identity

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 8, 2026 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrUserNotFound       = errors.New("user not found")
	ErrInvalidCredentials = errors.New("invalid email or password")
	ErrUserAlreadyExists  = errors.New("user already exists")
)

Errors

Functions

func RegisterRoutes 

func RegisterRoutes(router *gin.RouterGroup, deps *app.RuntimeDeps)

RegisterRoutes registers identity routes.

Types

type AlwaysAllowPermissionChecker 

type AlwaysAllowPermissionChecker struct{}

AlwaysAllowPermissionChecker is a development permission checker that always returns true. TODO: Replace with proper RBAC implementation in production.

func NewAlwaysAllowPermissionChecker 

func NewAlwaysAllowPermissionChecker() *AlwaysAllowPermissionChecker

NewAlwaysAllowPermissionChecker creates a new always-allow permission checker.

func (*AlwaysAllowPermissionChecker) Can 

func (c *AlwaysAllowPermissionChecker) Can(ctx context.Context, actorID, tenantID string, action string) (bool, error)

Can always returns true for development purposes.

type AuthHandler 

type AuthHandler struct {
	// contains filtered or unexported fields
}

AuthHandler handles HTTP requests for authentication.

func NewAuthHandler 

func NewAuthHandler(service Service, logger *logger.Logger) *AuthHandler

NewAuthHandler creates a new auth handler.

func (*AuthHandler) Login 

func (h *AuthHandler) Login(c *gin.Context)

Login handles POST /auth/login

func (*AuthHandler) Refresh 

func (h *AuthHandler) Refresh(c *gin.Context)

Refresh handles POST /auth/refresh

func (*AuthHandler) Register 

func (h *AuthHandler) Register(c *gin.Context)

Register handles POST /auth/register

type AuthenticateInput 

type AuthenticateInput struct {
	TenantID string `json:"tenant_id" validate:"required,uuid"`
	Email    string `json:"email" validate:"required,email"`
	Password string `json:"password" validate:"required"`
}

AuthenticateInput represents the input for user authentication.

type IdentityRepository 

type IdentityRepository interface {
	CreateUser(ctx context.Context, u *User) error
	GetUserByEmail(ctx context.Context, tenantID uuid.UUID, email string) (*User, error)
	GetUserByID(ctx context.Context, userID uuid.UUID) (*User, error)
}

IdentityRepository defines the interface for identity persistence.

func NewIdentityRepositoryPostgres 

func NewIdentityRepositoryPostgres(db *database.Postgres) IdentityRepository

NewIdentityRepositoryPostgres creates a new PostgreSQL identity repository.

type IdentityRepositoryPostgres 

type IdentityRepositoryPostgres struct {
	// contains filtered or unexported fields
}

IdentityRepositoryPostgres implements IdentityRepository using PostgreSQL.

func (*IdentityRepositoryPostgres) CreateUser 

func (r *IdentityRepositoryPostgres) CreateUser(ctx context.Context, u *User) error

CreateUser inserts a new user into the database.

func (*IdentityRepositoryPostgres) GetUserByEmail 

func (r *IdentityRepositoryPostgres) GetUserByEmail(ctx context.Context, tenantID uuid.UUID, email string) (*User, error)

GetUserByEmail retrieves a user by email and tenantID.

func (*IdentityRepositoryPostgres) GetUserByID 

func (r *IdentityRepositoryPostgres) GetUserByID(ctx context.Context, userID uuid.UUID) (*User, error)

GetUserByID retrieves a user by their ID.

type IdentityService 

type IdentityService struct {
	// contains filtered or unexported fields
}

IdentityService provides identity business logic.

func NewIdentityService 

func NewIdentityService(repo Repository, cfg config.Config, logger *logger.Logger, permissionChecker PermissionChecker, db *database.Postgres) *IdentityService

NewIdentityService creates a new identity service.

func (*IdentityService) Authenticate 

func (s *IdentityService) Authenticate(ctx context.Context, in *AuthenticateInput) (*TokenPairResponse, error)

Authenticate authenticates a user and returns a token pair.

