handlers

package
v1.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2026 License: MIT Imports: 46 Imported by: 0

Documentation

Overview

Package handlers provides HTTP request handlers for the SafeShare application.

Package handlers provides HTTP request handlers for the SafeShare application.

Index

Constants

View Source 
const Version = "1.5.2"

Version is the current release version of SafeShare This is included in the /api/config endpoint for display in the frontend Update this with each release

Variables

View Source 
var ErrTooManyChallenges = errors.New("too many pending MFA challenges")

ErrTooManyChallenges is returned when the challenge store is at capacity

Functions

func AdminBlockIPHandler 

func AdminBlockIPHandler(repos *repository.Repositories) http.HandlerFunc

AdminBlockIPHandler blocks an IP address

func AdminBulkDeleteFilesHandler 

func AdminBulkDeleteFilesHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminBulkDeleteFilesHandler deletes multiple files

func AdminBulkExtendTokensHandler added in v1.5.0 

func AdminBulkExtendTokensHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminBulkExtendTokensHandler extends the expiration date of multiple API tokens (admin only). Requires explicit confirmation in the request body for safety. POST /admin/api/tokens/bulk-extend

func AdminBulkRevokeTokensHandler added in v1.5.0 

func AdminBulkRevokeTokensHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminBulkRevokeTokensHandler revokes multiple API tokens by IDs (admin only). Requires explicit confirmation in the request body for safety. POST /admin/api/tokens/bulk-revoke

func AdminChangePasswordHandler 

func AdminChangePasswordHandler(cfg *config.Config) http.HandlerFunc

AdminChangePasswordHandler allows the admin to change their password

func AdminCleanupPartialUploadsHandler 

func AdminCleanupPartialUploadsHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminCleanupPartialUploadsHandler cleans up abandoned partial uploads

func AdminConfigAssistantHandler 

func AdminConfigAssistantHandler(cfg *config.Config) http.HandlerFunc

AdminConfigAssistantHandler analyzes user environment and recommends optimal settings

func AdminCreateBackupHandler added in v1.5.0 

func AdminCreateBackupHandler(db *sql.DB, cfg *config.Config) http.HandlerFunc

AdminCreateBackupHandler creates a new backup

func AdminCreateSSOProviderHandler added in v1.5.0 

func AdminCreateSSOProviderHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminCreateSSOProviderHandler returns a handler that creates a new SSO provider. POST /admin/api/sso/providers Requires admin authentication + CSRF.

func AdminCreateUserHandler 

func AdminCreateUserHandler(repos *repository.Repositories) http.HandlerFunc

AdminCreateUserHandler handles admin user creation (invite-only registration)

func AdminDashboardDataHandler 

func AdminDashboardDataHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminDashboardDataHandler returns dashboard data (files, stats)

func AdminDeleteAPITokenHandler added in v1.5.0 

func AdminDeleteAPITokenHandler(db *sql.DB) http.HandlerFunc

AdminDeleteAPITokenHandler permanently deletes any API token (admin only) DELETE /admin/api/tokens/delete?id=123

func AdminDeleteBackupHandler added in v1.5.0 

func AdminDeleteBackupHandler(db *sql.DB, cfg *config.Config) http.HandlerFunc

AdminDeleteBackupHandler deletes a backup

func AdminDeleteFileHandler 

func AdminDeleteFileHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminDeleteFileHandler deletes a file

func AdminDeleteSSOLinkHandler added in v1.5.0 

func AdminDeleteSSOLinkHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminDeleteSSOLinkHandler returns a handler that deletes an SSO link (admin unlink). DELETE /admin/api/sso/links/{id} Requires admin authentication + CSRF.

func AdminDeleteSSOProviderHandler added in v1.5.0 

func AdminDeleteSSOProviderHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminDeleteSSOProviderHandler returns a handler that deletes an SSO provider. DELETE /admin/api/sso/providers/{id} Requires admin authentication + CSRF.

func AdminDeleteUserHandler 

func AdminDeleteUserHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminDeleteUserHandler deletes a user account

func AdminDownloadBackupHandler added in v1.5.0 

func AdminDownloadBackupHandler(db *sql.DB, cfg *config.Config) http.HandlerFunc

AdminDownloadBackupHandler downloads a backup as a zip file

func AdminGetConfigHandler 

func AdminGetConfigHandler(cfg *config.Config) http.HandlerFunc

AdminGetConfigHandler returns current configuration values for the settings forms

func AdminGetEnterpriseConfigHandler added in v1.5.0 

func AdminGetEnterpriseConfigHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminGetEnterpriseConfigHandler returns the combined enterprise configuration. GET /api/admin/config/enterprise

func AdminGetFeatureFlagsHandler added in v1.5.0 

func AdminGetFeatureFlagsHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminGetFeatureFlagsHandler returns the current state of all feature flags. GET /api/admin/features

func AdminGetSSOProviderHandler added in v1.5.0 

func AdminGetSSOProviderHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminGetSSOProviderHandler returns a handler that gets a specific SSO provider. GET /admin/api/sso/providers/{id} Requires admin authentication.

func AdminGetTokenUsageHandler added in v1.5.0 

func AdminGetTokenUsageHandler(repos *repository.Repositories) http.HandlerFunc

AdminGetTokenUsageHandler returns paginated usage logs for a specific API token. GET /admin/api/tokens/{id}/usage Query parameters:

  • limit: maximum number of records (default: 50, max: 1000)
  • offset: number of records to skip (default: 0)
  • start_date: filter logs from this date (RFC3339 format)
  • end_date: filter logs until this date (RFC3339 format)

func AdminGetUserMFAStatusHandler added in v1.5.0 

func AdminGetUserMFAStatusHandler(repos *repository.Repositories) http.HandlerFunc

AdminGetUserMFAStatusHandler handles GET /admin/api/users/{id}/mfa/status Returns the MFA status for a specific user (admin only)

func AdminListAPITokensHandler 

func AdminListAPITokensHandler(db *sql.DB) http.HandlerFunc

AdminListAPITokensHandler lists all API tokens (admin only) Deprecated: Use AdminListAPITokensWithStatsHandler for usage statistics support.

func AdminListAPITokensWithStatsHandler added in v1.5.0 

func AdminListAPITokensWithStatsHandler(repos *repository.Repositories) http.HandlerFunc

AdminListAPITokensWithStatsHandler lists all API tokens with usage statistics (admin only). Uses the repository pattern for database access and includes usage stats for each token.

func AdminListBackupsHandler added in v1.5.0 

func AdminListBackupsHandler(db *sql.DB, cfg *config.Config) http.HandlerFunc

AdminListBackupsHandler lists available backups

func AdminListSSOLinksHandler added in v1.5.0 

func AdminListSSOLinksHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminListSSOLinksHandler returns a handler that lists all SSO links with pagination. GET /admin/api/sso/links?page=1&per_page=50&provider_id=1 Requires admin authentication.

func AdminListSSOProvidersHandler added in v1.5.0 

func AdminListSSOProvidersHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminListSSOProvidersHandler returns a handler that lists all SSO providers with stats. GET /admin/api/sso/providers Requires admin authentication.

func AdminListUsersHandler 

func AdminListUsersHandler(repos *repository.Repositories) http.HandlerFunc

AdminListUsersHandler returns paginated list of users

func AdminLoginHandler 

func AdminLoginHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminLoginHandler handles admin login

func AdminLogoutHandler 

func AdminLogoutHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminLogoutHandler handles admin logout

func AdminResetUserMFAHandler added in v1.5.0 

func AdminResetUserMFAHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminResetUserMFAHandler handles POST /admin/api/users/{id}/mfa/reset Disables all MFA methods for a user (admin only)

func AdminResetUserPasswordHandler 

func AdminResetUserPasswordHandler(repos *repository.Repositories) http.HandlerFunc

AdminResetUserPasswordHandler generates a new temporary password for a user

func AdminRestoreBackupHandler added in v1.5.0 

func AdminRestoreBackupHandler(db *sql.DB, cfg *config.Config) http.HandlerFunc

AdminRestoreBackupHandler restores from a backup

func AdminRevokeAPITokenHandler 

func AdminRevokeAPITokenHandler(db *sql.DB) http.HandlerFunc

AdminRevokeAPITokenHandler revokes any API token (admin only)

func AdminRevokeUserTokensHandler added in v1.5.0 

func AdminRevokeUserTokensHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminRevokeUserTokensHandler revokes all API tokens for a specific user (admin only). Requires explicit confirmation in the request body for safety. POST /admin/api/tokens/revoke-user/{userID}

func AdminTestSSOProviderHandler added in v1.5.0 

func AdminTestSSOProviderHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminTestSSOProviderHandler returns a handler that tests an SSO provider's OIDC connection. POST /admin/api/sso/providers/{id}/test Requires admin authentication + CSRF.

func AdminToggleUserActiveHandler 

func AdminToggleUserActiveHandler(repos *repository.Repositories) http.HandlerFunc

AdminToggleUserActiveHandler enables or disables a user account

func AdminUnblockIPHandler 

func AdminUnblockIPHandler(repos *repository.Repositories) http.HandlerFunc

AdminUnblockIPHandler unblocks an IP address

func AdminUpdateFeatureFlagsHandler added in v1.5.0 

func AdminUpdateFeatureFlagsHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminUpdateFeatureFlagsHandler updates feature flags. PUT /api/admin/features

Accepts a JSON body with any subset of feature flags to update. Only provided fields are updated; omitted fields retain their current values. Updates are persisted to the database and applied to the in-memory config.

func AdminUpdateMFAConfigHandler added in v1.5.0 

func AdminUpdateMFAConfigHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminUpdateMFAConfigHandler updates MFA configuration. PUT /api/admin/config/mfa

Updates both the database and in-memory config. When MFA is enabled/disabled, also syncs the feature flag.

func AdminUpdateQuotaHandler 

func AdminUpdateQuotaHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminUpdateQuotaHandler updates the storage quota dynamically

func AdminUpdateSSOConfigHandler added in v1.5.0 

func AdminUpdateSSOConfigHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminUpdateSSOConfigHandler updates SSO configuration. PUT /api/admin/config/sso

Updates both the database and in-memory config. When SSO is enabled/disabled, also syncs the feature flag.

func AdminUpdateSSOProviderHandler added in v1.5.0 

func AdminUpdateSSOProviderHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminUpdateSSOProviderHandler returns a handler that updates an SSO provider. PUT /admin/api/sso/providers/{id} Requires admin authentication + CSRF.

func AdminUpdateSecuritySettingsHandler 

func AdminUpdateSecuritySettingsHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminUpdateSecuritySettingsHandler updates security-related settings dynamically

func AdminUpdateStorageSettingsHandler 

func AdminUpdateStorageSettingsHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

AdminUpdateStorageSettingsHandler updates storage-related settings dynamically

func AdminUpdateUserHandler 

func AdminUpdateUserHandler(repos *repository.Repositories) http.HandlerFunc

AdminUpdateUserHandler handles updating user details

func AdminVerifyBackupHandler added in v1.5.0 

func AdminVerifyBackupHandler(db *sql.DB, cfg *config.Config) http.HandlerFunc

AdminVerifyBackupHandler verifies a backup's integrity

func AssembleUploadAsync 

func AssembleUploadAsync(repos *repository.Repositories, cfg *config.Config, partialUpload *models.PartialUpload, clientIP string)

AssembleUploadAsync performs the file assembly in a background goroutine This function is called after all chunks have been uploaded and validated

func ClaimHandler 

func ClaimHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

ClaimHandler handles file download requests using claim codes

func ClaimInfoHandler 

func ClaimInfoHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

ClaimInfoHandler returns file information without downloading

func ClearWebhookDeliveriesHandler 

func ClearWebhookDeliveriesHandler(db *sql.DB) http.HandlerFunc

ClearWebhookDeliveriesHandler deletes all webhook delivery history

func CreateAPITokenHandler 

func CreateAPITokenHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

CreateAPITokenHandler creates a new API token for the authenticated user. Uses the repository pattern for database access and enforces configurable token limits. Tokens can only be created via session auth (not via existing API token).

func CreateWebhookConfigHandler 

func CreateWebhookConfigHandler(db *sql.DB) http.HandlerFunc

CreateWebhookConfigHandler creates a new webhook configuration

func DeleteWebhookConfigHandler 

func DeleteWebhookConfigHandler(db *sql.DB) http.HandlerFunc

DeleteWebhookConfigHandler deletes a webhook configuration

func EmitWebhookEvent 

func EmitWebhookEvent(event *webhooks.Event)

EmitWebhookEvent emits a webhook event if dispatcher is initialized

func GetStorageBackend added in v1.5.0 

func GetStorageBackend() storage.StorageBackend

GetStorageBackend returns the configured storage backend. Returns nil if no storage backend has been configured.

func GetWebAuthnService added in v1.5.1 

func GetWebAuthnService() *webauthn.Service

GetWebAuthnService returns the configured WebAuthn service. Returns nil if WebAuthn has not been initialized (e.g., MFA disabled at startup and not yet enabled via admin dashboard). Thread-safe: can be called concurrently from multiple handlers.

func GetWebhookDeliveryHandler 

func GetWebhookDeliveryHandler(db *sql.DB) http.HandlerFunc

GetWebhookDeliveryHandler retrieves a single webhook delivery

func HealthHandler 

func HealthHandler(db *sql.DB, cfg *config.Config, startTime time.Time) http.HandlerFunc

HealthHandler handles comprehensive health check requests Returns detailed health information with intelligent status detection

func HealthHandlerWithDeps added in v1.5.0 

func HealthHandlerWithDeps(db *sql.DB, cfg *config.Config, startTime time.Time, healthRepo repository.HealthRepository, storageBackend storage.StorageBackend) http.HandlerFunc

HealthHandlerWithDeps handles comprehensive health check requests with repository dependencies. This version uses HealthRepository and StorageBackend for more comprehensive checks.

func HealthLivenessHandler 

func HealthLivenessHandler(db *sql.DB) http.HandlerFunc

HealthLivenessHandler handles liveness probe requests Minimal check: is the process alive and can we ping the database? Should complete in < 10ms

func HealthLivenessHandlerWithRepo added in v1.5.0 

func HealthLivenessHandlerWithRepo(healthRepo repository.HealthRepository) http.HandlerFunc

HealthLivenessHandlerWithRepo handles liveness probe requests using HealthRepository. This version uses the HealthRepository.Ping() method for the database check.

func HealthReadinessHandler 

func HealthReadinessHandler(db *sql.DB, cfg *config.Config, startTime time.Time) http.HandlerFunc

HealthReadinessHandler handles readiness probe requests Comprehensive check: is the instance ready to accept traffic?

func HealthReadinessHandlerWithDeps added in v1.5.0 

func HealthReadinessHandlerWithDeps(db *sql.DB, cfg *config.Config, startTime time.Time, healthRepo repository.HealthRepository, storageBackend storage.StorageBackend) http.HandlerFunc

HealthReadinessHandlerWithDeps handles readiness probe requests with repository dependencies. This version uses HealthRepository and StorageBackend for comprehensive health checks.

func InitializeOrClearWebAuthn added in v1.5.1 

func InitializeOrClearWebAuthn(cfg *config.Config, clientIP string) string

InitializeOrClearWebAuthn initializes or clears the WebAuthn service based on the current MFA configuration. This should be called whenever MFA settings change.

The function takes a snapshot of the MFA config to avoid TOCTOU race conditions. Returns a warning message if WebAuthn initialization fails (empty string on success).

Thread-safe: can be called while handlers are processing requests.

func IsTokenUsagePath added in v1.5.0 

func IsTokenUsagePath(path string) bool

IsTokenUsagePath checks if a path matches the token usage endpoint pattern. Exported for use in route registration.

func ListAPITokensHandler 

func ListAPITokensHandler(db *sql.DB) http.HandlerFunc

ListAPITokensHandler lists all tokens for the authenticated user Deprecated: Use ListAPITokensWithStatsHandler for usage statistics support.

func ListAPITokensWithStatsHandler added in v1.5.0 

func ListAPITokensWithStatsHandler(repos *repository.Repositories) http.HandlerFunc

ListAPITokensWithStatsHandler lists all tokens for the authenticated user with usage statistics. Uses the repository pattern for database access and includes usage stats for each token.

func ListSSOProvidersHandler added in v1.5.0 

func ListSSOProvidersHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

ListSSOProvidersHandler returns a handler that lists enabled SSO providers. GET /api/auth/sso/providers Public endpoint - no authentication required.

func ListWebhookConfigsHandler 

func ListWebhookConfigsHandler(db *sql.DB) http.HandlerFunc

ListWebhookConfigsHandler lists all webhook configurations

func ListWebhookDeliveriesHandler 

func ListWebhookDeliveriesHandler(db *sql.DB) http.HandlerFunc

ListWebhookDeliveriesHandler lists webhook delivery history with pagination

func MFAStatusHandler added in v1.5.0 

func MFAStatusHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAStatusHandler handles GET /api/user/mfa/status Returns the MFA status for the current user

func MFATOTPDisableHandler added in v1.5.0 

func MFATOTPDisableHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFATOTPDisableHandler handles DELETE /api/user/mfa/totp Disables TOTP for the user (requires current valid code)

func MFATOTPSetupHandler added in v1.5.0 

func MFATOTPSetupHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFATOTPSetupHandler handles POST /api/user/mfa/totp/setup Generates a new TOTP secret and returns QR code URL

func MFATOTPVerifyHandler added in v1.5.0 

func MFATOTPVerifyHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFATOTPVerifyHandler handles POST /api/user/mfa/totp/verify Verifies the TOTP code and enables TOTP for the user

func MFAVerifyLoginHandler added in v1.5.0 

func MFAVerifyLoginHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAVerifyLoginHandler handles MFA verification during login

func MFAWebAuthnAuthBeginHandler added in v1.5.0 

func MFAWebAuthnAuthBeginHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAWebAuthnAuthBeginHandler handles POST /api/user/mfa/webauthn/auth/begin Starts the WebAuthn authentication ceremony (for MFA verification)

func MFAWebAuthnAuthFinishHandler added in v1.5.0 

func MFAWebAuthnAuthFinishHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAWebAuthnAuthFinishHandler handles POST /api/user/mfa/webauthn/auth/finish Completes the WebAuthn authentication ceremony

