Documentation ¶
Index ¶
- Variables
- func GetSkipConsent(clientId string) (skip bool)
- func GetSkipTOTP(clientId string) (skip bool)
- func ReloadConfigFile() (err error)
- type BruteForceRule
- type BruteForceSection
- type Config
- type DbgModule
- type Feature
- type File
- func (f *File) GetAllProtocols() []string
- func (*File) GetBruteForceRules() (rules []BruteForceRule)
- func (f *File) GetConfig(backend global.Backend) any
- func (f *File) GetLDAPConfigAuthIdlePoolSize() int
- func (f *File) GetLDAPConfigAuthPoolSize() int
- func (f *File) GetLDAPConfigBindDN() string
- func (f *File) GetLDAPConfigBindPW() string
- func (f *File) GetLDAPConfigLookupIdlePoolSize() int
- func (f *File) GetLDAPConfigLookupPoolSize() int
- func (f *File) GetLDAPConfigSASLExternal() bool
- func (f *File) GetLDAPConfigServerURIs() []string
- func (f *File) GetLDAPConfigStartTLS() bool
- func (f *File) GetLDAPConfigTLSCAFile() string
- func (f *File) GetLDAPConfigTLSClientCert() string
- func (f *File) GetLDAPConfigTLSClientKey() string
- func (f *File) GetLDAPConfigTLSSkipVerify() bool
- func (f *File) GetLDAPSearchProtocol(protocol string) (*LDAPSearchProtocol, error)
- func (f *File) GetLuaScriptPath() string
- func (f *File) GetLuaSearchProtocol(protocol string) (*LuaSearchProtocol, error)
- func (f *File) GetNginxBackendServer(protocol string) *NginxBackendServer
- func (f *File) GetNginxBackendServerIP(protocol string) string
- func (f *File) GetNginxBackendServerPort(protocol string) int
- func (f *File) GetNginxBackendServers() []*NginxBackendServer
- func (f *File) GetNginxMonitoring() *NginxMonitoring
- func (f *File) GetProtocols(backend global.Backend) any
- func (f *File) GetSection(backend global.Backend) any
- func (f *File) HaveLua() bool
- func (f *File) HaveLuaActions() bool
- func (f *File) HaveLuaFeatures() bool
- func (f *File) HaveLuaFilters() bool
- func (f *File) RetrieveGetterMap() map[global.Backend]GetterHandler
- type GetterHandler
- type HTTPOptions
- type IdTokenClaims
- type LDAPAttributeMapping
- type LDAPConf
- type LDAPFilter
- type LDAPScope
- type LDAPSearchProtocol
- func (p *LDAPSearchProtocol) GetAccountField() (string, error)
- func (p *LDAPSearchProtocol) GetAttributes() ([]string, error)
- func (p *LDAPSearchProtocol) GetBaseDN() (string, error)
- func (p *LDAPSearchProtocol) GetCacheName() (string, error)
- func (p *LDAPSearchProtocol) GetListAccountsFilter() (string, error)
- func (p *LDAPSearchProtocol) GetScope() (*LDAPScope, error)
- func (p *LDAPSearchProtocol) GetUserFilter() (string, error)
- type LDAPSection
- type LuaAction
- type LuaConf
- type LuaFeature
- type LuaFilter
- type LuaSearchProtocol
- type LuaSection
- type NginxBackendServer
- type NginxMonitoring
- type OIDCCustomClaim
- type Oauth2Client
- type Oauth2CustomScope
- type Oauth2Section
- type PassDB
- type Protocol
- type RBL
- type RBLSection
- type RelayDomainsSection
- type StringSet
- type Verbosity
Constants ¶
This section is empty.
Variables ¶
var ( Matcher language.Matcher DefaultLanguageTags []language.Tag )
Functions ¶
func GetSkipConsent ¶
GetSkipConsent returns a boolean true, if the consent dialog shall be skipped for an OAuth-2 client.
func GetSkipTOTP ¶
GetSkipTOTP returns a boolean true, if TOTP two-factor authentication shall be skipped for an OAuth-2 client.
func ReloadConfigFile ¶
func ReloadConfigFile() (err error)
ReloadConfigFile is a thread safe function to reload a ConfigFile object.
