/
attack_protection.go
191 lines (171 loc) · 6.35 KB
/
attack_protection.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
package management
import (
"net/http"
)
// AttackProtectionManager manages Authok Attack Protection settings.
//
// See: https://authok.com/docs/secure/attack-protection
type AttackProtectionManager struct {
*Management
}
func newAttackProtectionManager(m *Management) *AttackProtectionManager {
return &AttackProtectionManager{m}
}
// BreachedPasswordDetection protects applications from
// bad actors logging in with stolen credentials.
//
// See: https://authok.com/docs/secure/attack-protection/breached-password-detection
type BreachedPasswordDetection struct {
Enabled *bool `json:"enabled,omitempty"`
Shields *[]string `json:"shields,omitempty"`
AdminNotificationFrequency *[]string `json:"admin_notification_frequency,omitempty"`
Method *string `json:"method,omitempty"`
Stage *BreachedPasswordDetectionStage `json:"stage,omitempty"`
}
// BreachedPasswordDetectionStage is used to specify per-stage configuration options.
type BreachedPasswordDetectionStage struct {
PreUserRegistration *BreachedPasswordDetectionPreUserRegistration `json:"pre-user-registration,omitempty"`
}
// BreachedPasswordDetectionPreUserRegistration is used to specify breached password detection
// configuration (shields) for the sign up flow.
type BreachedPasswordDetectionPreUserRegistration struct {
// Action to take when a breached password is detected during a signup.
// Possible values: block, admin_notification.
Shields *[]string `json:"shields,omitempty"`
}
// GetBreachedPasswordDetection retrieves breached password detection settings.
//
// Required scope: `read:attack_protection`
//
// See: https://authok.com/docs/api/management/v1#!/Attack_Protection/get_breached_password_detection
func (m *AttackProtectionManager) GetBreachedPasswordDetection(
opts ...RequestOption,
) (*BreachedPasswordDetection, error) {
var breachedPasswordDetection BreachedPasswordDetection
err := m.Request(
http.MethodGet,
m.URI("attack-protection", "breached-password-detection"),
&breachedPasswordDetection,
opts...,
)
return &breachedPasswordDetection, err
}
// UpdateBreachedPasswordDetection updates the breached password detection settings.
//
// Required scope: `read:attack_protection`
//
// See: https://authok.com/docs/api/management/v1#!/Attack_Protection/patch_breached_password_detection
func (m *AttackProtectionManager) UpdateBreachedPasswordDetection(
breachedPasswordDetection *BreachedPasswordDetection,
opts ...RequestOption,
) error {
return m.Request(
http.MethodPatch,
m.URI("attack-protection", "breached-password-detection"),
breachedPasswordDetection,
opts...,
)
}
// BruteForceProtection safeguards against a single
// IP address attacking a single user account.
//
// See: https://authok.com/docs/secure/attack-protection/brute-force-protection
type BruteForceProtection struct {
Enabled *bool `json:"enabled,omitempty"`
Shields *[]string `json:"shields,omitempty"`
AllowList *[]string `json:"allowlist,omitempty"`
Mode *string `json:"mode,omitempty"`
MaxAttempts *int `json:"max_attempts,omitempty"`
}
// GetBruteForceProtection retrieves the brute force configuration.
//
// Required scope: `read:attack_protection`
//
// See: https://authok.com/docs/api/management/v1#!/Attack_Protection/get_brute_force_protection
func (m *AttackProtectionManager) GetBruteForceProtection(
opts ...RequestOption,
) (*BruteForceProtection, error) {
var bruteForceProtection BruteForceProtection
err := m.Request(
http.MethodGet,
m.URI("attack-protection", "brute-force-protection"),
&bruteForceProtection,
opts...,
)
return &bruteForceProtection, err
}
// UpdateBruteForceProtection updates the brute force configuration.
//
// Required scope: `read:attack_protection`
//
// See: https://authok.com/docs/api/management/v1#!/Attack_Protection/patch_brute_force_protection
func (m *AttackProtectionManager) UpdateBruteForceProtection(
bruteForceProtection *BruteForceProtection,
opts ...RequestOption,
) error {
return m.Request(
http.MethodPatch,
m.URI("attack-protection", "brute-force-protection"),
bruteForceProtection,
opts...,
)
}
// SuspiciousIPThrottling blocks traffic from any IP address
// that rapidly attempts too many logins or signups.
//
// See: https://authok.com/docs/secure/attack-protection/suspicious-ip-throttling
type SuspiciousIPThrottling struct {
Enabled *bool `json:"enabled,omitempty"`
Shields *[]string `json:"shields,omitempty"`
AllowList *[]string `json:"allowlist,omitempty"`
Stage *Stage `json:"stage,omitempty"`
}
// Stage is used to customize thresholds for limiting
// suspicious traffic in login and sign up flows.
type Stage struct {
PreLogin *PreLogin `json:"pre-login,omitempty"`
PreUserRegistration *PreUserRegistration `json:"pre-user-registration,omitempty"`
}
// PreLogin is used to customize thresholds for login flow.
type PreLogin struct {
MaxAttempts *int `json:"max_attempts,omitempty"`
Rate *int `json:"rate,omitempty"`
}
// PreUserRegistration is used to customize thresholds for sign up flow.
type PreUserRegistration struct {
MaxAttempts *int `json:"max_attempts,omitempty"`
Rate *int `json:"rate,omitempty"`
}
// GetSuspiciousIPThrottling retrieves the suspicious IP throttling configuration.
//
// Required scope: `read:attack_protection`
//
// See: https://authok.com/docs/api/management/v1#!/Attack_Protection/get_suspicious_ip_throttling
func (m *AttackProtectionManager) GetSuspiciousIPThrottling(
opts ...RequestOption,
) (*SuspiciousIPThrottling, error) {
var suspiciousIPThrottling SuspiciousIPThrottling
err := m.Request(
http.MethodGet,
m.URI("attack-protection", "suspicious-ip-throttling"),
&suspiciousIPThrottling,
opts...,
)
return &suspiciousIPThrottling, err
}
// UpdateSuspiciousIPThrottling updates the suspicious IP throttling configuration.
//
// Required scope: `read:attack_protection`
//
// See: https://authok.com/docs/api/management/v1#!/Attack_Protection/patch_suspicious_ip_throttling
func (m *AttackProtectionManager) UpdateSuspiciousIPThrottling(
suspiciousIPThrottling *SuspiciousIPThrottling,
opts ...RequestOption,
) error {
return m.Request(
http.MethodPatch,
m.URI("attack-protection", "suspicious-ip-throttling"),
suspiciousIPThrottling,
opts...,
)
}