services

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2026 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewWebAuthn added in v0.0.18 

func NewWebAuthn() (*webauthn.WebAuthn, error)

NewWebAuthn creates a configured WebAuthn relying party from environment variables OVERWATCH_RPID (default "localhost") and OVERWATCH_BASE_URL (default "http://localhost:8080").

Types

type APIKeyService added in v0.0.18 

type APIKeyService struct {
	// contains filtered or unexported fields
}

APIKeyService manages the lifecycle of API keys including creation, revocation, validation, and usage tracking.

func NewAPIKeyService added in v0.0.18 

func NewAPIKeyService(db *sql.DB) *APIKeyService

NewAPIKeyService creates a new APIKeyService with the given database connection.

func (*APIKeyService) CreateKey added in v0.0.18 

func (s *APIKeyService) CreateKey(userID, orgID, name string, scopes []string, expiresAt *time.Time) (*CreatedKey, error)

CreateKey generates a new API key with the c4_live_ prefix, hashes it with SHA-256 for storage, and inserts a record in the api_keys table. When NATS scopes are present, an NKey pair is generated and the public key is stored. The plaintext API key and NATS seed are returned exactly once.

func (*APIKeyService) GetNATSPubKey added in v0.0.18 

func (s *APIKeyService) GetNATSPubKey(keyID string) (string, error)

GetNATSPubKey returns the NATS public key for a given API key ID, if any.

func (*APIKeyService) ListKeys added in v0.0.18 

func (s *APIKeyService) ListKeys(orgID string) ([]StoredKey, error)

ListKeys returns all non-revoked API keys belonging to the given organization.

func (*APIKeyService) ListNKeyData added in v0.0.18 

func (s *APIKeyService) ListNKeyData() ([]NKeyData, error)

ListNKeyData returns NKey data for all non-revoked keys that have NATS credentials.

func (*APIKeyService) RevokeKey added in v0.0.18 

func (s *APIKeyService) RevokeKey(keyID string) error

RevokeKey marks an API key as revoked so it can no longer authenticate.

func (*APIKeyService) UpdateLastUsed added in v0.0.18 

func (s *APIKeyService) UpdateLastUsed(keyID string) error

UpdateLastUsed records the current time as the most recent usage of the key.

func (*APIKeyService) ValidateKey added in v0.0.18 

func (s *APIKeyService) ValidateKey(keyHash string) (*StoredKey, error)

ValidateKey looks up an API key by its SHA-256 hash and returns the stored record if the key is not revoked and not expired.

type AuthService added in v0.0.18 

type AuthService struct {
	// contains filtered or unexported fields
}

AuthService handles WebAuthn registration and authentication ceremonies.

func NewAuthService added in v0.0.18 

func NewAuthService(db *sql.DB, wa *webauthn.WebAuthn) *AuthService

NewAuthService creates a new AuthService with the provided database connection and WebAuthn relying party instance.

func (*AuthService) AddCredential added in v0.0.18 

func (s *AuthService) AddCredential(userID string, cred *webauthn.Credential) error

AddCredential inserts a new WebAuthn credential for the given user.

func (*AuthService) CleanupExpiredSessions added in v0.0.18 

func (s *AuthService) CleanupExpiredSessions() error

CleanupExpiredSessions removes all WebAuthn sessions whose expiry has passed.

func (*AuthService) GetCredentialCount added in v0.0.18 

func (s *AuthService) GetCredentialCount(userID string) (int, error)

GetCredentialCount returns the number of registered WebAuthn credentials for a user.

func (*AuthService) GetUserByCredentialID added in v0.0.18 

func (s *AuthService) GetUserByCredentialID(credID []byte) (*WebAuthnUser, error)

GetUserByCredentialID looks up the user who owns a given credential.

func (*AuthService) GetUserByEmail added in v0.0.18 

func (s *AuthService) GetUserByEmail(email string) (*WebAuthnUser, error)

GetUserByEmail retrieves a WebAuthnUser by email address, loading all associated credentials from the webauthn_credentials table.

func (*AuthService) GetUserByID added in v0.0.18 

func (s *AuthService) GetUserByID(userID string) (*WebAuthnUser, error)

