Documentation
¶
Index ¶
- Variables
- type Account
- type AuditLog
- type AuditLogConsole
- type AuditLogStorage
- type Config
- type Cookie
- type Cors
- type Database
- type Email
- type Emails
- type LoggerConfig
- type OutputStream
- type Passcode
- type Password
- type RateLimiter
- type RateLimiterStoreType
- type RateLimits
- type RedisConfig
- type RelyingParty
- type SMTP
- type Secrets
- type Server
- type ServerSettings
- type Service
- type Session
- type ThirdParty
- type ThirdPartyProvider
- type ThirdPartyProviders
- type WebauthnSettings
Constants ¶
This section is empty.
Variables ¶
View Source
var (
DefaultConfigFilePath = "./config/config.yaml"
)
Functions ¶
This section is empty.
Types ¶
type Account ¶ added in v0.6.0
type Account struct {
// Allow Deletion indicates if a user can perform self-service deletion
AllowDeletion bool `yaml:"allow_deletion" json:"allow_deletion,omitempty" koanf:"allow_deletion" jsonschema:"default=false"`
AllowSignup bool `yaml:"allow_signup" json:"allow_signup,omitempty" koanf:"allow_signup" jsonschema:"default=true"`
}
type AuditLog ¶
type AuditLog struct {
ConsoleOutput AuditLogConsole `yaml:"console_output" json:"console_output,omitempty" koanf:"console_output" split_words:"true"`
Storage AuditLogStorage `yaml:"storage" json:"storage,omitempty" koanf:"storage"`
}
type AuditLogConsole ¶
type AuditLogConsole struct {
Enabled bool `yaml:"enabled" json:"enabled,omitempty" koanf:"enabled" jsonschema:"default=true"`
OutputStream OutputStream `yaml:"output" json:"output,omitempty" koanf:"output" split_words:"true" jsonschema:"default=stdout,enum=stdout,enum=stderr"`
}
type AuditLogStorage ¶
type AuditLogStorage struct {
Enabled bool `yaml:"enabled" json:"enabled,omitempty" koanf:"enabled" jsonschema:"default=false"`
}
type Config ¶
type Config struct {
Server Server `yaml:"server" json:"server,omitempty" koanf:"server"`
Webauthn WebauthnSettings `yaml:"webauthn" json:"webauthn,omitempty" koanf:"webauthn"`
Passcode Passcode `yaml:"passcode" json:"passcode" koanf:"passcode"`
Password Password `yaml:"password" json:"password,omitempty" koanf:"password"`
Database Database `yaml:"database" json:"database" koanf:"database"`
Secrets Secrets `yaml:"secrets" json:"secrets" koanf:"secrets"`
Service Service `yaml:"service" json:"service" koanf:"service"`
Session Session `yaml:"session" json:"session,omitempty" koanf:"session"`
AuditLog AuditLog `yaml:"audit_log" json:"audit_log,omitempty" koanf:"audit_log" split_words:"true"`
Emails Emails `yaml:"emails" json:"emails,omitempty" koanf:"emails"`
RateLimiter RateLimiter `yaml:"rate_limiter" json:"rate_limiter,omitempty" koanf:"rate_limiter" split_words:"true"`
ThirdParty ThirdParty `yaml:"third_party" json:"third_party,omitempty" koanf:"third_party" split_words:"true"`
Log LoggerConfig `yaml:"log" json:"log,omitempty" koanf:"log"`
Account Account `yaml:"account" json:"account,omitempty" koanf:"account"`
Saml config.Saml `yaml:"saml" json:"saml,omitempty" koanf:"saml"`
}
Config is the central configuration type
func DefaultConfig ¶
func DefaultConfig() *Config
func (*Config) PostProcess ¶ added in v0.5.0
type Cookie ¶
type Cookie struct {
Name string `yaml:"name" json:"name,omitempty" koanf:"name" jsonschema:"default=hanko"`
Domain string `yaml:"domain" json:"domain,omitempty" koanf:"domain"`
HttpOnly bool `yaml:"http_only" json:"http_only,omitempty" koanf:"http_only" split_words:"true"`
SameSite string `yaml:"same_site" json:"same_site,omitempty" koanf:"same_site" split_words:"true"`
Secure bool `yaml:"secure" json:"secure,omitempty" koanf:"secure"`
}
type Cors ¶
type Cors struct {
// AllowOrigins determines the value of the Access-Control-Allow-Origin
// response header. This header defines a list of origins that may access the
// resource. The wildcard characters '*' and '?' are supported and are
// converted to regex fragments '.*' and '.' accordingly.
