api

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 10, 2024 License: MIT Imports: 67 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultHTTPHookTimeout  = 5 * time.Second
	DefaultHTTPHookRetries  = 3
	HTTPHookBackoffDuration = 2 * time.Second
	PayloadLimit            = 200 * 1024 // 200KB
)
View Source 
const (
	PKCEPrefix                    = "pkce_"
	MinCodeChallengeLength        = 43
	MaxCodeChallengeLength        = 128
	InvalidPKCEParamsErrorMessage = "PKCE flow requires code_challenge_method and code_challenge"
)
View Source 
const APIVersionHeaderName = "X-Supabase-Api-Version"
View Source 
const DefaultQRSize = 3
View Source 
const InvalidChannelError = "Invalid channel, supported values are 'sms' or 'whatsapp'"
View Source 
const InvalidLoginMessage = "Invalid login credentials"
View Source 
const InvalidNonceMessage = "Nonce has expired or is invalid"
View Source 
const MaxPasswordLength = 72

BCrypt hashed passwords have a 72 character limit

View Source 
const (
	QRCodeGenerationErrorMessage = "Error generating QR Code"
)
View Source 
const (
	SAMLSubjectIDAttributeName = "urn:oasis:names:tc:SAML:attribute:subject-id"
)

Variables

View Source 
var (
	APIVersionInitial  = time.Time{}
	APIVersion20240101 = time.Date(2024, time.January, 1, 0, 0, 0, 0, time.UTC)
)
View Source 
var (
	DuplicateEmailMsg       = "A user with this email address has already been registered"
	DuplicatePhoneMsg       = "A user with this phone number has already been registered"
	UserExistsError   error = errors.New("user already exists")
)

Common error messages during signup flow

View Source 
var (
	EmailRateLimitExceeded error = errors.New("email rate limit exceeded")
	AddressNotAuthorized   error = errors.New("Destination email address not authorized")
)

Functions

func FormatAPIVersion 

func FormatAPIVersion(apiVersion APIVersion) string

func HandleResponseError 

func HandleResponseError(err error, w http.ResponseWriter, r *http.Request)

func IsSAMLMetadataStale 

func IsSAMLMetadataStale(
	idpMetadata *saml.EntityDescriptor,
	samlProvider models.SAMLProvider,
) bool

Types

type API 

type API struct {
	// contains filtered or unexported fields
}

API is the main REST API

func NewAPI 

func NewAPI(globalConfig *conf.GlobalConfiguration, db *storage.Connection, opt ...Option) *API

NewAPI instantiates a new REST API

func NewAPIWithVersion 

func NewAPIWithVersion(
	globalConfig *conf.GlobalConfiguration,
	db *storage.Connection,
	version string,
	opt ...Option,
) *API

NewAPIWithVersion creates a new REST API using the specified version

func NewAPIWithVersionAndLogger 

func NewAPIWithVersionAndLogger(
	globalConfig *conf.GlobalConfiguration,
	db *storage.Connection,
	version string,
	loggerFn func(next http.Handler) http.Handler,
	opt ...Option,
) (*API, http.Handler)

NewAPIWithVersionAndLogger creates a new REST API using the specified version NOTE: this is a modified version of supabase/auth

func (*API) ChallengeFactor 

func (a *API) ChallengeFactor(w http.ResponseWriter, r *http.Request) error

func (*API) DeleteIdentity 

func (a *API) DeleteIdentity(w http.ResponseWriter, r *http.Request) error

func (*API) EnrollFactor 

func (a *API) EnrollFactor(w http.ResponseWriter, r *http.Request) error

func (*API) ExternalProviderCallback 

func (a *API) ExternalProviderCallback(w http.ResponseWriter, r *http.Request) error

ExternalProviderCallback handles the callback endpoint in the external oauth provider flow

func (*API) ExternalProviderRedirect 

func (a *API) ExternalProviderRedirect(w http.ResponseWriter, r *http.Request) error

ExternalProviderRedirect redirects the request to the oauth provider

func (*API) GetExternalProviderRedirectURL 

func (a *API) GetExternalProviderRedirectURL(
	w http.ResponseWriter,
	r *http.Request,
	linkingTargetUser *models.User,
) (string, error)

