auth

package
v0.0.0-...-dc8f43e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 13, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNoAuthProvided = fmt.Errorf("no authentication provided")
	ErrInvalidToken   = fmt.Errorf("invalid token")
	ErrExpiredToken   = fmt.Errorf("token expired")
	ErrInvalidAPIKey  = fmt.Errorf("invalid API key")
)

Custom errors

Functions

This section is empty.

Types

type APIKey 

type APIKey struct {
	ID          string                  `json:"id"`
	Name        string                  `json:"name"`
	HashedKey   string                  `json:"-"` // Never expose the actual key
	UserID      string                  `json:"user_id"`
	Permissions []Permission            `json:"permissions"`
	RepoPerms   map[string][]Permission `json:"repo_permissions"`
	Active      bool                    `json:"active"`
	LastUsed    *time.Time              `json:"last_used,omitempty"`
	CreatedAt   time.Time               `json:"created_at"`
	ExpiresAt   *time.Time              `json:"expires_at,omitempty"`
}

APIKey represents an API key for authentication

func (*APIKey) ToInfo 

func (k *APIKey) ToInfo() *APIKeyInfo

ToInfo converts an APIKey to APIKeyInfo (removes sensitive data)

type APIKeyInfo 

type APIKeyInfo struct {
	ID          string                  `json:"id"`
	Name        string                  `json:"name"`
	UserID      string                  `json:"user_id"`
	Permissions []Permission            `json:"permissions"`
	RepoPerms   map[string][]Permission `json:"repo_permissions"`
	Active      bool                    `json:"active"`
	LastUsed    *time.Time              `json:"last_used,omitempty"`
	CreatedAt   time.Time               `json:"created_at"`
	ExpiresAt   *time.Time              `json:"expires_at,omitempty"`
}

APIKeyInfo represents public information about an API key

type APIKeyManager 

type APIKeyManager struct {
	// contains filtered or unexported fields
}

APIKeyManager manages API keys

func NewAPIKeyManager 

func NewAPIKeyManager(rbac *RBAC) *APIKeyManager

NewAPIKeyManager creates a new API key manager

func (*APIKeyManager) CleanupExpiredKeys 

func (m *APIKeyManager) CleanupExpiredKeys() int

CleanupExpiredKeys removes expired API keys

func (*APIKeyManager) DeleteAPIKey 

func (m *APIKeyManager) DeleteAPIKey(keyID string) error

DeleteAPIKey permanently removes an API key

func (*APIKeyManager) GenerateAPIKey 

func (m *APIKeyManager) GenerateAPIKey(userID, name string, permissions []Permission, repoPerms map[string][]Permission, expiresAt *time.Time) (string, *APIKey, error)

GenerateAPIKey creates a new API key for a user

func (*APIKeyManager) GetAPIKey 

func (m *APIKeyManager) GetAPIKey(keyID string) (*APIKey, error)

GetAPIKey retrieves an API key by ID

func (*APIKeyManager) GetKeyStats 

func (m *APIKeyManager) GetKeyStats() map[string]int

GetKeyStats returns statistics about API keys

func (*APIKeyManager) HasPermission 

func (m *APIKeyManager) HasPermission(apiKey *APIKey, permission Permission) bool

HasPermission checks if an API key has a specific permission

func (*APIKeyManager) HasRepositoryPermission 

func (m *APIKeyManager) HasRepositoryPermission(apiKey *APIKey, repoID string, permission Permission) bool

HasRepositoryPermission checks if an API key has permission for a specific repository

func (*APIKeyManager) ListAPIKeys 

func (m *APIKeyManager) ListAPIKeys(userID string) ([]*APIKey, error)

ListAPIKeys returns all API keys for a user

func (*APIKeyManager) RevokeAPIKey 

func (m *APIKeyManager) RevokeAPIKey(keyID string) error

RevokeAPIKey deactivates an API key

func (*APIKeyManager) UpdateAPIKeyPermissions 

func (m *APIKeyManager) UpdateAPIKeyPermissions(keyID string, permissions []Permission, repoPerms map[string][]Permission) error