func (*IdentityService) RefreshToken 

func (s *IdentityService) RefreshToken(ctx context.Context, in *RefreshTokenInput) (*TokenPairResponse, error)

RefreshToken refreshes an access token using a refresh token.

func (*IdentityService) RegisterUser 

func (s *IdentityService) RegisterUser(ctx context.Context, in *RegisterUserInput) (*UserResponse, error)

RegisterUser creates a new user.

type PermissionChecker 

type PermissionChecker interface {
	Can(ctx context.Context, actorID, tenantID, action string) (bool, error)
}

PermissionChecker defines the contract for checking permissions.

type RBACPermissionChecker 

type RBACPermissionChecker struct {
	// contains filtered or unexported fields
}

RBACPermissionChecker implements role-based access control.

func NewRBACPermissionChecker 

func NewRBACPermissionChecker(db *database.Postgres) *RBACPermissionChecker

NewRBACPermissionChecker creates a new RBAC permission checker.

func (*RBACPermissionChecker) Can 

func (c *RBACPermissionChecker) Can(ctx context.Context, actorID, tenantID string, action string) (bool, error)

Can checks if the actor has permission to perform the action on the tenant.

type RefreshTokenInput 

type RefreshTokenInput struct {
	RefreshToken string `json:"refresh_token" validate:"required"`
}

RefreshTokenInput represents the input for refreshing a token.

type RegisterUserInput 

type RegisterUserInput struct {
	TenantID string `json:"tenant_id" validate:"required,uuid"`
	Email    string `json:"email" validate:"required,email"`
	Password string `json:"password" validate:"required,min=8"`
}

RegisterUserInput represents the input for user registration.

type Repository 

type Repository interface {
	CreateUser(ctx context.Context, user *User) error
	GetUserByEmail(ctx context.Context, tenantID uuid.UUID, email string) (*User, error)
	GetUserByID(ctx context.Context, userID uuid.UUID) (*User, error)
}

Repository defines the contract for identity persistence.

type Role 

type Role struct {
	ID          uuid.UUID `json:"id"`
	TenantID    uuid.UUID `json:"tenant_id"`
	Name        string    `json:"name"`
	Description string    `json:"description,omitempty"`
	Permissions []string  `json:"permissions"` // list of permission strings
	CreatedAt   time.Time `json:"created_at"`
	UpdatedAt   time.Time `json:"updated_at"`
}

Role represents a role in the system.

type Service 

type Service interface {
	RegisterUser(ctx context.Context, in *RegisterUserInput) (*UserResponse, error)
	Authenticate(ctx context.Context, in *AuthenticateInput) (*TokenPairResponse, error)
	RefreshToken(ctx context.Context, in *RefreshTokenInput) (*TokenPairResponse, error)
}

Service defines the contract for identity business logic.

type TokenPairResponse 

type TokenPairResponse struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
}

TokenPairResponse represents the token pair in responses.

type User 

type User struct {
	ID              uuid.UUID  `json:"id"`
	TenantID        uuid.UUID  `json:"tenant_id"`
	Email           string     `json:"email"`
	PasswordHash    string     `json:"-"` // never json'd
	FirstName       string     `json:"first_name,omitempty"`
	LastName        string     `json:"last_name,omitempty"`
	Status          string     `json:"status"` // e.g., active, inactive, locked
	IsEmailVerified bool       `json:"is_email_verified"`
	LastLoginAt     *time.Time `json:"last_login_at,omitempty"`
	CreatedAt       time.Time  `json:"created_at"`
	UpdatedAt       time.Time  `json:"updated_at"`
}

User represents a user in the system.

func (*User) CheckPassword 

func (u *User) CheckPassword(password string) error

CheckPassword compares the hashed password with the provided one.

func (*User) SetPassword 

func (u *User) SetPassword(password string) error

SetPassword hashes the password and sets it on the user.

type UserResponse 

type UserResponse struct {
	ID       string `json:"id"`
	TenantID string `json:"tenant_id"`
	Email    string `json:"email"`
}

UserResponse represents the user in responses.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.