Documentation
¶
Index ¶
- func AuthMiddleware(manager *Manager) gin.HandlerFunc
- func CORSMiddleware(allowedOrigins []string) gin.HandlerFunc
- func CSRFMiddleware(tokenHeader string) gin.HandlerFunc
- func MaskAPIKey(apiKey string) string
- func MaskEmail(email string) string
- func MaskValue(value string, showChars int) string
- func RateLimitMiddleware(limiter *IPRateLimiter) gin.HandlerFunc
- func RequestIDMiddleware() gin.HandlerFunc
- func SanitizationMiddleware(sanitizer *DataSanitizer) gin.HandlerFunc
- func SecurityMiddleware(manager *Manager) gin.HandlerFunc
- type APIKeyInfo
- type AccessAttempt
- type AuditEntry
- type AuditFilter
- type Auditor
- type DataSanitizer
- func (s *DataSanitizer) RedactSecrets(message string) string
- func (s *DataSanitizer) RemoveSensitiveData(data map[string]interface{}) map[string]interface{}
- func (s *DataSanitizer) SanitizeRequest(req interface{}) (interface{}, error)
- func (s *DataSanitizer) SanitizeResponse(resp interface{}) (interface{}, error)
- func (s *DataSanitizer) SanitizeString(str string) string
- type IPInfo
- type IPRateLimiter
- type Manager
- func (m *Manager) AddIPToBlacklist(ip string)
- func (m *Manager) AddIPToWhitelist(ip string)
- func (m *Manager) Close() error
- func (m *Manager) GenerateAPIKey(permissions []string, rateLimit int) (string, error)
- func (m *Manager) GetMetrics() map[string]interface{}
- func (m *Manager) RemoveIPFromBlacklist(ip string)
- func (m *Manager) RemoveIPFromWhitelist(ip string)
- func (m *Manager) RevokeAPIKey(key string) error
- func (m *Manager) SanitizeRequest(req interface{}) (interface{}, error)
- func (m *Manager) SanitizeResponse(resp interface{}) (interface{}, error)
- func (m *Manager) ValidateAPIKey(key string) error
- func (m *Manager) ValidateRequest(req *http.Request) error
- func (m *Manager) ValidateResponse(resp interface{}) error
- type RateLimitInfo
- type RequestValidator
- type Sanitizer
- type SecurityAuditor
- func (a *SecurityAuditor) Close() error
- func (a *SecurityAuditor) GetAuditTrail(filter AuditFilter) []AuditEntry
- func (a *SecurityAuditor) LogAccessAttempt(attempt AccessAttempt)
- func (a *SecurityAuditor) LogSecurityAlert(alertType, description string, data map[string]interface{})
- func (a *SecurityAuditor) LogSecurityEvent(event SecurityEvent)
- func (a *SecurityAuditor) LogSuspiciousActivity(activityType, source, description string)
- func (a *SecurityAuditor) LogValidationFailure(failure ValidationFailure)
- func (a *SecurityAuditor) RotateLogs() error
- type SecurityConfig
- type SecurityEvent
- type SecurityLevel
- type TokenBucketRateLimiter
- type ValidationFailure
- type ValidationResult
- type Validator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthMiddleware ¶
func AuthMiddleware(manager *Manager) gin.HandlerFunc
AuthMiddleware provides authentication middleware
func CORSMiddleware ¶
func CORSMiddleware(allowedOrigins []string) gin.HandlerFunc
CORSMiddleware provides CORS security middleware
func CSRFMiddleware ¶
func CSRFMiddleware(tokenHeader string) gin.HandlerFunc
CSRFMiddleware provides CSRF protection
func RateLimitMiddleware ¶
func RateLimitMiddleware(limiter *IPRateLimiter) gin.HandlerFunc
RateLimitMiddleware provides rate limiting middleware
func RequestIDMiddleware ¶
func RequestIDMiddleware() gin.HandlerFunc
RequestIDMiddleware adds a unique request ID to each request
func SanitizationMiddleware ¶
func SanitizationMiddleware(sanitizer *DataSanitizer) gin.HandlerFunc
SanitizationMiddleware sanitizes request and response data
func SecurityMiddleware ¶
func SecurityMiddleware(manager *Manager) gin.HandlerFunc
SecurityMiddleware provides security middleware for HTTP handlers
Types ¶
type APIKeyInfo ¶
type APIKeyInfo struct {
Key string
Hash string
Created time.Time
LastUsed time.Time
Permissions []string
RateLimit int
Active bool
}
APIKeyInfo stores API key information
type AccessAttempt ¶
type AccessAttempt struct {
ID string `json:"id"`
Timestamp time.Time `json:"timestamp"`
IP string `json:"ip"`
UserAgent string `json:"user_agent"`
Method string `json:"method"`
Path string `json:"path"`
Success bool `json:"success"`
Reason string `json:"reason,omitempty"`
APIKey string `json:"-"` // Don't log the actual key
APIKeyHash string `json:"api_key_hash,omitempty"`
}
AccessAttempt represents an access attempt
type AuditEntry ¶
type AuditEntry struct {
ID string `json:"id"`
Timestamp time.Time `json:"timestamp"`
Type string `json:"type"`
Actor string `json:"actor"`
Action string `json:"action"`
Resource string `json:"resource"`
Result string `json:"result"`
Details map[string]interface{} `json:"details,omitempty"`
}
AuditEntry represents an audit log entry
type AuditFilter ¶
type AuditFilter struct {
StartTime time.Time
EndTime time.Time
Type string
Actor string
Action string
Result string
Limit int
Offset int
}
AuditFilter for querying audit logs
type Auditor ¶
type Auditor interface {
LogSecurityEvent(event SecurityEvent)
LogAccessAttempt(attempt AccessAttempt)
LogValidationFailure(failure ValidationFailure)
GetAuditTrail(filter AuditFilter) []AuditEntry
}
Auditor interface for security auditing
type DataSanitizer ¶
type DataSanitizer struct {
// contains filtered or unexported fields
}
DataSanitizer sanitizes data to prevent security issues
func NewDataSanitizer ¶
func NewDataSanitizer(config *SecurityConfig) (*DataSanitizer, error)
NewDataSanitizer creates a new data sanitizer
func (*DataSanitizer) RedactSecrets ¶
func (s *DataSanitizer) RedactSecrets(message string) string
RedactSecrets redacts secrets from log messages
func (*DataSanitizer) RemoveSensitiveData ¶
func (s *DataSanitizer) RemoveSensitiveData(data map[string]interface{}) map[string]interface{}
RemoveSensitiveData removes sensitive data from a map
func (*DataSanitizer) SanitizeRequest ¶
func (s *DataSanitizer) SanitizeRequest(req interface{}) (interface{}, error)
SanitizeRequest sanitizes incoming requests
func (*DataSanitizer) SanitizeResponse ¶
func (s *DataSanitizer) SanitizeResponse(resp interface{}) (interface{}, error)
SanitizeResponse sanitizes outgoing responses
func (*DataSanitizer) SanitizeString ¶
func (s *DataSanitizer) SanitizeString(str string) string
SanitizeString sanitizes a string value
type IPInfo ¶
type IPInfo struct {
IP string
Country string
Region string
City string
ISP string
ThreatLevel int
IsProxy bool
IsVPN bool
IsTor bool
}
IPInfo represents IP address information
type IPRateLimiter ¶
type IPRateLimiter struct {
// contains filtered or unexported fields
}
IPRateLimiter implements a simple IP-based rate limiter
func NewIPRateLimiter ¶
func NewIPRateLimiter(limit int, window time.Duration) *IPRateLimiter
NewIPRateLimiter creates a new IP rate limiter
func (*IPRateLimiter) Allow ¶
func (rl *IPRateLimiter) Allow(ip string) bool
Allow checks if a request from the given IP is allowed
func (*IPRateLimiter) GetLimit ¶
func (rl *IPRateLimiter) GetLimit(ip string) RateLimitInfo
GetLimit returns the current limit for an IP
func (*IPRateLimiter) Reset ¶
func (rl *IPRateLimiter) Reset(ip string)
Reset resets the rate limit for an IP
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager coordinates all security components
func NewManager ¶
func NewManager(config *SecurityConfig) (*Manager, error)
NewManager creates a new security manager
func (*Manager) AddIPToBlacklist ¶
AddIPToBlacklist adds an IP to the blacklist
func (*Manager) AddIPToWhitelist ¶
AddIPToWhitelist adds an IP to the whitelist
func (*Manager) GenerateAPIKey ¶