func MFAWebAuthnCredentialDeleteHandler added in v1.5.0 

func MFAWebAuthnCredentialDeleteHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAWebAuthnCredentialDeleteHandler handles DELETE /api/user/mfa/webauthn/credentials/{id} Deletes a specific WebAuthn credential

func MFAWebAuthnCredentialUpdateHandler added in v1.5.0 

func MFAWebAuthnCredentialUpdateHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAWebAuthnCredentialUpdateHandler handles PATCH /api/user/mfa/webauthn/credentials/{id} Updates a WebAuthn credential's name

func MFAWebAuthnCredentialsHandler added in v1.5.0 

func MFAWebAuthnCredentialsHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAWebAuthnCredentialsHandler handles GET /api/user/mfa/webauthn/credentials Returns list of user's WebAuthn credentials

func MFAWebAuthnLoginBeginHandler added in v1.5.0 

func MFAWebAuthnLoginBeginHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAWebAuthnLoginBeginHandler handles POST /api/auth/mfa/webauthn/begin Starts the WebAuthn authentication ceremony during login

func MFAWebAuthnLoginFinishHandler added in v1.5.0 

func MFAWebAuthnLoginFinishHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAWebAuthnLoginFinishHandler handles POST /api/auth/mfa/webauthn/finish Completes the WebAuthn authentication ceremony during login

func MFAWebAuthnRegisterBeginHandler added in v1.5.0 

func MFAWebAuthnRegisterBeginHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAWebAuthnRegisterBeginHandler handles POST /api/user/mfa/webauthn/register/begin Starts the WebAuthn credential registration ceremony

func MFAWebAuthnRegisterFinishHandler added in v1.5.0 

func MFAWebAuthnRegisterFinishHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

MFAWebAuthnRegisterFinishHandler handles POST /api/user/mfa/webauthn/register/finish Completes the WebAuthn credential registration ceremony

func MetricsHandler 

func MetricsHandler(db *sql.DB, cfg *config.Config) http.Handler

MetricsHandler returns an HTTP handler for Prometheus metrics endpoint

func PublicConfigHandler 

func PublicConfigHandler(cfg *config.Config) http.HandlerFunc

PublicConfigHandler returns public configuration settings to the frontend This allows the frontend to dynamically adjust behavior based on server configuration

func RevokeAPITokenHandler 

func RevokeAPITokenHandler(db *sql.DB) http.HandlerFunc

RevokeAPITokenHandler revokes a token owned by the authenticated user Tokens can only be revoked via session auth (security: compromised tokens can't revoke others)

func RotateTokenHandler added in v1.5.0 

func RotateTokenHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

RotateTokenHandler regenerates an API token while preserving its metadata. The old token is immediately invalidated and a new token is generated. Tokens can only be rotated via session auth (security: compromised tokens can't rotate themselves).

func SSOCallbackHandler added in v1.5.0 

func SSOCallbackHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

SSOCallbackHandler returns a handler that processes the SSO callback from the identity provider. GET /api/auth/sso/{provider}/callback Handles the OAuth2 callback, validates tokens, and creates/links user accounts.

func SSOGetLinkedProvidersHandler added in v1.5.0 

func SSOGetLinkedProvidersHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

SSOGetLinkedProvidersHandler returns a handler that lists SSO providers linked to the current user. GET /api/auth/sso/linked Requires user authentication.

func SSOLinkAccountHandler added in v1.5.0 

func SSOLinkAccountHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

SSOLinkAccountHandler returns a handler that initiates SSO account linking for an authenticated user. POST /api/auth/sso/link Requires user authentication. Links the current user's account to an SSO provider.

func SSOLoginHandler added in v1.5.0 

func SSOLoginHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

SSOLoginHandler returns a handler that initiates the SSO login flow. GET /api/auth/sso/{provider}/login Redirects the user to the identity provider's authorization endpoint.

func SSOLogoutHandler added in v1.5.0 

func SSOLogoutHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

SSOLogoutHandler returns a handler that logs out from SSO. POST /api/auth/sso/logout Requires user authentication + CSRF. Logs out from local session and optionally from IdP.

func SSORefreshTokenHandler added in v1.5.0 

func SSORefreshTokenHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

SSORefreshTokenHandler returns a handler that refreshes SSO OAuth2 tokens. POST /api/auth/sso/refresh Requires user authentication. Refreshes expired tokens for all linked SSO providers.

func SSOUnlinkAccountHandler added in v1.5.0 

func SSOUnlinkAccountHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

SSOUnlinkAccountHandler returns a handler that unlinks an SSO provider from a user account. DELETE /api/auth/sso/link/{provider} Requires user authentication. Removes the SSO link for the current user.

func SetStorageBackend added in v1.5.0 

func SetStorageBackend(sb storage.StorageBackend)

SetStorageBackend sets the storage backend to be used by handlers. This should be called during application initialization before any handlers are invoked.

func SetWebAuthnService added in v1.5.1 

func SetWebAuthnService(svc *webauthn.Service)

SetWebAuthnService sets the WebAuthn service to be used by handlers. This is called during application initialization and when MFA configuration is updated via the admin dashboard. Thread-safe: can be called while handlers are processing requests.

func SetWebhookDispatcher 

func SetWebhookDispatcher(dispatcher *webhooks.Dispatcher)

SetWebhookDispatcher sets the global webhook dispatcher instance

func TestWebhookConfigHandler 

func TestWebhookConfigHandler(db *sql.DB) http.HandlerFunc

TestWebhookConfigHandler sends a test webhook payload

func UpdateWebhookConfigHandler 

func UpdateWebhookConfigHandler(db *sql.DB) http.HandlerFunc

UpdateWebhookConfigHandler updates an existing webhook configuration

func UploadChunkHandler 

func UploadChunkHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UploadChunkHandler handles POST /api/upload/chunk/:upload_id/:chunk_number

func UploadCompleteHandler 

func UploadCompleteHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UploadCompleteHandler handles POST /api/upload/complete/:upload_id

func UploadHandler 

func UploadHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UploadHandler handles file upload requests

func UploadInitHandler 

func UploadInitHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UploadInitHandler handles POST /api/upload/init - Initialize chunked upload session

func UploadStatusHandler 

func UploadStatusHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UploadStatusHandler handles GET /api/upload/status/:upload_id

func UserChangePasswordHandler 

func UserChangePasswordHandler(repos *repository.Repositories) http.HandlerFunc

UserChangePasswordHandler handles user password changes

func UserDashboardDataHandler 

func UserDashboardDataHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserDashboardDataHandler returns dashboard data for the logged-in user

func UserDeleteFileByClaimCodeHandler added in v1.4.1 

func UserDeleteFileByClaimCodeHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserDeleteFileByClaimCodeHandler allows users to delete their own files by claim code SDK endpoint: DELETE /api/user/files/{claimCode}

func UserDeleteFileHandler 

func UserDeleteFileHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserDeleteFileHandler allows users to delete their own files

func UserEditExpirationByClaimCodeHandler added in v1.4.1 

func UserEditExpirationByClaimCodeHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserEditExpirationByClaimCodeHandler allows users to edit file expiration by claim code SDK endpoint: PUT /api/user/files/{claimCode}/expiration

func UserEditExpirationHandler 

func UserEditExpirationHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserEditExpirationHandler allows users to edit the expiration date of their own files

func UserGetCurrentHandler 

func UserGetCurrentHandler(repos *repository.Repositories) http.HandlerFunc

UserGetCurrentHandler returns the current logged-in user info

func UserLoginHandler 

func UserLoginHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserLoginHandler handles user login

func UserLoginWithMFAHandler added in v1.5.0 

func UserLoginWithMFAHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserLoginWithMFAHandler handles user login with MFA support This is a replacement for the regular login handler when MFA is enabled

func UserLogoutHandler 

func UserLogoutHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserLogoutHandler handles user logout

func UserRegenerateClaimCodeByClaimCodeHandler added in v1.4.1 

func UserRegenerateClaimCodeByClaimCodeHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserRegenerateClaimCodeByClaimCodeHandler regenerates the claim code for a file identified by current claim code SDK endpoint: POST /api/user/files/{claimCode}/regenerate

func UserRegenerateClaimCodeHandler 

func UserRegenerateClaimCodeHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserRegenerateClaimCodeHandler regenerates the claim code for a user's file

func UserRenameFileByClaimCodeHandler added in v1.4.1 

func UserRenameFileByClaimCodeHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserRenameFileByClaimCodeHandler allows users to rename their files by claim code SDK endpoint: PUT /api/user/files/{claimCode}/rename

func UserRenameFileHandler 

func UserRenameFileHandler(repos *repository.Repositories, cfg *config.Config) http.HandlerFunc

UserRenameFileHandler allows users to rename their own files

func VerifyRecoveryCodeHash added in v1.5.0 

func VerifyRecoveryCodeHash(code, hash string) bool

VerifyRecoveryCodeHash checks if a plaintext code matches a bcrypt hash

Types

type AdminMFAStatusResponse added in v1.5.0 

type AdminMFAStatusResponse struct {
	UserID                 int64  `json:"user_id"`
	Username               string `json:"username"`
	TOTPEnabled            bool   `json:"totp_enabled"`
	TOTPVerifiedAt         string `json:"totp_verified_at,omitempty"`
	WebAuthnEnabled        bool   `json:"webauthn_enabled"`
	WebAuthnCredentials    int    `json:"webauthn_credentials"`
	RecoveryCodesRemaining int    `json:"recovery_codes_remaining"`
}

AdminMFAStatusResponse represents the MFA status for a user (admin view)

type AdminSSOLinkResponse added in v1.5.0 

type AdminSSOLinkResponse struct {
	ID            int64      `json:"id"`
	UserID        int64      `json:"user_id"`
	Username      string     `json:"username"`
	Email         string     `json:"email"`
	ProviderID    int64      `json:"provider_id"`
	ProviderSlug  string     `json:"provider_slug"`
	ProviderName  string     `json:"provider_name"`
	ExternalID    string     `json:"external_id"`
	ExternalEmail string     `json:"external_email,omitempty"`
	ExternalName  string     `json:"external_name,omitempty"`
	LastLoginAt   *time.Time `json:"last_login_at,omitempty"`
	CreatedAt     time.Time  `json:"created_at"`
}

AdminSSOLinkResponse represents an SSO link in admin responses.

type AdminSSOProviderResponse added in v1.5.0 

type AdminSSOProviderResponse struct {
	ID               int64                      `json:"id"`
	Name             string                     `json:"name"`
	Slug             string                     `json:"slug"`
	Type             repository.SSOProviderType `json:"type"`
	Enabled          bool                       `json:"enabled"`
	IssuerURL        string                     `json:"issuer_url,omitempty"`
	ClientID         string                     `json:"client_id,omitempty"`
	AuthorizationURL string                     `json:"authorization_url,omitempty"`
	TokenURL         string                     `json:"token_url,omitempty"`
	UserinfoURL      string                     `json:"userinfo_url,omitempty"`
	JWKSURL          string                     `json:"jwks_url,omitempty"`
	Scopes           string                     `json:"scopes,omitempty"`
	RedirectURL      string                     `json:"redirect_url,omitempty"`
	AutoProvision    bool                       `json:"auto_provision"`
	DefaultRole      string                     `json:"default_role,omitempty"`
	DomainAllowlist  string                     `json:"domain_allowlist,omitempty"`
	IconURL          string                     `json:"icon_url,omitempty"`
	ButtonColor      string                     `json:"button_color,omitempty"`
	ButtonTextColor  string                     `json:"button_text_color,omitempty"`
	DisplayOrder     int                        `json:"display_order"`
	LinkedUsersCount int                        `json:"linked_users_count,omitempty"`
	LoginCount24h    int                        `json:"login_count_24h,omitempty"`
	CreatedAt        time.Time                  `json:"created_at"`
	UpdatedAt        time.Time                  `json:"updated_at"`
}

AdminSSOProviderResponse represents an SSO provider in admin responses.

type BackupSchedulerHandler added in v1.5.0 

type BackupSchedulerHandler struct {
	// contains filtered or unexported fields
}

BackupSchedulerHandler provides HTTP handlers for backup scheduler management.

func NewBackupSchedulerHandler added in v1.5.0 

func NewBackupSchedulerHandler(repos *repository.Repositories, cfg *config.Config, scheduler *backup.Scheduler) *BackupSchedulerHandler

NewBackupSchedulerHandler creates a new backup scheduler handler.

func (*BackupSchedulerHandler) GetRun added in v1.5.0 

func (h *BackupSchedulerHandler) GetRun() http.HandlerFunc

GetRun returns a specific backup run. GET /admin/api/backup-runs/{id}

func (*BackupSchedulerHandler) GetRunningBackup added in v1.5.0 

func (h *BackupSchedulerHandler) GetRunningBackup() http.HandlerFunc

GetRunningBackup returns the currently running backup, if any. GET /admin/api/backup-running

func (*BackupSchedulerHandler) GetSchedule added in v1.5.0 

func (h *BackupSchedulerHandler) GetSchedule() http.HandlerFunc

GetSchedule returns a specific backup schedule. GET /admin/api/backup-schedules/{id}

func (*BackupSchedulerHandler) GetStats added in v1.5.0 

func (h *BackupSchedulerHandler) GetStats() http.HandlerFunc

GetStats returns backup run statistics. GET /admin/api/backup-stats

func (*BackupSchedulerHandler) ListRuns added in v1.5.0 

func (h *BackupSchedulerHandler) ListRuns() http.HandlerFunc

ListRuns returns backup run history. GET /admin/api/backup-runs Query params: schedule_id, status, trigger_type, limit, offset

func (*BackupSchedulerHandler) ListSchedules added in v1.5.0 

func (h *BackupSchedulerHandler) ListSchedules() http.HandlerFunc

ListSchedules returns all backup schedules. GET /admin/api/backup-schedules

func (*BackupSchedulerHandler) TriggerBackup added in v1.5.0 

func (h *BackupSchedulerHandler) TriggerBackup() http.HandlerFunc

TriggerBackup triggers a manual backup. POST /admin/api/backup-trigger

func (*BackupSchedulerHandler) UpdateSchedule added in v1.5.0 

func (h *BackupSchedulerHandler) UpdateSchedule() http.HandlerFunc

UpdateSchedule updates a backup schedule. PUT /admin/api/backup-schedules/{id}

type BulkExtendRequest added in v1.5.0 

type BulkExtendRequest struct {
	TokenIDs []int64 `json:"token_ids"`
	Days     int     `json:"days"`
	Confirm  bool    `json:"confirm"`
}

BulkExtendRequest represents the request body for bulk token expiration extension.

type BulkExtendResponse added in v1.5.0 

type BulkExtendResponse struct {
	Message       string `json:"message"`
	ExtendedCount int    `json:"extended_count"`
}

BulkExtendResponse represents the response for bulk token expiration extension.

type BulkRevokeRequest added in v1.5.0 

type BulkRevokeRequest struct {
	TokenIDs []int64 `json:"token_ids"`
	Confirm  bool    `json:"confirm"`
}

BulkRevokeRequest represents the request body for bulk token revocation.

type BulkRevokeResponse added in v1.5.0 

type BulkRevokeResponse struct {
	Message      string `json:"message"`
	RevokedCount int    `json:"revoked_count"`
}

BulkRevokeResponse represents the response for bulk token revocation.

type ConfigAnalysis 

type ConfigAnalysis struct {
	Summary                   string            `json:"summary"`
	Impacts                   map[string]string `json:"impacts"`
	AdditionalRecommendations []string          `json:"additional_recommendations"`
}

ConfigAnalysis provides context about the recommendations

type ConfigAssistantRequest 

type ConfigAssistantRequest struct {
	UploadSpeed       float64 `json:"upload_speed"`       // Mbps
	DownloadSpeed     float64 `json:"download_speed"`     // Mbps
	NetworkLatency    string  `json:"network_latency"`    // local, low, medium, high
	TypicalFileSize   string  `json:"typical_file_size"`  // small, medium, large, huge
	DeploymentType    string  `json:"deployment_type"`    // LAN, WAN, Internet
	UserLoad          string  `json:"user_load"`          // light, moderate, heavy, very_heavy
	StorageCapacity   int64   `json:"storage_capacity"`   // GB (0 = unlimited)
	UsingCDN          bool    `json:"using_cdn"`          // Behind a CDN?
	CDNTimeout        int     `json:"cdn_timeout"`        // CDN timeout in seconds (0 = unknown)
	EncryptionEnabled bool    `json:"encryption_enabled"` // AES-256-GCM encryption active?
}

ConfigAssistantRequest represents the user's environment input

type ConfigAssistantResponse 

type ConfigAssistantResponse struct {
	Recommendations ConfigRecommendations `json:"recommendations"`
	CurrentConfig   ConfigRecommendations `json:"current_config"`
	Analysis        ConfigAnalysis        `json:"analysis"`
}

ConfigAssistantResponse represents the full response with analysis

type ConfigRecommendations 

type ConfigRecommendations struct {
	// Immediate settings (can be applied without restart)
	MaxFileSize            int64    `json:"max_file_size"`            // bytes
	QuotaLimitGB           int64    `json:"quota_limit_gb"`           // GB
	DefaultExpirationHours int      `json:"default_expiration_hours"` // hours
	MaxExpirationHours     int      `json:"max_expiration_hours"`     // hours
	RateLimitUpload        int      `json:"rate_limit_upload"`        // per hour
	RateLimitDownload      int      `json:"rate_limit_download"`      // per hour
	BlockedExtensions      []string `json:"blocked_extensions"`       // list of extensions

	// Performance settings (require restart)
	ChunkSize                int64 `json:"chunk_size"`                  // bytes
	ReadTimeout              int   `json:"read_timeout"`                // seconds
	WriteTimeout             int   `json:"write_timeout"`               // seconds
	ChunkedUploadThreshold   int64 `json:"chunked_upload_threshold"`    // bytes
	PartialUploadExpiryHours int   `json:"partial_upload_expiry_hours"` // hours

	// Operational settings (require restart)
	SessionExpiryHours     int    `json:"session_expiry_hours"`     // hours
	CleanupIntervalMinutes int    `json:"cleanup_interval_minutes"` // minutes
	RequireAuthForUpload   bool   `json:"require_auth_for_upload"`  // boolean
	HTTPSEnabled           bool   `json:"https_enabled"`            // boolean
	ChunkedUploadEnabled   bool   `json:"chunked_upload_enabled"`   // boolean
	PublicURL              string `json:"public_url"`               // URL string
}

ConfigRecommendations represents the recommended configuration

type EnterpriseConfigResponse added in v1.5.0 

type EnterpriseConfigResponse struct {
	FeatureFlags *config.FeatureFlagsData `json:"feature_flags"`
	MFA          *MFAConfigResponse       `json:"mfa"`
	SSO          *SSOConfigResponse       `json:"sso"`
}

EnterpriseConfigResponse represents the combined enterprise configuration.

type MFAConfigRequest added in v1.5.0 

type MFAConfigRequest struct {
	Enabled                *bool   `json:"enabled,omitempty"`
	Required               *bool   `json:"required,omitempty"`
	Issuer                 *string `json:"issuer,omitempty"`
	TOTPEnabled            *bool   `json:"totp_enabled,omitempty"`
	WebAuthnEnabled        *bool   `json:"webauthn_enabled,omitempty"`
	RecoveryCodesCount     *int    `json:"recovery_codes_count,omitempty"`
	ChallengeExpiryMinutes *int    `json:"challenge_expiry_minutes,omitempty"`
}

MFAConfigRequest represents the JSON request body for updating MFA configuration.

type MFAConfigResponse added in v1.5.0 

type MFAConfigResponse struct {
	Enabled                bool   `json:"enabled"`
	Required               bool   `json:"required"`
	Issuer                 string `json:"issuer"`
	TOTPEnabled            bool   `json:"totp_enabled"`
	WebAuthnEnabled        bool   `json:"webauthn_enabled"`
	RecoveryCodesCount     int    `json:"recovery_codes_count"`
	ChallengeExpiryMinutes int    `json:"challenge_expiry_minutes"`
}

MFAConfigResponse represents MFA configuration for API responses.

type MFALoginChallenge added in v1.5.0 

type MFALoginChallenge struct {
	UserID      int64
	ChallengeID string
	CreatedAt   time.Time
	ExpiresAt   time.Time
	Attempts    int
	ClientIP    string
	UserAgent   string
}

MFALoginChallenge represents a pending MFA login challenge

type MFALoginResponse added in v1.5.0 

type MFALoginResponse struct {
	MFARequired      bool     `json:"mfa_required"`
	ChallengeID      string   `json:"challenge_id"`
	ChallengeType    string   `json:"challenge_type,omitempty"`    // Deprecated: use available_methods
	AvailableMethods []string `json:"available_methods,omitempty"` // ["totp", "webauthn", "recovery"]
	ExpiresIn        int      `json:"expires_in"`                  // Seconds until challenge expires
	Message          string   `json:"message"`
}

MFALoginResponse is the response when MFA is required

type MFALoginStore added in v1.5.0 

type MFALoginStore struct {
	// contains filtered or unexported fields
}

MFALoginStore provides thread-safe storage for pending MFA challenges In production, this should use Redis or database for multi-instance support

func (*MFALoginStore) Create added in v1.5.0 

func (s *MFALoginStore) Create(userID int64, clientIP, userAgent string, expiryMinutes int) (string, error)

Create creates a new MFA challenge and returns the challenge ID Returns ErrTooManyChallenges if limits are exceeded

func (*MFALoginStore) Delete added in v1.5.0 

func (s *MFALoginStore) Delete(challengeID string)

Delete removes a challenge

func (*MFALoginStore) Get added in v1.5.0 

func (s *MFALoginStore) Get(challengeID string) (*MFALoginChallenge, bool)

Get retrieves a challenge by ID and validates it Uses exclusive lock to prevent TOCTOU race conditions

func (*MFALoginStore) GetAndValidateIP added in v1.5.0 

func (s *MFALoginStore) GetAndValidateIP(challengeID, clientIP string) (*MFALoginChallenge, bool, bool)

GetAndValidateIP retrieves a challenge and validates the client IP Returns (challenge, valid, ipMismatch) where: - valid indicates if the challenge exists and is not expired - ipMismatch indicates if the challenge exists but IP doesn't match

func (*MFALoginStore) IncrementAttempts added in v1.5.0 

func (s *MFALoginStore) IncrementAttempts(challengeID string) bool

IncrementAttempts increments the attempt counter and returns true if still valid

type MFAStatusResponse added in v1.5.0 

type MFAStatusResponse struct {
	Enabled                bool   `json:"enabled"`                    // Whether MFA feature is enabled globally
	TOTPServerEnabled      bool   `json:"totp_server_enabled"`        // Whether TOTP is enabled on server
	TOTPEnabled            bool   `json:"totp_enabled"`               // Whether user has TOTP enabled
	TOTPVerifiedAt         string `json:"totp_verified_at,omitempty"` // When TOTP was verified
	WebAuthnServerEnabled  bool   `json:"webauthn_server_enabled"`    // Whether WebAuthn is enabled on server
	WebAuthnEnabled        bool   `json:"webauthn_enabled"`           // Whether user has WebAuthn enabled
	WebAuthnCredentials    int    `json:"webauthn_credentials"`       // Number of WebAuthn credentials
	RecoveryCodesRemaining int    `json:"recovery_codes_remaining"`   // Remaining unused recovery codes
}

MFAStatusResponse represents the MFA status for a user

type MFAVerifyLoginRequest added in v1.5.0 

type MFAVerifyLoginRequest struct {
	ChallengeID string `json:"challenge_id"`
	Code        string `json:"code"`        // TOTP code or recovery code
	IsRecovery  bool   `json:"is_recovery"` // If true, code is a recovery code
}

MFAVerifyLoginRequest is the request body for MFA login verification

type MFAWebAuthnLoginBeginRequest added in v1.5.0 

type MFAWebAuthnLoginBeginRequest struct {
	ChallengeID string `json:"challenge_id"`
}

MFAWebAuthnLoginBeginRequest is the request body for starting WebAuthn login MFA

type MFAWebAuthnLoginBeginResponse added in v1.5.0 

type MFAWebAuthnLoginBeginResponse struct {
	Options           *protocol.CredentialAssertion `json:"options"`
	WebAuthnChallenge string                        `json:"webauthn_challenge"` // Base64-encoded WebAuthn challenge
}