AllowOrigins []string `yaml:"allow_origins" json:"allow_origins" koanf:"allow_origins" split_words:"true"`
// UnsafeWildcardOriginWithAllowCredentials UNSAFE/INSECURE: allows wildcard '*' origin to be used with AllowCredentials
// flag. In that case we consider any origin allowed and send it back to the client with `Access-Control-Allow-Origin` header.
//
// This is INSECURE and potentially leads to [cross-origin](https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)
// attacks. See: https://github.com/labstack/echo/issues/2400 for discussion on the subject.
//
// Optional. Default value is false.
UnsafeWildcardOriginAllowed bool `` /* 170-byte string literal not displayed */
}
type Database ¶
type Database struct {
Database string `yaml:"database" json:"database,omitempty" koanf:"database" jsonschema:"default=hanko" jsonschema:"oneof_required=config"`
User string `yaml:"user" json:"user,omitempty" koanf:"user" jsonschema:"oneof_required=config"`
Password string `yaml:"password" json:"password,omitempty" koanf:"password" jsonschema:"oneof_required=config"`
Host string `yaml:"host" json:"host,omitempty" koanf:"host" jsonschema:"oneof_required=config"`
Port string `yaml:"port" json:"port,omitempty" koanf:"port" jsonschema:"oneof_required=config,oneof_type=string;integer"`
Dialect string `` /* 130-byte string literal not displayed */
Url string `yaml:"url" json:"url,omitempty" koanf:"url" jsonschema:"oneof_required=url"`
}
Database connection settings
type Email ¶
type LoggerConfig ¶ added in v0.5.0
type LoggerConfig struct {
LogHealthAndMetrics bool `` /* 126-byte string literal not displayed */
}
type OutputStream ¶
type OutputStream string
var ( OutputStreamStdOut OutputStream = "stdout" OutputStreamStdErr OutputStream = "stderr" )
type Passcode ¶
type RateLimiter ¶
type RateLimiter struct {
Enabled bool `yaml:"enabled" json:"enabled,omitempty" koanf:"enabled" jsonschema:"default=true"`
Store RateLimiterStoreType `yaml:"store" json:"store,omitempty" koanf:"store" jsonschema:"default=in_memory,enum=in_memory,enum=redis"`
Redis *RedisConfig `yaml:"redis_config" json:"redis_config,omitempty" koanf:"redis_config"`
PasscodeLimits RateLimits `yaml:"passcode_limits" json:"passcode_limits,omitempty" koanf:"passcode_limits" split_words:"true"`
PasswordLimits RateLimits `yaml:"password_limits" json:"password_limits,omitempty" koanf:"password_limits" split_words:"true"`
TokenLimits RateLimits `yaml:"token_limits" json:"token_limits,omitempty" koanf:"token_limits" split_words:"true"`
}
func (*RateLimiter) Validate ¶
func (r *RateLimiter) Validate() error
type RateLimiterStoreType ¶
type RateLimiterStoreType string
const ( RATE_LIMITER_STORE_IN_MEMORY RateLimiterStoreType = "in_memory" RATE_LIMITER_STORE_REDIS = "redis" )
type RateLimits ¶
type RedisConfig ¶
type RelyingParty ¶
type RelyingParty struct {
Id string `yaml:"id" json:"id,omitempty" koanf:"id" jsonschema:"default=localhost"`
DisplayName string `` /* 139-byte string literal not displayed */
Icon string `yaml:"icon" json:"icon,omitempty" koanf:"icon"`
Origins []string `yaml:"origins" json:"origins,omitempty" koanf:"origins" jsonschema:"minItems=1,default=http://localhost:8888"`
}
RelyingParty webauthn settings for your application using hanko.
type SMTP ¶
type SMTP struct {
Host string `yaml:"host" json:"host" koanf:"host"`
Port string `yaml:"port" json:"port,omitempty" koanf:"port" jsonschema:"default=465,oneof_type=string;integer"`
User string `yaml:"user" json:"user,omitempty" koanf:"user"`
Password string `yaml:"password" json:"password,omitempty" koanf:"password"`
}
SMTP Server Settings for sending passcodes
type Secrets ¶
type Secrets struct {
// Keys secrets are used to en- and decrypt the JWKs which get used to sign the JWTs.
// For every key a JWK is generated, encrypted with the key and persisted in the database.
//
// You can use this list for key rotation: add a new key to the beginning of the list and the corresponding
// JWK will then be used for signing JWTs. All tokens signed with the previous JWK(s) will still
// be valid until they expire. Removing a key from the list does not remove the corresponding
// database record. If you remove a key, you also have to remove the database record, otherwise
// application startup will fail.