Types ¶
type BruteForceRule ¶
type BruteForceRule struct { Name string Period uint CIDR uint IPv4 bool IPv6 bool FailedRequests uint `mapstructure:"failed_requests"` }
BruteForceRule is the definition of a brute force rule as defined in the configuration file. See the markdown documentation for a description of the field names.
type BruteForceSection ¶
type BruteForceSection struct { IPWhitelist []string `mapstructure:"ip_whitelist"` Buckets []BruteForceRule `mapstructure:"buckets"` }
func (*BruteForceSection) String ¶
func (b *BruteForceSection) String() string
type Config ¶
type Config struct { // InstanceName is the name of the current application instance. InstanceName string // HTTPAddress is the address where HTTP server should listen. // It should be in the format "ip:port". HTTPAddress string // LogJSON is a flag indicating whether the logs should be in JSON format. LogJSON bool // Verbosity is a value to set the logging severity level. Verbosity // SMTPBackendAddress is the address of the SMTP backend server. SMTPBackendAddress string // SMTPBackendPort is the port of the SMTP backend server. SMTPBackendPort int // IMAPBackendAddress is the address of the IMAP backend server. IMAPBackendAddress string // IMAPBackendPort is the port of the IMAP backend server. IMAPBackendPort int // POP3BackendAddress is the address of the POP3 backend server. POP3BackendAddress string // POP3BackendPort is the port of the IMAP POP3 server. POP3BackendPort int // WaitDelay is the time in seconds to wait between connection attempts. WaitDelay uint8 // MaxLoginAttempts is the maximum number of login attempts. MaxLoginAttempts uint8 // ResolveIP is a flag indicating whether to resolve IP addresses to hostnames. ResolveIP bool // MasterSeparator is the character used to separate master data fields. MasterSeparator string // RedisAddress is the address of the Redis server for master pool. RedisAddress string // RedisPort is the port of the Redis server for master pool. RedisPort int // RedisUsername is the username for authenticating to the Redis server for master pool. RedisUsername string // RedisPassword is the password for authenticating to the Redis server for master pool. RedisPassword string // RedisAddressRO is the address of the Redis server for read replica pool. RedisAddressRO string // RedisPortRO is the port of the Redis server for read replica pool. RedisPortRO int // RedisSentinels is the list of address of the Redis sentinel servers. RedisSentinels []string // RedisSentinelMasterName is the name of the Redis sentinel master. RedisSentinelMasterName string // RedisSentinelUsername is the username for Redis sentinel authentication. RedisSentinelUsername string // RedisSentinelPassword is the password for Redis sentinel authentication. RedisSentinelPassword string // RedisPrefix is the prefix to prepend to all Redis keys. RedisPrefix string // RedisDB is the Redis database number to use. RedisDB int // RedisPosCacheTTL is the positive response cache time-to-live in Redis. RedisPosCacheTTL uint // RedisNegCacheTTL is the negative response cache time-to-live in Redis. RedisNegCacheTTL uint // DNSResolver specifies the DNS resolver to use. DNSResolver string // DNSTimeout is the DNS resolution timeout in seconds. DNSTimeout uint // PassDBs is a list of password databases. PassDBs []*PassDB // Features is a list of enabled application features. Features []*Feature // BruteForce contains configuration for brute force prevention per each protocol. BruteForce []*Protocol // DbgModule contains configurations for debugging modules. DbgModule []*DbgModule // DevMode indicates whether the application is running in developer mode. DevMode bool // MaxActionWorkers is the maximum number of action workers that can be run simultaneously. MaxActionWorkers uint16 // LocalCacheAuthTTL LocalCacheAuthTTL time.Duration // LocalCacheAuthLogging indicates wether to log messages for memory-cached logins. LocalCacheAuthLogging bool // HTTPOptions contains configurations related to HTTP(S) server. HTTPOptions }
Config represents overall configuration settings for the application.
var EnvConfig *Config //nolint:gochecknoglobals // System wide configuration
EnvConfig represents the environment configuration for the application It is a pointer to Config type
func NewConfig ¶
NewConfig initializes a new Config struct and sets its values based on environment variables. It calls various methods to set specific configuration options and returns the new Config struct or an error if any configuration fails.
