api

package
v0.0.0-...-9b8dde8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2025 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultMaxRequestSize int64 = 10 * 1024 * 1024

DefaultMaxRequestSize is the default maximum request body size (10 MB).

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthMiddleware 

type AuthMiddleware func(http.Handler) http.Handler

AuthMiddleware is a function that wraps an HTTP handler with authentication

type AuthOption 

type AuthOption func(*authConfig) error

AuthOption mutates authenticator configuration.

func WithOIDC 

func WithOIDC(cfg OIDCConfig) AuthOption

WithOIDC enables OIDC token validation for the authenticator.

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator issues and validates JWT tokens for the API.

func NewAuthenticator 

func NewAuthenticator(secret []byte, issuer string, defaultTTL time.Duration, opts ...AuthOption) (*Authenticator, error)

NewAuthenticator constructs an authenticator using the provided secret and issuer.

func (*Authenticator) Mint 

func (a *Authenticator) Mint(subject, audience string, ttl time.Duration) (string, time.Time, error)

Mint generates a signed JWT for the provided subject and audience.

func (*Authenticator) MintWithOptions 

func (a *Authenticator) MintWithOptions(subject string, opts TokenOptions) (string, time.Time, error)

MintWithOptions generates a signed JWT using the provided options.

func (*Authenticator) Validate 

func (a *Authenticator) Validate(token string) (Claims, error)

Validate parses and validates a JWT, returning the embedded claims.

type CipherDetectRequest 

type CipherDetectRequest struct {
	Input string `json:"input"`
}

CipherDetectRequest represents a request to auto-detect encoding

type CipherDetectResponse 

type CipherDetectResponse struct {
	Detections []cipher.DetectionResult `json:"detections"`
}

CipherDetectResponse represents the detection result

type CipherOperationRequest 

type CipherOperationRequest struct {
	Operation string                 `json:"operation"`
	Input     string                 `json:"input"`
	Config    map[string]interface{} `json:"config,omitempty"`
}

CipherOperationRequest represents a request to execute a cipher operation

type CipherOperationResponse 

type CipherOperationResponse struct {
	Output string `json:"output"`
	Error  string `json:"error,omitempty"`
}

CipherOperationResponse represents the result of a cipher operation

type CipherPipelineRequest 

type CipherPipelineRequest struct {
	Input      string                   `json:"input"`
	Operations []cipher.OperationConfig `json:"operations"`
}

CipherPipelineRequest represents a request to execute a pipeline of operations

type CipherPipelineResponse 

type CipherPipelineResponse struct {
	Output string `json:"output"`
	Error  string `json:"error,omitempty"`
}

CipherPipelineResponse represents the result of a pipeline execution

type CipherSmartDecodeRequest 

type CipherSmartDecodeRequest struct {
	Input string `json:"input"`
}

CipherSmartDecodeRequest represents a request for smart auto-decode

type CipherSmartDecodeResponse 

type CipherSmartDecodeResponse struct {
	Output     string   `json:"output"`
	Pipeline   []string `json:"pipeline"`
	Confidence float64  `json:"confidence"`
	Error      string   `json:"error,omitempty"`
}

CipherSmartDecodeResponse represents the smart decode result

type Claims 

type Claims struct {
	Issuer      string `json:"iss"`
	Subject     string `json:"sub"`
	Audience    string `json:"aud"`
	IssuedAt    int64  `json:"iat"`
	ExpiresAt   int64  `json:"exp"`
	ID          string `json:"jti"`
	WorkspaceID string `json:"workspace_id,omitempty"`
	Role        string `json:"role,omitempty"`
}

Claims represents the JWT payload used for API authentication.

type Config 

type Config struct {
	Addr            string
	StaticToken     string
	JWTSecret       []byte
	JWTIssuer       string
	DefaultTokenTTL time.Duration
	PluginsDir      string
	AllowlistPath   string
	RepoRoot        string
	ServerAddr      string
	AuthToken       string
	SigningKeyPath  string
	FindingsBus     *findings.Bus
	Logger          *logging.AuditLogger
	ScanTimeout     time.Duration
	OIDCIssuer      string
	OIDCJWKSURL     string
	OIDCAudiences   []string
	WorkspaceStore  *team.Store
	RecipesDir      string
	RewriteEngine   *rewrite.Engine
	MaxRequestSize  int64 // Maximum request body size in bytes (0 = use default)
}

Config configures the REST API server.

