security

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2026 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidKey indicates an invalid encryption key
	ErrInvalidKey = errors.New("invalid encryption key")
	// ErrDecryptionFailed indicates decryption failure
	ErrDecryptionFailed = errors.New("decryption failed")
	// ErrInvalidCiphertext indicates invalid ciphertext format
	ErrInvalidCiphertext = errors.New("invalid ciphertext format")
)
View Source 
var (
	// ErrIPBlocked is returned when an IP is blocked
	ErrIPBlocked = errors.New("IP address is blocked")
	// ErrConnectionLimitExceeded is returned when connection limit is exceeded
	ErrConnectionLimitExceeded = errors.New("connection limit exceeded")
	// ErrInvalidIPPattern is returned for invalid IP patterns
	ErrInvalidIPPattern = errors.New("invalid IP pattern")
)
View Source 
var (
	// ErrKeyNotFound is returned when a key is not found
	ErrKeyNotFound = errors.New("stream key not found")
	// ErrKeyExpired is returned when a key has expired
	ErrKeyExpired = errors.New("stream key has expired")
	// ErrKeyInactive is returned when a key is inactive
	ErrKeyInactive = errors.New("stream key is inactive")
)
View Source 
var (
	// ErrInvalidOpacity is returned for invalid opacity values
	ErrInvalidOpacity = errors.New("opacity must be between 0.0 and 1.0")
	// ErrInvalidScale is returned for invalid scale values
	ErrInvalidScale = errors.New("scale must be between 0.0 and 1.0")
	// ErrWatermarkNotFound is returned when watermark is not found
	ErrWatermarkNotFound = errors.New("watermark not found")
)
View Source 
var (
	// ErrInvalidQuery is returned for invalid audit queries
	ErrInvalidQuery = errors.New("invalid audit query")
)
View Source 
var (
	// ErrRateLimitExceeded is returned when rate limit is exceeded
	ErrRateLimitExceeded = errors.New("rate limit exceeded")
)

Functions

func DefaultRateLimitConfigs 

func DefaultRateLimitConfigs() map[RateLimitLevel]*RateLimitConfig

DefaultRateLimitConfigs returns recommended rate limit configurations

func DeriveKey 

func DeriveKey(password, salt []byte, keySize int) []byte

DeriveKey derives an encryption key from a password using PBKDF2

func EmbedForensicWatermark 

func EmbedForensicWatermark(frame []byte, fw *ForensicWatermark) ([]byte, error)

EmbedForensicWatermark embeds forensic watermark data (invisible) This is a placeholder - in production, use steganography techniques

func GenerateRandomBytes 

func GenerateRandomBytes(n int) ([]byte, error)

GenerateRandomBytes generates cryptographically secure random bytes

func GenerateSelfSignedCert 

func GenerateSelfSignedCert(certFile, keyFile string, hosts []string, validFor time.Duration) error

GenerateSelfSignedCert generates a self-signed certificate (for testing/development only)

func HashPassword 

func HashPassword(password, salt []byte) []byte

HashPassword hashes a password using Argon2id

func HashPasswordWithSalt 

func HashPasswordWithSalt(password string) (hash, salt []byte, err error)

HashPasswordWithSalt hashes a password and returns both hash and salt

func ValidateCertificate 

func ValidateCertificate(certFile string) error

ValidateCertificate validates a certificate file

Types

type AuditEvent 

type AuditEvent struct {
	ID         string
	Type       AuditEventType
	Severity   AuditSeverity
	Timestamp  time.Time
	UserID     string
	IP         string
	Action     string
	Resource   string
	ResourceID string
	Status     string // success, failure, denied
	Message    string
	Metadata   map[string]interface{}
	Duration   time.Duration
}

AuditEvent represents a single audit log entry

type AuditEventType 

type AuditEventType string

AuditEventType defines the type of audit event 

const (
	// AuditEventAuth represents authentication events
	AuditEventAuth AuditEventType = "auth"
	// AuditEventStream represents stream lifecycle events
	AuditEventStream AuditEventType = "stream"
	// AuditEventAccess represents access control events
	AuditEventAccess AuditEventType = "access"
	// AuditEventSecurity represents security events
	AuditEventSecurity AuditEventType = "security"
	// AuditEventData represents data modification events
	AuditEventData AuditEventType = "data"
	// AuditEventAdmin represents administrative actions
	AuditEventAdmin AuditEventType = "admin"
	// AuditEventCompliance represents compliance-related events
	AuditEventCompliance AuditEventType = "compliance"
)

type AuditFilter 

type AuditFilter func(*AuditEvent) bool

AuditFilter is a function that determines if an event should be logged

type AuditLogger 

type AuditLogger struct {
	// contains filtered or unexported fields
}

AuditLogger logs security and compliance events

func NewAuditLogger 

func NewAuditLogger(maxEvents int, persistence AuditPersistence) *AuditLogger

NewAuditLogger creates a new audit logger

func (*AuditLogger) AddFilter 

func (al *AuditLogger) AddFilter(filter AuditFilter)

AddFilter adds an audit filter

func (*AuditLogger) ExportJSON 

func (al *AuditLogger) ExportJSON(query *AuditQuery) ([]byte, error)

ExportJSON exports audit events to JSON

func (*AuditLogger) GenerateComplianceReport 

func (al *AuditLogger) GenerateComplianceReport(startTime, endTime time.Time) (*ComplianceReport, error)

GenerateComplianceReport generates a compliance report

func (*AuditLogger) GetRecent 

func (al *AuditLogger) GetRecent(count int) []*AuditEvent

GetRecent returns the most recent audit events

func (*AuditLogger) Log 

func (al *AuditLogger) Log(event *AuditEvent) error

Log logs an audit event

func (*AuditLogger) LogAccess 

func (al *AuditLogger) LogAccess(userID, ip, resource, resourceID, action, status string) error

LogAccess logs an access control event

func (*AuditLogger) LogAuth 

func (al *AuditLogger) LogAuth(userID, ip, action, status, message string) error

LogAuth logs an authentication event

func (*AuditLogger) LogSecurityEvent 

func (al *AuditLogger) LogSecurityEvent(severity AuditSeverity, userID, ip, action, message string, metadata map[string]interface{}) error

LogSecurityEvent logs a security event

func (*AuditLogger) LogStream 

func (al *AuditLogger) LogStream(userID, streamID, action, status string) error

LogStream logs a stream event

func (*AuditLogger) Query 

func (al *AuditLogger) Query(query *AuditQuery) ([]*AuditEvent, error)

Query queries audit logs

func (*AuditLogger) SetEventCallback 

func (al *AuditLogger) SetEventCallback(callback func(*AuditEvent))

SetEventCallback sets the callback for new audit events

type AuditPersistence 

type AuditPersistence interface {
	Save(event *AuditEvent) error
	Query(filter *AuditQuery) ([]*AuditEvent, error)
	Delete(before time.Time) error
}

AuditPersistence is an interface for persisting audit logs

type AuditQuery 

type AuditQuery struct {
	StartTime  time.Time
	EndTime    time.Time
	Types      []AuditEventType
	Severities []AuditSeverity
	UserIDs    []string
	Actions    []string
	Limit      int
	Offset     int
}

AuditQuery defines query parameters for audit logs

type AuditSeverity 

type AuditSeverity string

AuditSeverity defines the severity level of an audit event 

const (
	// AuditSeverityInfo is for informational events
	AuditSeverityInfo AuditSeverity = "info"
	// AuditSeverityWarning is for warning events
	AuditSeverityWarning AuditSeverity = "warning"
	// AuditSeverityError is for error events
	AuditSeverityError AuditSeverity = "error"
	// AuditSeverityCritical is for critical security events
	AuditSeverityCritical AuditSeverity = "critical"
)

type CertificateInfo 

type CertificateInfo struct {
	Subject      pkix.Name
	Issuer       pkix.Name
	SerialNumber *big.Int
	NotBefore    time.Time
	NotAfter     time.Time
	DNSNames     []string
	IPAddresses  []string
	IsCA         bool
}

CertificateInfo contains information about a certificate

type CertificateManager 

type CertificateManager struct {
	// contains filtered or unexported fields
}

CertificateManager manages TLS certificates with auto-renewal

func NewCertificateManager 

func NewCertificateManager(config *TLSConfig) (*CertificateManager, error)

NewCertificateManager creates a new certificate manager

func (*CertificateManager) DisableAutoRenew 

func (cm *CertificateManager) DisableAutoRenew()

DisableAutoRenew disables automatic certificate renewal

func (*CertificateManager) EnableAutoRenew 

func (cm *CertificateManager) EnableAutoRenew(renewBefore time.Duration, onRenew func(*tls.Certificate), onError func(error))

EnableAutoRenew enables automatic certificate renewal

func (*CertificateManager) ExpiresIn 

func (cm *CertificateManager) ExpiresIn() time.Duration

ExpiresIn returns the duration until certificate expiry

func (*CertificateManager) GetCertificate 

func (cm *CertificateManager) GetCertificate() *tls.Certificate

GetCertificate returns the current certificate (safe for concurrent use)

func (*CertificateManager) GetCertificateInfo 

func (cm *CertificateManager) GetCertificateInfo() (*CertificateInfo, error)

GetCertificateInfo returns information about the current certificate

func (*CertificateManager) GetTLSConfig 

func (cm *CertificateManager) GetTLSConfig() *tls.Config

GetTLSConfig returns a tls.Config object

func (*CertificateManager) LoadCertificate 

func (cm *CertificateManager) LoadCertificate(certFile, keyFile string) error

LoadCertificate loads a certificate from files

func (*CertificateManager) NeedsRenewal 

func (cm *CertificateManager) NeedsRenewal() bool

NeedsRenewal checks if the certificate needs renewal

type ComplianceReport 

type ComplianceReport struct {
	ID               string
	GeneratedAt      time.Time
	StartTime        time.Time
	EndTime          time.Time
	TotalEvents      int
	EventsByType     map[AuditEventType]int
	EventsBySeverity map[AuditSeverity]int
	CriticalEvents   []*AuditEvent
	Violations       []string
	Recommendations  []string
}

ComplianceReport represents a compliance report

type Connection 

type Connection struct {
	ID        string
	IP        string
	UserID    string
	StartTime time.Time
	LastSeen  time.Time
	BytesSent int64
	BytesRecv int64
}

Connection represents an active connection

type ConnectionLimitConfig 

type ConnectionLimitConfig struct {
	// MaxConnectionsPerIP limits concurrent connections per IP
	MaxConnectionsPerIP int
	// MaxConnectionsGlobal limits total concurrent connections
	MaxConnectionsGlobal int
	// MaxConnectionRate limits new connections per second
	MaxConnectionRate int
	// BanDuration is how long to ban IPs that exceed limits
	BanDuration time.Duration
}

ConnectionLimitConfig defines connection limit settings

type ConnectionTracker 

type ConnectionTracker struct {
	// contains filtered or unexported fields
}

ConnectionTracker tracks active connections

func NewConnectionTracker 

func NewConnectionTracker(firewall *Firewall) *ConnectionTracker

NewConnectionTracker creates a new connection tracker

func (*ConnectionTracker) AddConnection 

func (ct *ConnectionTracker) AddConnection(conn *Connection) error

AddConnection adds a new connection

func (*ConnectionTracker) GetConnectionCount 

func (ct *ConnectionTracker) GetConnectionCount(ip string) int

GetConnectionCount returns the number of connections for an IP

func (*ConnectionTracker) GetTotalConnections 

func (ct *ConnectionTracker) GetTotalConnections() int

GetTotalConnections returns total number of active connections

func (*ConnectionTracker) RemoveConnection 

func (ct *ConnectionTracker) RemoveConnection(ip, connID string)

RemoveConnection removes a connection

type DataEncryptor 

type DataEncryptor struct {
	// contains filtered or unexported fields
}

DataEncryptor provides data encryption utilities

func NewDataEncryptor 

func NewDataEncryptor(keyManager *KeyManager) *DataEncryptor

NewDataEncryptor creates a new data encryptor

func (*DataEncryptor) DecryptBytes 

func (de *DataEncryptor) DecryptBytes(ciphertext []byte) ([]byte, error)

DecryptBytes decrypts byte data

func (*DataEncryptor) EncryptBytes 

func (de *DataEncryptor) EncryptBytes(plaintext []byte) ([]byte, error)

EncryptBytes encrypts arbitrary byte data

type EncryptionConfig 

type EncryptionConfig struct {
	Algorithm string // AES-256-GCM, AES-128-GCM
	KeySize   int    // 16 (AES-128) or 32 (AES-256)
}

EncryptionConfig holds encryption configuration

type EncryptionKey 

type EncryptionKey struct {
	ID        string
	Key       []byte
	Algorithm string
	CreatedAt int64
	ExpiresAt int64 // 0 means no expiration
}

EncryptionKey represents an encryption key with metadata

type Firewall 

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall manages IP-based access control

func NewFirewall 

func NewFirewall(config *ConnectionLimitConfig) *Firewall

NewFirewall creates a new firewall

func (*Firewall) AddRule 

func (fw *Firewall) AddRule(rule *IPRule) error

AddRule adds a firewall rule

func (*Firewall) BanIP 

func (fw *Firewall) BanIP(ip, reason string, duration time.Duration)

BanIP bans an IP address temporarily or permanently

func (*Firewall) CheckConnectionLimit 

func (fw *Firewall) CheckConnectionLimit(ip string) error

CheckConnectionLimit checks if a new connection from IP is allowed

func (*Firewall) CheckIP 

func (fw *Firewall) CheckIP(ip string) error

CheckIP checks if an IP address is allowed

func (*Firewall) DecrementConnection 

func (fw *Firewall) DecrementConnection(ip string)

DecrementConnection decrements connection count for an IP

func (*Firewall) GetStats 

func (fw *Firewall) GetStats() map[string]interface{}

GetStats returns firewall statistics

func (*Firewall) IncrementConnection 

func (fw *Firewall) IncrementConnection(ip string)

IncrementConnection increments connection count for an IP

func (*Firewall) RemoveRule 

func (fw *Firewall) RemoveRule(id string)

RemoveRule removes a firewall rule

func (*Firewall) SetBlockCallback 

func (fw *Firewall) SetBlockCallback(callback func(ip string, reason string))

SetBlockCallback sets the callback for when an IP is blocked

func (*Firewall) Stop 

func (fw *Firewall) Stop()

Stop stops the firewall

func (*Firewall) UnbanIP 

func (fw *Firewall) UnbanIP(ip string)

UnbanIP removes a ban for an IP address

type ForensicWatermark 

type ForensicWatermark struct {
	ID        string
	UserID    string
	StreamID  string
	SessionID string
	Timestamp time.Time
	Metadata  map[string]string
}

ForensicWatermark represents an invisible watermark for tracking

func CreateForensicWatermark 

func CreateForensicWatermark(userID, streamID, sessionID string, metadata map[string]string) *ForensicWatermark

CreateForensicWatermark creates a forensic watermark for tracking

func ExtractForensicWatermark 

func ExtractForensicWatermark(frame []byte) (*ForensicWatermark, error)

