Kyle Isom
052d3ed1b8
- internal/ui/ui.go: add PGCred, Tags to AccountDetailData; register
PUT /accounts/{id}/pgcreds and PUT /accounts/{id}/tags routes; add
pgcreds_form.html and tags_editor.html to shared template set; remove
unused AccountTagsData; fix fieldalignment on PolicyRuleView, PoliciesData
- internal/ui/handlers_accounts.go: add handleSetPGCreds — encrypts
password via crypto.SealAESGCM, writes audit EventPGCredUpdated, renders
pgcreds_form fragment; password never echoed; load PG creds and tags in
handleAccountDetail
- internal/ui/handlers_policy.go: fix handleSetAccountTags to render with
AccountDetailData instead of removed AccountTagsData
- internal/ui/ui_test.go: add 5 PG credential UI tests
- web/templates/fragments/pgcreds_form.html: new fragment — metadata display
+ set/replace form; system accounts only; password write-only
- web/templates/fragments/tags_editor.html: new fragment — textarea editor
with HTMX PUT for atomic tag replacement
- web/templates/fragments/policy_form.html: rewrite to use structured fields
matching handleCreatePolicyRule (roles/account_types/actions multi-select,
resource_type, subject_uuid, service_names, required_tags, checkbox)
- web/templates/policies.html: new policies management page
- web/templates/fragments/policy_row.html: new HTMX table row with toggle
and delete
- web/templates/account_detail.html: add Tags card and PG Credentials card
- web/templates/base.html: add Policies nav link
- internal/server/server.go: remove ~220 lines of duplicate tag/policy
handler code (real implementations are in handlers_policy.go)
- internal/policy/engine_wrapper.go: fix corrupted source; use errors.New
- internal/db/policy_test.go: use model.AccountTypeHuman constant
- cmd/mciasctl/main.go: add nolint:gosec to int(os.Stdin.Fd()) calls
- gofmt/goimports: db/policy_test.go, policy/defaults.go,
policy/engine_test.go, ui/ui.go, cmd/mciasctl/main.go
- fieldalignment: model.PolicyRuleRecord, policy.Engine, policy.Rule,
policy.RuleBody, ui.PolicyRuleView
Security: PG password encrypted AES-256-GCM with fresh random nonce before
storage; plaintext never logged or returned in any response; audit event
written on every credential write.
157 lines
5.6 KiB
Go
157 lines
5.6 KiB
Go
// Package model defines the shared data types used throughout MCIAS.
|
|
// These are pure data definitions with no external dependencies.
|
|
package model
|
|
|
|
import "time"
|
|
|
|
// AccountType distinguishes human interactive accounts from non-interactive
|
|
// service accounts.
|
|
type AccountType string
|
|
|
|
// AccountTypeHuman and AccountTypeSystem are the two valid account types.
|
|
const (
|
|
AccountTypeHuman AccountType = "human"
|
|
AccountTypeSystem AccountType = "system"
|
|
)
|
|
|
|
// AccountStatus represents the lifecycle state of an account.
|
|
type AccountStatus string
|
|
|
|
// AccountStatusActive, AccountStatusInactive, and AccountStatusDeleted are
|
|
// the valid account lifecycle states.
|
|
const (
|
|
AccountStatusActive AccountStatus = "active"
|
|
AccountStatusInactive AccountStatus = "inactive"
|
|
AccountStatusDeleted AccountStatus = "deleted"
|
|
)
|
|
|
|
// Account represents a user or service identity in MCIAS.
|
|
// Fields containing credential material (PasswordHash, TOTPSecretEnc) are
|
|
// never serialised into API responses — callers must explicitly omit them.
|
|
type Account struct {
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
DeletedAt *time.Time `json:"deleted_at,omitempty"`
|
|
UUID string `json:"id"`
|
|
Username string `json:"username"`
|
|
AccountType AccountType `json:"account_type"`
|
|
Status AccountStatus `json:"status"`
|
|
PasswordHash string `json:"-"`
|
|
TOTPSecretEnc []byte `json:"-"`
|
|
TOTPSecretNonce []byte `json:"-"`
|
|
ID int64 `json:"-"`
|
|
TOTPRequired bool `json:"totp_required"`
|
|
}
|
|
|
|
// Role is a string label assigned to an account to grant permissions.
|
|
type Role struct {
|
|
GrantedAt time.Time `json:"granted_at"`
|
|
GrantedBy *int64 `json:"-"`
|
|
Role string `json:"role"`
|
|
ID int64 `json:"-"`
|
|
AccountID int64 `json:"-"`
|
|
}
|
|
|
|
// TokenRecord tracks an issued JWT by its JTI for revocation purposes.
