auth

package

v0.0.0-...-74a3c48 Latest Latest Go to latest Published: Apr 7, 2026 License: BSD-3-Clause Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/proximyst/cov

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Argon() argon2.Config
func GenerateSessionToken() (string, error)
func HashEncoded(password []byte) (string, error)
func SessionExpiry(now time.Time) time.Time
func VerifyEncoded(password []byte, encoded string) (bool, error)
type Enforcer
- func NewEnforcer() (Enforcer, error)
type Role
- func (r Role) IsValid() bool
- func (r Role) String() string
type User

Constants ¶

View Source

const SessionLifetime = time.Hour * 23

View Source

const SessionPrefix = "cov_3361aee70c"

SessionPrefix is a random string that can be used to identify the origin of any session token. This is useful for e.g. Trufflehog or GitHub secret scanning.

Variables ¶

View Source

var AllRoles = []Role{
	RoleSuperadmin,
	RoleUser,
	RoleAnonymous,
}

Functions ¶

func Argon ¶

func Argon() argon2.Config

func GenerateSessionToken ¶

func GenerateSessionToken() (string, error)

GenerateSessionToken generates a random session token. It is a 48 character long string with a prefix of 14 characters. This uses a cryptographically secure random number generator to generate the token.

func HashEncoded ¶

func HashEncoded(password []byte) (string, error)

HashEncoded hashes the given password using Argon2id and returns the PHC-encoded hash as a string.

func SessionExpiry ¶

func SessionExpiry(now time.Time) time.Time

func VerifyEncoded ¶

func VerifyEncoded(password []byte, encoded string) (bool, error)

VerifyEncoded verifies the given password against the PHC-encoded hash. It returns true if the password matches, false otherwise.

Types ¶

type Enforcer ¶

type Enforcer interface {
	// Enforce checks if a user with the given roles has the necessary permissions to perform the action on the object.
	// Additional checks should be performed based on the resource. They might have access to the object type, but not this specific resource.
	//
	// It returns true if the permission is granted, false otherwise.
	// If there is an error, say the policies don't make sense, it returns false and the error.
	// The policies are deny-by-default, so if there is no matching policy for the role, object and action, it will return false.
	Enforce(roles []Role, object, action string) (bool, error)
}

func NewEnforcer ¶

func NewEnforcer() (Enforcer, error)

type Role ¶

type Role string

Role is a role in the database. It is a string, but should be one of the predefined roles.

const (
	// RoleSuperadmin is the all-powerful role. It can do anything.
	RoleSuperadmin Role = "superadmin"
	// RoleUser is a generic, pretty powerless user.
	RoleUser Role = "user"
	// RoleAnonymous is a user that is not logged in, or has no permissions within the organisation. It has no permissions.
	RoleAnonymous Role = "anonymous"
)

func (Role) IsValid ¶

func (r Role) IsValid() bool

func (Role) String ¶

func (r Role) String() string

type User ¶

type User struct {
	// ID is the user's unique ID in the database.
	ID uuid.UUID
	// Username is the user's name. It is unique, but not static.
	Username string
	// Roles is the user's role names. These are unique and should correspond to the policies.
	Roles []Role
}

User is a user in the database.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL