security

package
v0.0.0-...-0b35af4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2026 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditEntry 

type AuditEntry struct {
	ID        string                 `json:"id"`
	Timestamp time.Time              `json:"timestamp"`
	ActorID   string                 `json:"actor_id"` // User or System Component
	Action    string                 `json:"action"`
	Resource  string                 `json:"resource"`
	Changes   map[string]interface{} `json:"changes,omitempty"`
	Status    string                 `json:"status"` // SUCCESS, FAILURE
	IPAddress string                 `json:"ip_address,omitempty"`
	Level     AuditLevel             `json:"level"`
	Metadata  map[string]string      `json:"metadata,omitempty"`
	Signature string                 `json:"signature"` // HMAC for immutability check
}

AuditEntry represents a single audit log entry

type AuditLevel 

type AuditLevel string

AuditLevel defines the severity of the audit log 

const (
	AuditLevelInfo     AuditLevel = "INFO"
	AuditLevelWarning  AuditLevel = "WARNING"
	AuditLevelCritical AuditLevel = "CRITICAL"
)

type AuditLogger 

type AuditLogger struct {
	// contains filtered or unexported fields
}

AuditLogger handles audit logging

func NewAuditLogger 

func NewAuditLogger(filePath string, signingKey string) (*AuditLogger, error)

NewAuditLogger creates a new audit logger

func (*AuditLogger) Close 

func (l *AuditLogger) Close() error

Close closes the log file

func (*AuditLogger) Log 

func (l *AuditLogger) Log(actorID, action, resource, ip string, level AuditLevel, changes map[string]interface{}) error

Log records an action

type Claims 

type Claims struct {
	UserID   string   `json:"user_id"`
	Username string   `json:"username"`
	Roles    []string `json:"roles"`
	jwt.RegisteredClaims
}

Claims represents JWT claims

type DependencyScanner 

type DependencyScanner struct {
	ProjectPath string
}

DependencyScanner scans for outdated and vulnerable dependencies

func NewDependencyScanner 

func NewDependencyScanner(projectPath string) *DependencyScanner

NewDependencyScanner creates a new dependency scanner

func (*DependencyScanner) AutoUpdate 

func (s *DependencyScanner) AutoUpdate(ctx context.Context, dryRun bool) (*UpdateResult, error)

AutoUpdate attempts to auto-update safe dependencies

func (*DependencyScanner) GenerateReport 

func (s *DependencyScanner) GenerateReport(result *ScanResult) string

GenerateReport generates a security report

func (*DependencyScanner) Scan 

func (s *DependencyScanner) Scan(ctx context.Context) (*ScanResult, error)

Scan performs a full dependency scan

type EnhancedClaims 

type EnhancedClaims struct {
	UserID    string   `json:"user_id"`
	Username  string   `json:"username"`
	Roles     []string `json:"roles"`
	SessionID string   `json:"session_id"`
	LastLogin int64    `json:"last_login"`
	JTI       string   `json:"jti"` // JWT ID for token revocation
	jwt.RegisteredClaims
}

EnhancedClaims represents JWT claims with enhanced security

type EnhancedSecurityManager 

type EnhancedSecurityManager struct {
	// contains filtered or unexported fields
}

EnhancedSecurityManager handles all security-related operations with enhanced audit logging

func NewEnhancedSecurityManager 

func NewEnhancedSecurityManager(jwtSecret string, tokenExpiry, refreshExpiry time.Duration, logger *zap.Logger) *EnhancedSecurityManager

NewEnhancedSecurityManager creates a new security manager with audit logging

func (*EnhancedSecurityManager) CheckPassword 

func (sm *EnhancedSecurityManager) CheckPassword(hash, password, userID, ipAddress, userAgent string) error

CheckPassword checks a password against hash with audit logging

func (*EnhancedSecurityManager) GenerateTokenPair 

func (sm *EnhancedSecurityManager) GenerateTokenPair(userID, username string, roles []string, ipAddress, userAgent string) (accessToken, refreshToken string, err error)

GenerateTokenPair generates access and refresh tokens with audit logging

func (*EnhancedSecurityManager) GetSecurityMiddleware 

func (sm *EnhancedSecurityManager) GetSecurityMiddleware() func(http.Handler) http.Handler

GetSecurityMiddleware returns HTTP middleware with security audit logging

func (*EnhancedSecurityManager) HashPassword 

func (sm *EnhancedSecurityManager) HashPassword(password string) (string, error)

HashPassword hashes a password with audit logging

func (*EnhancedSecurityManager) ValidateToken 

func (sm *EnhancedSecurityManager) ValidateToken(tokenString, ipAddress, userAgent string) (*EnhancedClaims, error)

ValidateToken validates a JWT token with comprehensive audit logging

type InputValidator 

type InputValidator struct{}

InputValidator provides input validation utilities

func NewInputValidator 

func NewInputValidator() *InputValidator

NewInputValidator creates a new input validator

func (*InputValidator) SanitizeInput 

func (iv *InputValidator) SanitizeInput(input string) string

SanitizeInput sanitizes user input

func (*InputValidator) ValidateAPIKey 

func (iv *InputValidator) ValidateAPIKey(apiKey string) bool

ValidateAPIKey validates an API key format

func (*InputValidator) ValidateResourceID 

func (iv *InputValidator) ValidateResourceID(resourceID string) bool

ValidateResourceID validates a resource ID format

type OutdatedPackage 

type OutdatedPackage struct {
	Name           string
	CurrentVersion string
	LatestVersion  string
	VersionsBehind int
	Breaking       bool
}

OutdatedPackage represents an outdated dependency

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter implements thread-safe rate limiting

func NewRateLimiter 

func NewRateLimiter(limit int, window time.Duration) *RateLimiter

NewRateLimiter creates a new rate limiter

func (*RateLimiter) Allow 

func (rl *RateLimiter) Allow(key string) bool

Allow checks if a request is allowed (thread-safe)

type ScanResult 

type ScanResult struct {
	Timestamp        time.Time
	OutdatedPackages []OutdatedPackage
	Vulnerabilities  []Vulnerability
	TotalPackages    int
	RiskScore        float64
}

ScanResult contains scan results

type ScheduledScanner 

type ScheduledScanner struct {
	// contains filtered or unexported fields
}

ScheduledScanner runs scans on a schedule

func NewScheduledScanner 

func NewScheduledScanner(scanner *DependencyScanner, interval time.Duration) *ScheduledScanner

NewScheduledScanner creates a scanner that runs on schedule

func (*ScheduledScanner) Start 

func (s *ScheduledScanner) Start(callback func(*ScanResult))

Start starts the scheduled scanner

func (*ScheduledScanner) Stop 

func (s *ScheduledScanner) Stop()

Stop stops the scheduled scanner

type SecurityAuditEvent 

type SecurityAuditEvent struct {
	Timestamp time.Time              `json:"timestamp"`
	EventType string                 `json:"event_type"`
	UserID    string                 `json:"user_id,omitempty"`
	Username  string                 `json:"username,omitempty"`
	IPAddress string                 `json:"ip_address"`
	UserAgent string                 `json:"user_agent"`
	Resource  string                 `json:"resource,omitempty"`
	Action    string                 `json:"action,omitempty"`
	Success   bool                   `json:"success"`
	Reason    string                 `json:"reason,omitempty"`
	RiskScore int                    `json:"risk_score"`
	Metadata  map[string]interface{} `json:"metadata,omitempty"`
	RequestID string                 `json:"request_id"`
}

SecurityAuditEvent represents a security-related audit event

type SecurityController 

type SecurityController struct {
	SecretKey []byte // In production, this would come from Vault/KMS
}

func NewSecurityController 

func NewSecurityController(key []byte) *SecurityController

func (*SecurityController) Decrypt 

func (sc *SecurityController) Decrypt(data []byte) ([]byte, error)

func (*SecurityController) Encrypt 

func (sc *SecurityController) Encrypt(data []byte) ([]byte, error)

type SecurityManager 

type SecurityManager struct {
	// contains filtered or unexported fields
}

SecurityManager handles all security-related operations

func NewSecurityManager 

func NewSecurityManager(jwtSecret string, tokenExpiry, refreshExpiry time.Duration, logger *zap.Logger) *SecurityManager

NewSecurityManager creates a new security manager

func (*SecurityManager) CheckPassword 

func (sm *SecurityManager) CheckPassword(password, hash string) bool

CheckPassword checks if a password matches the hash

func (*SecurityManager) GenerateAPIKey 

func (sm *SecurityManager) GenerateAPIKey() (string, error)

GenerateAPIKey generates a secure API key

func (*SecurityManager) GenerateTokenPair 

func (sm *SecurityManager) GenerateTokenPair(userID, username string, roles []string) (accessToken, refreshToken string, err error)

GenerateTokenPair generates access and refresh tokens

func (*SecurityManager) HashPassword 

func (sm *SecurityManager) HashPassword(password string) (string, error)

HashPassword hashes a password using bcrypt

func (*SecurityManager) ValidateToken 

func (sm *SecurityManager) ValidateToken(tokenString string) (*Claims, error)

ValidateToken validates a JWT token

type SecurityMiddleware 

type SecurityMiddleware struct {
	// contains filtered or unexported fields
}

SecurityMiddleware provides HTTP security middleware

func NewSecurityMiddleware 

func NewSecurityMiddleware(sm *SecurityManager, logger *zap.Logger) *SecurityMiddleware

NewSecurityMiddleware creates new security middleware

func (*SecurityMiddleware) AuthMiddleware 

func (sm *SecurityMiddleware) AuthMiddleware(next http.HandlerFunc) http.HandlerFunc

AuthMiddleware authenticates requests

func (*SecurityMiddleware) CORSMiddleware 

func (sm *SecurityMiddleware) CORSMiddleware(next http.HandlerFunc) http.HandlerFunc

CORSMiddleware adds CORS headers

func (*SecurityMiddleware) LoggingMiddleware 

func (sm *SecurityMiddleware) LoggingMiddleware(next http.HandlerFunc) http.HandlerFunc

LoggingMiddleware logs HTTP requests

func (*SecurityMiddleware) SecurityHeadersMiddleware 

func (sm *SecurityMiddleware) SecurityHeadersMiddleware(next http.HandlerFunc) http.HandlerFunc

SecurityHeadersMiddleware adds security headers

type UpdateResult 

type UpdateResult struct {
	Updated []string
	Failed  []string
	Skipped []string
}

UpdateResult contains update results

type Vulnerability 

type Vulnerability struct {
	Package     string
	Version     string
	Severity    string // low, medium, high, critical
	CVE         string
	Description string
	FixedIn     string
}

Vulnerability represents a security vulnerability

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.