GenerateAPIKey generates a new API key
func (*Manager) GetMetrics ¶
GetMetrics returns security metrics
func (*Manager) RemoveIPFromBlacklist ¶
RemoveIPFromBlacklist removes an IP from the blacklist
func (*Manager) RemoveIPFromWhitelist ¶
RemoveIPFromWhitelist removes an IP from the whitelist
func (*Manager) RevokeAPIKey ¶
RevokeAPIKey revokes an API key
func (*Manager) SanitizeRequest ¶
SanitizeRequest sanitizes request data
func (*Manager) SanitizeResponse ¶
SanitizeResponse sanitizes response data
func (*Manager) ValidateAPIKey ¶
ValidateAPIKey validates an API key
func (*Manager) ValidateRequest ¶
ValidateRequest validates an incoming HTTP request
func (*Manager) ValidateResponse ¶
ValidateResponse validates an outgoing response
type RateLimitInfo ¶
type RateLimitInfo struct {
Key string
Limit int
Window time.Duration
Used int
Reset time.Time
Remaining int
}
RateLimitInfo represents rate limit information
type RequestValidator ¶
type RequestValidator struct {
// contains filtered or unexported fields
}
RequestValidator validates incoming requests
func NewRequestValidator ¶
func NewRequestValidator(config *SecurityConfig) (*RequestValidator, error)
NewRequestValidator creates a new request validator
func (*RequestValidator) Validate ¶
func (v *RequestValidator) Validate(data interface{}) ValidationResult
Validate validates generic data
func (*RequestValidator) ValidateRequest ¶
func (v *RequestValidator) ValidateRequest(req *http.Request) ValidationResult
ValidateRequest validates HTTP requests
func (*RequestValidator) ValidateResponse ¶
func (v *RequestValidator) ValidateResponse(resp interface{}) ValidationResult
ValidateResponse validates responses
type Sanitizer ¶
type Sanitizer interface {
SanitizeRequest(req interface{}) (interface{}, error)
SanitizeResponse(resp interface{}) (interface{}, error)
SanitizeString(s string) string
RemoveSensitiveData(data map[string]interface{}) map[string]interface{}
}
Sanitizer interface for data sanitization
type SecurityAuditor ¶
type SecurityAuditor struct {
// contains filtered or unexported fields
}
SecurityAuditor handles security audit logging
func NewSecurityAuditor ¶
func NewSecurityAuditor(config *SecurityConfig) (*SecurityAuditor, error)
NewSecurityAuditor creates a new security auditor
func (*SecurityAuditor) GetAuditTrail ¶
func (a *SecurityAuditor) GetAuditTrail(filter AuditFilter) []AuditEntry
GetAuditTrail retrieves audit entries based on filter
func (*SecurityAuditor) LogAccessAttempt ¶
func (a *SecurityAuditor) LogAccessAttempt(attempt AccessAttempt)
LogAccessAttempt logs an access attempt
func (*SecurityAuditor) LogSecurityAlert ¶
func (a *SecurityAuditor) LogSecurityAlert(alertType, description string, data map[string]interface{})
LogSecurityAlert logs a security alert
func (*SecurityAuditor) LogSecurityEvent ¶
func (a *SecurityAuditor) LogSecurityEvent(event SecurityEvent)
LogSecurityEvent logs a security event
func (*SecurityAuditor) LogSuspiciousActivity ¶
func (a *SecurityAuditor) LogSuspiciousActivity(activityType, source, description string)
LogSuspiciousActivity logs suspicious activity
func (*SecurityAuditor) LogValidationFailure ¶
func (a *SecurityAuditor) LogValidationFailure(failure ValidationFailure)
LogValidationFailure logs a validation failure
func (*SecurityAuditor) RotateLogs ¶
func (a *SecurityAuditor) RotateLogs() error
RotateLogs rotates old audit logs based on retention policy
type SecurityConfig ¶
type SecurityConfig struct {
Level SecurityLevel `json:"level"`
EnableRequestSigning bool `json:"enable_request_signing"`
EnableTLS bool `json:"enable_tls"`
TLSMinVersion string `json:"tls_min_version"`
EnableRateLimiting bool `json:"enable_rate_limiting"`
EnableIPWhitelist bool `json:"enable_ip_whitelist"`