|
|
// The raw token string is never stored — only the JTI identifier.
|
|
type TokenRecord struct {
|
|
ExpiresAt time.Time `json:"expires_at"`
|
|
IssuedAt time.Time `json:"issued_at"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
RevokedAt *time.Time `json:"revoked_at,omitempty"`
|
|
JTI string `json:"jti"`
|
|
RevokeReason string `json:"revoke_reason,omitempty"`
|
|
ID int64 `json:"-"`
|
|
AccountID int64 `json:"-"`
|
|
}
|
|
|
|
// IsRevoked reports whether the token has been explicitly revoked.
|
|
func (t *TokenRecord) IsRevoked() bool {
|
|
return t.RevokedAt != nil
|
|
}
|
|
|
|
// IsExpired reports whether the token is past its expiry time.
|
|
func (t *TokenRecord) IsExpired() bool {
|
|
return time.Now().After(t.ExpiresAt)
|
|
}
|
|
|
|
// SystemToken represents the current active service token for a system account.
|
|
type SystemToken struct {
|
|
ExpiresAt time.Time `json:"expires_at"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
JTI string `json:"jti"`
|
|
ID int64 `json:"-"`
|
|
AccountID int64 `json:"-"`
|
|
}
|
|
|
|
// PGCredential holds Postgres connection details for a system account.
|
|
// The password is encrypted at rest; PGPassword is only populated after
|
|
// decryption and must never be logged or included in API responses.
|
|
type PGCredential struct {
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
PGHost string `json:"host"`
|
|
PGDatabase string `json:"database"`
|
|
PGUsername string `json:"username"`
|
|
PGPassword string `json:"-"`
|
|
PGPasswordEnc []byte `json:"-"`
|
|
PGPasswordNonce []byte `json:"-"`
|
|
ID int64 `json:"-"`
|
|
AccountID int64 `json:"-"`
|
|
PGPort int `json:"port"`
|
|
}
|
|
|
|
// AuditEvent represents a single entry in the append-only audit log.
|
|
// Details must never contain credential material (passwords, tokens, secrets).
|
|
type AuditEvent struct {
|
|
EventTime time.Time `json:"event_time"`
|
|
ActorID *int64 `json:"-"`
|
|
TargetID *int64 `json:"-"`
|
|
EventType string `json:"event_type"`
|
|
IPAddress string `json:"ip_address,omitempty"`
|
|
Details string `json:"details,omitempty"`
|
|
ID int64 `json:"id"`
|
|
}
|
|
|
|
// Audit event type constants — exhaustive list, enforced at write time.
|
|
const (
|
|
EventLoginOK = "login_ok"
|
|
EventLoginFail = "login_fail"
|
|
EventLoginTOTPFail = "login_totp_fail"
|
|
EventTokenIssued = "token_issued"
|
|
EventTokenRenewed = "token_renewed"
|
|
EventTokenRevoked = "token_revoked"
|
|
EventTokenExpired = "token_expired"
|
|
EventAccountCreated = "account_created"
|
|
EventAccountUpdated = "account_updated"
|
|
EventAccountDeleted = "account_deleted"
|
|
EventRoleGranted = "role_granted"
|
|
EventRoleRevoked = "role_revoked"
|
|
EventTOTPEnrolled = "totp_enrolled"
|
|
EventTOTPRemoved = "totp_removed"
|
|
EventPGCredAccessed = "pgcred_accessed"
|
|
EventPGCredUpdated = "pgcred_updated" //nolint:gosec // G101: audit event type string, not a credential
|
|
|
|
EventTagAdded = "tag_added"
|
|
EventTagRemoved = "tag_removed"
|
|
|
|
EventPolicyRuleCreated = "policy_rule_created"
|
|
EventPolicyRuleUpdated = "policy_rule_updated"
|
|
EventPolicyRuleDeleted = "policy_rule_deleted"
|
|
EventPolicyDeny = "policy_deny"
|
|
)
|
|
|
|
// PolicyRuleRecord is the database representation of a policy rule.
|
|
// RuleJSON holds a JSON-encoded policy.RuleBody (all match and effect fields).
|
|
// The ID, Priority, and Description are stored as dedicated columns.
|
|
type PolicyRuleRecord struct {
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
CreatedBy *int64 `json:"-"`
|
|
Description string `json:"description"`
|
|
RuleJSON string `json:"rule_json"`
|
|
ID int64 `json:"id"`
|
|
Priority int `json:"priority"`
|
|
Enabled bool `json:"enabled"`
|
|
}
|