MFAWebAuthnLoginBeginResponse is returned when starting WebAuthn login MFA

type MFAWebAuthnLoginFinishRequest added in v1.5.0 

type MFAWebAuthnLoginFinishRequest struct {
	ChallengeID string          `json:"challenge_id"`
	Credential  json.RawMessage `json:"credential"`
}

MFAWebAuthnLoginFinishRequest is the request body for completing WebAuthn login MFA

type PublicConfigResponse 

type PublicConfigResponse struct {
	Version                string `json:"version"`
	RequireAuthForUpload   bool   `json:"require_auth_for_upload"`
	MaxFileSize            int64  `json:"max_file_size"`
	MaxExpirationHours     int    `json:"max_expiration_hours"`
	ChunkedUploadEnabled   bool   `json:"chunked_upload_enabled"`
	ChunkedUploadThreshold int64  `json:"chunked_upload_threshold"`
	ChunkSize              int64  `json:"chunk_size"`
}

PublicConfigResponse contains public configuration settings safe to expose to clients

type RevokeUserTokensRequest added in v1.5.0 

type RevokeUserTokensRequest struct {
	Confirm bool `json:"confirm"`
}

RevokeUserTokensRequest represents the request body for revoking all tokens of a user.

type RevokeUserTokensResponse added in v1.5.0 

type RevokeUserTokensResponse struct {
	Message      string `json:"message"`
	UserID       int64  `json:"user_id"`
	RevokedCount int    `json:"revoked_count"`
}

RevokeUserTokensResponse represents the response for revoking all user tokens.

type SSOConfigRequest added in v1.5.0 

type SSOConfigRequest struct {
	Enabled            *bool   `json:"enabled,omitempty"`
	AutoProvision      *bool   `json:"auto_provision,omitempty"`
	DefaultRole        *string `json:"default_role,omitempty"`
	SessionLifetime    *int    `json:"session_lifetime,omitempty"`
	StateExpiryMinutes *int    `json:"state_expiry_minutes,omitempty"`
}

SSOConfigRequest represents the JSON request body for updating SSO configuration.

type SSOConfigResponse added in v1.5.0 

type SSOConfigResponse struct {
	Enabled            bool   `json:"enabled"`
	AutoProvision      bool   `json:"auto_provision"`
	DefaultRole        string `json:"default_role"`
	SessionLifetime    int    `json:"session_lifetime"`
	StateExpiryMinutes int    `json:"state_expiry_minutes"`
}

SSOConfigResponse represents SSO configuration for API responses.

type SSOLinkRequest added in v1.5.0 

type SSOLinkRequest struct {
	ProviderSlug string `json:"provider_slug"`
	ReturnURL    string `json:"return_url,omitempty"`
}

SSOLinkRequest is the request body for initiating SSO account linking.

type SSOLinkResponse added in v1.5.0 

type SSOLinkResponse struct {
	AuthorizationURL string `json:"authorization_url"`
}

SSOLinkResponse is the response for SSO link initiation.

type SSOProviderInfo added in v1.5.0 

type SSOProviderInfo struct {
	Name            string `json:"name"`
	Slug            string `json:"slug"`
	IconURL         string `json:"icon_url,omitempty"`
	ButtonColor     string `json:"button_color,omitempty"`
	ButtonTextColor string `json:"button_text_color,omitempty"`
}

SSOProviderInfo represents public SSO provider information for the login page.

type SSOProvidersResponse added in v1.5.0 

type SSOProvidersResponse struct {
	Providers []SSOProviderInfo `json:"providers"`
	Enabled   bool              `json:"enabled"`
}

SSOProvidersResponse is the response for listing SSO providers.

type TOTPDisableRequest added in v1.5.0 

type TOTPDisableRequest struct {
	Code string `json:"code"` // Current valid TOTP code
}

TOTPDisableRequest is the request body for disabling TOTP

type TOTPSetupResponse added in v1.5.0 

type TOTPSetupResponse struct {
	Secret string `json:"secret"` // Base32-encoded secret for manual entry
	URL    string `json:"url"`    // otpauth:// URL for QR code generation
	Issuer string `json:"issuer"` // Issuer name (e.g., "SafeShare")
}

TOTPSetupResponse is returned when setting up TOTP

type TOTPVerifyRequest added in v1.5.0 

type TOTPVerifyRequest struct {
	Code string `json:"code"` // 6-digit TOTP code
}

TOTPVerifyRequest is the request body for verifying TOTP setup

type TOTPVerifyResponse added in v1.5.0 

type TOTPVerifyResponse struct {
	Success       bool     `json:"success"`
	RecoveryCodes []string `json:"recovery_codes"` // Plaintext codes for user to save
}

TOTPVerifyResponse is returned after successful TOTP verification

type WebAuthnAuthBeginResponse added in v1.5.0 

type WebAuthnAuthBeginResponse struct {
	Options   *protocol.CredentialAssertion `json:"options"`
	Challenge string                        `json:"challenge"` // Base64-encoded challenge for reference
}

WebAuthnAuthBeginResponse is returned when starting authentication

type WebAuthnCredentialResponse added in v1.5.0 

type WebAuthnCredentialResponse struct {
	ID          int64    `json:"id"`
	Name        string   `json:"name"`
	CreatedAt   string   `json:"created_at"`
	LastUsedAt  string   `json:"last_used_at,omitempty"`
	Transports  []string `json:"transports,omitempty"`
	BackupState bool     `json:"backup_state"`
}

WebAuthnCredentialResponse represents a credential in API responses

type WebAuthnCredentialUpdateRequest added in v1.5.0 

type WebAuthnCredentialUpdateRequest struct {
	Name string `json:"name"`
}

WebAuthnCredentialUpdateRequest is the request body for updating a credential name

type WebAuthnRegisterBeginResponse added in v1.5.0 

type WebAuthnRegisterBeginResponse struct {
	Options   *protocol.CredentialCreation `json:"options"`
	Challenge string                       `json:"challenge"` // Base64-encoded challenge for reference
}

WebAuthnRegisterBeginResponse is returned when starting credential registration

type WebAuthnRegisterFinishRequest added in v1.5.0 

type WebAuthnRegisterFinishRequest struct {
	Name       string          `json:"name"`     // User-friendly name for the credential
	Credential json.RawMessage `json:"response"` // The credential response from the browser
}

WebAuthnRegisterFinishRequest is the request body for completing registration

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.