UpdateAPIKeyPermissions updates the permissions for an API key

func (*APIKeyManager) ValidateAPIKey 

func (m *APIKeyManager) ValidateAPIKey(keyString string) (*APIKey, error)

ValidateAPIKey validates an API key and returns the associated API key record

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

AuthMiddleware provides authentication middleware

func NewAuthMiddleware 

func NewAuthMiddleware(jwtAuth *JWTAuth, apiKeyMgr *APIKeyManager, rbac *RBAC) *AuthMiddleware

NewAuthMiddleware creates a new authentication middleware

func (*AuthMiddleware) AuthRequired 

func (m *AuthMiddleware) AuthRequired() gin.HandlerFunc

AuthRequired middleware that requires authentication

func (*AuthMiddleware) OptionalAuth 

func (m *AuthMiddleware) OptionalAuth() gin.HandlerFunc

OptionalAuth middleware that attempts authentication but doesn't require it

func (*AuthMiddleware) RequirePermission 

func (m *AuthMiddleware) RequirePermission(permission Permission) gin.HandlerFunc

RequirePermission middleware that requires a specific permission

func (*AuthMiddleware) RequireRepositoryPermission 

func (m *AuthMiddleware) RequireRepositoryPermission(permission Permission) gin.HandlerFunc

RequireRepositoryPermission middleware that requires permission for a specific repository

type AuthenticatedUser 

type AuthenticatedUser struct {
	ID          string                  `json:"id"`
	Username    string                  `json:"username"`
	Email       string                  `json:"email"`
	Permissions []Permission            `json:"permissions"`
	RepoPerms   map[string][]Permission `json:"repo_permissions"`
	AuthMethod  string                  `json:"auth_method"` // "jwt" or "apikey"
	TokenInfo   interface{}             `json:"token_info,omitempty"`
}

AuthenticatedUser represents an authenticated user context

func GetCurrentUser 

func GetCurrentUser(c *gin.Context) (*AuthenticatedUser, bool)

GetCurrentUser returns the current authenticated user from gin context

type CachedToken 

type CachedToken struct {
	Claims    *Claims
	ExpiresAt time.Time
}

CachedToken represents a cached token validation result

type Claims 

type Claims struct {
	UserID      string   `json:"user_id"`
	Username    string   `json:"username"`
	Email       string   `json:"email"`
	Permissions []string `json:"permissions"`
	jwt.RegisteredClaims
}

Claims represents the JWT claims

type JWTAuth 

type JWTAuth struct {
	Secret string
	Issuer string
	TTL    time.Duration
	// contains filtered or unexported fields
}

JWTAuth handles JWT token generation and validation

func NewJWTAuth 

func NewJWTAuth(secret, issuer string, ttl time.Duration) *JWTAuth

NewJWTAuth creates a new JWT authentication handler

func (*JWTAuth) ExtractUserID 

func (j *JWTAuth) ExtractUserID(tokenString string) string

ExtractUserID extracts user ID from token without full validation (for logging/metrics)

func (*JWTAuth) GenerateToken 

func (j *JWTAuth) GenerateToken(userID, username, email string, permissions []string) (string, error)

GenerateToken creates a new JWT token for a user

func (*JWTAuth) GetTokenInfo 

func (j *JWTAuth) GetTokenInfo(tokenString string) *TokenInfo

GetTokenInfo returns detailed information about a token

func (*JWTAuth) RefreshToken 

func (j *JWTAuth) RefreshToken(tokenString string) (string, error)

RefreshToken generates a new token with the same claims but extended expiration

func (*JWTAuth) ValidateToken 

func (j *JWTAuth) ValidateToken(tokenString string) (*Claims, error)

ValidateToken validates a JWT token and returns the claims with caching

type Permission 

type Permission string

Permission represents a specific permission 

const (
	// Repository permissions
	PermissionRepoRead   Permission = "repo:read"
	PermissionRepoWrite  Permission = "repo:write"
	PermissionRepoDelete Permission = "repo:delete"
	PermissionRepoAdmin  Permission = "repo:admin"

