userpat

package

v0.93.1 Latest Latest Go to latest Published: Mar 11, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/raystack/frontier

Links

Documentation ¶

Index ¶

Variables
type AuditRecordRepository
type Config
- func (c Config) DeniedPermissionsSet() map[string]struct{}
- func (c Config) MaxExpiry() time.Duration
type CreateRequest
type OrganizationService
type PAT
type PolicyService
type Repository
type RoleService
type Service
- func NewService(logger log.Logger, repo Repository, config Config, ...) *Service
- func (s *Service) Create(ctx context.Context, req CreateRequest) (PAT, string, error)
- func (s *Service) ValidateExpiry(expiresAt time.Time) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNotFound         = errors.New("personal access token not found")
	ErrConflict         = errors.New("personal access token with this name already exists")
	ErrExpired          = errors.New("personal access token has expired")
	ErrInvalidToken     = errors.New("personal access token is invalid")
	ErrLimitExceeded    = errors.New("maximum number of personal access tokens reached")
	ErrDisabled         = errors.New("personal access tokens are not enabled")
	ErrExpiryExceeded   = errors.New("expiry exceeds maximum allowed lifetime")
	ErrExpiryInPast     = errors.New("expiry must be in the future")
	ErrDeniedRole       = errors.New("one or more requested roles not permissible for personal access tokens")
	ErrUnsupportedScope = errors.New("role scope is not supported for personal access tokens")
	ErrRoleNotFound     = errors.New("one or more requested roles do not exist")
)

Functions ¶

This section is empty.

Types ¶

type AuditRecordRepository ¶

type AuditRecordRepository interface {
	Create(ctx context.Context, auditRecord models.AuditRecord) (models.AuditRecord, error)
}

type Config ¶

type Config struct {
	Enabled           bool     `yaml:"enabled" mapstructure:"enabled" default:"false"`
	Prefix            string   `yaml:"prefix" mapstructure:"prefix" default:"fpt"`
	MaxPerUserPerOrg  int64    `yaml:"max_per_user_per_org" mapstructure:"max_per_user_per_org" default:"50"`
	MaxLifetime       string   `yaml:"max_lifetime" mapstructure:"max_lifetime" default:"8760h"`
	DefaultLifetime   string   `yaml:"default_lifetime" mapstructure:"default_lifetime" default:"2160h"`
	DeniedPermissions []string `yaml:"denied_permissions" mapstructure:"denied_permissions"`
}

func (Config) DeniedPermissionsSet ¶

func (c Config) DeniedPermissionsSet() map[string]struct{}

DeniedPermissionsSet returns denied permissions as a set for efficient lookups.

func (Config) MaxExpiry ¶

func (c Config) MaxExpiry() time.Duration

type CreateRequest ¶

type CreateRequest struct {
	UserID     string
	OrgID      string
	Title      string
	RoleIDs    []string
	ProjectIDs []string
	ExpiresAt  time.Time
	Metadata   map[string]any
}

type OrganizationService ¶

type OrganizationService interface {
	GetRaw(ctx context.Context, id string) (organization.Organization, error)
}

type PAT ¶

type PAT struct {
	ID         string `rql:"name=id,type=string"`
	UserID     string `rql:"name=user_id,type=string"`
	OrgID      string `rql:"name=org_id,type=string"`
	Title      string `rql:"name=title,type=string"`
	SecretHash string `json:"-"`
	Metadata   metadata.Metadata
	LastUsedAt *time.Time `rql:"name=last_used_at,type=datetime"`
	ExpiresAt  time.Time  `rql:"name=expires_at,type=datetime"`
	CreatedAt  time.Time  `rql:"name=created_at,type=datetime"`
	UpdatedAt  time.Time  `rql:"name=updated_at,type=datetime"`
}

type PolicyService ¶

type PolicyService interface {
	Create(ctx context.Context, pol policy.Policy) (policy.Policy, error)
}

type Repository ¶

type Repository interface {
	Create(ctx context.Context, pat PAT) (PAT, error)
	CountActive(ctx context.Context, userID, orgID string) (int64, error)
}

type RoleService ¶

type RoleService interface {
	Get(ctx context.Context, id string) (role.Role, error)
	List(ctx context.Context, f role.Filter) ([]role.Role, error)
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func NewService ¶

func NewService(logger log.Logger, repo Repository, config Config, orgService OrganizationService,
	roleService RoleService, policyService PolicyService, auditRecordRepository AuditRecordRepository) *Service

func (*Service) Create ¶

func (s *Service) Create(ctx context.Context, req CreateRequest) (PAT, string, error)

Create generates a new PAT and returns it with the plaintext value. The plaintext value is only available at creation time.

func (*Service) ValidateExpiry ¶

func (s *Service) ValidateExpiry(expiresAt time.Time) error

ValidateExpiry checks that the given expiry time is in the future and within the configured maximum PAT lifetime.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL