handlers

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 1, 2026 License: MIT Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SessionUserID       = "user_id"
	SessionUsername     = "username"
	SessionLastActivity = "last_activity"
	SessionFingerprint  = "session_fingerprint"
)
View Source 
const (
	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.4
	GrantTypeDeviceCode = "urn:ietf:params:oauth:grant-type:device_code"
	// https://datatracker.ietf.org/doc/html/rfc6749#section-6
	GrantTypeRefreshToken = "refresh_token"
	// https://datatracker.ietf.org/doc/html/rfc6749#section-4.1
	GrantTypeAuthorizationCode = "authorization_code"
	// https://datatracker.ietf.org/doc/html/rfc6749#section-4.4
	GrantTypeClientCredentials = "client_credentials"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditHandler 

type AuditHandler struct {
	// contains filtered or unexported fields
}

AuditHandler handles audit log operations

func NewAuditHandler 

func NewAuditHandler(auditService *services.AuditService) *AuditHandler

NewAuditHandler creates a new audit handler

func (*AuditHandler) ExportAuditLogs 

func (h *AuditHandler) ExportAuditLogs(c *gin.Context)

ExportAuditLogs exports audit logs as CSV

func (*AuditHandler) GetAuditLogStats 

func (h *AuditHandler) GetAuditLogStats(c *gin.Context)

GetAuditLogStats returns statistics about audit logs

func (*AuditHandler) ListAuditLogs 

func (h *AuditHandler) ListAuditLogs(c *gin.Context)

ListAuditLogs retrieves audit logs with pagination and filtering (JSON API)

func (*AuditHandler) ShowAuditLogsPage 

func (h *AuditHandler) ShowAuditLogsPage(c *gin.Context)

ShowAuditLogsPage displays the audit logs HTML page

type AuthHandler 

type AuthHandler struct {
	// contains filtered or unexported fields
}

func NewAuthHandler 

func NewAuthHandler(
	us *services.UserService,
	baseURL string,
	fingerprintEnabled bool,
	fingerprintIncludeIP bool,
	m core.Recorder,
) *AuthHandler

func (*AuthHandler) Login 

func (h *AuthHandler) Login(c *gin.Context,
	oauthProviders map[string]*auth.OAuthProvider,
)

Login handles the login form submission

func (*AuthHandler) LoginPage 

func (h *AuthHandler) LoginPage(c *gin.Context)

LoginPage renders the login page

func (*AuthHandler) LoginPageWithOAuth 

func (h *AuthHandler) LoginPageWithOAuth(
	c *gin.Context,
	oauthProviders map[string]*auth.OAuthProvider,
)

LoginPageWithOAuth renders the login page with OAuth providers

func (*AuthHandler) Logout 

func (h *AuthHandler) Logout(c *gin.Context)

Logout clears the session and redirects to login

type AuthorizationHandler 

type AuthorizationHandler struct {
	// contains filtered or unexported fields
}

AuthorizationHandler manages the OAuth 2.0 Authorization Code Flow consent pages and the user's authorized-applications management UI.

func NewAuthorizationHandler 

func NewAuthorizationHandler(
	as *services.AuthorizationService,
	ts *services.TokenService,
	us *services.UserService,
	cfg *config.Config,
) *AuthorizationHandler

func (*AuthorizationHandler) HandleAuthorize 

func (h *AuthorizationHandler) HandleAuthorize(c *gin.Context)

HandleAuthorize processes the user's consent decision (POST /oauth/authorize). Requires the user to be logged in and a valid CSRF token.

func (*AuthorizationHandler) ListAuthorizations 

func (h *AuthorizationHandler) ListAuthorizations(c *gin.Context)

ListAuthorizations renders the user's authorized applications page (GET /account/authorizations).

func (*AuthorizationHandler) RevokeAuthorization 

func (h *AuthorizationHandler) RevokeAuthorization(c *gin.Context)

RevokeAuthorization revokes a user's consent for one application (POST /account/authorizations/:uuid/revoke).

func (*AuthorizationHandler) ShowAuthorizePage 

func (h *AuthorizationHandler) ShowAuthorizePage(c *gin.Context)

ShowAuthorizePage renders the OAuth consent page (GET /oauth/authorize). Requires the user to be logged in (enforced by RequireAuth middleware).

type ClientHandler 

type ClientHandler struct {
	// contains filtered or unexported fields
}

func NewClientHandler 

func NewClientHandler(
	cs *services.ClientService,
	as *services.AuthorizationService,
) *ClientHandler

func (*ClientHandler) CreateClient 

func (h *ClientHandler) CreateClient(c *gin.Context)

CreateClient handles the creation of a new OAuth client

func (*ClientHandler) DeleteClient 

func (h *ClientHandler) DeleteClient(c *gin.Context)