func (*Config) HasFeature ¶
HasFeature checks if the given feature exists in the Config's Features list
type DbgModule ¶
type DbgModule struct {
// contains filtered or unexported fields
}
DbgModule represents a debugging module configuration.
func (*DbgModule) Get ¶
Get returns the name of the `DbgModule` instance. The name represents the current debug module. It can be used to identify the debug module when needed.
func (*DbgModule) GetModule ¶
GetModule returns the `module` field of the `DbgModule` struct. It is used to retrieve the current debug module.
Usage:
module := d.GetModule()
Example:
func main() { dbg := &DbgModule{} module := dbg.GetModule() fmt.Println(module) // Output: 0 }
func (*DbgModule) Set ¶
Set updates the debug module based on the provided value. It returns an error if the value is not valid. Valid values for the debug module are "none", "all", "auth", "hydra", "webauthn", "statistics", "whitelist", "ldap", "ldappool", "sql", "cache", "bf", "rbl", "action", "feature", and "lua". If the value is valid, the module and name fields are updated accordingly. An error of type ErrWrongDebugModule is returned if the value is not valid.
type Feature ¶
type Feature struct {
// contains filtered or unexported fields
}
Feature is a container for Nauthilus features.
func (*Feature) Set ¶
Set updates the feature name based on the provided value. It returns an error if the value is not a valid feature name. Valid feature names are "tls_encryption", "rbl", "relay_domains", and "lua". If the value is valid, the name field of the Feature struct is updated accordingly. An error of type ErrWrongFeature is returned if the value is not valid.
type File ¶
type File struct { RBLs *RBLSection `mapstructure:"realtime_blackhole_lists"` ClearTextList []string `mapstructure:"cleartext_networks"` RelayDomains *RelayDomainsSection `mapstructure:"relay_domains"` NginxMonitoring *NginxMonitoring `mapstructure:"nginx_monitoring"` BruteForce *BruteForceSection `mapstructure:"brute_force"` CSRFSecret string `mapstructure:"csrf_secret"` CookieStoreAuthKey string `mapstructure:"cookie_store_auth_key"` CookieStoreEncKey string `mapstructure:"cookie_store_encryption_key"` PasswordNonce string `mapstructure:"password_nonce"` Lua *LuaSection Oauth2 *Oauth2Section LDAP *LDAPSection Other map[string]any `mapstructure:",remain"` Mu sync.Mutex }
var LoadableConfig *File //nolint:gochecknoglobals // System wide configuration from nauthilus.yml file
LoadableConfig is a variable of type *File that represents the configuration file that can be loaded.
func NewConfigFile ¶
NewConfigFile is the constructor for a ConfigFile object.
func (*File) GetAllProtocols ¶
GetAllProtocols returns a unique slice of strings (a Set) for all defined protocols in the database search sections.
func (*File) GetBruteForceRules ¶
func (*File) GetBruteForceRules() (rules []BruteForceRule)
GetBruteForceRules is a method on the File struct. It retrieves the brute force rules from the LoadableConfig.BruteForce.Buckets field.
The method checks if LoadableConfig.BruteForce is not nil and if LoadableConfig.BruteForce.Buckets is not empty. If both conditions are met, it assigns LoadableConfig.BruteForce.Buckets to the rules variable and returns it. If the conditions are not met, the method returns an empty []BruteForceRule.
func (*File) GetConfig ¶
GetConfig returns the configuration handler for the specified backend. The configuration handler is determined based on the backend type. If the backend is found, it retrieves the configuration handler associated with it and returns the result of calling the GetterHandler() method on the configuration handler. If the configuration handler is not found, it returns nil.
func (*File) GetLDAPConfigAuthIdlePoolSize ¶
GetLDAPConfigAuthIdlePoolSize is a method that operates on a File struct. It retrieves the 'AuthIdlePoolSize' configuration from the LDAP configuration if it exists. If no such configuration is found or the type assertion for LDAPConf fails, it returns a default global LDAP idle pool size.