ExtractForensicWatermark extracts forensic watermark from frame This is a placeholder - in production, implement extraction

type IPAction 

type IPAction string

IPAction defines the action for an IP address 

const (
	// IPActionAllow allows the IP
	IPActionAllow IPAction = "allow"
	// IPActionBlock blocks the IP
	IPActionBlock IPAction = "block"
	// IPActionRateLimit applies rate limiting
	IPActionRateLimit IPAction = "ratelimit"
)

type IPRule 

type IPRule struct {
	ID        string
	Pattern   string // IP address or CIDR notation
	Action    IPAction
	Reason    string
	CreatedAt time.Time
	ExpiresAt time.Time // Zero value means no expiration
	Priority  int       // Higher priority rules are checked first
}

IPRule represents a firewall rule for an IP or CIDR range

type InMemoryPersistence 

type InMemoryPersistence struct {
	// contains filtered or unexported fields
}

InMemoryPersistence implements in-memory audit persistence

func NewInMemoryPersistence 

func NewInMemoryPersistence() *InMemoryPersistence

NewInMemoryPersistence creates a new in-memory persistence

func (*InMemoryPersistence) Delete 

func (imp *InMemoryPersistence) Delete(before time.Time) error

Delete deletes events before a certain time

func (*InMemoryPersistence) Query 

func (imp *InMemoryPersistence) Query(query *AuditQuery) ([]*AuditEvent, error)

Query queries audit events

func (*InMemoryPersistence) Save 

func (imp *InMemoryPersistence) Save(event *AuditEvent) error

Save saves an audit event

type KeyManager 

type KeyManager struct {
	// contains filtered or unexported fields
}

KeyManager manages encryption keys with rotation support

func NewKeyManager 

func NewKeyManager(keySize int) *KeyManager

NewKeyManager creates a new key manager

func (*KeyManager) AddKey 

func (km *KeyManager) AddKey(key *EncryptionKey) error

AddKey adds an existing key

func (*KeyManager) GenerateKey 

func (km *KeyManager) GenerateKey(id string) (*EncryptionKey, error)

GenerateKey generates a new random encryption key

func (*KeyManager) GetCurrentKey 

func (km *KeyManager) GetCurrentKey() (*EncryptionKey, error)

GetCurrentKey returns the current active key

func (*KeyManager) GetKey 

func (km *KeyManager) GetKey(id string) (*EncryptionKey, error)

GetKey retrieves a key by ID

func (*KeyManager) RotateKey 

func (km *KeyManager) RotateKey(newKeyID string) error

RotateKey rotates to a new key

func (*KeyManager) SetRotationCallback 

func (km *KeyManager) SetRotationCallback(callback func(oldKeyID, newKeyID string))

SetRotationCallback sets the callback for key rotation events

type KeyRotationManager 

type KeyRotationManager struct {
	// contains filtered or unexported fields
}

KeyRotationManager manages stream key rotation

func NewKeyRotationManager 

func NewKeyRotationManager(policy *KeyRotationPolicy) *KeyRotationManager

NewKeyRotationManager creates a new key rotation manager

func (*KeyRotationManager) GenerateKey 

func (krm *KeyRotationManager) GenerateKey(streamID, userID string) (*StreamKey, error)

GenerateKey generates a new stream key for a stream

func (*KeyRotationManager) GetKey 

func (krm *KeyRotationManager) GetKey(streamID string) (*StreamKey, error)

GetKey returns the current key for a stream

func (*KeyRotationManager) GetRotationStats 

func (krm *KeyRotationManager) GetRotationStats() *RotationStats

GetRotationStats returns statistics about key rotations

func (*KeyRotationManager) RevokeKey 

func (krm *KeyRotationManager) RevokeKey(streamID string) error

RevokeKey revokes a stream key immediately

func (*KeyRotationManager) RotateKey 

func (krm *KeyRotationManager) RotateKey(streamID string) (*StreamKey, error)

RotateKey rotates the key for a stream

func (*KeyRotationManager) SetExpirationCallback 

func (krm *KeyRotationManager) SetExpirationCallback(callback func(key *StreamKey))