EnableAPIKeyRotation bool `json:"enable_api_key_rotation"`
// Request validation
MaxRequestSize int64 `json:"max_request_size"`
MaxTokenLength int `json:"max_token_length"`
MaxPromptLength int `json:"max_prompt_length"`
RequestTimeout time.Duration `json:"request_timeout"`
// Content filtering
EnableContentFilter bool `json:"enable_content_filter"`
BlockedPatterns []string `json:"blocked_patterns"`
SensitivePatterns []string `json:"sensitive_patterns"`
// Authentication
RequireAuth bool `json:"require_auth"`
AllowedAuthMethods []string `json:"allowed_auth_methods"`
APIKeyHeader string `json:"api_key_header"`
// IP restrictions
AllowedIPs []string `json:"allowed_ips"`
BlockedIPs []string `json:"blocked_ips"`
TrustedProxies []string `json:"trusted_proxies"`
// Audit and logging
EnableAuditLog bool `json:"enable_audit_log"`
LogSensitiveData bool `json:"log_sensitive_data"`
AuditLogPath string `json:"audit_log_path"`
RetentionDays int `json:"retention_days"`
}
SecurityConfig represents security configuration
func DefaultSecurityConfig ¶
func DefaultSecurityConfig() *SecurityConfig
DefaultSecurityConfig returns default security configuration
func ParanoidSecurityConfig ¶
func ParanoidSecurityConfig() *SecurityConfig
ParanoidSecurityConfig returns paranoid security configuration
func StrictSecurityConfig ¶
func StrictSecurityConfig() *SecurityConfig
StrictSecurityConfig returns strict security configuration
type SecurityEvent ¶
type SecurityEvent struct {
ID string `json:"id"`
Type string `json:"type"`
Severity string `json:"severity"`
Timestamp time.Time `json:"timestamp"`
Source string `json:"source"`
Description string `json:"description"`
Data map[string]interface{} `json:"data"`
}
SecurityEvent represents a security-related event
type SecurityLevel ¶
type SecurityLevel string
SecurityLevel represents the level of security enforcement
const ( SecurityLevelNone SecurityLevel = "none" SecurityLevelBasic SecurityLevel = "basic" SecurityLevelStrict SecurityLevel = "strict" SecurityLevelParanoid SecurityLevel = "paranoid" )
type TokenBucketRateLimiter ¶
type TokenBucketRateLimiter struct {
// contains filtered or unexported fields
}
TokenBucketRateLimiter implements a token bucket rate limiter
func NewTokenBucketRateLimiter ¶
func NewTokenBucketRateLimiter(capacity, refillRate int) *TokenBucketRateLimiter
NewTokenBucketRateLimiter creates a new token bucket rate limiter
func (*TokenBucketRateLimiter) Allow ¶
func (rl *TokenBucketRateLimiter) Allow(key string, tokens int) bool
Allow checks if a request is allowed and consumes a token
func (*TokenBucketRateLimiter) GetTokens ¶
func (rl *TokenBucketRateLimiter) GetTokens(key string) int
GetTokens returns the current token count for a key
func (*TokenBucketRateLimiter) Stop ¶
func (rl *TokenBucketRateLimiter) Stop()
Stop stops the rate limiter
type ValidationFailure ¶
type ValidationFailure struct {
ID string `json:"id"`
Timestamp time.Time `json:"timestamp"`
Type string `json:"type"`
Field string `json:"field,omitempty"`
Value interface{} `json:"-"` // Don't log potentially sensitive values
Errors []string `json:"errors"`
Context map[string]interface{} `json:"context,omitempty"`
}
ValidationFailure represents a validation failure
type ValidationResult ¶
type ValidationResult struct {
Valid bool `json:"valid"`
Errors []string `json:"errors,omitempty"`
Warnings []string `json:"warnings,omitempty"`
Score float64 `json:"score"` // 0.0 to 1.0
}
ValidationResult represents the result of a security validation
type Validator ¶
type Validator interface {
Validate(data interface{}) ValidationResult
ValidateRequest(req *http.Request) ValidationResult
ValidateResponse(resp interface{}) ValidationResult
}
Validator interface for security validation
Source Files