Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditRecordRepository ¶
type AuditRecordRepository interface {
Create(ctx context.Context, auditRecord models.AuditRecord) (models.AuditRecord, error)
}
type Config ¶
type Config struct {
Enabled bool `yaml:"enabled" mapstructure:"enabled" default:"false"`
Prefix string `yaml:"prefix" mapstructure:"prefix" default:"fpt"`
MaxPerUserPerOrg int64 `yaml:"max_per_user_per_org" mapstructure:"max_per_user_per_org" default:"50"`
MaxLifetime string `yaml:"max_lifetime" mapstructure:"max_lifetime" default:"8760h"`
DefaultLifetime string `yaml:"default_lifetime" mapstructure:"default_lifetime" default:"2160h"`
DeniedPermissions []string `yaml:"denied_permissions" mapstructure:"denied_permissions"`
}
func (Config) DeniedPermissionsSet ¶
DeniedPermissionsSet returns denied permissions as a set for efficient lookups.
type CreateRequest ¶
type OrganizationService ¶
type OrganizationService interface {
GetRaw(ctx context.Context, id string) (organization.Organization, error)
}
type PolicyService ¶
type Repository ¶
type Repository interface {
Create(ctx context.Context, pat models.PAT) (models.PAT, error)
CountActive(ctx context.Context, userID, orgID string) (int64, error)
GetByID(ctx context.Context, id string) (models.PAT, error)
GetBySecretHash(ctx context.Context, secretHash string) (models.PAT, error)
UpdateLastUsedAt(ctx context.Context, id string, at time.Time) error
}
type RoleService ¶
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewService ¶
func NewService(logger log.Logger, repo Repository, config Config, orgService OrganizationService, roleService RoleService, policyService PolicyService, auditRecordRepository AuditRecordRepository) *Service
func (*Service) Create ¶
Create generates a new PAT and returns it with the plaintext value. The plaintext value is only available at creation time.
type Validator ¶ added in v0.93.2
type Validator struct {
// contains filtered or unexported fields
}
Validator validates PAT values during authentication.
func NewValidator ¶ added in v0.93.2
func NewValidator(logger log.Logger, repo Repository, config Config) *Validator
func (*Validator) Validate ¶ added in v0.93.2
Validate checks a PAT value and returns the corresponding PAT. Returns ErrInvalidPAT if the value doesn't match the configured prefix (allowing the auth chain to fall through to the next authenticator). Returns ErrMalformedPAT, ErrExpired, ErrNotFound, or ErrDisabled for terminal auth failures.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.