service

package
v0.0.0-...-fa26777 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2025 License: Apache-2.0 Imports: 21 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	VerifyPasswordPerIP        ratelimit.BucketName = "VerifyPasswordPerIP"
	VerifyPasswordPerUserPerIP ratelimit.BucketName = "VerifyPasswordPerUserPerIP"
	VerifyTOTPPerIP            ratelimit.BucketName = "VerifyTOTPPerIP"
	VerifyTOTPPerUserPerIP     ratelimit.BucketName = "VerifyTOTPPerUserPerIP"
	VerifyPasskeyPerIP         ratelimit.BucketName = "VerifyPasskeyPerIP"
)

Variables

View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(Store), "*"),
	wire.Struct(new(RateLimits), "*"),
	wire.Struct(new(Lockout), "*"),
	wire.Struct(new(Service), "*"),
)

Functions

This section is empty.

Types

type Lockout 

type Lockout struct {
	Config   *config.AuthenticationLockoutConfig
	RemoteIP httputil.RemoteIP
	Provider LockoutProvider
}

func (*Lockout) Check 

func (l *Lockout) Check(ctx context.Context, userID string) error

func (*Lockout) ClearAttempts 

func (l *Lockout) ClearAttempts(ctx context.Context, userID string, usedMethods []config.AuthenticationLockoutMethod) error

func (*Lockout) MakeAttempt 

func (l *Lockout) MakeAttempt(ctx context.Context, userID string, authenticatorType model.AuthenticatorType) error

type LockoutProvider 

type LockoutProvider interface {
	MakeAttempts(ctx context.Context, spec lockout.LockoutSpec, contributor string, attempts int) (result *lockout.MakeAttemptResult, err error)
	ClearAttempts(ctx context.Context, spec lockout.LockoutSpec, contributor string) error
}

type OOBOTPAuthenticatorProvider 

type OOBOTPAuthenticatorProvider interface {
	New(ctx context.Context, id string, userID string, oobAuthenticatorType model.AuthenticatorType, target string, isDefault bool, kind string) (*authenticator.OOBOTP, error)
	UpdateTarget(a *authenticator.OOBOTP, option oob.UpdateTargetOption) (*authenticator.OOBOTP, bool)

	Get(ctx context.Context, userID, id string) (*authenticator.OOBOTP, error)
	GetMany(ctx context.Context, ids []string) ([]*authenticator.OOBOTP, error)
	List(ctx context.Context, userID string) ([]*authenticator.OOBOTP, error)
	Create(ctx context.Context, a *authenticator.OOBOTP) error
	Update(ctx context.Context, a *authenticator.OOBOTP) error
	Delete(ctx context.Context, a *authenticator.OOBOTP) error
}

type OTPCodeService 

type OTPCodeService interface {
	VerifyOTP(ctx context.Context, kind otp.Kind, target string, otp string, opts *otp.VerifyOptions) error
}

type PasskeyAuthenticatorProvider 

type PasskeyAuthenticatorProvider interface {
	New(
		ctx context.Context,
		id string,
		userID string,
		attestationResponse []byte,
		isDefault bool,
		kind string,
	) (*authenticator.Passkey, error)
	Get(ctx context.Context, userID, id string) (*authenticator.Passkey, error)
	GetMany(ctx context.Context, ids []string) ([]*authenticator.Passkey, error)
	List(ctx context.Context, userID string) ([]*authenticator.Passkey, error)
	Create(ctx context.Context, a *authenticator.Passkey) error
	Update(ctx context.Context, a *authenticator.Passkey) error
	Delete(ctx context.Context, a *authenticator.Passkey) error
	Authenticate(ctx context.Context, a *authenticator.Passkey, assertionResponse []byte) (requireUpdate bool, err error)
}

type PasswordAuthenticatorProvider 

type PasswordAuthenticatorProvider interface {
	New(ctx context.Context, id string, userID string, passwordSpec *authenticator.PasswordSpec, isDefault bool, kind string) (*authenticator.Password, error)
	UpdatePassword(ctx context.Context, a *authenticator.Password, options *password.UpdatePasswordOptions) (bool, *authenticator.Password, error)
	Get(ctx context.Context, userID, id string) (*authenticator.Password, error)
	GetMany(ctx context.Context, ids []string) ([]*authenticator.Password, error)
	List(ctx context.Context, userID string) ([]*authenticator.Password, error)
	Create(ctx context.Context, a *authenticator.Password) error
	Update(ctx context.Context, a *authenticator.Password) error
	Delete(ctx context.Context, a *authenticator.Password) error
	Authenticate(ctx context.Context, a *authenticator.Password, password string) (verifyResult *password.VerifyResult, err error)
}

type RateLimiter 

type RateLimiter interface {
	Reserve(ctx context.Context, spec ratelimit.BucketSpec) (*ratelimit.Reservation, *ratelimit.FailedReservation, error)
	Cancel(ctx context.Context, r *ratelimit.Reservation)
}

type RateLimits 

type RateLimits struct {
	IP     httputil.RemoteIP
	Config *config.AuthenticationConfig