DeleteClient handles deleting an OAuth client

func (*ClientHandler) ListClientAuthorizations 

func (h *ClientHandler) ListClientAuthorizations(c *gin.Context)

ListClientAuthorizations shows all users who have granted access to this client (admin overview).

func (*ClientHandler) RegenerateSecret 

func (h *ClientHandler) RegenerateSecret(c *gin.Context)

RegenerateSecret handles regenerating the client secret

func (*ClientHandler) RevokeAllTokens 

func (h *ClientHandler) RevokeAllTokens(c *gin.Context)

RevokeAllTokens revokes all active tokens for a client (admin danger zone action).

func (*ClientHandler) ShowClientsPage 

func (h *ClientHandler) ShowClientsPage(c *gin.Context)

ShowClientsPage displays the list of all OAuth clients

func (*ClientHandler) ShowCreateClientPage 

func (h *ClientHandler) ShowCreateClientPage(c *gin.Context)

ShowCreateClientPage displays the form to create a new client

func (*ClientHandler) ShowEditClientPage 

func (h *ClientHandler) ShowEditClientPage(c *gin.Context)

ShowEditClientPage displays the form to edit an existing client

func (*ClientHandler) UpdateClient 

func (h *ClientHandler) UpdateClient(c *gin.Context)

UpdateClient handles updating an existing OAuth client

func (*ClientHandler) ViewClient 

func (h *ClientHandler) ViewClient(c *gin.Context)

ViewClient displays detailed information about a client

type DeviceHandler 

type DeviceHandler struct {
	// contains filtered or unexported fields
}

func NewDeviceHandler 

func NewDeviceHandler(
	ds *services.DeviceService,
	us *services.UserService,
	as *services.AuthorizationService,
	cfg *config.Config,
) *DeviceHandler

func (*DeviceHandler) DeviceCodeRequest 

func (h *DeviceHandler) DeviceCodeRequest(c *gin.Context)

DeviceCodeRequest godoc 

@Summary		Request device code
@Description	Request a device code for OAuth 2.0 device authorization flow (RFC 8628). This endpoint is called by CLI applications to initiate the device flow.
@Tags			OAuth
@Accept			json
@Accept			x-www-form-urlencoded
@Produce		json
@Param			client_id	formData	string																																true	"OAuth client ID"
@Param			scope		formData	string																																false	"Requested scopes (space-separated, default: 'read write')"
@Success		200			{object}	object{device_code=string,user_code=string,verification_uri=string,verification_uri_complete=string,expires_in=int,interval=int}	"Device code generated successfully"
@Failure		400			{object}	object{error=string,error_description=string}																						"Invalid request (invalid_client)"
@Failure		429			{object}	object{error=string,error_description=string}																						"Rate limit exceeded"
@Failure		500			{object}	object{error=string,error_description=string}																						"Internal server error"
@Router			/oauth/device/code [post]

func (*DeviceHandler) DevicePage 

func (h *DeviceHandler) DevicePage(c *gin.Context)

DevicePage renders the device code input page

func (*DeviceHandler) DeviceVerify 

func (h *DeviceHandler) DeviceVerify(c *gin.Context)

DeviceVerify handles the user code verification and authorization

type OAuthHandler 

type OAuthHandler struct {
	// contains filtered or unexported fields
}

OAuthHandler handles OAuth authentication

func NewOAuthHandler 

func NewOAuthHandler(
	providers map[string]*auth.OAuthProvider,
	userService *services.UserService,
	httpClient *http.Client,
	baseURL string,
	fingerprintEnabled bool,
	fingerprintIncludeIP bool,
	m core.Recorder,
) *OAuthHandler

NewOAuthHandler creates a new OAuth handler

func (*OAuthHandler) LoginWithProvider 

func (h *OAuthHandler) LoginWithProvider(c *gin.Context)

LoginWithProvider redirects user to OAuth provider

func (*OAuthHandler) OAuthCallback 

func (h *OAuthHandler) OAuthCallback(c *gin.Context)

OAuthCallback handles OAuth provider callback

type OIDCHandler added in v0.11.0 

type OIDCHandler struct {
	// contains filtered or unexported fields
}

OIDCHandler handles OIDC Discovery and UserInfo endpoints.

func NewOIDCHandler added in v0.11.0 

func NewOIDCHandler(
	ts *services.TokenService,
	us *services.UserService,
	cfg *config.Config,
) *OIDCHandler

NewOIDCHandler creates a new OIDCHandler.

func (*OIDCHandler) Discovery added in v0.11.0 

func (h *OIDCHandler) Discovery(c *gin.Context)

Discovery godoc 

@Summary		OIDC Discovery
@Description	OpenID Connect Provider Metadata (RFC 8414 / OIDC Discovery 1.0)
@Tags			OIDC
@Produce		json
@Success		200	{object}	discoveryMetadata	"Provider metadata"
@Router			/.well-known/openid-configuration [get]

func (*OIDCHandler) UserInfo added in v0.11.0 

func (h *OIDCHandler) UserInfo(c *gin.Context)