GetUserByID retrieves a WebAuthnUser by the primary user_id, loading all associated credentials from the webauthn_credentials table.

func (*AuthService) GetUserByWebAuthnID added in v0.0.18 

func (s *AuthService) GetUserByWebAuthnID(handle []byte) (*WebAuthnUser, error)

GetUserByWebAuthnID retrieves a WebAuthnUser by the webauthn_id handle stored in the users table.

func (*AuthService) GetUserCredentials added in v0.0.18 

func (s *AuthService) GetUserCredentials(userID string) ([]webauthn.Credential, error)

GetUserCredentials loads all WebAuthn credentials for the given user from the webauthn_credentials table. Each row stores the credential as a JSON blob.

func (*AuthService) GetWebAuthnSession added in v0.0.18 

func (s *AuthService) GetWebAuthnSession(ceremony, key string) (*webauthn.SessionData, string, error)

GetWebAuthnSession retrieves and deletes a WebAuthn session by ceremony type and key. Expired sessions are treated as not found. Returns session data and the user_ref stored during SaveWebAuthnSessionRandom.

func (*AuthService) SaveWebAuthnSessionRandom added in v0.0.18 

func (s *AuthService) SaveWebAuthnSessionRandom(ceremony, userRef string, data *webauthn.SessionData) (string, error)

SaveWebAuthnSessionRandom stores WebAuthn session data with a random session key (32 bytes, hex-encoded) and an associated user reference (email for login, user_id for register). Returns the random key.

func (*AuthService) UpdateCredentialSignCount added in v0.0.18 

func (s *AuthService) UpdateCredentialSignCount(credID []byte, count uint32) error

UpdateCredentialSignCount updates the signature counter for a credential, which helps detect cloned authenticators.

func (*AuthService) WebAuthn added in v0.0.18 

func (s *AuthService) WebAuthn() *webauthn.WebAuthn

WebAuthn returns the underlying webauthn.WebAuthn instance for use by handlers.

type CreatedKey added in v0.0.18 

type CreatedKey struct {
	APIKey     string `json:"api_key"`
	KeyID      string `json:"key_id"`
	Prefix     string `json:"prefix"`
	NATSSeed   string `json:"nats_seed,omitempty"`
	NATSPubKey string `json:"nats_pub_key,omitempty"`
}

CreatedKey is returned from CreateKey and contains the plaintext key (shown once to the user), the database key ID, visible prefix, and NATS credentials.

type EntityService 

type EntityService struct {
	// contains filtered or unexported fields
}

func NewEntityService 

func NewEntityService(db *sql.DB, nats *embeddednats.EmbeddedNATS) *EntityService

func (*EntityService) CreateEntity 

func (s *EntityService) CreateEntity(orgID string, req *ontology.CreateEntityRequest) (*ontology.Entity, error)

func (*EntityService) DeleteEntity 

func (s *EntityService) DeleteEntity(orgID, entityID string) error

func (*EntityService) GetEntity 

func (s *EntityService) GetEntity(orgID, entityID string) (*ontology.Entity, error)

func (*EntityService) ListAllEntities 

func (s *EntityService) ListAllEntities() ([]ontology.Entity, error)

func (*EntityService) ListEntities 

func (s *EntityService) ListEntities(orgID string) ([]ontology.Entity, error)

func (*EntityService) UpdateEntity 

func (s *EntityService) UpdateEntity(orgID, entityID string, updates map[string]interface{}) (*ontology.Entity, error)

func (*EntityService) UpdateEntityStatus 

func (s *EntityService) UpdateEntityStatus(orgID, entityID, status string) error

type Invite added in v0.0.18 

type Invite struct {
	InviteID        string `json:"invite_id"`
	OrgID           string `json:"org_id"`
	Email           string `json:"email"`
	Role            string `json:"role"`
	InvitedByUserID string `json:"invited_by_user_id"`
	Status          string `json:"status"`
	ExpiresAt       string `json:"expires_at"`
	CreatedAt       string `json:"created_at"`
	UpdatedAt       string `json:"updated_at"`
}

Invite represents a row in the invites table.