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager orchestrates plugin executions and captures findings for API responses.

func NewManager 

func NewManager(cfg ManagerConfig, bus *findings.Bus, logger *logging.AuditLogger) *Manager

NewManager constructs a scan manager.

func (*Manager) Enqueue 

func (m *Manager) Enqueue(plugin string) (*Scan, error)

Enqueue registers a new scan request for the provided plugin.

func (*Manager) Get 

func (m *Manager) Get(id string) (*Scan, bool)

Get returns a copy of the scan metadata for the provided identifier.

func (*Manager) ListPlugins 

func (m *Manager) ListPlugins() ([]local.Plugin, error)

ListPlugins returns the currently installed plugins.

func (*Manager) Result 

func (m *Manager) Result(id string) (*ScanResult, string, string, error)

Result returns the signed results for the completed scan.

func (*Manager) Start 

func (m *Manager) Start(ctx context.Context)

Start launches the background worker that processes queued scans.

func (*Manager) Stop 

func (m *Manager) Stop()

Stop waits for the background worker to exit.

type ManagerConfig 

type ManagerConfig struct {
	PluginsDir     string
	AllowlistPath  string
	RepoRoot       string
	ServerAddr     string
	AuthToken      string
	SigningKeyPath string
	ScanTimeout    time.Duration
}

ManagerConfig configures scan execution.

type OASTAPI 

type OASTAPI struct {
	// contains filtered or unexported fields
}

OASTAPI handles OAST-related API endpoints.

func NewOASTAPI 

func NewOASTAPI(client *oast.Client) *OASTAPI

NewOASTAPI creates a new OAST API handler.

func (*OASTAPI) RegisterRoutes 

func (a *OASTAPI) RegisterRoutes(mux *http.ServeMux, requireRole func(role team.Role, next http.Handler) http.Handler)

RegisterRoutes registers OAST routes on the provided mux.

type OIDCConfig 

type OIDCConfig struct {
	Issuer       string
	JWKSURL      string
	Audiences    []string
	SyncInterval time.Duration
	HTTPClient   *http.Client
}

OIDCConfig configures verification against an OpenID Connect provider.

type RecipeExportResponse 

type RecipeExportResponse struct {
	Recipe cipher.Recipe `json:"recipe"`
}

RecipeExportResponse represents an exported recipe

type RecipeListResponse 

type RecipeListResponse struct {
	Recipes []cipher.Recipe `json:"recipes"`
}

RecipeListResponse represents the list of recipes

type RecipeSaveRequest 

type RecipeSaveRequest struct {
	Name        string                   `json:"name"`
	Description string                   `json:"description"`
	Tags        []string                 `json:"tags,omitempty"`
	Operations  []cipher.OperationConfig `json:"operations"`
}

RecipeSaveRequest represents a request to save a recipe

type RewriteAPI 

type RewriteAPI struct {
	// contains filtered or unexported fields
}

RewriteAPI handles HTTP endpoints for the Rewrite engine

func NewRewriteAPI 

func NewRewriteAPI(engine *rewrite.Engine, logger *slog.Logger) *RewriteAPI

NewRewriteAPI creates a new Rewrite API handler

func (*RewriteAPI) RegisterRoutes 

func (api *RewriteAPI) RegisterRoutes(mux *http.ServeMux)

RegisterRoutes registers all Rewrite API routes with the provided mux

func (*RewriteAPI) SetAuthMiddleware 

func (api *RewriteAPI) SetAuthMiddleware(middleware AuthMiddleware)

SetAuthMiddleware sets the authentication middleware for the API

type Scan 

type Scan struct {
	ID          string             `json:"id"`
	Plugin      string             `json:"plugin"`
	Status      string             `json:"status"`
	CreatedAt   time.Time          `json:"created_at"`
	StartedAt   *time.Time         `json:"started_at,omitempty"`
	CompletedAt *time.Time         `json:"completed_at,omitempty"`
	Error       string             `json:"error,omitempty"`
	Logs        string             `json:"logs,omitempty"`
	Findings    []findings.Finding `json:"findings,omitempty"`
	Signature   string             `json:"signature,omitempty"`
	Digest      string             `json:"digest,omitempty"`
}

Scan describes the lifecycle of a single plugin invocation.

type ScanResult 

type ScanResult struct {
	ScanID      string             `json:"scan_id"`
	Plugin      string             `json:"plugin"`
	GeneratedAt time.Time          `json:"generated_at"`
	Findings    []findings.Finding `json:"findings"`
}

ScanResult bundles the signed results returned by the API.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server exposes REST endpoints for triggering scans and retrieving results.

func NewServer 

func NewServer(cfg Config) (*Server, error)

NewServer constructs a REST API server using the provided configuration.

func (*Server) GetMaxRequestSize 

func (s *Server) GetMaxRequestSize() int64

GetMaxRequestSize returns the configured maximum request body size.

func (*Server) Run 

func (s *Server) Run(ctx context.Context) error

Run starts the HTTP server and blocks until the provided context is cancelled or a fatal error occurs.

type TokenOptions 

type TokenOptions struct {
	Audience    string
	TTL         time.Duration
	WorkspaceID string
	Role        string
}

TokenOptions customises issued JWT claims.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.