security

package

v0.4.10 Latest Latest Go to latest Published: Feb 25, 2026 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/opus-domini/sentinel

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ExposesBeyondLoopback(listenAddr string) bool
func HasAllowedOrigins(origins []string) bool
func ValidateRemoteExposure(listenAddr, token string) error
type CookieSecurePolicy
- func ParseCookieSecurePolicy(s string) CookieSecurePolicy
type Guard
- func New(token string, allowedOrigins []string, cookieSecure CookieSecurePolicy) *Guard

Constants ¶

View Source

const AuthCookieName = "sentinel_auth"

Variables ¶

View Source

var (
	ErrUnauthorized = errors.New("unauthorized")
	ErrOriginDenied = errors.New("origin denied")
	ErrRemoteToken  = errors.New("token is required for non-loopback listen address")
)

Functions ¶

func ExposesBeyondLoopback ¶ added in v0.3.11

func ExposesBeyondLoopback(listenAddr string) bool

ExposesBeyondLoopback reports whether listenAddr is reachable from outside the host.

func HasAllowedOrigins ¶ added in v0.3.11

func HasAllowedOrigins(origins []string) bool

HasAllowedOrigins reports whether at least one non-empty origin is configured.

func ValidateRemoteExposure ¶ added in v0.3.10

func ValidateRemoteExposure(listenAddr, token string) error

ValidateRemoteExposure enforces the minimum security baseline when Sentinel is configured to listen on a non-loopback address.

Types ¶

type CookieSecurePolicy ¶ added in v0.3.12

type CookieSecurePolicy int

CookieSecurePolicy controls the Secure flag on auth cookies.

const (
	// CookieSecureAuto sets Secure based on per-request TLS detection.
	CookieSecureAuto CookieSecurePolicy = iota
	// CookieSecureAlways forces the Secure flag regardless of transport.
	CookieSecureAlways
	// CookieSecureNever omits the Secure flag regardless of transport.
	CookieSecureNever
)

func ParseCookieSecurePolicy ¶ added in v0.3.12

func ParseCookieSecurePolicy(s string) CookieSecurePolicy

ParseCookieSecurePolicy converts a config string to a CookieSecurePolicy.

type Guard ¶

type Guard struct {
	// contains filtered or unexported fields
}

func New ¶

func New(token string, allowedOrigins []string, cookieSecure CookieSecurePolicy) *Guard

func (*Guard) CheckOrigin ¶

func (g *Guard) CheckOrigin(r *http.Request) error

func (*Guard) ClearAuthCookie ¶ added in v0.3.12

func (g *Guard) ClearAuthCookie(w http.ResponseWriter, r *http.Request)

func (*Guard) RequireAuth ¶ added in v0.3.12

func (g *Guard) RequireAuth(r *http.Request) error

func (*Guard) SetAuthCookie ¶ added in v0.3.12

func (g *Guard) SetAuthCookie(w http.ResponseWriter, r *http.Request)

func (*Guard) TokenMatches ¶ added in v0.3.12

func (g *Guard) TokenMatches(token string) bool

func (*Guard) TokenRequired ¶

func (g *Guard) TokenRequired() bool

Source Files ¶

View all Source files

security.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL