security

package
v0.0.0-...-ec9e501 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 21, 2025 License: MIT, MIT Imports: 21 Imported by: 0

Documentation

Overview

Package security provides license validation and security features

Package security provides authentication, authorization, and SSL/TLS support

Index

Constants

View Source 
const (
	RoleAdmin  = "admin"
	RoleUser   = "user"
	RoleViewer = "viewer"
)

Role constants

Variables

View Source 
var ErrLicenseExpired = errors.New("license has expired")

ErrLicenseExpired is returned when the license has expired

View Source 
var ErrLicenseInvalid = errors.New("license is invalid")

ErrLicenseInvalid is returned when the license is invalid

View Source 
var ErrLicenseNotFound = errors.New("license file not found")

ErrLicenseNotFound is returned when the license file is not found

Functions

func GetTestTimeout 

func GetTestTimeout() time.Duration

GetTestTimeout returns an appropriate timeout duration for tests Uses a consistent timeout that's fast enough for CI but allows tests to complete

func HasFeature 

func HasFeature(license *License, feature string) bool

HasFeature checks if the license has a specific feature

func HasRole 

func HasRole(ctx context.Context, role string) bool

HasRole checks if the authenticated user has the specified role

func IsAdmin 

func IsAdmin(ctx context.Context) bool

IsAdmin checks if the authenticated user is an admin

func IsAuthenticated 

func IsAuthenticated(ctx context.Context) bool

IsAuthenticated checks if the context has an authenticated user

func RunWithTimeout 

func RunWithTimeout(t *testing.T, testFunc func(), timeout ...time.Duration)

RunWithTimeout runs a test function with a timeout If no timeout is provided, it uses the default from GetTestTimeout

func SecureCompare 

func SecureCompare(a, b string) bool

SecureCompare compares two strings in constant time

func ShouldSkipIntegrationTests 

func ShouldSkipIntegrationTests(t *testing.T) bool

ShouldSkipIntegrationTests returns true if integration tests should be skipped based on environment variables or test flags

func WithUser 

func WithUser(ctx context.Context, user User) context.Context

WithUser returns a new context with the given user

Types

type AuthConfig 

type AuthConfig struct {
	Enabled      bool   `json:"enabled"`
	UsersFile    string `json:"users_file"`
	APIKeyPath   string `json:"api_key_path"`
	InMemoryOnly bool   `json:"in_memory_only"` // If true, disables all file I/O for tests
}

AuthConfig represents authentication configuration

type AuthManager 

type AuthManager struct {
	// contains filtered or unexported fields
}

AuthManager handles authentication and authorization

func CreateTestAuthManager 

func CreateTestAuthManager() (*AuthManager, error)

CreateTestAuthManager creates an optimized AuthManager for testing with in-memory storage This is the recommended way to create an AuthManager for all tests

func NewAuthManager 

func NewAuthManager(config AuthConfig) (*AuthManager, error)

NewAuthManager creates a new AuthManager

func (*AuthManager) AuthMiddleware 

func (am *AuthManager) AuthMiddleware() interface{}

AuthMiddleware is a stub for CLI-only compatibility

func (*AuthManager) Authenticate 

func (am *AuthManager) Authenticate(username, password string) (bool, error)

Authenticate authenticates a user with username and password

func (*AuthManager) AuthenticateWithAPIKey 

func (am *AuthManager) AuthenticateWithAPIKey(apiKey string) (User, error)

AuthenticateWithAPIKey authenticates a user with an API key

func (*AuthManager) CheckUserRole 

func (am *AuthManager) CheckUserRole(user User, roles ...string) bool

CheckUserRole checks if a user has one of the specified roles

func (*AuthManager) CreateUser 

func (am *AuthManager) CreateUser(user User, password string) error

CreateUser creates a new user

func (*AuthManager) DeleteUser 

func (am *AuthManager) DeleteUser(username string) error

DeleteUser deletes a user

func (*AuthManager) GetAPIKey 

func (am *AuthManager) GetAPIKey(username string) (string, bool)

GetAPIKey returns the API key for a user

func (*AuthManager) GetUser 

func (am *AuthManager) GetUser(username string) (User, error)

GetUser returns a user by username

func (*AuthManager) GetUsers 

func (am *AuthManager) GetUsers() ([]User, error)

GetUsers returns all users

func (*AuthManager) Login 

func (am *AuthManager) Login(username, password string) (string, error)

Login authenticates a user with username and password and returns an API key

func (*AuthManager) RefreshAPIKey 

func (am *AuthManager) RefreshAPIKey(username string) (string, error)

RefreshAPIKey generates a new API key for the specified user

func (*AuthManager) RefreshToken 

func (am *AuthManager) RefreshToken(token string) (string, error)

RefreshToken refreshes a token (API key)

func (*AuthManager) RegenerateAPIKey 

func (am *AuthManager) RegenerateAPIKey(username string) (string, error)

