Documentation ¶
Index ¶
- Variables
- func HTTPApp(ctx context.Context)
- func LoadStatsFromRedis()
- func SaveStatsToRedis()
- type AccountList
- type AccountListMap
- type AccountListOption
- type AddTOTPSecretFunc
- type ApiConfig
- type Authentication
- type ClaimHandler
- type ConsentPageData
- type Done
- type FlushRuleCmd
- type FlushRuleCmdStatus
- type FlushUserCmd
- type FlushUserCmdStatus
- type HomePageData
- type JSONRequest
- type Language
- type LoginPageData
- type LogoutPageData
- type MFA
- type Metric
- type NginxBackendServer
- type NotifyPageData
- type PassDBMap
- type PassDBOption
- type PassDBResult
- type RESTResult
- type Scope
- type TOTPPageData
- type TOTPSecret
- type TwoFactorData
- type WebAuthn
- type WebAuthnCredentialDBFunc
Constants ¶
This section is empty.
Variables ¶
var ( HTTPEndChan chan Done //nolint:gochecknoglobals // Quit-Channel for HTTP on shutdown LangBundle *i18n.Bundle //nolint:gochecknoglobals // System wide i18n bundle )
var NginxBackendServers = NewNginxBackendServer()
Functions ¶
func HTTPApp ¶
HTTPApp is a function that starts the HTTP server and sets up the necessary middlewares and endpoints. It takes a context.Context parameter.
func LoadStatsFromRedis ¶
func LoadStatsFromRedis()
LoadStatsFromRedis loads the prometheus statistics at startup from a Redis server.
func SaveStatsToRedis ¶
func SaveStatsToRedis()
SaveStatsToRedis saves the prometheus statistics to a Redis server.
Types ¶
type AccountList ¶
type AccountList []string
AccountList is a slice of strings containing the list of all user accounts.
type AccountListMap ¶
type AccountListMap struct {
// contains filtered or unexported fields
}
AccountListMap is a struct type that represents a mapping between a backend and an account list option function for authentication.
type AccountListOption ¶
type AccountListOption func(a *Authentication) (AccountList, error)
AccountListOption is the function signature for an account Database.
type AddTOTPSecretFunc ¶
type AddTOTPSecretFunc func(auth *Authentication, totp *TOTPSecret) (err error)
AddTOTPSecretFunc is a function signature that takes a *Authentication and *TOTPSecret as arguments and returns an error.
type ApiConfig ¶
type ApiConfig struct {
// contains filtered or unexported fields
}
ApiConfig is a struct that encapsulates configuration and parameters for HTTP communication with OAuth2 OpenID-Connect server via OpenAPI. This includes configurations for HTTP client, authorization parameters, and request context.
func (*ApiConfig) HandleConsentSkip ¶
func (a *ApiConfig) HandleConsentSkip()
HandleConsentSkip handles the consent skipping logic. If the consent request skip flag is false and the skip consent config flag is false, it processes the consent. Otherwise, it redirects with consent.
Example usage:
apiConfig := &ApiConfig{ctx: ctx} apiConfig.initialize() apiConfig.HandleConsentSkip()
Dependencies:
- a.consentRequest.GetSkip() (from initialize)
- config.GetSkipConsent(*a.clientId) (from initialize)
Note: This method assumes that the ApiConfig object is properly initialized with the ctx field set.
type Authentication ¶
type Authentication struct { // UsernameReplace is a flag that is set, if a user was found in a Database. UsernameReplace bool // NoAuth is a flag that is set, if the request mode does not require authentication. NoAuth bool // ListAccounts is a flag that is set, if Nauthilus is requested to send a full list of available user accounts. ListAccounts bool // UserFound is a flag that is set, if a password Database found the user. UserFound bool // PasswordsAccountSeen is a counter that is increased whenever a new failed password was detected for the current account. PasswordsAccountSeen uint // PasswordsTotalSeen is a counter that is increased whenever a new failed password was detected. PasswordsTotalSeen uint // LoginAttempts is a counter that is incremented for each failed login request LoginAttempts uint // StatusCodeOk is the HTTP status code that is set by setStatusCodes. StatusCodeOK int // StatusCodeInternalError is the HTTP status code that is set by setStatusCodes. StatusCodeInternalError int // StatusCodeFail is the HTTP status code that is set by setStatusCodes. StatusCodeFail int // GUID is a global unique identifier that is inherited in all functions and methods that deal with the // authentication process. It is needed to track log lines belonging to one request. GUID *string // Method is set by the "Auth-Method" HTTP request header (Nginx protocol). It is typically something like "plain" // or "login". Method *string // AccountField is the name of either a SQL field name or an LDAP attribute that was used to retrieve a user account. AccountField *string // Username is the value that was taken from the HTTP header "Auth-User" (Nginx protocol). Username string // UsernameOrig is a copy from the username that was set by the HTTP request header "Auth-User" (Nginx protocol). UsernameOrig string // Password is the value that was taken from the HTTP header "Auth-Pass" (Nginx protocol). Password string // ClientIP is the IP of a client that is to be authenticated. The value is set by the HTTP request header // "Client-IP" (Nginx protocol). ClientIP string // XClientPort adds the remote client TCP port, which is set by the HTTP request header "X-Client-Port". XClientPort string // ClientHost is the DNS A name of the remote client. It is set with the HTTP request header "Client-Host" (Nginx // protocol). ClientHost string // HAProxy specific headers XSSL string // %[ssl_fc] XSSLSessionID string // %[ssl_fc_session_id,hex] XSSLClientVerify string // %[ssl_c_verify] XSSLClientDN string // %{+Q}[ssl_c_s_dn] XSSLClientCN string // %{+Q}[ssl_c_s_dn(cn)] XSSLIssuer string // %{+Q}[ssl_c_i_dn] XSSLClientNotBefore string // %{+Q}[ssl_c_notbefore] XSSLClientNotAfter string // %{+Q}[ssl_c_notafter] XSSLSubjectDN string // %{+Q}[ssl_c_s_dn] XSSLIssuerDN string // %{+Q}[ssl_c_i_dn] XSSLClientSubjectDN string // %{+Q}[ssl_c_s_dn] XSSLClientIssuerDN string // %{+Q}[ssl_c_i_dn] XSSLProtocol string // %[ssl_fc_protocol] XSSLCipher string // %[ssl_fc_cipher] // XClientID is delivered by some mail user agents when using IMAP. This value is set by the HTTP request header // "X-Client-Id". XClientID string // XLocalIP is the TCP/IP address of the server that asks for authentication. Its value is set by the HTTP request // header "X-Local-IP". XLocalIP string // XPort is the TCP port of the server that asks for authentication. Its value is set by the HTTP request // header "X-Local-Port". XPort string // UserAgent may have been seent by a mail user agent and is set by the HTTP request header "User-Agent". UserAgent *string // StatusMessage is the HTTP response payload that is sent to the remote server that asked for authentication. StatusMessage string // Service is set by Nauthilus depending on the router endpoint. Look at httpQueryHandler for the structure of available // endpoints. Service string // BruteForceName is the canonical name of a brute force bucket that was triggered by a rule. BruteForceName string // FeatureName is the name of a feature that has triggered a reject. FeatureName string // TOTPSecret is used to store a TOTP secret in a SQL Database. TOTPSecret *string // TOTPSecretField is the SQL field or LDAP attribute that resolves the TOTP secret for two-factor authentication. TOTPSecretField *string // TOTPRecoveryField NYI TOTPRecoveryField *string // UniqueUserIDField is a string representing a unique user identifier. UniqueUserIDField *string // DisplayNameField is the display name of a user DisplayNameField *string // AdditionalLogging is a slice of strings that can be filled from Lua features and a Lua backend. Its result will be // added to the regular log lines. AdditionalLogs []any // BruteForceCounter is a map that increments failed login requests. The key is a rule name defined in the // configuration file. BruteForceCounter map[string]uint // SourcePassDBBackend is a marker for the Database that is responsible for a specific user. It is set by the // password