	// System permissions
	PermissionSystemRead  Permission = "system:read"
	PermissionSystemWrite Permission = "system:write"
	PermissionSystemAdmin Permission = "system:admin"

	// User management permissions
	PermissionUserRead   Permission = "user:read"
	PermissionUserWrite  Permission = "user:write"
	PermissionUserDelete Permission = "user:delete"

	// Webhook permissions
	PermissionWebhookRead   Permission = "webhook:read"
	PermissionWebhookWrite  Permission = "webhook:write"
	PermissionWebhookDelete Permission = "webhook:delete"
)

type RBAC 

type RBAC struct {
	// contains filtered or unexported fields
}

RBAC manages role-based access control

func NewRBAC 

func NewRBAC() *RBAC

NewRBAC creates a new RBAC manager with default roles

func (*RBAC) ActivateUser 

func (r *RBAC) ActivateUser(userID string) error

ActivateUser activates a user account

func (*RBAC) AssignRole 

func (r *RBAC) AssignRole(userID, roleName string) error

AssignRole assigns a role to a user

func (*RBAC) CreateRole 

func (r *RBAC) CreateRole(name, description string, permissions []Permission) error

CreateRole creates a new role

func (*RBAC) CreateUser 

func (r *RBAC) CreateUser(id, username, email string, roles []string) error

CreateUser creates a new user

func (*RBAC) DeactivateUser 

func (r *RBAC) DeactivateUser(userID string) error

DeactivateUser deactivates a user account

func (*RBAC) GetRole 

func (r *RBAC) GetRole(name string) (*Role, error)

GetRole retrieves a role by name

func (*RBAC) GetUser 

func (r *RBAC) GetUser(userID string) (*User, error)

GetUser retrieves a user by ID

func (*RBAC) GetUserPermissions 

func (r *RBAC) GetUserPermissions(userID string) ([]Permission, error)

GetUserPermissions returns all permissions for a user (from roles + direct permissions)

func (*RBAC) GrantRepositoryPermission 

func (r *RBAC) GrantRepositoryPermission(userID, repoID string, permission Permission) error

GrantRepositoryPermission grants a user permission to a specific repository

func (*RBAC) HasPermission 

func (r *RBAC) HasPermission(userID string, permission Permission) bool

HasPermission checks if a user has a specific permission

func (*RBAC) HasRepositoryPermission 

func (r *RBAC) HasRepositoryPermission(userID, repoID string, permission Permission) bool

HasRepositoryPermission checks if a user has permission for a specific repository

func (*RBAC) ListRoles 

func (r *RBAC) ListRoles() []*Role

ListRoles returns all available roles

func (*RBAC) RemoveRole 

func (r *RBAC) RemoveRole(userID, roleName string) error

RemoveRole removes a role from a user

func (*RBAC) RevokeRepositoryPermission 

func (r *RBAC) RevokeRepositoryPermission(userID, repoID string, permission Permission) error

RevokeRepositoryPermission removes a user's permission from a specific repository

type Role 

type Role struct {
	Name        string       `json:"name"`
	Description string       `json:"description"`
	Permissions []Permission `json:"permissions"`
}

Role represents a collection of permissions

type TokenInfo 

type TokenInfo struct {
	UserID      string    `json:"user_id"`
	Username    string    `json:"username"`
	Email       string    `json:"email"`
	Permissions []string  `json:"permissions"`
	IssuedAt    time.Time `json:"issued_at"`
	ExpiresAt   time.Time `json:"expires_at"`
	Valid       bool      `json:"valid"`
}

TokenInfo represents information about a token

type User 

type User struct {
	ID          string                  `json:"id"`
	Username    string                  `json:"username"`
	Email       string                  `json:"email"`
	Roles       []string                `json:"roles"`
	Permissions []Permission            `json:"permissions"`      // Direct permissions
	RepoPerms   map[string][]Permission `json:"repo_permissions"` // Repository-specific permissions
	Active      bool                    `json:"active"`
	CreatedAt   string                  `json:"created_at"`
	UpdatedAt   string                  `json:"updated_at"`
}

User represents a user in the system

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.