func (*File) GetLDAPConfigAuthPoolSize ¶
GetLDAPConfigAuthPoolSize is a method of File struct. It returns the LDAP configuration authentication pool size. If the configuration for LDAP backend is nil or not assertable, it returns the default global.LDAPIdlePoolSize value. Otherwise, it returns the AuthPoolSize from the LDAP configuration.
func (*File) GetLDAPConfigBindDN ¶
GetLDAPConfigBindDN is a method on the File struct. It retrieves the BindDN field from the LDAP configuration in the File's configuration settings. It will return an empty string if either the config can't be retrieved (nil is returned), or in case the type assertion to an LDAPConf object fails.
func (*File) GetLDAPConfigBindPW ¶
GetLDAPConfigBindPW retrieves the binding password from the LDAP Configuration. This method belongs to the File struct and it operates as follows: It retrieves the LDAP configuration using the GetConfig method. If that configuration does not exist, it returns an empty string. If it exists, it attempts to assert this configuration as a pointer to LDAPConf. If this assertion is successful, it returns the BindPW of the LDAPConf. If the assertion fails, it also returns an empty string.
func (*File) GetLDAPConfigLookupIdlePoolSize ¶
GetLDAPConfigLookupIdlePoolSize retrieves the idle pool size for LDAP connections from the config file. If the returned configuration from the config file is nil or if it's not of type *LDAPConf, it will return the default global LDAP idle pool size.
func (*File) GetLDAPConfigLookupPoolSize ¶
GetLDAPConfigLookupPoolSize retrieves the number of connections that should be maintained in the LDAP lookup pool. If the LDAP configuration can be asserted successfully, it returns the LookupPoolSize from the retrieved LDAP configuration. If not, it returns the global constant LDAPIdlePoolSize.
func (*File) GetLDAPConfigSASLExternal ¶
GetLDAPConfigSASLExternal checks if SASL External is enabled in the LDAP configuration. It attempts to fetch the global BackendLDAP configuration using the GetConfig method. If the configuration is found and can be asserted as *LDAPConf, it returns the value of the SASLExternal field. If the configuration is not found or can't be asserted as *LDAPConf, it returns false.
func (*File) GetLDAPConfigServerURIs ¶
GetLDAPConfigServerURIs is a method on the File struct. It returns an array of LDAP server URIs. It first gets the LDAP configuration using the GetConfig method from global.BackendLDAP. If no LDAP configuration is found, it returns an array with a default URI "ldap://localhost". If a valid LDAP configuration is found, it returns the ServerURIs field from the LDAPConf struct. If the configuration is not of type LDAPConf, it also returns an array with a default URI "ldap://localhost". Example usage:
file := &File{} serverURIs := file.GetLDAPConfigServerURIs() for _, uri := range serverURIs { fmt.Println(uri) }
Output:
ldap://localhost ldap://example.com:389
func (*File) GetLDAPConfigStartTLS ¶
GetLDAPConfigStartTLS is a receiver function for the File struct that retrieves LDAP configuration. Specifically, it checks if the configuration recommends starting a TLS (Transport Layer Security) connection. The function returns a boolean value; true if the configuration recommends starting a TLS connection and false otherwise. It first gets the global LDAP configuration by calling the GetConfig function of the File receiver. If the configuration is nil, then the function immediately returns false. If the configuration is not nil, it tries to assert the configuration to be of type LDAPConf. If the assertion is successful (i.e., the configuration is of type LDAPConf), the StartTLS variable of the LDAPConf instance is returned. If the assertion is not successful, the function returns false.
func (*File) GetLDAPConfigTLSCAFile ¶
GetLDAPConfigTLSCAFile is a method on the File struct. It retrieves the TLS CA file path for the LDAP configuration. It first retrieves the LDAP configuration using the GetConfig method, passing in the global.BackendLDAP value. If the LDAP configuration is not found or is not of type *LDAPConf, it returns an empty string. Otherwise, it casts the retrieved configuration to *LDAPConf and returns the TLSCAFile field. If the TLSCAFile field is empty, it also returns an empty string. Example usage: filePath := file.GetLDAPConfigTLSCAFile()
func (*File) GetLDAPConfigTLSClientCert ¶
GetLDAPConfigTLSClientCert is a method on the File struct. It returns the TLS client certificate path from the LDAP configuration in the File struct. If the LDAP configuration is not found or the TLS client certificate is empty, it returns an empty string.
func (*File) GetLDAPConfigTLSClientKey ¶
GetLDAPConfigTLSClientKey is a method on the File struct. It tries to get the LDAP configuration from the file's current configuration. If the configuration is successfully retrieved and is of type LDAPConf, it returns the TLSClientKey from the LDAP configuration.
func (*File) GetLDAPConfigTLSSkipVerify ¶
GetLDAPConfigTLSSkipVerify is a method of the File struct. It attempts to retrieve the LDAP configuration and then checks whether TLSSkipVerify is enabled in the LDAP configuration.
It follows the steps: 1. Get the LDAP specific configuration by calling GetConfig with 'global.BackendLDAP'. 2. If no configuration is found, it defaults to returning false. 3. If a configuration is found, it checks whether it can be asserted to a LDAPConf type. 4. If it is successfully asserted to a LDAPConf type, it returns the value of 'TLSSkipVerify'. 5. If the assertion to LDAPConf is unsuccessful, it defaults to returning false.
Returns: The function returns a boolean indicating whether TLSSkipVerify is enabled (true) or not (false).
func (*File) GetLDAPSearchProtocol ¶
func (f *File) GetLDAPSearchProtocol(protocol string) (*LDAPSearchProtocol, error)
GetLDAPSearchProtocol is a method for the File type. It accepts a string which represents the protocol. The function searches for this protocol in the LDAP protocol list. If it finds it, the method returns a pointer to LDAPSearchProtocol and no error. If it cannot find the protocol, it checks if the default protocol is in use. If not, it returns nil and an error. If the default protocol is used, this method calls itself recursively with the default protocol parameter.
func (*File) GetLuaScriptPath ¶
GetLuaScriptPath is a method on the File struct. It returns the Lua script path from the LuaConf field in the File struct. It first calls the GetConfig method with the global.BackendLua parameter to obtain the Lua configuration. If the Lua configuration is nil, it returns an empty string. If the Lua configuration is not nil, it asserts the retrieved configuration as a *LuaConf type. If the assertion is successful, it returns the ScriptPath field from the Lua configuration. If the assertion fails, it returns an empty string.
func (*File) GetLuaSearchProtocol ¶
func (f *File) GetLuaSearchProtocol(protocol string) (*LuaSearchProtocol, error)
GetLuaSearchProtocol is a method on the File struct. It takes a protocol string as input and returns a pointer to a LuaSearchProtocol struct and an error. This method searches for the specified protocol in the search::protocol sections of the Lua configuration. If the protocol is found, it returns the LuaSearchProtocol containing that protocol. If the protocol is not found and the input protocol is not the default protocol, it recursively calls itself with the default protocol as the input. If the protocol is not found and the input protocol is the default protocol, it returns nil and an error indicating that the search::protocol section is missing and there is no default.
func (*File) GetNginxBackendServer ¶
func (f *File) GetNginxBackendServer(protocol string) *NginxBackendServer
GetNginxBackendServer is a method of the File struct. It takes a protocol as an argument and returns a pointer to a NginxBackendServer. The method iterates over the Backend Servers of the File instance and returns the first server that matches the provided protocol. If no such server is found, nil is returned.
func (*File) GetNginxBackendServerIP ¶
GetNginxBackendServerIP is a method for the File struct which attempts to get the IP address of an Nginx backend server for a specified protocol. The method first calls GetNginxBackendServer with the given protocol and checks if it returns a non-nil value. If the value is not nil, it retrieves the IP attribute of the backend server. If the returned value is nil, indicating that there is no backend server for the given protocol, the method returns an empty string.
Parameters:
protocol: A string that specifies the protocol for which the backend server's IP address is to be retrieved. This could be "http", "https", etc.