Database and stored in Redis to track the authentication flow accross databases (including proxy). SourcePassDBBackend global.Backend // UsedPassDBBackend is set by the password Database that answered the current authentication request. UsedPassDBBackend global.Backend // UsedNginxBackendAddress is set by a filter Lua script for the Nginx endpoint to set the HTTP response header 'Auth-Server'. UsedNginxBackendAddress string // UsedNginxBackendPort is set by a filter Lua script for the Nginx endpoint to set the HTTP response header 'Auth-Port'. UsedNginxBackendPort int // Attributes is a result container for SQL and LDAP queries. Databases store their result by using a field or // attribute name as key and the corresponding result as value. Attributes backend.DatabaseResult // Protocol is set by the HTTP request header "Auth-Protocol" (Nginx protocol). Protocol *config.Protocol // HTTPClientContext tracks the context for an HTTP client connection. HTTPClientContext context.Context *backend.PasswordHistory *lualib.Context }
Authentication represents a struct that holds information related to authentication process. UsernameReplace is a flag that is set if a user was found in a Database. NoAuth is a flag that is set if the request mode does not require authentication. ListAccounts is a flag that is set if Nauthilus is requested to send a full list of available user accounts. UserFound is a flag that is set if a password Database found the user. PasswordsAccountSeen is a counter that is increased whenever a new failed password was detected for the current account. PasswordsTotalSeen is a counter that is increased whenever a new failed password was detected. LoginAttempts is a counter that is incremented for each failed login request. StatusCodeOK is the HTTP status code that is set by setStatusCodes. StatusCodeInternalError is the HTTP status code that is set by setStatusCodes. StatusCodeFail is the HTTP status code that is set by setStatusCodes. GUID is a global unique identifier that is inherited in all functions and methods that deal with the authentication process. Method is set by the "Auth-Method" HTTP request header (Nginx protocol). It is typically something like "plain" or "login". AccountField is the name of either a SQL field name or an LDAP attribute that was used to retrieve a user account. Username is the value that was taken from the HTTP header "Auth-User" (Nginx protocol). UsernameOrig is a copy from the username that was set by the HTTP request header "Auth-User" (Nginx protocol). Password is the value that was taken from the HTTP header "Auth-Pass" (Nginx protocol). ClientIP is the IP of a client that is to be authenticated. XClientPort adds the remote client TCP port, which is set by the HTTP request header "X-Client-Port". ClientHost is the DNS A name of the remote client. It is set with the HTTP request header "Client-Host" (Nginx protocol). HAProxy specific headers: XSSL, XSSLSessionID, XSSLClientVerify, XSSLClientDN, XSSLClientCN, XSSLIssuer, XSSLClientNotBefore, XSSLClientNotAfter, XSSLSubjectDN, XSSLIssuerDN, XSSLClientSubjectDN, XSSLClientIssuerDN, XSSLProtocol, XSSLCipher. XClientID is delivered by some mail user agents when using IMAP. This value is set by the HTTP request header "X-Client-Id". XLocalIP is the TCP/IP address of the server that asks for authentication. Its value is set by the HTTP request header "X-Local-IP". XPort is the TCP port of the server that asks for authentication. Its value is set by the HTTP request header "X-Local-Port". UserAgent may have been sent by a mail user agent and is set by the HTTP request header "User-Agent". StatusMessage is the HTTP response payload that is sent to the remote server that asked for authentication. Service is set by Nauthilus depending on the router endpoint. BruteForceName is the canonical name of a brute force bucket that was triggered by a rule. FeatureName is the name of a feature that has triggered a reject. TOTPSecret is used to store a TOTP secret in a SQL Database. TOTPSecretField is the SQL field or LDAP attribute that resolves the TOTP secret for two-factor authentication. TOTPRecoveryField NYI. UniqueUserIDField is a string representing a unique user identifier. DisplayNameField is the display name of a user. AdditionalLogging is a slice of strings that can be filled from Lua features and a Lua backend. BruteForceCounter is a map
func NewAuthentication ¶
func NewAuthentication(ctx *gin.Context) *Authentication
NewAuthentication creates a new instance of the Authentication struct. It takes a gin.Context object as a parameter and sets it as the HTTPClientContext field of the Authentication struct. If an error occurs while setting the StatusCode field using the setStatusCodes function, it logs the error and returns nil. Otherwise, it calls the setupAuth function to setup the Authentication struct based on the service parameter from the gin.Context object. Finally, it returns the created Authentication struct.