	RateLimiter RateLimiter
}

func (*RateLimits) Cancel 

func (l *RateLimits) Cancel(ctx context.Context, r *Reservation)

func (*RateLimits) Reserve 

func (l *RateLimits) Reserve(ctx context.Context, userID string, authType model.AuthenticatorType) (*Reservation, error)

type Reservation 

type Reservation struct {
	// contains filtered or unexported fields
}

func (*Reservation) PreventCancel 

func (r *Reservation) PreventCancel()

type Service 

type Service struct {
	Store          *Store
	Config         *config.AppConfig
	Password       PasswordAuthenticatorProvider
	Passkey        PasskeyAuthenticatorProvider
	TOTP           TOTPAuthenticatorProvider
	OOBOTP         OOBOTPAuthenticatorProvider
	OTPCodeService OTPCodeService
	RateLimits     RateLimits
	Lockout        Lockout
}

func (*Service) ClearLockoutAttempts 

func (s *Service) ClearLockoutAttempts(ctx context.Context, userID string, usedMethods []config.AuthenticationLockoutMethod) error

func (*Service) Count 

func (s *Service) Count(ctx context.Context, userID string) (uint64, error)

func (*Service) Create 

func (s *Service) Create(ctx context.Context, info *authenticator.Info) error

func (*Service) Delete 

func (s *Service) Delete(ctx context.Context, info *authenticator.Info) error

func (*Service) Get 

func (s *Service) Get(ctx context.Context, id string) (*authenticator.Info, error)

func (*Service) GetMany 

func (s *Service) GetMany(ctx context.Context, ids []string) ([]*authenticator.Info, error)

func (*Service) List 

func (s *Service) List(ctx context.Context, userID string, filters ...authenticator.Filter) ([]*authenticator.Info, error)

func (*Service) ListByUserIDs 

func (s *Service) ListByUserIDs(ctx context.Context, userIDs []string, filters ...authenticator.Filter) (map[string][]*authenticator.Info, error)

nolint:gocognit

func (*Service) ListRefsByUsers 

func (s *Service) ListRefsByUsers(ctx context.Context, userIDs []string, authenticatorType *model.AuthenticatorType, authenticatorKind *authenticator.Kind) ([]*authenticator.Ref, error)

func (*Service) New 

func (s *Service) New(ctx context.Context, spec *authenticator.Spec) (*authenticator.Info, error)

func (*Service) NewWithAuthenticatorID 

func (s *Service) NewWithAuthenticatorID(ctx context.Context, authenticatorID string, spec *authenticator.Spec) (*authenticator.Info, error)

func (*Service) RemoveOrphans 

func (s *Service) RemoveOrphans(ctx context.Context, identities []*identity.Info) error

func (*Service) Update 

func (s *Service) Update(ctx context.Context, info *authenticator.Info) error

func (*Service) UpdateOOBOTPTarget 

func (s *Service) UpdateOOBOTPTarget(ai *authenticator.Info, option UpdateOOBOTPTargetOption) (*authenticator.Info, bool)

func (*Service) UpdateOrphans 

func (s *Service) UpdateOrphans(ctx context.Context, oldInfo *identity.Info, newInfo *identity.Info) error

func (*Service) UpdatePassword 

func (s *Service) UpdatePassword(ctx context.Context, ai *authenticator.Info, options *UpdatePasswordOptions) (bool, *authenticator.Info, error)

func (*Service) VerifyOneWithSpec 

func (s *Service) VerifyOneWithSpec(
	ctx context.Context,
	userID string,
	authenticatorType model.AuthenticatorType,
	infos []*authenticator.Info,
	spec *authenticator.Spec,
	options *VerifyOptions) (info *authenticator.Info, verifyResult *VerifyResult, err error)

Given a list of authenticators, try to verify one of them

type Store 

type Store struct {
	SQLBuilder  *appdb.SQLBuilderApp
	SQLExecutor *appdb.SQLExecutor
}

func (*Store) Count 

func (s *Store) Count(ctx context.Context, userID string) (uint64, error)

func (*Store) GetRefByID 

func (s *Store) GetRefByID(ctx context.Context, id string) (*authenticator.Ref, error)

func (*Store) ListRefsByIDs 

func (s *Store) ListRefsByIDs(ctx context.Context, ids []string) ([]*authenticator.Ref, error)

func (*Store) ListRefsByUsers 

func (s *Store) ListRefsByUsers(ctx context.Context, userIDs []string, authenticatorType *model.AuthenticatorType, authenticatorKind *authenticator.Kind) ([]*authenticator.Ref, error)

type TOTPAuthenticatorProvider 

type TOTPAuthenticatorProvider interface {
	New(id string, userID string, totpSpec *authenticator.TOTPSpec, isDefault bool, kind string) (*authenticator.TOTP, error)
	Authenticate(a *authenticator.TOTP, code string) error

	Get(ctx context.Context, userID, id string) (*authenticator.TOTP, error)
	GetMany(ctx context.Context, ids []string) ([]*authenticator.TOTP, error)
	List(ctx context.Context, userID string) ([]*authenticator.TOTP, error)
	Create(ctx context.Context, a *authenticator.TOTP) error
	Delete(ctx context.Context, a *authenticator.TOTP) error
}

type UpdateOOBOTPTargetOption 

type UpdateOOBOTPTargetOption struct {
	NewTarget string
}

type UpdatePasswordOptions 

type UpdatePasswordOptions struct {
	SetPassword    bool
	PlainPassword  string
	SetExpireAfter bool
	ExpireAfter    *time.Time
}

type VerifyOptions 

type VerifyOptions struct {
	OOBChannel        *model.AuthenticatorOOBChannel
	UseSubmittedValue bool
	Form              otp.Form
}

type VerifyResult 

type VerifyResult struct {
	Password *password.VerifyResult
	Passkey  bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.