincipalByID(ctx context.Context, db db.DB, id string, preload bool) (*Principal, error)

PrincipalByID returns a `Principal` by id.

func PrincipalByUsername 

func PrincipalByUsername(ctx context.Context, db db.DB, username string, preload bool) (*Principal, error)

PrincipalByUsername returns a `Principal` by username.

func Principals 

func Principals(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*Principal, int64, error)

Principals returns a list of principals.

func (*Principal) AddFIDOKey 

func (p *Principal) AddFIDOKey(fk *FIDOKey) error

AddFIDOKey ...

func (*Principal) AllowedUpdateFields 

func (p *Principal) AllowedUpdateFields() map[string]bool

AllowedUpdateFields returns the fields that are mutable.

func (*Principal) ApplyChanges 

func (p *Principal) ApplyChanges(values map[string]string) (string, error)

ApplyChanges updates the object with values found in the map and returns the "delta" of the changes.

func (*Principal) BeforeCreate 

func (p *Principal) BeforeCreate(scope *gorm.Scope) error

BeforeCreate performs pre-insert steps.

func (*Principal) CredentialList 

func (p *Principal) CredentialList() []protocol.CredentialDescriptor

CredentialList returns an array filled with all the principal's credentials.

func (*Principal) Insert 

func (p *Principal) Insert(ctx context.Context, db db.DB) error

Insert ...

func (*Principal) Update 

func (p *Principal) Update(ctx context.Context, db db.DB, values map[string]string) (string, error)

Update ...

func (*Principal) WebAuthnCredentials 

func (p *Principal) WebAuthnCredentials() []webauthn.Credential

WebAuthnCredentials returns credentials owned by the user.

func (*Principal) WebAuthnDisplayName 

func (p *Principal) WebAuthnDisplayName() string

WebAuthnDisplayName return the principal's display name according to the RP.

func (*Principal) WebAuthnID 

func (p *Principal) WebAuthnID() []byte

WebAuthnID return the principal's ID according to the RP.

func (*Principal) WebAuthnIcon 

func (p *Principal) WebAuthnIcon() string

WebAuthnIcon return the principal's icon URL according to the RP.

func (*Principal) WebAuthnName 

func (p *Principal) WebAuthnName() string

WebAuthnName return the principal's username according to the RP.

type Session 

type Session struct {
	ID                string
	PrincipalID       string
	PrincipalUsername string
	FIDOKeyID         string
	AAGUID            string
	State             string
	IPAddr            string
	UserAgent         string
	AgentSalt         string // TBD: See https://github.com/ofte-auth/dogpark/issues/2
	Nonce             uint32
	CreatedAt         time.Time
	UpdatedAt         time.Time
}

Session represents a CA session.

func NewSession 

func NewSession(principalID, fidoKeyID, aaguid, ipaddr, userAgent string) (*Session, error)

NewSession creates a CA session.

func SessionByID 

func SessionByID(ctx context.Context, manager store.Manager, id string) (*Session, error)

SessionByID gets a Session by its ID.

func Sessions 

func Sessions(ctx context.Context, manager store.Manager, params *util.APIParams) ([]*Session, int64, error)

Sessions returns sessions from the store.

func (*Session) Decode 

func (s *Session) Decode(b []byte) error

Decode gobs a serialized []byte to a Session.

func (*Session) Delete 

func (s *Session) Delete(ctx context.Context, manager store.Manager, sessionID string) error

Delete removes the `Session`.

func (*Session) Encode 

func (s *Session) Encode() ([]byte, error)

Encode gobs a Session to serialized []byte.

func (*Session) Put 

func (s *Session) Put(ctx context.Context, manager store.Manager, ttlSeconds int64) error

Put or Update a Session in the kv store.

type State 

type State int

State ...

func NewState 

func NewState(state string) (State, error)

NewState creates a new `State` from a string.

func (State) String 

func (s State) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.