Returns:
A string representing the IP address of the backend server for the given protocol. If there is no backend server for the specified protocol, the method returns an empty string.
func (*File) GetNginxBackendServerPort ¶
GetNginxBackendServerPort checks the specific protocol's backend server in the File structure. If the server exists, it returns the port of the server. If the server does not exist, it returns 0.
func (*File) GetNginxBackendServers ¶
func (f *File) GetNginxBackendServers() []*NginxBackendServer
GetNginxBackendServers method operates on a File receiver 'f'. It checks if the NginxMonitoring property is not null, it returns a pointer to an array of NginxBackendServers, otherwise, it returns an empty array of NginxBackendServer pointers. This method could be used when trying to get all backend servers of an Nginx configuration file.
func (*File) GetNginxMonitoring ¶
func (f *File) GetNginxMonitoring() *NginxMonitoring
GetNginxMonitoring is a method on the File struct. It returns the NginxMonitoring field from the File struct.
func (*File) GetProtocols ¶
GetProtocols returns the protocol handler for the specified backend. The protocol handler is determined based on the backend type. If the backend is found, it retrieves the protocol handler associated with it and returns the result of calling the ProtoHandler() method on the protocol handler. If the protocol handler is not found, it returns nil.
func (*File) GetSection ¶
GetSection is a method on the File struct. It takes a backend of type global.Backend as parameter and returns the corresponding section. The method checks the value of the backend parameter and returns the appropriate section. If the backend is global.BackendLDAP, it returns f.LDAP. If the backend is global.BackendMySQL, global.BackendPostgres, or global.BackendSQL, it returns f.SQL. If the backend is global.BackendLua, it returns f.Lua. For any other value of the backend parameter, it returns nil.
func (*File) HaveLua ¶
HaveLua is a method on the File struct. It checks if the Lua field in the File struct is not nil. It returns a boolean value indicating whether Lua is present or not.
func (*File) HaveLuaActions ¶
HaveLuaActions is a method on the File struct. It checks if the File struct has Lua actions. It returns true if the File struct has Lua actions, otherwise returns false.
func (*File) HaveLuaFeatures ¶
HaveLuaFeatures is a method on the File struct. It checks if the File struct has Lua features. It returns true if there are Lua features, and false otherwise.
func (*File) HaveLuaFilters ¶
HaveLuaFilters is a method on the File struct. It checks if the File struct has Lua filters. It returns true if there are Lua filters, and false otherwise.
func (*File) RetrieveGetterMap ¶
func (f *File) RetrieveGetterMap() map[global.Backend]GetterHandler
RetrieveGetterMap returns a map of GetterHandler interfaces for each supported backend. It creates a getterMap with a length of 3. If an LDAPSection is found for the LDAP backend, it adds it to the getterMap. If an SQLSection is found for the SQL backend, it adds it to the getterMap. If a LuaSection is found for the Lua backend, it adds it to the getterMap. Finally, it returns the getterMap.
type GetterHandler ¶
GetterHandler is an interface that defines two methods: GetConfig and GetSearch. Any type that implements this interface must provide implementations for both methods. The GetConfig method takes a *File parameter and returns a value of any type. The GetSearch method also takes a *File parameter and returns a value of any type.
type HTTPOptions ¶
type HTTPOptions struct { Auth struct { UserName string Password string } X509 struct { Cert string Key string } UseBasicAuth bool UseSSL bool }
HTTPOptions is a type that holds configurations related to an HTTP(S) server. It contains fields for authentication credentials, X.509 certificate and key paths, and flags for enabling basic authentication and SSL.