SetExpirationCallback sets the callback for key expiration events

func (*KeyRotationManager) SetRotationCallback 

func (krm *KeyRotationManager) SetRotationCallback(callback func(oldKey, newKey *StreamKey))

SetRotationCallback sets the callback for key rotation events

func (*KeyRotationManager) Stop 

func (krm *KeyRotationManager) Stop()

Stop stops the auto-rotation loop

func (*KeyRotationManager) ValidateKey 

func (krm *KeyRotationManager) ValidateKey(streamID, keyString string) error

ValidateKey validates a stream key

type KeyRotationPolicy 

type KeyRotationPolicy struct {
	// RotateEvery defines how often to rotate keys
	RotateEvery time.Duration
	// MaxKeyAge is the maximum age before forcing rotation
	MaxKeyAge time.Duration
	// AutoRotate enables automatic key rotation
	AutoRotate bool
	// KeepHistory is how many old keys to keep for grace period
	KeepHistory int
	// GracePeriod allows old keys to work for this duration after rotation
	GracePeriod time.Duration
}

KeyRotationPolicy defines the key rotation policy

func DefaultRotationPolicy 

func DefaultRotationPolicy() *KeyRotationPolicy

DefaultRotationPolicy returns a secure default rotation policy

type MultiLevelRateLimiter 

type MultiLevelRateLimiter struct {
	// contains filtered or unexported fields
}

MultiLevelRateLimiter manages rate limiting at multiple levels

func NewMultiLevelRateLimiter 

func NewMultiLevelRateLimiter() *MultiLevelRateLimiter

NewMultiLevelRateLimiter creates a new multi-level rate limiter

func (*MultiLevelRateLimiter) AddLevel 

func (ml *MultiLevelRateLimiter) AddLevel(level RateLimitLevel, config *RateLimitConfig)

AddLevel adds a rate limiting level with configuration

func (*MultiLevelRateLimiter) Check 

func (ml *MultiLevelRateLimiter) Check(keys map[RateLimitLevel]string) (*RateLimitResult, error)

Check checks rate limits at all enabled levels

func (*MultiLevelRateLimiter) DisableLevel 

func (ml *MultiLevelRateLimiter) DisableLevel(level RateLimitLevel)

DisableLevel disables a specific rate limiting level

func (*MultiLevelRateLimiter) EnableLevel 

func (ml *MultiLevelRateLimiter) EnableLevel(level RateLimitLevel)

EnableLevel enables a specific rate limiting level

func (*MultiLevelRateLimiter) GetStatus 

func (ml *MultiLevelRateLimiter) GetStatus(keys map[RateLimitLevel]string) map[RateLimitLevel]*RateLimitResult

GetStatus returns status for all levels

func (*MultiLevelRateLimiter) Reset 

func (ml *MultiLevelRateLimiter) Reset(keys map[RateLimitLevel]string)

Reset resets rate limits for specific keys

func (*MultiLevelRateLimiter) Stop 

func (ml *MultiLevelRateLimiter) Stop()

Stop stops all rate limiters

type RateLimitConfig 

type RateLimitConfig struct {
	// Requests is the number of requests allowed
	Requests int
	// Window is the time window for the rate limit
	Window time.Duration
	// Burst allows burst traffic up to this limit
	Burst int
}

RateLimitConfig defines rate limit configuration

type RateLimitLevel 

type RateLimitLevel string

RateLimitLevel represents different levels of rate limiting 

const (
	// RateLimitLevelGlobal applies to entire system
	RateLimitLevelGlobal RateLimitLevel = "global"
	// RateLimitLevelIP applies per IP address
	RateLimitLevelIP RateLimitLevel = "ip"
	// RateLimitLevelUser applies per user
	RateLimitLevelUser RateLimitLevel = "user"
	// RateLimitLevelEndpoint applies per API endpoint
	RateLimitLevelEndpoint RateLimitLevel = "endpoint"
	// RateLimitLevelStream applies per stream
	RateLimitLevelStream RateLimitLevel = "stream"
)

type RateLimitResult 

type RateLimitResult struct {
	Allowed    bool
	Level      RateLimitLevel
	Limit      int
	Remaining  int
	RetryAfter time.Duration
	ResetTime  time.Time
}