RegenerateAPIKey regenerates a user's API key

func (*AuthManager) RoleMiddleware 

func (am *AuthManager) RoleMiddleware(roles ...string) interface{}

RoleMiddleware is a stub for CLI-only compatibility

func (*AuthManager) UpdateUser 

func (am *AuthManager) UpdateUser(username string, updates map[string]interface{}) error

UpdateUser updates an existing user

func (*AuthManager) ValidateAPIKey 

func (am *AuthManager) ValidateAPIKey(apiKey string) (User, error)

ValidateAPIKey validates an API key and returns the associated user

func (*AuthManager) ValidateToken 

func (am *AuthManager) ValidateToken(token string) (bool, error)

ValidateToken validates a token (API key) and returns the username

type CertManager 

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager handles SSL certificates for CLI tools

func NewCertManager 

func NewCertManager(config SSLConfig) *CertManager

NewCertManager creates a new CertManager

func (*CertManager) GenerateSelfSignedCertForTest 

func (cm *CertManager) GenerateSelfSignedCertForTest() error

GenerateSelfSignedCertForTest is a helper method for tests to generate a self-signed certificate

func (*CertManager) GetCertificatePath 

func (cm *CertManager) GetCertificatePath() string

GetCertificatePath returns the path to the certificate file

func (*CertManager) GetKeyPath 

func (cm *CertManager) GetKeyPath() string

GetKeyPath returns the path to the key file

func (*CertManager) GetTLSConfig 

func (cm *CertManager) GetTLSConfig() (*tls.Config, error)

GetTLSConfig returns a TLS configuration

type License 

type License struct {
	Token     string    `json:"token"`
	Issued    time.Time `json:"issued"`
	Expires   time.Time `json:"expires"`
	Customer  string    `json:"customer"`
	Plan      string    `json:"plan"`
	Features  []string  `json:"features"`
	Signature string    `json:"signature"`
}

License represents a Nessi license

func ValidateLicense 

func ValidateLicense() (*License, error)

ValidateLicense validates the license file

type LicenseClaims 

type LicenseClaims struct {
	jwt.RegisteredClaims
	Customer string   `json:"customer"`
	Plan     string   `json:"plan"`
	Features []string `json:"features"`
}

LicenseClaims represents the JWT claims in a license token

type SSLConfig 

type SSLConfig struct {
	Enabled      bool   `json:"enabled"`
	CertPath     string `json:"cert_path"`
	KeyPath      string `json:"key_path"`
	CertFile     string `json:"cert_file"`
	KeyFile      string `json:"key_file"`
	AutoGenerate bool   `json:"auto_generate"`
}

Additional SSL configuration fields used internally SSLConfig represents SSL configuration options

type SSLManager 

type SSLManager struct {
	Config SSLConfig
}

SSLManager manages SSL/TLS configuration

type SecurityConfig 

type SecurityConfig struct {
	Auth AuthConfig `json:"auth"`
	SSL  SSLConfig  `json:"ssl"`
}

SecurityConfig defines the security configuration

type SecurityManager 

type SecurityManager struct {
	AuthManager *AuthManager
	SSLManager  *SSLManager
}

SecurityManager manages authentication and authorization

func CreateTestSecurityManager 

func CreateTestSecurityManager() *SecurityManager

CreateTestSecurityManager creates a SecurityManager for testing This wraps CreateTestAuthManager for legacy tests

func New 

func New(apiKeyPath string) *SecurityManager

New creates a new SecurityManager instance that wraps AuthManager

func NewSecurityManager 

func NewSecurityManager(config SecurityConfig) (*SecurityManager, error)

NewSecurityManager creates a new SecurityManager

func (*SecurityManager) AddUser 

func (s *SecurityManager) AddUser(username, password string, roles []string) error

AddUser adds a new user

func (*SecurityManager) CreateAPIKey 

func (s *SecurityManager) CreateAPIKey(username string) (string, error)

CreateAPIKey creates a new API key for a user

func (*SecurityManager) GetAPIKeyForUser 

func (s *SecurityManager) GetAPIKeyForUser(username string) (string, error)

GetAPIKeyForUser returns the API key for a user

func (*SecurityManager) ValidateAPIKey 

func (s *SecurityManager) ValidateAPIKey(apiKey string) (string, error)

ValidateAPIKey validates an API key

type User 

type User struct {
	Username    string    `json:"username"`
	Password    string    `json:"password,omitempty"` // Hashed password, not exposed in JSON
	Email       string    `json:"email"`
	Role        string    `json:"role"`
	APIKey      string    `json:"api_key,omitempty"` // API key, not exposed in JSON
	LastLogin   time.Time `json:"last_login,omitempty"`
	DateCreated time.Time `json:"date_created"`
}

User represents a user account

func UserFromContext 

func UserFromContext(ctx context.Context) (User, bool)

UserFromContext returns the user from the context

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.