Documentation ¶
Index ¶
- Constants
- Variables
- func BlacklistAAGUIDs(ctx context.Context, db db.DB) (util.StringSet, error)
- func Migrate(db *gorm.DB) error
- func WhitelistAAGUIDs(ctx context.Context, db db.DB) (util.StringSet, error)
- type AAGUID
- type AuditEntry
- type CAKey
- type FIDOKey
- func (fk *FIDOKey) AllowedUpdateFields() map[string]bool
- func (fk *FIDOKey) ApplyChanges(values map[string]string) (string, error)
- func (FIDOKey) TableName() string
- func (fk *FIDOKey) TouchLastUsed(ctx context.Context, db db.DB) error
- func (fk *FIDOKey) Update(ctx context.Context, db db.DB, values map[string]string) (string, error)
- type Principal
- func NewPrincipal(id string, username string, state string, displayName string, icon string) *Principal
- func PrincipalByID(ctx context.Context, db db.DB, id string, preload bool) (*Principal, error)
- func PrincipalByUsername(ctx context.Context, db db.DB, username string, preload bool) (*Principal, error)
- func Principals(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*Principal, int64, error)
- func (p *Principal) AddFIDOKey(fk *FIDOKey) error
- func (p *Principal) AllowedUpdateFields() map[string]bool
- func (p *Principal) ApplyChanges(values map[string]string) (string, error)
- func (p *Principal) BeforeCreate(scope *gorm.Scope) error
- func (p *Principal) CredentialList() []protocol.CredentialDescriptor
- func (p *Principal) Insert(ctx context.Context, db db.DB) error
- func (p *Principal) Update(ctx context.Context, db db.DB, values map[string]string) (string, error)
- func (p *Principal) WebAuthnCredentials() []webauthn.Credential
- func (p *Principal) WebAuthnDisplayName() string
- func (p *Principal) WebAuthnID() []byte
- func (p *Principal) WebAuthnIcon() string
- func (p *Principal) WebAuthnName() string
- type Session
- type State
Constants ¶
const ( SessionTTL = 40 CollectionSessions = "sessions" )
Constants for KV
const ( Issued State = iota Active Revoked StateIssued = "issued" StateActive = "active" StateRevoked = "revoked" )
Constants for State
Variables ¶
var ErrRecordNotFound error = gorm.ErrRecordNotFound
ErrRecordNotFound : localize "record not found" to model package.
Functions ¶
func BlacklistAAGUIDs ¶
BlacklistAAGUIDs returns a list of all AAGUIDs that are in the blacklist.
Types ¶
type AAGUID ¶
type AAGUID struct { ID string `json:"id"` Label string `json:"label" gorm:"index"` State string `json:"state" gorm:"index"` Metadata []byte `json:"metadata"` }
AAGUID represents a Authenticator Attestation GUID. AAGUIDs uniquely identify a group (>100k) of authenticators. See https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-statement-v2.0-rd-20180702.html
You can control whitelisting and blacklisting of AAGUIDs by updating an AAGUID's `State` variable. For instance, to block a AAGUID, update the record's State variable to 'revoked'. This will prevent any authenticator with that AAGUID from authenticating. To whitelist one or more AAGUIDs, update a record's State variable to 'active'. Once one or more records have an 'active' State, a whitelist is, in effect, created; authenticators with other AAGUIDs will not be able to authenticate. If `State` is empty or `issued`, the authenticator is neither explicitly blacklisted nor whitelisted.
func AAGUIDByID ¶
AAGUIDByID returns a stored AAGUID by ID.
func (*AAGUID) AllowedUpdateFields ¶
AllowedUpdateFields returns the fields that are mutable.
func (*AAGUID) ApplyChanges ¶
ApplyChanges updates the object with values found in the map and returns a description of the changes.
type AuditEntry ¶
type AuditEntry struct { ID int64 `json:"id" gorm:"auto_increment;unique_index"` Group string `json:"group" gorm:"index"` Anomaly string `json:"anomaly" gorm:"index"` FidoKeyID string `json:"fidoKeyId" gorm:"index"` FidoAAGUID string `json:"fidoAAGUID" gorm:"index"` PrincipalID string `json:"principalId" gorm:"index"` PrincipalUsername string `json:"principalUsername" gorm:"index"` SessionID string `json:"sessionId" gorm:"index"` Action string `json:"action" gorm:"index"` Data string `json:"data,omitempty"` IPAddr string `json:"ipAaddr,omitempty" gorm:"index"` UserAgent string `json:"userAgent,omitempty"` Latitude float64 `json:"latitude"` Longitude float64 `json:"longitude"` Country string `json:"country,omitempty" gorm:"index"` Region string `json:"region,omitempty" gorm:"index"` City string `json:"city,omitempty" gorm:"index"` CreatedAt time.Time `json:"createdAt" gorm:"index"` }
AuditEntry defines auditing entries stored in the audit table.
func AuditEntries ¶
func AuditEntries(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*AuditEntry, int64, error)
AuditEntries returns audit entries.