RateLimitResult represents the result of a rate limit check

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter implements token bucket rate limiting

func NewRateLimiter 

func NewRateLimiter(config *RateLimitConfig) *RateLimiter

NewRateLimiter creates a new rate limiter

func (*RateLimiter) Allow 

func (rl *RateLimiter) Allow(key string) bool

Allow checks if a request should be allowed

func (*RateLimiter) GetStatus 

func (rl *RateLimiter) GetStatus(key string) *RateLimitResult

GetStatus returns the current status for a key

func (*RateLimiter) Reset 

func (rl *RateLimiter) Reset(key string)

Reset resets the rate limit for a specific key

func (*RateLimiter) SetCallback 

func (rl *RateLimiter) SetCallback(callback func(key string, level RateLimitLevel))

SetCallback sets the callback for when rate limit is exceeded

func (*RateLimiter) Stop 

func (rl *RateLimiter) Stop()

Stop stops the rate limiter and cleanup goroutine

type RotationStats 

type RotationStats struct {
	TotalKeys        int
	ActiveKeys       int
	ExpiredKeys      int
	AvgRotationCount float64
	NextRotation     time.Time
}

RotationStats provides statistics about key rotations

type StreamKey 

type StreamKey struct {
	ID            string
	StreamID      string
	Key           string
	UserID        string
	CreatedAt     time.Time
	ExpiresAt     time.Time
	IsActive      bool
	RotationCount int
	LastRotation  time.Time
}

StreamKey represents a stream key with metadata

type TLSConfig 

type TLSConfig struct {
	// CertFile is the path to the TLS certificate file
	CertFile string
	// KeyFile is the path to the TLS private key file
	KeyFile string
	// MinVersion is the minimum TLS version (default: TLS 1.2)
	MinVersion uint16
	// MaxVersion is the maximum TLS version (default: TLS 1.3)
	MaxVersion uint16
	// CipherSuites is the list of allowed cipher suites
	CipherSuites []uint16
	// InsecureSkipVerify skips certificate verification (for testing only)
	InsecureSkipVerify bool
	// ClientAuth defines the client authentication policy
	ClientAuth tls.ClientAuthType
	// RootCAs is the pool of root CAs for client verification
	RootCAs *x509.CertPool
}

TLSConfig represents TLS/SSL configuration for secure connections

func DefaultTLSConfig 

func DefaultTLSConfig() *TLSConfig

DefaultTLSConfig returns a secure default TLS configuration

type TokenEncryptor 

type TokenEncryptor struct {
	// contains filtered or unexported fields
}

TokenEncryptor encrypts and decrypts tokens

func NewTokenEncryptor 

func NewTokenEncryptor(keyManager *KeyManager) *TokenEncryptor

NewTokenEncryptor creates a new token encryptor

func (*TokenEncryptor) Decrypt 

func (te *TokenEncryptor) Decrypt(ciphertext string) (string, error)

Decrypt decrypts a token

func (*TokenEncryptor) Encrypt 

func (te *TokenEncryptor) Encrypt(plaintext string) (string, error)

Encrypt encrypts a token using the current key

type Watermark 

type Watermark struct {
	ID        string
	Config    *WatermarkConfig
	CreatedAt time.Time
	UpdatedAt time.Time
}

