seaweedfs/weed/iam/sts/constants.go


								package sts


								// Store Types

								const (

									StoreTypeMemory = "memory"

									StoreTypeFiler  = "filer"

									StoreTypeRedis  = "redis"

								)


								// Provider Types

								const (

									ProviderTypeOIDC = "oidc"

									ProviderTypeLDAP = "ldap"

									ProviderTypeSAML = "saml"

								)


								// Policy Effects

								const (

									EffectAllow = "Allow"

									EffectDeny  = "Deny"

								)


								// Default Paths - aligned with filer /etc/ convention

								const (

									DefaultSessionBasePath = "/etc/iam/sessions"

									DefaultPolicyBasePath  = "/etc/iam/policies"

									DefaultRoleBasePath    = "/etc/iam/roles"

								)


								// Default Values

								const (

									DefaultTokenDuration    = 3600  // 1 hour in seconds

									DefaultMaxSessionLength = 43200 // 12 hours in seconds

									DefaultIssuer           = "seaweedfs-sts"

									DefaultStoreType        = StoreTypeFiler // Default store type for persistence

									MinSigningKeyLength     = 16             // Minimum signing key length in bytes

								)


								// Configuration Field Names

								const (

									ConfigFieldFilerAddress = "filerAddress"

									ConfigFieldBasePath     = "basePath"

									ConfigFieldIssuer       = "issuer"

									ConfigFieldClientID     = "clientId"

									ConfigFieldClientSecret = "clientSecret"

									ConfigFieldJWKSUri      = "jwksUri"

									ConfigFieldScopes       = "scopes"

									ConfigFieldUserInfoUri  = "userInfoUri"

									ConfigFieldRedirectUri  = "redirectUri"

								)


								// Error Messages

								const (

									ErrConfigCannotBeNil         = "config cannot be nil"

									ErrProviderCannotBeNil       = "provider cannot be nil"

									ErrProviderNameEmpty         = "provider name cannot be empty"

									ErrProviderTypeEmpty         = "provider type cannot be empty"

									ErrTokenCannotBeEmpty        = "token cannot be empty"

									ErrSessionTokenCannotBeEmpty = "session token cannot be empty"

									ErrSessionIDCannotBeEmpty    = "session ID cannot be empty"

									ErrSTSServiceNotInitialized  = "STS service not initialized"

									ErrProviderNotInitialized    = "provider not initialized"

									ErrInvalidTokenDuration      = "token duration must be positive"

									ErrInvalidMaxSessionLength   = "max session length must be positive"

									ErrIssuerRequired            = "issuer is required"

									ErrSigningKeyTooShort        = "signing key must be at least %d bytes"

									ErrFilerAddressRequired      = "filer address is required"

									ErrClientIDRequired          = "clientId is required for OIDC provider"

									ErrUnsupportedStoreType      = "unsupported store type: %s"

									ErrUnsupportedProviderType   = "unsupported provider type: %s"

									ErrInvalidTokenFormat        = "invalid session token format: %w"

									ErrSessionValidationFailed   = "session validation failed: %w"

									ErrInvalidToken              = "invalid token: %w"

									ErrTokenNotValid             = "token is not valid"

									ErrInvalidTokenClaims        = "invalid token claims"

									ErrInvalidIssuer             = "invalid issuer"

									ErrMissingSessionID          = "missing session ID"

								)


								// JWT Claims

								const (

									JWTClaimIssuer     = "iss"

									JWTClaimSubject    = "sub"

									JWTClaimAudience   = "aud"

									JWTClaimExpiration = "exp"

									JWTClaimIssuedAt   = "iat"

									JWTClaimTokenType  = "token_type"

								)


								// Token Types

								const (

									TokenTypeSession = "session"

									TokenTypeAccess  = "access"

									TokenTypeRefresh = "refresh"

								)


								// AWS STS Actions

								const (

									ActionAssumeRole                = "sts:AssumeRole"

									ActionAssumeRoleWithWebIdentity = "sts:AssumeRoleWithWebIdentity"

									ActionAssumeRoleWithCredentials = "sts:AssumeRoleWithCredentials"

									ActionValidateSession           = "sts:ValidateSession"

								)


								// Session File Prefixes

								const (

									SessionFilePrefix = "session_"

									SessionFileExt    = ".json"

									PolicyFilePrefix  = "policy_"

									PolicyFileExt     = ".json"

									RoleFileExt       = ".json"

								)


								// HTTP Headers

								const (

									HeaderAuthorization = "Authorization"

									HeaderContentType   = "Content-Type"

									HeaderUserAgent     = "User-Agent"

								)


								// Content Types

								const (

									ContentTypeJSON           = "application/json"

									ContentTypeFormURLEncoded = "application/x-www-form-urlencoded"

								)


								// Default Test Values

								const (

									TestSigningKey32Chars = "test-signing-key-32-characters-long"

									TestIssuer            = "test-sts"

									TestClientID          = "test-client"

									TestSessionID         = "test-session-123"

									TestValidToken        = "valid_test_token"

									TestInvalidToken      = "invalid_token"

									TestExpiredToken      = "expired_token"

								)