//
// Each key must be at least 16 characters long.
Keys []string `yaml:"keys" json:"keys" koanf:"keys" jsonschema:"minItems=1"`
}
type Server ¶
type Server struct {
Public ServerSettings `yaml:"public" json:"public,omitempty" koanf:"public"`
Admin ServerSettings `yaml:"admin" json:"admin,omitempty" koanf:"admin"`
}
Server contains the setting for the public and admin server
type ServerSettings ¶
type ServerSettings struct {
// The Address to listen on in the form of host:port
// See net.Dial for details of the address format.
Address string `yaml:"address" json:"address,omitempty" koanf:"address"`
Cors Cors `yaml:"cors" json:"cors,omitempty" koanf:"cors"`
}
func (*ServerSettings) Validate ¶
func (s *ServerSettings) Validate() error
type Session ¶
type Session struct {
EnableAuthTokenHeader bool `` /* 152-byte string literal not displayed */
// Lifespan, possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix,
// such as "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
Lifespan string `yaml:"lifespan" json:"lifespan,omitempty" koanf:"lifespan" jsonschema:"default=1h"`
Cookie Cookie `yaml:"cookie" json:"cookie,omitempty" koanf:"cookie"`
// Issuer optional string to be used in the jwt iss claim.
Issuer string `yaml:"issuer" json:"issuer,omitempty" koanf:"issuer"`
// Audience optional []string containing strings which get put into the aud claim. If not set default to Webauthn.RelyingParty.Id config parameter.
Audience []string `yaml:"audience" json:"audience,omitempty" koanf:"audience"`
}
type ThirdParty ¶ added in v0.5.0
type ThirdParty struct {
Providers ThirdPartyProviders `yaml:"providers" json:"providers,omitempty" koanf:"providers"`
RedirectURL string `yaml:"redirect_url" json:"redirect_url,omitempty" koanf:"redirect_url" split_words:"true"`
ErrorRedirectURL string `yaml:"error_redirect_url" json:"error_redirect_url,omitempty" koanf:"error_redirect_url" split_words:"true"`
AllowedRedirectURLS []string `yaml:"allowed_redirect_urls" json:"allowed_redirect_urls,omitempty" koanf:"allowed_redirect_urls" split_words:"true"`
AllowedRedirectURLMap map[string]glob.Glob `jsonschema:"-"`
}
func (*ThirdParty) PostProcess ¶ added in v0.5.0
func (t *ThirdParty) PostProcess() error
func (*ThirdParty) Validate ¶ added in v0.5.0
func (t *ThirdParty) Validate() error
type ThirdPartyProvider ¶ added in v0.5.0
type ThirdPartyProvider struct {
Enabled bool `yaml:"enabled" json:"enabled" koanf:"enabled"`
ClientID string `yaml:"client_id" json:"client_id" koanf:"client_id" split_words:"true"`
Secret string `yaml:"secret" json:"secret" koanf:"secret"`
}
func (*ThirdPartyProvider) Validate ¶ added in v0.5.0
func (p *ThirdPartyProvider) Validate() error
type ThirdPartyProviders ¶ added in v0.5.0
type ThirdPartyProviders struct {
Google ThirdPartyProvider `yaml:"google" json:"google,omitempty" koanf:"google"`
GitHub ThirdPartyProvider `yaml:"github" json:"github,omitempty" koanf:"github"`
Apple ThirdPartyProvider `yaml:"apple" json:"apple,omitempty" koanf:"apple"`
}
func (*ThirdPartyProviders) Get ¶ added in v0.5.0
func (p *ThirdPartyProviders) Get(provider string) *ThirdPartyProvider
func (*ThirdPartyProviders) HasEnabled ¶ added in v0.5.0
func (p *ThirdPartyProviders) HasEnabled() bool
func (*ThirdPartyProviders) Validate ¶ added in v0.5.0
func (p *ThirdPartyProviders) Validate() error
type WebauthnSettings ¶
type WebauthnSettings struct {
RelyingParty RelyingParty `yaml:"relying_party" json:"relying_party,omitempty" koanf:"relying_party" split_words:"true"`
Timeout int `yaml:"timeout" json:"timeout,omitempty" koanf:"timeout" jsonschema:"default=60000"`
UserVerification string `` /* 181-byte string literal not displayed */
}
WebauthnSettings defines the settings for the webauthn authentication mechanism
func (*WebauthnSettings) Validate ¶
func (r *WebauthnSettings) Validate() error
Validate does not need to validate the config, because the library does this already
Source Files
Click to show internal directories.
Click to hide internal directories.