func (*Authentication) GetDisplayNameOk ¶
func (a *Authentication) GetDisplayNameOk() (string, bool)
GetDisplayNameOk returns the display name of a user. If there is no account, it returns the empty string "". A boolean is set to return a "found" flag.
func (*Authentication) GetUniqueUserIDOk ¶
func (a *Authentication) GetUniqueUserIDOk() (string, bool)
GetUniqueUserIDOk returns the unique identifier for a user. If there is no id, it returns the empty string "". A boolean is set to return a "found" flag.
func (*Authentication) LogLineMail ¶
func (a *Authentication) LogLineMail(status string, endpoint string) []any
LogLineMail returns an array of key-value pairs used for logging mail information. The array includes the following information: - session: the session GUID - protocol: the protocol used - local_ip: the local IP address - port: the port number - client_ip: the client IP address - client_port: the client port number - client_host: the client host - tls_protocol: the TLS protocol used - tls_cipher: the TLS cipher used - auth_method: the authentication method - username: the username - orig_username: the original username - passdb_backend: the used password database backend - current_password_retries: the number of current password retries - account_passwords_seen: the number of account passwords seen - total_passwords_seen: the total number of passwords seen - user_agent: the user agent - client_id: the client ID - brute_force_bucket: the brute force bucket name - feature: the feature name - status_message: the status message - uri_path: the URI path - authenticated: the authentication status
func (*Authentication) String ¶
func (a *Authentication) String() string
String returns an Authentication object as string excluding the user password.
type ClaimHandler ¶
type ClaimHandler struct { // Type is the reflected Kind of the claim value. Type reflect.Kind // ApplyFunc is a function that takes in three parameters: the claim value, the map of claims and the claim key. // The function is intended to apply some process on the claim using the provided parameters, // and return a boolean result. ApplyFunc func(value any, claims map[string]any, claimKey string) bool }
ClaimHandler represents a claim handler struct. A claim handler in this context is something to work with JSON Web Tokens (JWT), often used for APIs.
type ConsentPageData ¶
type ConsentPageData struct { // WantWelcome is a boolean to indicate if a welcome message is needed. WantWelcome bool // WantPolicy is a boolean to indicate if a policy is needed. WantPolicy bool // WantTos is a boolean to indicate if Terms of Service is required. WantTos bool // WantAbout is a boolean to indicate if an "About Us" section is needed. WantAbout bool // Title represents the title of the consent page. Title string // Welcome represents welcome text message on the page. Welcome string // LogoImage represents the URI to logo image on the page. LogoImage string // LogoImageAlt is the alternative text for the Logo Image. LogoImageAlt string // ConsentMessage is the message shown on the consent page. ConsentMessage string // ApplicationName represents the name of the application asking for consent. ApplicationName string // Policy represents the text of the policy. Policy string // PolicyUri represents the URI to the policy document. PolicyUri string // Tos represents the text of the Terms of Service (ToS). Tos string // TosUri represents the URI to the Terms of Service (ToS) document. TosUri string // About represents the text of the about section. About string // AboutUri represents the URI to the about information. AboutUri string // Remember is the text related to remember user preferences on the consent page. Remember string // AcceptSubmit represents the text on the Accept button. AcceptSubmit string // RejectSubmit represents the text on the Reject button. RejectSubmit string // CSRFToken is used for CSRF protection. CSRFToken string // ConsentChallenge holds the unique consent challenge string from ORY Hydra. ConsentChallenge string // PostConsentEndpoint is the endpoint where the browser will be redirected after consent is provided. PostConsentEndpoint string // LanguageTag represents the language preference of the client. LanguageTag string // LanguageCurrentName represents the current name of the language. LanguageCurrentName string // Scopes represents the list of scopes that the app is requesting access to. Scopes []Scope // LanguagePassive represents the list of passive languages. LanguagePassive []Language }
ConsentPageData defines the data structure for managing user consent information on a web page.