func (HTTPOptions) String ¶
func (h HTTPOptions) String() string
type IdTokenClaims ¶
type IdTokenClaims struct { // Scope: profile. Name string GivenName string `mapstructure:"given_name"` FamilyName string `mapstructure:"family_name"` MiddleName string `mapstructure:"middle_name"` NickName string PreferredUserName string `mapstructure:"preferred_username"` Profile string Website string Picture string Gender string Birthdate string ZoneInfo string Locale string UpdatedAt string `mapstructure:"updated_at"` // Scope: email. Email string EmailVerified string `mapstructure:"email_verified"` // Scope: phone. PhoneNumber string `mapstructure:"phone_number"` PhoneNumberVerified string `mapstructure:"phone_number_verified"` // Scope: address. Address string // Scope: groups. Groups string // Scope: user defined. CustomClaims map[string]any `mapstructure:",remain"` }
func (*IdTokenClaims) String ¶
func (i *IdTokenClaims) String() string
type LDAPAttributeMapping ¶
type LDAPAttributeMapping struct { AccountField string `mapstructure:"account_field"` TOTPSecretField string `mapstructure:"totp_secret_field"` TOTPRecoveryField string `mapstructure:"totp_recovery_field"` DisplayNameField string `mapstructure:"display_name_field"` CredentialObject string `mapstructure:"credential_object"` CredentialIDField string `mapstructure:"credential_id_field"` PublicKeyField string `mapstructure:"public_key_field"` UniqueUserIDField string `mapstructure:"unique_user_id_field"` AAGUIDField string `mapstructure:"aaguid_field"` SignCountField string `mapstructure:"sign_count_field"` }
type LDAPConf ¶
type LDAPConf struct { StartTLS bool TLSSkipVerify bool `mapstructure:"tls_skip_verify"` SASLExternal bool `mapstructure:"sasl_external"` LookupPoolSize int `mapstructure:"lookup_pool_size"` LookupIdlePoolSize int `mapstructure:"lookup_idle_pool_size"` AuthPoolSize int `mapstructure:"auth_pool_size"` AuthIdlePoolSize int `mapstructure:"auth_idle_pool_size"` BindDN string `mapstructure:"bind_dn"` BindPW string `mapstructure:"bind_pw"` TLSCAFile string `mapstructure:"tls_ca_cert"` TLSClientCert string `mapstructure:"tls_client_cert"` TLSClientKey string `mapstructure:"tls_client_key"` ServerURIs []string `mapstructure:"server_uri"` }
type LDAPFilter ¶
type LDAPScope ¶
type LDAPScope struct {
// contains filtered or unexported fields
}
LDAPScope is the search scope for an LDAP server.
type LDAPSearchProtocol ¶
type LDAPSearchProtocol struct { Protocols []string `mapstructure:"protocol"` CacheName string `mapstructure:"cache_name"` BaseDN string `mapstructure:"base_dn"` Scope string LDAPFilter `mapstructure:"filter"` LDAPAttributeMapping `mapstructure:"mapping"` // LDAP result attributes Attributes []string `mapstructure:"attribute"` }
func (*LDAPSearchProtocol) GetAccountField ¶
func (p *LDAPSearchProtocol) GetAccountField() (string, error)
GetAccountField returns the LDAP attribute for an account. It returns a DetailedError, if no value has been configured.
func (*LDAPSearchProtocol) GetAttributes ¶
func (p *LDAPSearchProtocol) GetAttributes() ([]string, error)
GetAttributes returns a list of attributes that are requested from the LDAP server. It returns a DetailedError, if no value has been configured.
func (*LDAPSearchProtocol) GetBaseDN ¶
func (p *LDAPSearchProtocol) GetBaseDN() (string, error)
GetBaseDN returns the base DN that is used for each specific protocol. It returns a DetailedError, if no value has been configured.
func (*LDAPSearchProtocol) GetCacheName ¶
func (p *LDAPSearchProtocol) GetCacheName() (string, error)
GetCacheName returns the Redis cache domain. It returns a DetailedError, if no value has been configured.
func (*LDAPSearchProtocol) GetListAccountsFilter ¶
func (p *LDAPSearchProtocol) GetListAccountsFilter() (string, error)
GetListAccountsFilter returns an LDAP filter which is used to find all user accounts. It returns a DetailedError, if no value has been configured.
func (*LDAPSearchProtocol) GetScope ¶
func (p *LDAPSearchProtocol) GetScope() (*LDAPScope, error)
GetScope returns an LDAP search scope. If no scope was defined, it automatically sets the subtree scope. If a scope has been defined and is unknown, it returns a DetailedError.
func (*LDAPSearchProtocol) GetUserFilter ¶
func (p *LDAPSearchProtocol) GetUserFilter() (string, error)
GetUserFilter returns an LDAP search filter to find a user. It returns a DetailedError, if no value has been configured.
