Documentation
¶
Index ¶
- type Config
- type GeoIPProvider
- type Repository
- type SecurityEvent
- type Service
- func (s *Service) CheckCountryAllowed(ctx context.Context, ip string) bool
- func (s *Service) CheckIPAllowed(_ context.Context, ip string) bool
- func (s *Service) GetAttemptsRemaining(_ context.Context, key string) int
- func (s *Service) GetFailedAttemptCount(_ context.Context, key string) int
- func (s *Service) GetLockoutTime(_ context.Context, key string) time.Time
- func (s *Service) IsLockedOut(_ context.Context, key string) bool
- func (s *Service) LogEvent(ctx context.Context, typ string, userID *xid.ID, ip, ua, geo string) error
- func (s *Service) RecordFailedAttempt(_ context.Context, key string)
- func (s *Service) ResetFailedAttempts(_ context.Context, key string)
- func (s *Service) SetGeoIPProvider(p GeoIPProvider)
- func (s *Service) ShouldTrustForwardedHeaders(remoteIP string) bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Enabled bool `json:"enabled"`
IPWhitelist []string `json:"ipWhitelist"`
IPBlacklist []string `json:"ipBlacklist"`
AllowedCountries []string `json:"allowedCountries"`
BlockedCountries []string `json:"blockedCountries"`
// TrustProxyHeaders enables honoring X-Forwarded-For/X-Real-IP/Forwarded
TrustProxyHeaders bool `json:"trustProxyHeaders"`
// TrustedProxies restricts which proxy IPs are trusted for headers (exact or CIDR).
// If empty and TrustProxyHeaders=true, all proxies are trusted.
TrustedProxies []string `json:"trustedProxies"`
}
Config for security checks
type GeoIPProvider ¶
GeoIPProvider resolves an IP address to a country code (ISO 3166-1 alpha-2 suggested)
type Repository ¶
type Repository interface {
Create(ctx context.Context, e *SecurityEvent) error
}
Repository defines persistence for security events
type SecurityEvent ¶
type SecurityEvent struct {
ID xid.ID `json:"id"`
AppID xid.ID `json:"appId"`
UserID *xid.ID `json:"userId"`
Type string `json:"type"`
IPAddress string `json:"ipAddress"`
UserAgent string `json:"userAgent"`
Geo string `json:"geo"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
}
SecurityEvent represents a logged security event
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service handles security checks and event logging
func NewService ¶
func NewService(repo Repository, cfg Config) *Service
func (*Service) CheckCountryAllowed ¶
CheckCountryAllowed enforces geo-based restrictions using AllowedCountries/BlockedCountries. If a GeoIP provider is not set and lists are configured, enforcement is skipped (allowed).
func (*Service) CheckIPAllowed ¶
CheckIPAllowed verifies IP against whitelist/blacklist
func (*Service) GetAttemptsRemaining ¶ added in v0.0.7
GetAttemptsRemaining returns the number of attempts remaining before lockout
func (*Service) GetFailedAttemptCount ¶ added in v0.0.7
GetFailedAttemptCount returns the current number of failed attempts for a key
func (*Service) GetLockoutTime ¶ added in v0.0.7
GetLockoutTime returns the lockout expiration time for a key if locked out Returns zero time if not locked out
func (*Service) IsLockedOut ¶
IsLockedOut returns true if key (email or IP) is under lockout
func (*Service) LogEvent ¶
func (s *Service) LogEvent(ctx context.Context, typ string, userID *xid.ID, ip, ua, geo string) error
LogEvent logs a security event
func (*Service) RecordFailedAttempt ¶
RecordFailedAttempt increments failed attempt count and applies lockout if threshold reached
func (*Service) ResetFailedAttempts ¶
ResetFailedAttempts clears counters and lockout for a key
func (*Service) SetGeoIPProvider ¶
func (s *Service) SetGeoIPProvider(p GeoIPProvider)
SetGeoIPProvider sets the GeoIP provider used for country lookups
func (*Service) ShouldTrustForwardedHeaders ¶
ShouldTrustForwardedHeaders returns true if forwarded headers should be honored based on TrustProxyHeaders and TrustedProxies matching the remote IP.
Source Files