security

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2026 License: GPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuditLoginFailed added in v0.16.0 

func AuditLoginFailed(c *gin.Context, username, reason string)

AuditLoginFailed logs a failed login attempt

func AuditLoginSuccess added in v0.16.0 

func AuditLoginSuccess(c *gin.Context, userID uint, rememberMe bool)

AuditLoginSuccess logs a successful login attempt

func AuditLogout added in v0.16.0 

func AuditLogout(c *gin.Context, userID uint)

AuditLogout logs a logout event

func AuditRateLimitExceeded added in v0.16.0 

func AuditRateLimitExceeded(c *gin.Context, endpoint string)

AuditRateLimitExceeded logs a rate limit exceeded event

func AuditRefreshFailed added in v0.16.0 

func AuditRefreshFailed(c *gin.Context, reason string)

AuditRefreshFailed logs a failed token refresh attempt

func AuditRefreshSuccess added in v0.16.0 

func AuditRefreshSuccess(c *gin.Context, userID uint)

AuditRefreshSuccess logs a successful token refresh

func CleanupExpiredTokens added in v0.16.0 

func CleanupExpiredTokens(ctx context.Context) (int64, error)

CleanupExpiredTokens deletes expired refresh tokens

func DeleteRefreshToken added in v0.16.0 

func DeleteRefreshToken(ctx context.Context, tokenString string) error

DeleteRefreshToken deletes a refresh token (revocation)

func ExtractToken 

func ExtractToken(c *gin.Context) string

ExtractToken extracts token from header or query (existing function, moved here)

func ExtractTokenID 

func ExtractTokenID(c *gin.Context) (uint, error)

ExtractTokenID extracts user ID from token (existing function, moved here)

func GenerateToken 

func GenerateToken(userID uint) (string, error)

GenerateToken generates a JWT access token (existing function, moved here)

func HashPassword 

func HashPassword(password string) (string, error)

HashPassword hashes a password using bcrypt

func JwtAuthAdminProcessor 

func JwtAuthAdminProcessor() gin.HandlerFunc

JwtAuthAdminProcessor validates JWT and checks admin role (existing function, moved here)

func JwtAuthProcessor 

func JwtAuthProcessor() gin.HandlerFunc

JwtAuthProcessor validates JWT tokens (existing function, moved here)

func RefreshRateLimiter added in v0.16.0 

func RefreshRateLimiter(requestsPerMinute, burstSize int) gin.HandlerFunc

RefreshRateLimiter creates a rate limiting middleware for /auth/refresh endpoint

func RefreshTokenHandler added in v0.16.0 

func RefreshTokenHandler(c *gin.Context)

RefreshTokenHandler handles POST /auth/refresh @Summary Refresh access token @Description Exchange a valid refresh token for a new access token @Tags Authentication @Accept json @Produce json @Param refresh_token body RefreshTokenInput true "Refresh Token" @Success 200 {object} RefreshResponse @Failure 400 {object} apitypes.ErrorResponse "Invalid input" @Failure 401 {object} apitypes.ErrorResponse "Invalid or expired refresh token" @Failure 500 {object} apitypes.ErrorResponse "Internal server error" @Router /auth/refresh [post]

func TokenValid 

func TokenValid(c *gin.Context) error

TokenValid validates a JWT token (existing function, moved here)

func UpdateLastUsed added in v0.16.0 

func UpdateLastUsed(ctx context.Context, tokenID uint) error

UpdateLastUsed updates the last_used_at timestamp

func VerifyPassword 

func VerifyPassword(password, hashedPassword string) error

VerifyPassword verifies a password against a bcrypt hash

Types

type AuditEvent added in v0.16.0 

type AuditEvent struct {
	Timestamp  time.Time      `json:"timestamp"`
	EventType  AuditEventType `json:"event_type"`
	UserID     *uint          `json:"user_id,omitempty"`
	Username   string         `json:"username,omitempty"`
	IP         string         `json:"ip"`
	UserAgent  string         `json:"user_agent,omitempty"`
	Message    string         `json:"message"`
	RememberMe bool           `json:"remember_me,omitempty"`
}

AuditEvent represents a security audit event

type AuditEventType added in v0.16.0 

type AuditEventType string

AuditEventType represents the type of audit event 

const (
	// Authentication events
	EventLoginSuccess      AuditEventType = "login_success"
	EventLoginFailed       AuditEventType = "login_failed"
	EventRefreshSuccess    AuditEventType = "refresh_success"
	EventRefreshFailed     AuditEventType = "refresh_failed"
	EventLogout            AuditEventType = "logout"
	EventRateLimitExceeded AuditEventType = "rate_limit_exceeded"
)

type IPRateLimiter added in v0.16.0 

type IPRateLimiter struct {
	// contains filtered or unexported fields
}

IPRateLimiter manages rate limiters per IP address

func NewIPRateLimiter added in v0.16.0 

func NewIPRateLimiter(requestsPerMinute, burstSize int) *IPRateLimiter

NewIPRateLimiter creates a new IP-based rate limiter

func (*IPRateLimiter) GetLimiter added in v0.16.0 

func (rl *IPRateLimiter) GetLimiter(ip string) *rate.Limiter

GetLimiter returns the rate limiter for an IP, creating if needed

type RefreshResponse added in v0.16.0 

type RefreshResponse struct {
	AccessToken string `json:"access_token"`
	ExpiresIn   int64  `json:"expires_in"`
}

RefreshResponse represents the response from refresh endpoint

type RefreshToken added in v0.16.0 

type RefreshToken struct {
	ID         uint       `json:"id"`
	Token      string     `json:"token"`
	AccountID  uint       `json:"account_id"`
	ExpiresAt  time.Time  `json:"expires_at"`
	CreatedAt  time.Time  `json:"created_at"`
	LastUsedAt *time.Time `json:"last_used_at,omitempty"`
	Revoked    bool       `json:"revoked"`
}

RefreshToken represents a refresh token in the database

func CreateRefreshToken added in v0.16.0 

func CreateRefreshToken(ctx context.Context, accountID uint, rememberMe bool) (*RefreshToken, error)

CreateRefreshToken creates a new refresh token for a user

func GetRefreshToken added in v0.16.0 

func GetRefreshToken(ctx context.Context, tokenString string) (*RefreshToken, error)

GetRefreshToken retrieves a refresh token by token string

type RefreshTokenInput added in v0.16.0 

type RefreshTokenInput struct {
	Token string `json:"refresh_token" binding:"required"`
}

RefreshTokenInput represents the input for refresh token endpoint

type TokenPairResponse added in v0.16.0 

type TokenPairResponse struct {
	Token            string `json:"token"` // Backward compatibility - same as AccessToken
	AccessToken      string `json:"access_token"`
	RefreshToken     string `json:"refresh_token"`
	AccessExpiresIn  int64  `json:"access_expires_in"`
	RefreshExpiresIn int64  `json:"refresh_expires_in"`
}

TokenPairResponse represents access + refresh token pair

func GenerateTokenPair added in v0.16.0 

func GenerateTokenPair(ctx context.Context, accountID uint, rememberMe bool) (*TokenPairResponse, error)

GenerateTokenPair generates both access and refresh tokens (NEW)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.