func AuditEntryByID ¶
func AuditEntryByID(db *gorm.DB, id int64) (*AuditEntry, error)
AuditEntryByID retrieves audit entries by ID.
type CAKey ¶
type CAKey struct { // Ofte key handle ID string `json:"id"` FIDOKeyID string `gorm:"column:fidokey_id" json:"fidoKeyId"` PrincipalID string `gorm:"index" json:"principalId"` Raw []byte `json:"raw"` CreatedAt time.Time `gorm:"index" json:"createdAt"` ModifiedAt time.Time `gorm:"index" json:"modifiedAt"` }
CAKey represents an Ofte-specific key generated by an Ofte key device that implements continuous authentication. Only used when Ofte CA is integrated, see https://ofte.io.
type FIDOKey ¶
type FIDOKey struct { ID string `json:"id"` AAGUID string `json:"aaguid" gorm:"index"` State string `json:"state" gorm:"index"` CertCommonName string `json:"certCommonName" gorm:"index"` CertOrganization string `json:"certOrganization" gorm:"index"` CertSerial int64 `json:"certSerial" gorm:"index"` PrincipalID string `gorm:"index" json:"principalId"` PrincipalUsername string `gorm:"index" json:"username"` PublicKey []byte `json:"publicKey"` AttestationType string `json:"attestationType"` NotValidBefore time.Time `gorm:"index" json:"notValidBefore"` NotValidAfter time.Time `gorm:"index" json:"notValidAfter"` Nonce uint32 `json:"-"` CAKey *CAKey `json:"caKey,omitempty"` LastUsed time.Time `gorm:"index" json:"lastUsed"` CreatedAt time.Time `gorm:"index" json:"createdAt"` ModifiedAt time.Time `gorm:"index" json:"modifiedAt"` }
FIDOKey represents a FIDO key generated by an authenticator.
func FIDOKeyByID ¶
FIDOKeyByID returns a stored FIDO key by ID.
func (*FIDOKey) AllowedUpdateFields ¶
AllowedUpdateFields returns the fields that are mutable.
func (*FIDOKey) ApplyChanges ¶
ApplyChanges updates the object with values found in the map and returns the "delta" of the changes.
func (*FIDOKey) TouchLastUsed ¶
TouchLastUsed updates the last used field with the current time.
type Principal ¶
type Principal struct { ID string `json:"id"` Username string `gorm:"index" json:"username"` State string `gorm:"index" json:"state"` DisplayName string `json:"displayName"` Icon string `json:"icon"` CreatedAt time.Time `gorm:"index" json:"createdAt"` FIDOKeys []*FIDOKey `json:"fidoKeys,omitempty"` }
Principal identifies a person in the system. Only publicly available data is stored.
func NewPrincipal ¶
func NewPrincipal(id string, username string, state string, displayName string, icon string) *Principal
NewPrincipal creates a new Principal.
func PrincipalByID ¶
PrincipalByID returns a `Principal` by id.
func PrincipalByUsername ¶
func PrincipalByUsername(ctx context.Context, db db.DB, username string, preload bool) (*Principal, error)
PrincipalByUsername returns a `Principal` by username.
func Principals ¶
func Principals(ctx context.Context, dbConn db.DB, params *util.APIParams) ([]*Principal, int64, error)
Principals returns a list of principals.
func (*Principal) AllowedUpdateFields ¶
AllowedUpdateFields returns the fields that are mutable.
func (*Principal) ApplyChanges ¶
ApplyChanges updates the object with values found in the map and returns the "delta" of the changes.
func (*Principal) BeforeCreate ¶
BeforeCreate performs pre-insert steps.
func (*Principal) CredentialList ¶
func (p *Principal) CredentialList() []protocol.CredentialDescriptor
CredentialList returns an array filled with all the principal's credentials.
func (*Principal) WebAuthnCredentials ¶
func (p *Principal) WebAuthnCredentials() []webauthn.Credential
WebAuthnCredentials returns credentials owned by the user.
func (*Principal) WebAuthnDisplayName ¶
WebAuthnDisplayName return the principal's display name according to the RP.
func (*Principal) WebAuthnID ¶
WebAuthnID return the principal's ID according to the RP.
func (*Principal) WebAuthnIcon ¶
WebAuthnIcon return the principal's icon URL according to the RP.
func (*Principal) WebAuthnName ¶
WebAuthnName return the principal's username according to the RP.
type Session ¶
type Session struct { ID string PrincipalID string PrincipalUsername string FIDOKeyID string AAGUID string State string IPAddr string UserAgent string AgentSalt string // TBD: See https://github.com/ofte-auth/dogpark/issues/2 Nonce uint32 CreatedAt time.Time UpdatedAt time.Time }
Session represents a CA session.
func NewSession ¶
NewSession creates a CA session.
func SessionByID ¶
SessionByID gets a Session by its ID.
func Sessions ¶
func Sessions(ctx context.Context, manager store.Manager, params *util.APIParams) ([]*Session, int64, error)
Sessions returns sessions from the store.