type LDAPSection ¶
type LDAPSection struct { Config *LDAPConf Search []LDAPSearchProtocol }
func (*LDAPSection) GetConfig ¶
func (l *LDAPSection) GetConfig() any
func (*LDAPSection) GetProtocols ¶
func (l *LDAPSection) GetProtocols() any
func (*LDAPSection) String ¶
func (l *LDAPSection) String() string
type LuaAction ¶
type LuaAction struct { ActionType string `mapstructure:"type"` ScriptPath string `mapstructure:"script_path"` }
type LuaFeature ¶
func (*LuaFeature) String ¶
func (l *LuaFeature) String() string
type LuaSearchProtocol ¶
type LuaSearchProtocol struct { Protocols []string `mapstructure:"protocol"` CacheName string `mapstructure:"cache_name"` }
func (*LuaSearchProtocol) GetCacheName ¶
func (l *LuaSearchProtocol) GetCacheName() (string, error)
GetCacheName returns the Redis cache domain. It returns a DetailedError, if no value has been configured.
type LuaSection ¶
type LuaSection struct { Actions []LuaAction Features []LuaFeature Filters []LuaFilter Config *LuaConf Search []LuaSearchProtocol }
func (*LuaSection) GetConfig ¶
func (l *LuaSection) GetConfig() any
func (*LuaSection) GetProtocols ¶
func (l *LuaSection) GetProtocols() any
func (*LuaSection) String ¶
func (l *LuaSection) String() string
type NginxBackendServer ¶
func (*NginxBackendServer) String ¶
func (n *NginxBackendServer) String() string
type NginxMonitoring ¶
type NginxMonitoring struct {
NginxBackendServer []*NginxBackendServer `mapstructure:"backend_servers"`
}
type OIDCCustomClaim ¶
type Oauth2Client ¶
type Oauth2CustomScope ¶
type Oauth2CustomScope struct { Name string Description string Claims []OIDCCustomClaim Other map[string]any `mapstructure:",remain"` }
type Oauth2Section ¶
type Oauth2Section struct { CustomScopes []Oauth2CustomScope `mapstructure:"custom_scopes"` Clients []Oauth2Client }
func (*Oauth2Section) String ¶
func (o *Oauth2Section) String() string
type PassDB ¶
type PassDB struct {
// contains filtered or unexported fields
}
PassDB is a password Database container.
func (*PassDB) Set ¶
Set updates the backend of the PassDB based on the provided value. It returns an error if the value is not valid. Valid values for the backend are "cache", "ldap", "mysql", "postgresql", "sql", and "lua". If the value is valid, the backend field of PassDB is updated accordingly. An error of type ErrWrongPassDB is returned if the value is not valid.
type Protocol ¶
type Protocol struct {
// contains filtered or unexported fields
}
Protocol is the protocol used between a remote client and a server. This server sets the protocol in an HTTP request header "Auth-Protocol" (Nginx protocol).
func NewProtocol ¶
NewProtocol creates a new Protocol object with the given protocol string. It initializes the name field of the Protocol object.
Example usage: protocol := NewProtocol("http")
type RBLSection ¶
type RBLSection struct { Lists []RBL Threshold int IPWhiteList []string `mapstructure:"ip_whitelist"` }
func (*RBLSection) String ¶
func (r *RBLSection) String() string
type RelayDomainsSection ¶
type RelayDomainsSection struct {
StaticDomains []string `mapstructure:"static"`
}
func (*RelayDomainsSection) String ¶
func (r *RelayDomainsSection) String() string
type StringSet ¶
StringSet is a storage container that ensures unique keys.
func (*StringSet) GetStringSlice ¶
GetStringSlice returns all values for a StringSet as a slice of strings.
type Verbosity ¶
type Verbosity struct {
// contains filtered or unexported fields
}
Verbosity is a type that represents the verbosity details.
func (*Verbosity) Set ¶
Set updates the verbosity level and name based on the provided value. It returns an error if the value is not valid. Valid values for the verbosity level are "none", "error", "warn", "info", and "debug". If the value is valid, the verboseLevel and name fields are updated accordingly. An error of type ErrWrongVerboseLevel is returned if the value is not valid.