UserInfo godoc 

@Summary		UserInfo Endpoint
@Description	Returns claims about the authenticated end-user (OIDC Core 1.0 §5.3). Supports both GET and POST.
@Tags			OIDC
@Produce		json
@Security		BearerAuth
@Param			Authorization	header		string											true	"Bearer token"
@Success		200				{object}	object											"User claims (sub, name, email, etc.)"
@Failure		401				{object}	object{error=string,error_description=string}	"Invalid or missing Bearer token"
@Router			/oauth/userinfo [get]
@Router			/oauth/userinfo [post]

type SessionHandler 

type SessionHandler struct {
	// contains filtered or unexported fields
}

func NewSessionHandler 

func NewSessionHandler(ts *services.TokenService, us *services.UserService) *SessionHandler

func (*SessionHandler) DisableSession 

func (h *SessionHandler) DisableSession(c *gin.Context)

DisableSession temporarily disables a specific session by token ID

func (*SessionHandler) EnableSession 

func (h *SessionHandler) EnableSession(c *gin.Context)

EnableSession re-enables a previously disabled session by token ID

func (*SessionHandler) ListSessions 

func (h *SessionHandler) ListSessions(c *gin.Context)

ListSessions shows all active sessions (tokens) for the current user

func (*SessionHandler) RevokeAllSessions 

func (h *SessionHandler) RevokeAllSessions(c *gin.Context)

RevokeAllSessions revokes all sessions for the current user

func (*SessionHandler) RevokeSession 

func (h *SessionHandler) RevokeSession(c *gin.Context)

RevokeSession revokes a specific session by token ID

type TokenHandler 

type TokenHandler struct {
	// contains filtered or unexported fields
}

func NewTokenHandler 

func NewTokenHandler(
	ts *services.TokenService,
	as *services.AuthorizationService,
	cfg *config.Config,
) *TokenHandler

func (*TokenHandler) Revoke 

func (h *TokenHandler) Revoke(c *gin.Context)

Revoke godoc 

@Summary		Revoke token
@Description	Revoke an access token or refresh token (RFC 7009). Returns 200 for both successful revocation and invalid tokens to prevent token scanning attacks.
@Tags			OAuth
@Accept			json
@Accept			x-www-form-urlencoded
@Produce		json
@Param			token			formData	string											true	"Token to revoke (access token or refresh token)"
@Param			token_type_hint	formData	string											false	"Token type hint: 'access_token' or 'refresh_token'"
@Success		200				{string}	string											"Token revoked successfully (or invalid token)"
@Failure		400				{object}	object{error=string,error_description=string}	"Invalid request (token parameter missing)"
@Router			/oauth/revoke [post]

func (*TokenHandler) Token 

func (h *TokenHandler) Token(c *gin.Context)

Token godoc 

@Summary		Request access token
@Description	Exchange device code or refresh token for access token (RFC 8628 and RFC 6749)
@Tags			OAuth
@Accept			json
@Accept			x-www-form-urlencoded
@Produce		json
@Param			grant_type		formData	string																							true	"Grant type: 'urn:ietf:params:oauth:grant-type:device_code' or 'refresh_token'"
@Param			device_code		formData	string																							false	"Device code (required when grant_type=device_code)"
@Param			client_id		formData	string																							true	"OAuth client ID"
@Param			refresh_token	formData	string																							false	"Refresh token (required when grant_type=refresh_token)"
@Success		200				{object}	object{access_token=string,refresh_token=string,token_type=string,expires_in=int,scope=string}	"Access token issued successfully"
@Failure		400				{object}	object{error=string,error_description=string}													"Invalid request (unsupported_grant_type, invalid_request, authorization_pending, slow_down, expired_token, access_denied, invalid_grant)"
@Failure		429				{object}	object{error=string,error_description=string}													"Rate limit exceeded"
@Failure		500				{object}	object{error=string,error_description=string}													"Internal server error"
@Router			/oauth/token [post]

func (*TokenHandler) TokenInfo 

func (h *TokenHandler) TokenInfo(c *gin.Context)

TokenInfo godoc 

@Summary		Validate access token
@Description	Verify JWT token validity and retrieve token information (RFC 7662 style introspection)
@Tags			OAuth
@Accept			json
@Produce		json
@Security		BearerAuth
@Param			Authorization	header		string																				true	"Bearer token (format: 'Bearer <token>')"
@Success		200				{object}	object{active=bool,user_id=string,client_id=string,scope=string,exp=int,iss=string}	"Token is valid"
@Failure		401				{object}	object{error=string,error_description=string}										"Token is invalid or expired (missing_token, invalid_token)"
@Router			/oauth/tokeninfo [get]

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.