GetExternalProviderRedirectURL returns the URL to start the oauth flow with the corresponding oauth provider

func (*API) HealthCheck 

func (a *API) HealthCheck(w http.ResponseWriter, r *http.Request) error

HealthCheck endpoint indicates if the gotrue api service is available

func (*API) IdTokenGrant 

func (a *API) IdTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error

IdTokenGrant implements the id_token grant type flow

func (*API) Invite 

func (a *API) Invite(w http.ResponseWriter, r *http.Request) error

Invite is the endpoint for inviting a new user

func (*API) Jwks 

func (a *API) Jwks(w http.ResponseWriter, r *http.Request) error

func (*API) LinkIdentity 

func (a *API) LinkIdentity(w http.ResponseWriter, r *http.Request) error

func (*API) Logout 

func (a *API) Logout(w http.ResponseWriter, r *http.Request) error

Logout is the endpoint for logging out a user and thereby revoking any refresh tokens 

func (a *API) MagicLink(w http.ResponseWriter, r *http.Request) error

MagicLink sends a recovery email

func (*API) Mailer 

func (a *API) Mailer() mailer.Mailer

Mailer returns NewMailer with the current tenant config

func (*API) Now 

func (a *API) Now() time.Time

func (*API) OAuthProvider 

func (a *API) OAuthProvider(ctx context.Context, name string) (provider.OAuthProvider, error)

OAuthProvider returns the corresponding oauth provider as an OAuthProvider interface

func (*API) Otp 

func (a *API) Otp(w http.ResponseWriter, r *http.Request) error

Otp returns the MagicLink or SmsOtp handler based on the request body params

func (*API) PKCE 

func (a *API) PKCE(ctx context.Context, w http.ResponseWriter, r *http.Request) error

func (*API) Provider 

func (a *API) Provider(ctx context.Context, name string, scopes string) (provider.Provider, error)

Provider returns a Provider interface for the given name.

func (*API) Reauthenticate 

func (a *API) Reauthenticate(w http.ResponseWriter, r *http.Request) error

Reauthenticate sends a reauthentication otp to either the user's email or phone

func (*API) Recover 

func (a *API) Recover(w http.ResponseWriter, r *http.Request) error

Recover sends a recovery email

func (*API) RefreshTokenGrant 

func (a *API) RefreshTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error

RefreshTokenGrant implements the refresh_token grant type flow

func (*API) Resend 

func (a *API) Resend(w http.ResponseWriter, r *http.Request) error

Recover sends a recovery email

func (*API) ResourceOwnerPasswordGrant 

func (a *API) ResourceOwnerPasswordGrant(
	ctx context.Context,
	w http.ResponseWriter,
	r *http.Request,
) error

ResourceOwnerPasswordGrant implements the password grant type flow

func (*API) SAMLMetadata 

func (a *API) SAMLMetadata(w http.ResponseWriter, r *http.Request) error

SAMLMetadata serves GoTrue's SAML Service Provider metadata file.

func (*API) SamlAcs 

func (a *API) SamlAcs(w http.ResponseWriter, r *http.Request) error

func (*API) ServeHTTP 

func (a *API) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP implements the http.Handler interface by passing the request along to its underlying Handler.

func (*API) Settings 

func (a *API) Settings(w http.ResponseWriter, r *http.Request) error

func (*API) Signup 

func (a *API) Signup(w http.ResponseWriter, r *http.Request) error

Signup is the endpoint for registering a new user

func (*API) SignupAnonymously 

func (a *API) SignupAnonymously(w http.ResponseWriter, r *http.Request) error

func (*API) SingleSignOn 

func (a *API) SingleSignOn(w http.ResponseWriter, r *http.Request) error

SingleSignOn handles the single-sign-on flow for a provided SSO domain or provider.

func (*API) SmsOtp 

func (a *API) SmsOtp(w http.ResponseWriter, r *http.Request) error

SmsOtp sends the user an otp via sms

func (*API) Token 

func (a *API) Token(w http.ResponseWriter, r *http.Request) error

Token is the endpoint for OAuth access token requests

func (*API) UnenrollFactor 

func (a *API) UnenrollFactor(w http.ResponseWriter, r *http.Request) error

func (*API) UserGet 

func (a *API) UserGet(w http.ResponseWriter, r *http.Request) error

UserGet returns a user

func (*API) UserUpdate 

func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error

UserUpdate updates fields on a user

func (*API) Verify 

func (a *API) Verify(w http.ResponseWriter, r *http.Request) error

Verify exchanges a confirmation or recovery token to a refresh token

func (*API) VerifyFactor 

func (a *API) VerifyFactor(w http.ResponseWriter, r *http.Request) error

type APIVersion 

type APIVersion = time.Time

func DetermineClosestAPIVersion 

func DetermineClosestAPIVersion(date string) (APIVersion, error)

type AccessTokenClaims 

type AccessTokenClaims struct {
	jwt.RegisteredClaims
	Email                         string                 `json:"email"`
	Phone                         string                 `json:"phone"`
	AppMetaData                   map[string]interface{} `json:"app_metadata"`
	UserMetaData                  map[string]interface{} `json:"user_metadata"`
	Role                          string                 `json:"role"`
	AuthenticatorAssuranceLevel   string                 `json:"aal,omitempty"`
	AuthenticationMethodReference []models.AMREntry      `json:"amr,omitempty"`
	SessionId                     string                 `json:"session_id,omitempty"`
	IsAnonymous                   bool                   `json:"is_anonymous"`
}