type FlushRuleCmd ¶
type FlushRuleCmd struct { // IPAddress is the IP address associated with the rule to be flushed. // It must be in a format valid for an IP address. IPAddress string `json:"ip_address"` // RuleName is the name of the rule to be flushed. // This value should reference an existing rule. RuleName string `json:"rule_name"` }
FlushRuleCmd represents a command to flush a specific rule. It contains the necessary information needed to identify the rule to be flushed.
type FlushRuleCmdStatus ¶
type FlushRuleCmdStatus struct { // IPAddress is the IP address that the rule was applied to IPAddress string `json:"ip_address"` // RuleName is the name of the rule that was flushed RuleName string `json:"rule_name"` // Status is the current status of the rule following the Flush Command Status string `json:"status"` }
FlushRuleCmdStatus is a structure representing the status of a Flush Rule command
type FlushUserCmd ¶
type FlushUserCmd struct { // User is the field representing the name of the user to be flushed. User string `json:"user"` }
FlushUserCmd is a data structure used to handle user commands for flushing data.
type FlushUserCmdStatus ¶
type FlushUserCmdStatus struct { // User holds the identifier of a user. User string `json:"user"` // Status represents the status of the user's command. Status string `json:"status"` }
FlushUserCmdStatus represents an user's command status.
type HomePageData ¶
type HomePageData struct { WantWelcome bool WantPolicy bool WantTos bool HaveTOTP bool Title string Welcome string LogoImage string LogoImageAlt string HomeMessage string RegisterTOTP string EndpointTOTP string Or string RegisterWebAuthn string EndpointWebAuthn string LanguageTag string LanguageCurrentName string LanguagePassive []Language }
type JSONRequest ¶
type JSONRequest struct { // Username is the identifier of the client/user sending the request. Username string `json:"username"` // Password is the authentication credential of the client/user sending the request. Password string `json:"password"` // ClientIP is the IP address of the client/user making the request. ClientIP string `json:"client_ip"` // ClientPort is the port number from which the client/user is sending the request. ClientPort string `json:"client_port"` // ClientHostname is the hostname of the client which is sending the request. ClientHostname string `json:"client_hostname"` // ClientID is the unique identifier of the client/user, usually assigned by the application. ClientID string `json:"client_id"` // LocalIP is the IP address of the server or endpoint receiving the request. LocalIP string `json:"local_ip"` // LocalPort is the port number of the server or endpoint receiving the request. LocalPort string `json:"local_port"` // Service is the specific service that the client/user is trying to access with the request. Service string `json:"service"` // Method is the HTTP method used in the request (i.e., PLAIN, LOGIN, etc.) Method string `json:"method"` // AuthLoginAttempt is a flag indicating if the request is an attempt to authenticate (login). This is expressed as an unsigned integer where applicable flags/types are usually interpreted from the application's specific logic. AuthLoginAttempt uint `json:"auth_login_attempt"` }
JSONRequest is a data structure containing the details of a client's request in JSON format.
type Language ¶
type Language struct { // LanguageLink represents the link associated with the language LanguageLink string // LanguageName represents the name of the language LanguageName string }
Language represents a language used in various page data structs. Language represents a programming language
type LoginPageData ¶
type LoginPageData struct { // Determines if the Welcome message should be displayed WantWelcome bool // Determines if the Policy should be displayed WantPolicy bool // Determines if the Terms of Service (TOS) should be displayed WantTos bool // Determines if the About information should be displayed WantAbout bool // Indicates if there was an error HaveError bool // The title of the Login page Title string // The Welcome message Welcome string // The path or URL to logo image to be displayed LogoImage string // The alternate text for the logo image LogoImageAlt string // The name of the application ApplicationName string // The login details Login string // The placeholder for the login input form LoginPlaceholder string // The Privacy statement Privacy string // User password Password string // Placeholder for password input form PasswordPlaceholder string // The Policy terms Policy string // The URL to the policy document PolicyUri string // The Terms of Service Tos string // The URL to the Terms of Service document TosUri string // Information about the service or company About string // The URL to more About information AboutUri string // Information regarding remember functionality Remember string // Text for Submit button Submit string // Error message if any ErrorMessage string // Alternate choices text Or string // Information on the device being used Device string // CSRF security token CSRFToken string // Login challenge token LoginChallenge string // Endpoint for submitting login PostLoginEndpoint string // Endpoint for device login DeviceLoginEndpoint string // Current language code LanguageTag string // Name of the current language LanguageCurrentName string // List of other available languages LanguagePassive []Language }
type LogoutPageData ¶
type LogoutPageData struct { // WantWelcome is a flag indicating if the welcome message should be displayed or not. WantWelcome bool // Title represents the title of the logout page. Title string // Welcome holds the welcome message to be displayed, if WantWelcome flag is set to true. Welcome string // LogoutMessage carries the logout message. LogoutMessage string // AcceptSubmit and RejectSubmit hold messages for submission options upon logout. // These could be used for multi-step or confirmation based logout procedures. AcceptSubmit string RejectSubmit string // CSRFToken represents the CSRF token for security measures. CSRFToken string // LogoutChallenge represents a challenge string for logout. // It can be used for additional validation on logout requests. LogoutChallenge string // PostLogoutEndpoint is the endpoint to which requests are made after logout. PostLogoutEndpoint string // LanguageTag refers to the IETF language tag for selected language (e.g. "en-US"). LanguageTag string // LanguageCurrentName is the human-readable name of the current language (e.g. "English"). LanguageCurrentName string // LanguagePassive is a slice of passive languages supported by the system. // These could be offered as alternative language options on the logout page. LanguagePassive []Language }
LogoutPageData defines the data structure for details related to the logout page.
type MFA ¶
type MFA interface {
// contains filtered or unexported methods
}
MFA is an interface that stores some information for multi factor authentication.
type NginxBackendServer ¶
type NginxBackendServer struct {
// contains filtered or unexported fields
}
NginxBackendServer represents a type for managing a list of Nginx Backend servers
func NewNginxBackendServer ¶
func NewNginxBackendServer() *NginxBackendServer
NewNginxBackendServer creates a new instance of the NginxBackendServer struct. It returns a pointer to the newly created NginxBackendServer.
func (*NginxBackendServer) Update ¶
func (n *NginxBackendServer) Update(servers []*config.NginxBackendServer)
Update updates the nginxBackendServer field of the NginxBackendServer object with the provided servers slice.
type NotifyPageData ¶
type NotifyPageData struct { // WantWelcome indicates if a welcome message is desired. WantWelcome bool // WantPolicy indicates if a policy notification is desired. WantPolicy bool // WantTos indicates if terms of service notification is desired. WantTos bool // Title represents the title of the notification page. Title string // Welcome represents the welcome message on the notification page. Welcome string // LogoImage represents the URL of the logo displayed on the notification page. LogoImage string // LogoImageAlt represents the alternative text for the logo image. LogoImageAlt string // NotifyMessage represents the notification message displayed on the page. NotifyMessage string // LanguageTag represents the IETF language tag for the current language. LanguageTag string // LanguageCurrentName represents the name of the current language in its language. LanguageCurrentName string // LanguagePassive represents a list of other available languages. LanguagePassive []Language }
NotifyPageData represents page notification data.
type PassDBMap ¶
type PassDBMap struct {
// contains filtered or unexported fields
}
PassDBMap is a struct type that represents a mapping between a backend type and a PassDBOption function. It is used in the verifyPassword method of the Authentication struct to perform password verification against multiple databases. The backend field represents the type of database backend (global.Backend) and the fn field represents the PassDBOption function. The PassDBOption function takes an Authentication pointer as input and returns a PassDBResult pointer and an error. The PassDBResult pointer contains the result of the password verification process. This struct is used to store the database mappings in an array and loop through them in the verifyPassword method.