Watermark represents a watermark instance

type WatermarkConfig 

type WatermarkConfig struct {
	// Type is the type of watermark
	Type WatermarkType
	// Position is where to place the watermark
	Position WatermarkPosition
	// Text is the text for text-based watermarks
	Text string
	// Opacity is the opacity of the watermark (0.0 - 1.0)
	Opacity float64
	// Scale is the scale factor for the watermark (0.0 - 1.0)
	Scale float64
	// OffsetX is the horizontal offset in pixels
	OffsetX int
	// OffsetY is the vertical offset in pixels
	OffsetY int
	// ImageData is the watermark image data
	ImageData []byte
	// EnableForensic enables forensic watermarking (invisible)
	EnableForensic bool
	// ForensicID is the unique ID embedded in forensic watermark
	ForensicID string
}

WatermarkConfig defines watermark configuration

func DefaultWatermarkConfig 

func DefaultWatermarkConfig() *WatermarkConfig

DefaultWatermarkConfig returns a default watermark configuration

type WatermarkManager 

type WatermarkManager struct {
	// contains filtered or unexported fields
}

WatermarkManager manages watermarks for streams

func NewWatermarkManager 

func NewWatermarkManager() *WatermarkManager

NewWatermarkManager creates a new watermark manager

func (*WatermarkManager) AddTemplate 

func (wm *WatermarkManager) AddTemplate(name string, config *WatermarkConfig) error

AddTemplate adds a watermark template

func (*WatermarkManager) ApplyTemplate 

func (wm *WatermarkManager) ApplyTemplate(streamID, templateName string) (*Watermark, error)

ApplyTemplate applies a watermark template to a stream

func (*WatermarkManager) ApplyToFrame 

func (wm *WatermarkManager) ApplyToFrame(streamID string, frame []byte) ([]byte, error)

ApplyToFrame applies watermark to a video frame (simple implementation)

func (*WatermarkManager) ApplyWatermark 

func (wm *WatermarkManager) ApplyWatermark(streamID string, config *WatermarkConfig) (*Watermark, error)

ApplyWatermark applies a watermark to a stream

func (*WatermarkManager) GetWatermark 

func (wm *WatermarkManager) GetWatermark(streamID string) (*Watermark, error)

GetWatermark returns the watermark for a stream

func (*WatermarkManager) RemoveWatermark 

func (wm *WatermarkManager) RemoveWatermark(streamID string) error

RemoveWatermark removes watermark from a stream

func (*WatermarkManager) SetApplyCallback 

func (wm *WatermarkManager) SetApplyCallback(callback func(streamID string, watermark *Watermark))

SetApplyCallback sets the callback for when watermark is applied

func (*WatermarkManager) UpdateWatermark 

func (wm *WatermarkManager) UpdateWatermark(streamID string, config *WatermarkConfig) error

UpdateWatermark updates an existing watermark

type WatermarkPosition 

type WatermarkPosition string

WatermarkPosition defines the position of watermark 

const (
	// WatermarkPositionTopLeft places watermark at top-left
	WatermarkPositionTopLeft WatermarkPosition = "top-left"
	// WatermarkPositionTopRight places watermark at top-right
	WatermarkPositionTopRight WatermarkPosition = "top-right"
	// WatermarkPositionBottomLeft places watermark at bottom-left
	WatermarkPositionBottomLeft WatermarkPosition = "bottom-left"
	// WatermarkPositionBottomRight places watermark at bottom-right
	WatermarkPositionBottomRight WatermarkPosition = "bottom-right"
	// WatermarkPositionCenter places watermark at center
	WatermarkPositionCenter WatermarkPosition = "center"
)

type WatermarkType 

type WatermarkType string

WatermarkType defines the type of watermark 

const (
	// WatermarkTypeText is a text-based watermark
	WatermarkTypeText WatermarkType = "text"
	// WatermarkTypeImage is an image-based watermark
	WatermarkTypeImage WatermarkType = "image"
	// WatermarkTypeTimestamp adds timestamp watermark
	WatermarkTypeTimestamp WatermarkType = "timestamp"
	// WatermarkTypeUserID adds user ID watermark
	WatermarkTypeUserID WatermarkType = "userid"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.