AccessTokenClaims is a struct thats used for JWT claims

type AccessTokenResponse 

type AccessTokenResponse struct {
	Token                string             `json:"access_token"`
	TokenType            string             `json:"token_type"` // Bearer
	ExpiresIn            int                `json:"expires_in"`
	ExpiresAt            int64              `json:"expires_at"`
	RefreshToken         string             `json:"refresh_token"`
	User                 *models.User       `json:"user"`
	ProviderAccessToken  string             `json:"provider_token,omitempty"`
	ProviderRefreshToken string             `json:"provider_refresh_token,omitempty"`
	WeakPassword         *WeakPasswordError `json:"weak_password,omitempty"`
}

AccessTokenResponse represents an OAuth2 success response

func (*AccessTokenResponse) AsRedirectURL 

func (r *AccessTokenResponse) AsRedirectURL(redirectURL string, extraParams url.Values) string

AsRedirectURL encodes the AccessTokenResponse as a redirect URL that includes the access token response data in a URL fragment.

type AdminListUsersResponse 

type AdminListUsersResponse struct {
	Users []*models.User `json:"users"`
	Aud   string         `json:"aud"`
}

type AdminUserParams 

type AdminUserParams struct {
	Id           string                 `json:"id"`
	Aud          string                 `json:"aud"`
	Role         string                 `json:"role"`
	Email        string                 `json:"email"`
	Phone        string                 `json:"phone"`
	Password     *string                `json:"password"`
	PasswordHash string                 `json:"password_hash"`
	EmailConfirm bool                   `json:"email_confirm"`
	PhoneConfirm bool                   `json:"phone_confirm"`
	UserMetaData map[string]interface{} `json:"user_metadata"`
	AppMetaData  map[string]interface{} `json:"app_metadata"`
	BanDuration  string                 `json:"ban_duration"`
}

type AuthMicroserviceClaims 

type AuthMicroserviceClaims struct {
	jwt.RegisteredClaims
	SiteURL       string        `json:"site_url"`
	InstanceID    string        `json:"id"`
	FunctionHooks FunctionHooks `json:"function_hooks"`
}

type ChallengeFactorParams 

type ChallengeFactorParams struct {
	Channel  string          `json:"channel"`
	WebAuthn *WebAuthnParams `json:"web_authn,omitempty"`
}

type ChallengeFactorResponse 

type ChallengeFactorResponse struct {
	ID                        uuid.UUID                        `json:"id"`
	Type                      string                           `json:"type"`
	ExpiresAt                 int64                            `json:"expires_at,omitempty"`
	CredentialRequestOptions  *wbnprotocol.CredentialAssertion `json:"credential_request_options,omitempty"`
	CredentialCreationOptions *wbnprotocol.CredentialCreation  `json:"credential_creation_options,omitempty"`
}

type CreateSSOProviderParams 

type CreateSSOProviderParams struct {
	Type string `json:"type"`

	MetadataURL      string                      `json:"metadata_url"`
	MetadataXML      string                      `json:"metadata_xml"`
	Domains          []string                    `json:"domains"`
	AttributeMapping models.SAMLAttributeMapping `json:"attribute_mapping"`
	NameIDFormat     string                      `json:"name_id_format"`
}

type EnrollFactorParams 

type EnrollFactorParams struct {
	FriendlyName string `json:"friendly_name"`
	FactorType   string `json:"factor_type"`
	Issuer       string `json:"issuer"`
	Phone        string `json:"phone"`
}

type EnrollFactorResponse 

type EnrollFactorResponse struct {
	ID           uuid.UUID   `json:"id"`
	Type         string      `json:"type"`
	FriendlyName string      `json:"friendly_name"`
	TOTP         *TOTPObject `json:"totp,omitempty"`
	Phone        string      `json:"phone,omitempty"`
}

type ErrorCause 

type ErrorCause interface {
	Cause() error
}

ErrorCause is an error interface that contains the method Cause() for returning root cause errors

type ErrorCode 

type ErrorCode = string
const (
	// ErrorCodeUnknown should not be used directly, it only indicates a failure in the error handling system in such a way that an error code was not assigned properly.
	ErrorCodeUnknown ErrorCode = "unknown"

	// ErrorCodeUnexpectedFailure signals an unexpected failure such as a 500 Internal Server Error.
	ErrorCodeUnexpectedFailure ErrorCode = "unexpected_failure"