type PassDBOption ¶
type PassDBOption func(auth *Authentication) (*PassDBResult, error)
PassDBOption This type specifies the signature of a password database.
type PassDBResult ¶
type PassDBResult struct { // Authenticated is a flag that is set if a user was not only found, but also succeeded authentication. Authenticated bool // UserFound is a flag that is set if the user was found in a password Database. UserFound bool // AccountField is the SQL field or LDAP attribute that was used for the user account. AccountField *string // TOTPSecretField is set by the Database which has found the user. TOTPSecretField *string // TOTPRecoveryField NYI TOTPRecoveryField *string // UniqueUserIDField is a string representing a unique user identifier. UniqueUserIDField *string // DisplayNameField is the display name of a user DisplayNameField *string // Backend is set by the Database backend which has found the user. Backend global.Backend // Attributes is the result catalog returned by the underlying password Database. Attributes backend.DatabaseResult }
PassDBResult is used in all password databases to store final results of an authentication process.
func (PassDBResult) String ¶
func (p PassDBResult) String() string
String returns the string for a PassDBResult object.
type RESTResult ¶
type RESTResult struct { GUID string `json:"session"` Object string `json:"object"` Operation string `json:"operation"` Result any `json:"result"` }
RESTResult is a generic JSON result object for the Nauthilus REST API.
type Scope ¶
type Scope struct { // ScopeName represents the name of the scope. ScopeName string // ScopeDescription represents a detailed description of the scope. ScopeDescription string }
Scope represents a scope used in the ConsentPageData struct. It contains the name and description of the scope. Scope represents the scope of an object.
type TOTPPageData ¶
type TOTPPageData struct { WantWelcome bool WantPolicy bool WantTos bool HaveError bool Title string Welcome string LogoImage string LogoImageAlt string TOTPMessage string TOTPCopied string Code string Submit string ErrorMessage string CSRFToken string QRCode string PostTOTPEndpoint string LanguageTag string LanguageCurrentName string LanguagePassive []Language }
type TOTPSecret ¶
type TOTPSecret struct {
// contains filtered or unexported fields
}
func NewTOTPSecret ¶
func NewTOTPSecret(value string) *TOTPSecret
type TwoFactorData ¶
type TwoFactorData struct { // WantWelcome indicates if a welcome message is desired WantWelcome bool // WantPolicy indicates if a policy message is required WantPolicy bool // WantTos indicates if Terms of Service is mandatory WantTos bool // WantAbout indicates if displaying 'About' information is desired WantAbout bool // Title is the title of the webpage or context Title string // Welcome is the welcome message Welcome string // LogoImage is the link of the logo image LogoImage string // LogoImageAlt is the alt text of the logo image LogoImageAlt string // ApplicationName is the name of the application ApplicationName string // Code is the two-factor authentication code Code string // Policy is the policy text Policy string // PolicyUri is the link to the policy document PolicyUri string // Tos is the Terms of Service text Tos string // TosUri is the URL to the Terms of Service document TosUri string // About holds content related to 'About Us' or 'About the Application' About string // AboutUri is the URL to the 'About Us' or 'About the application' page AboutUri string // Submit is the label for the submit action Submit string // CSRFToken is the token used for Cross-Site Request Forgery protection CSRFToken string // LoginChallenge represents the challenge used for login LoginChallenge string // User is the User ID or Name User string // PostLoginEndpoint is the API endpoint to submit login data PostLoginEndpoint string // LanguageTag houses the language tag, e.g., 'en-US' LanguageTag string // LanguageCurrentName is the fullname of the current language (e.g., 'English') LanguageCurrentName string // LanguagePassive houses a slice of the languages that are passively being used/available LanguagePassive []Language }
TwoFactorData is a struct that includes parameters for processing two-factor authentication. It handles various attributes ranging from welcome messages, terms of service, about sections, among others.
type WebAuthnCredentialDBFunc ¶
type WebAuthnCredentialDBFunc func(uniqueUserID string) ([]webauthn.Credential, error)
WebAuthnCredentialDBFunc defines a signature for WebAuthn credential object lookups