	ErrorCodeValidationFailed                  ErrorCode = "validation_failed"
	ErrorCodeBadJSON                           ErrorCode = "bad_json"
	ErrorCodeEmailExists                       ErrorCode = "email_exists"
	ErrorCodePhoneExists                       ErrorCode = "phone_exists"
	ErrorCodeBadJWT                            ErrorCode = "bad_jwt"
	ErrorCodeNotAdmin                          ErrorCode = "not_admin"
	ErrorCodeNoAuthorization                   ErrorCode = "no_authorization"
	ErrorCodeUserNotFound                      ErrorCode = "user_not_found"
	ErrorCodeSessionNotFound                   ErrorCode = "session_not_found"
	ErrorCodeFlowStateNotFound                 ErrorCode = "flow_state_not_found"
	ErrorCodeFlowStateExpired                  ErrorCode = "flow_state_expired"
	ErrorCodeSignupDisabled                    ErrorCode = "signup_disabled"
	ErrorCodeUserBanned                        ErrorCode = "user_banned"
	ErrorCodeProviderEmailNeedsVerification    ErrorCode = "provider_email_needs_verification"
	ErrorCodeInviteNotFound                    ErrorCode = "invite_not_found"
	ErrorCodeBadOAuthState                     ErrorCode = "bad_oauth_state"
	ErrorCodeBadOAuthCallback                  ErrorCode = "bad_oauth_callback"
	ErrorCodeOAuthProviderNotSupported         ErrorCode = "oauth_provider_not_supported"
	ErrorCodeUnexpectedAudience                ErrorCode = "unexpected_audience"
	ErrorCodeSingleIdentityNotDeletable        ErrorCode = "single_identity_not_deletable"
	ErrorCodeEmailConflictIdentityNotDeletable ErrorCode = "email_conflict_identity_not_deletable"
	ErrorCodeIdentityAlreadyExists             ErrorCode = "identity_already_exists"
	ErrorCodeEmailProviderDisabled             ErrorCode = "email_provider_disabled"
	ErrorCodePhoneProviderDisabled             ErrorCode = "phone_provider_disabled"
	ErrorCodeTooManyEnrolledMFAFactors         ErrorCode = "too_many_enrolled_mfa_factors"
	ErrorCodeMFAFactorNameConflict             ErrorCode = "mfa_factor_name_conflict"
	ErrorCodeMFAFactorNotFound                 ErrorCode = "mfa_factor_not_found"
	ErrorCodeMFAIPAddressMismatch              ErrorCode = "mfa_ip_address_mismatch"
	ErrorCodeMFAChallengeExpired               ErrorCode = "mfa_challenge_expired"
	ErrorCodeMFAVerificationFailed             ErrorCode = "mfa_verification_failed"
	ErrorCodeMFAVerificationRejected           ErrorCode = "mfa_verification_rejected"
	ErrorCodeInsufficientAAL                   ErrorCode = "insufficient_aal"
	ErrorCodeCaptchaFailed                     ErrorCode = "captcha_failed"
	ErrorCodeSAMLProviderDisabled              ErrorCode = "saml_provider_disabled"
	ErrorCodeManualLinkingDisabled             ErrorCode = "manual_linking_disabled"
	ErrorCodeSMSSendFailed                     ErrorCode = "sms_send_failed"
	ErrorCodeEmailNotConfirmed                 ErrorCode = "email_not_confirmed"
	ErrorCodePhoneNotConfirmed                 ErrorCode = "phone_not_confirmed"
	ErrorCodeSAMLRelayStateNotFound            ErrorCode = "saml_relay_state_not_found"
	ErrorCodeSAMLRelayStateExpired             ErrorCode = "saml_relay_state_expired"
	ErrorCodeSAMLIdPNotFound                   ErrorCode = "saml_idp_not_found"
	ErrorCodeSAMLAssertionNoUserID             ErrorCode = "saml_assertion_no_user_id"
	ErrorCodeSAMLAssertionNoEmail              ErrorCode = "saml_assertion_no_email"
	ErrorCodeUserAlreadyExists                 ErrorCode = "user_already_exists"
	ErrorCodeSSOProviderNotFound               ErrorCode = "sso_provider_not_found"
	ErrorCodeSAMLMetadataFetchFailed           ErrorCode = "saml_metadata_fetch_failed"
	ErrorCodeSAMLIdPAlreadyExists              ErrorCode = "saml_idp_already_exists"
	ErrorCodeSSODomainAlreadyExists            ErrorCode = "sso_domain_already_exists"
	ErrorCodeSAMLEntityIDMismatch              ErrorCode = "saml_entity_id_mismatch"
	ErrorCodeConflict                          ErrorCode = "conflict"
	ErrorCodeProviderDisabled                  ErrorCode = "provider_disabled"
	ErrorCodeUserSSOManaged                    ErrorCode = "user_sso_managed"
	ErrorCodeReauthenticationNeeded            ErrorCode = "reauthentication_needed"
	ErrorCodeSamePassword                      ErrorCode = "same_password"
	ErrorCodeReauthenticationNotValid          ErrorCode = "reauthentication_not_valid"
	ErrorCodeOTPExpired                        ErrorCode = "otp_expired"
	ErrorCodeOTPDisabled                       ErrorCode = "otp_disabled"
	ErrorCodeIdentityNotFound                  ErrorCode = "identity_not_found"
	ErrorCodeWeakPassword                      ErrorCode = "weak_password"
	ErrorCodeOverRequestRateLimit              ErrorCode = "over_request_rate_limit"
	ErrorCodeOverEmailSendRateLimit            ErrorCode = "over_email_send_rate_limit"
	ErrorCodeOverSMSSendRateLimit              ErrorCode = "over_sms_send_rate_limit"
	ErrorBadCodeVerifier                       ErrorCode = "bad_code_verifier"
	ErrorCodeAnonymousProviderDisabled         ErrorCode = "anonymous_provider_disabled"
	ErrorCodeHookTimeout                       ErrorCode = "hook_timeout"
	ErrorCodeHookTimeoutAfterRetry             ErrorCode = "hook_timeout_after_retry"
	ErrorCodeHookPayloadOverSizeLimit          ErrorCode = "hook_payload_over_size_limit"
	ErrorCodeHookPayloadInvalidContentType     ErrorCode = "hook_payload_invalid_content_type"
	ErrorCodeRequestTimeout                    ErrorCode = "request_timeout"
	ErrorCodeMFAPhoneEnrollDisabled            ErrorCode = "mfa_phone_enroll_not_enabled"
	ErrorCodeMFAPhoneVerifyDisabled            ErrorCode = "mfa_phone_verify_not_enabled"
	ErrorCodeMFATOTPEnrollDisabled             ErrorCode = "mfa_totp_enroll_not_enabled"
	ErrorCodeMFATOTPVerifyDisabled             ErrorCode = "mfa_totp_verify_not_enabled"
	ErrorCodeMFAWebAuthnEnrollDisabled         ErrorCode = "mfa_webauthn_enroll_not_enabled"
	ErrorCodeMFAWebAuthnVerifyDisabled         ErrorCode = "mfa_webauthn_verify_not_enabled"
	ErrorCodeMFAVerifiedFactorExists           ErrorCode = "mfa_verified_factor_exists"
	//#nosec G101 -- Not a secret value.
	ErrorCodeInvalidCredentials        ErrorCode = "invalid_credentials"
	ErrorCodeEmailAddressNotAuthorized ErrorCode = "email_address_not_authorized"
)

type ExternalProviderClaims 

type ExternalProviderClaims struct {
	AuthMicroserviceClaims
	Provider        string `json:"provider"`
	InviteToken     string `json:"invite_token,omitempty"`
	Referrer        string `json:"referrer,omitempty"`
	FlowStateID     string `json:"flow_state_id"`
	LinkingTargetID string `json:"linking_target_id,omitempty"`
}

ExternalProviderClaims are the JWT claims sent as the state in the external oauth provider signup flow

type FunctionHooks 

type FunctionHooks map[string][]string

func (*FunctionHooks) UnmarshalJSON 

func (f *FunctionHooks) UnmarshalJSON(b []byte) error

type GenerateLinkParams 

type GenerateLinkParams struct {
	Type       string                 `json:"type"`
	Email      string                 `json:"email"`
	NewEmail   string                 `json:"new_email"`
	Password   string                 `json:"password"`
	Data       map[string]interface{} `json:"data"`
	RedirectTo string                 `json:"redirect_to"`
}

type GenerateLinkResponse 

type GenerateLinkResponse struct {
	models.User
	ActionLink       string `json:"action_link"`
	EmailOtp         string `json:"email_otp"`
	HashedToken      string `json:"hashed_token"`
	VerificationType string `json:"verification_type"`
	RedirectTo       string `json:"redirect_to"`
}

type HTTPError 

type HTTPError struct {
	HTTPStatus      int    `json:"code"`                 // do not rename the JSON tags!
	ErrorCode       string `json:"error_code,omitempty"` // do not rename the JSON tags!
	Message         string `json:"msg"`                  // do not rename the JSON tags!
	InternalError   error  `json:"-"`
	InternalMessage string `json:"-"`
	ErrorID         string `json:"error_id,omitempty"`
}

HTTPError is an error with a message and an HTTP status code.

func (*HTTPError) Cause 

func (e *HTTPError) Cause() error

Cause returns the root cause error

func (*HTTPError) Error 

func (e *HTTPError) Error() string

func (*HTTPError) Is 

func (e *HTTPError) Is(target error) bool

func (*HTTPError) WithInternalError 

func (e *HTTPError) WithInternalError(err error) *HTTPError

WithInternalError adds internal error information to the error

func (*HTTPError) WithInternalMessage 

func (e *HTTPError) WithInternalMessage(fmtString string, args ...interface{}) *HTTPError

WithInternalMessage adds internal message information to the error

type HTTPErrorResponse20240101 

type HTTPErrorResponse20240101 struct {
	Code    ErrorCode `json:"code"`
	Message string    `json:"message"`
}

type HealthCheckResponse 

type HealthCheckResponse struct {
	Version     string `json:"version"`
	Name        string `json:"name"`
	Description string `json:"description"`
}

type IdTokenGrantParams 

type IdTokenGrantParams struct {
	IdToken     string `json:"id_token"`
	AccessToken string `json:"access_token"`
	Nonce       string `json:"nonce"`
	Provider    string `json:"provider"`
	ClientID    string `json:"client_id"`
	Issuer      string `json:"issuer"`
}

IdTokenGrantParams are the parameters the IdTokenGrant method accepts

type InviteParams 

type InviteParams struct {
	Email string                 `json:"email"`
	Data  map[string]interface{} `json:"data"`
}

InviteParams are the parameters the Signup endpoint accepts

type JwksResponse 

type JwksResponse struct {
	Keys []jwk.Key `json:"keys"`
}

type LimiterOptions 

type LimiterOptions struct {
	Email            *limiter.Limiter
	Phone            *limiter.Limiter
	Signups          *limiter.Limiter
	AnonymousSignIns *limiter.Limiter
	Recover          *limiter.Limiter
	Resend           *limiter.Limiter
	MagicLink        *limiter.Limiter
	Otp              *limiter.Limiter
	Token            *limiter.Limiter
	Verify           *limiter.Limiter
	User             *limiter.Limiter
	FactorVerify     *limiter.Limiter
	FactorChallenge  *limiter.Limiter
	SSO              *limiter.Limiter
	SAMLAssertion    *limiter.Limiter
}

func NewLimiterOptions 

func NewLimiterOptions(gc *conf.GlobalConfiguration) *LimiterOptions

type LogoutBehavior 

type LogoutBehavior string
const (
	LogoutGlobal LogoutBehavior = "global"
	LogoutLocal  LogoutBehavior = "local"
	LogoutOthers LogoutBehavior = "others"
)

type MagicLinkParams 

type MagicLinkParams struct {
	Email               string                 `json:"email"`
	Data                map[string]interface{} `json:"data"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

MagicLinkParams holds the parameters for a magic link request

func (*MagicLinkParams) Validate 

func (p *MagicLinkParams) Validate(a *API) error

type OAuthError 

type OAuthError struct {
	Err             string `json:"error"`
	Description     string `json:"error_description,omitempty"`
	InternalError   error  `json:"-"`
	InternalMessage string `json:"-"`
}

OAuthError is the JSON handler for OAuth2 error responses

func (*OAuthError) Cause 

func (e *OAuthError) Cause() error

Cause returns the root cause error

func (*OAuthError) Error 

func (e *OAuthError) Error() string

func (*OAuthError) WithInternalError 

func (e *OAuthError) WithInternalError(err error) *OAuthError

WithInternalError adds internal error information to the error

func (*OAuthError) WithInternalMessage 

func (e *OAuthError) WithInternalMessage(fmtString string, args ...interface{}) *OAuthError

WithInternalMessage adds internal message information to the error

type OAuthProviderData 

type OAuthProviderData struct {
	// contains filtered or unexported fields
}

OAuthProviderData contains the userData and token returned by the oauth provider

type Option 

type Option interface {
	// contains filtered or unexported methods
}

type OtpParams 

type OtpParams struct {
	Email               string                 `json:"email"`
	Phone               string                 `json:"phone"`
	CreateUser          bool                   `json:"create_user"`
	Data                map[string]interface{} `json:"data"`
	Channel             string                 `json:"channel"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

OtpParams contains the request body params for the otp endpoint

func (*OtpParams) Validate 

func (p *OtpParams) Validate() error

type PKCEGrantParams 

type PKCEGrantParams struct {
	AuthCode     string `json:"auth_code"`
	CodeVerifier string `json:"code_verifier"`
}

PKCEGrantParams are the parameters the PKCEGrant method accepts

type PasswordGrantParams 

type PasswordGrantParams struct {
	Email    string `json:"email"`
	Phone    string `json:"phone"`
	Password string `json:"password"`
}

PasswordGrantParams are the parameters the ResourceOwnerPasswordGrant method accepts

type ProviderSettings 

type ProviderSettings struct {
	AnonymousUsers bool `json:"anonymous_users"`
	Apple          bool `json:"apple"`
	Azure          bool `json:"azure"`
	Bitbucket      bool `json:"bitbucket"`
	Discord        bool `json:"discord"`
	Facebook       bool `json:"facebook"`
	Figma          bool `json:"figma"`
	Fly            bool `json:"fly"`
	GitHub         bool `json:"github"`
	GitLab         bool `json:"gitlab"`
	Google         bool `json:"google"`
	Keycloak       bool `json:"keycloak"`
	Kakao          bool `json:"kakao"`
	Linkedin       bool `json:"linkedin"`
	LinkedinOIDC   bool `json:"linkedin_oidc"`
	Notion         bool `json:"notion"`
	Spotify        bool `json:"spotify"`
	Slack          bool `json:"slack"`
	SlackOIDC      bool `json:"slack_oidc"`
	WorkOS         bool `json:"workos"`
	Twitch         bool `json:"twitch"`
	Twitter        bool `json:"twitter"`
	Email          bool `json:"email"`
	Phone          bool `json:"phone"`
	Zoom           bool `json:"zoom"`
}

type RecoverParams 

type RecoverParams struct {
	Email               string `json:"email"`
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
}

RecoverParams holds the parameters for a password recovery request

func (*RecoverParams) Validate 

func (p *RecoverParams) Validate(a *API) error

type RefreshTokenGrantParams 

type RefreshTokenGrantParams struct {
	RefreshToken string `json:"refresh_token"`
}

RefreshTokenGrantParams are the parameters the RefreshTokenGrant method accepts

type RequestParams 

type RequestParams interface {
	AdminUserParams |
		CreateSSOProviderParams |
		EnrollFactorParams |
		GenerateLinkParams |
		IdTokenGrantParams |
		InviteParams |
		OtpParams |
		PKCEGrantParams |
		PasswordGrantParams |
		RecoverParams |
		RefreshTokenGrantParams |
		ResendConfirmationParams |
		SignupParams |
		SingleSignOnParams |
		SmsParams |
		UserUpdateParams |
		VerifyFactorParams |
		VerifyParams |
		adminUserUpdateFactorParams |
		ChallengeFactorParams |
		struct {
			Email string `json:"email"`
			Phone string `json:"phone"`
		} |
		struct {
			Email string `json:"email"`
		}
}

type ResendConfirmationParams 

type ResendConfirmationParams struct {
	Type  string `json:"type"`
	Email string `json:"email"`
	Phone string `json:"phone"`
}

ResendConfirmationParams holds the parameters for a resend request

func (*ResendConfirmationParams) Validate 

func (p *ResendConfirmationParams) Validate(a *API) error

type SAMLAssertion 

type SAMLAssertion struct {
	*saml.Assertion
}

func (*SAMLAssertion) Attribute 

func (a *SAMLAssertion) Attribute(name string) []saml.AttributeValue

Attribute returns the first matching attribute value in the attribute statements where name equals the official SAML attribute Name or FriendlyName. Returns nil if such an attribute can't be found.

func (*SAMLAssertion) Email 

func (a *SAMLAssertion) Email() string

Email returns the best guess for an email address.

func (*SAMLAssertion) NotAfter 

func (a *SAMLAssertion) NotAfter() time.Time

NotAfter extracts the time at which or after this assertion should not be considered.

func (*SAMLAssertion) NotBefore 

func (a *SAMLAssertion) NotBefore() time.Time

NotBefore extracts the time before which this assertion should not be considered.

func (*SAMLAssertion) Process 

func (a *SAMLAssertion) Process(mapping models.SAMLAttributeMapping) map[string]interface{}

Process processes this assertion according to the SAMLAttributeMapping. Never returns nil.

func (*SAMLAssertion) SubjectID 

func (a *SAMLAssertion) SubjectID() (string, bool)

SubjectID returns the user identifier in present in the Subject section of the SAML assertion. Note that this way of identifying the Subject is generally superseded by the SAMLSubjectIDAttributeName assertion attribute; tho must be present in all assertions. It can have a few formats, of which the most important are: saml.EmailAddressNameIDFormat (meaning the user ID is an email address), saml.PersistentNameIDFormat (the user ID is an opaque string that does not change with each assertion, e.g. UUID), saml.TransientNameIDFormat (the user ID changes with each assertion -- can't be used to identify a user). The boolean returned identifies if the user ID is persistent. If it's an email address, it's lowercased just in case.

func (*SAMLAssertion) UserID 

func (a *SAMLAssertion) UserID() string

UserID returns the best choice for a persistent user identifier on the Identity Provider side. Don't assume the format of the string returned, as it's Identity Provider specific.

type Settings 

type Settings struct {
	ExternalProviders ProviderSettings `json:"external"`
	DisableSignup     bool             `json:"disable_signup"`
	MailerAutoconfirm bool             `json:"mailer_autoconfirm"`
	PhoneAutoconfirm  bool             `json:"phone_autoconfirm"`
	SmsProvider       string           `json:"sms_provider"`
	SAMLEnabled       bool             `json:"saml_enabled"`
}

type SharedLimiter 

type SharedLimiter struct {
	EmailLimiter *limiter.Limiter
	PhoneLimiter *limiter.Limiter
}

type SignupParams 

type SignupParams struct {
	Email               string                 `json:"email"`
	Phone               string                 `json:"phone"`
	Password            string                 `json:"password"`
	Data                map[string]interface{} `json:"data"`
	Provider            string                 `json:"-"`
	Aud                 string                 `json:"-"`
	Channel             string                 `json:"channel"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

SignupParams are the parameters the Signup endpoint accepts

func (*SignupParams) ConfigureDefaults 

func (p *SignupParams) ConfigureDefaults()

func (*SignupParams) ToUserModel 

func (params *SignupParams) ToUserModel(isSSOUser bool) (user *models.User, err error)

type SingleSignOnParams 

type SingleSignOnParams struct {
	ProviderID          uuid.UUID `json:"provider_id"`
	Domain              string    `json:"domain"`
	RedirectTo          string    `json:"redirect_to"`
	SkipHTTPRedirect    *bool     `json:"skip_http_redirect"`
	CodeChallenge       string    `json:"code_challenge"`
	CodeChallengeMethod string    `json:"code_challenge_method"`
}

type SingleSignOnResponse 

type SingleSignOnResponse struct {
	URL string `json:"url"`
}

type SmsOtpResponse 

type SmsOtpResponse struct {
	MessageID string `json:"message_id,omitempty"`
}

type SmsParams 

type SmsParams struct {
	Phone               string                 `json:"phone"`
	Channel             string                 `json:"channel"`
	Data                map[string]interface{} `json:"data"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

SmsParams contains the request body params for sms otp

func (*SmsParams) Validate 

func (p *SmsParams) Validate(config *conf.GlobalConfiguration) error

type TOTPObject 

type TOTPObject struct {
	QRCode string `json:"qr_code,omitempty"`
	Secret string `json:"secret,omitempty"`
	URI    string `json:"uri,omitempty"`
}

type UnenrollFactorResponse 

type UnenrollFactorResponse struct {
	ID uuid.UUID `json:"id"`
}

type UserUpdateParams 

type UserUpdateParams struct {
	Email               string                 `json:"email"`
	Password            *string                `json:"password"`
	Nonce               string                 `json:"nonce"`
	Data                map[string]interface{} `json:"data"`
	AppData             map[string]interface{} `json:"app_metadata,omitempty"`
	Phone               string                 `json:"phone"`
	Channel             string                 `json:"channel"`
	CodeChallenge       string                 `json:"code_challenge"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
}

UserUpdateParams parameters for updating a user

type VerifyFactorParams 

type VerifyFactorParams struct {
	ChallengeID uuid.UUID       `json:"challenge_id"`
	Code        string          `json:"code"`
	WebAuthn    *WebAuthnParams `json:"web_authn,omitempty"`
}

type VerifyParams 

type VerifyParams struct {
	Type       string `json:"type"`
	Token      string `json:"token"`
	TokenHash  string `json:"token_hash"`
	Email      string `json:"email"`
	Phone      string `json:"phone"`
	RedirectTo string `json:"redirect_to"`
}

VerifyParams are the parameters the Verify endpoint accepts

func (*VerifyParams) Validate 

func (p *VerifyParams) Validate(r *http.Request, a *API) error

type WeakPasswordError 

type WeakPasswordError struct {
	Message string   `json:"message,omitempty"`
	Reasons []string `json:"reasons,omitempty"`
}

WeakPasswordError encodes an error that a password does not meet strength requirements. It is handled specially in errors.go as it gets transformed to a HTTPError with a special weak_password field that encodes the Reasons slice.

func (*WeakPasswordError) Error 

func (e *WeakPasswordError) Error() string

type WebAuthnParams 

type WebAuthnParams struct {
	RPID string `json:"rp_id,omitempty"`
	// Can encode multiple origins as comma separated values like: "origin1,origin2"
	RPOrigins         string          `json:"rp_origins,omitempty"`
	AssertionResponse json.RawMessage `json:"assertion_response,omitempty"`
	CreationResponse  json.RawMessage `json:"creation_response,omitempty"`
}

func (*WebAuthnParams) GetRPOrigins 

func (w *WebAuthnParams) GetRPOrigins() []string

func (*WebAuthnParams) ToConfig 

func (w *WebAuthnParams) ToConfig() (*webauthn.WebAuthn, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.