type InviteService added in v0.0.18 

type InviteService struct {
	// contains filtered or unexported fields
}

InviteService manages organization invitation tokens.

func NewInviteService added in v0.0.18 

func NewInviteService(db *sql.DB) *InviteService

NewInviteService creates a new InviteService with the given database connection.

func (*InviteService) AcceptInvite added in v0.0.18 

func (s *InviteService) AcceptInvite(inviteID string) error

AcceptInvite marks an invite as accepted.

func (*InviteService) CleanupExpiredInvites added in v0.0.18 

func (s *InviteService) CleanupExpiredInvites() error

CleanupExpiredInvites removes all invites whose expiry time has passed and whose status is still pending.

func (*InviteService) CreateInvite added in v0.0.18 

func (s *InviteService) CreateInvite(orgID, email, role, invitedByUserID string) (*Invite, string, error)

CreateInvite generates a new invitation for the given email and role. It returns the Invite record, the plaintext invite token (to be sent to the invitee), and any error. The token is hashed with SHA-256 before storage.

func (*InviteService) GetInviteByTokenHash added in v0.0.18 

func (s *InviteService) GetInviteByTokenHash(hash string) (*Invite, error)

GetInviteByTokenHash retrieves an invite by its SHA-256 token hash.

func (*InviteService) ListInvites added in v0.0.18 

func (s *InviteService) ListInvites(orgID string) ([]Invite, error)

ListInvites returns all invites for the given organization.

func (*InviteService) RevokeInvite added in v0.0.18 

func (s *InviteService) RevokeInvite(inviteID string) error

RevokeInvite marks an invite as revoked so it can no longer be accepted.

type NKeyData added in v0.0.18 

type NKeyData struct {
	NATSPubKey string
	Scopes     []string
	OrgID      string
}

NKeyData holds raw NKey fields for a single API key record.

type OrganizationService 

type OrganizationService struct {
	// contains filtered or unexported fields
}

func NewOrganizationService 

func NewOrganizationService(db *sql.DB, nats *embeddednats.EmbeddedNATS) *OrganizationService

func (*OrganizationService) CreateOrganization 

func (s *OrganizationService) CreateOrganization(req *ontology.CreateOrganizationRequest) (*ontology.Organization, error)

func (*OrganizationService) DB 

func (s *OrganizationService) DB() *sql.DB

func (*OrganizationService) DeleteOrganization 

func (s *OrganizationService) DeleteOrganization(orgID string) error

func (*OrganizationService) GetOrganization 

func (s *OrganizationService) GetOrganization(orgID string) (*ontology.Organization, error)

func (*OrganizationService) ListOrganizations 

func (s *OrganizationService) ListOrganizations() ([]ontology.Organization, error)

func (*OrganizationService) UpdateOrganization 

func (s *OrganizationService) UpdateOrganization(orgID string, updates map[string]interface{}) error

type StoredKey added in v0.0.18 

type StoredKey struct {
	KeyID      string   `json:"key_id"`
	UserID     string   `json:"user_id"`
	OrgID      string   `json:"org_id"`
	Name       string   `json:"name"`
	Scopes     []string `json:"scopes"`
	Revoked    bool     `json:"revoked"`
	NATSPubKey string   `json:"nats_pub_key,omitempty"`
}

StoredKey represents a non-sensitive view of an API key record.

type User added in v0.0.18 

type User struct {
	UserID            string `json:"user_id"`
	OrgID             string `json:"org_id"`
	Username          string `json:"username"`
	Email             string `json:"email"`
	Role              string `json:"role"`
	Permissions       string `json:"permissions"`
	WebAuthnID        string `json:"webauthn_id,omitempty"`
	NeedsPasskeySetup bool   `json:"needs_passkey_setup"`
	LastLogin         string `json:"last_login,omitempty"`
	CreatedAt         string `json:"created_at"`
	UpdatedAt         string `json:"updated_at"`
}

User represents a row in the users table.

type UserService added in v0.0.18 

type UserService struct {
	// contains filtered or unexported fields
}

UserService manages user CRUD operations and role assignments.

func NewUserService added in v0.0.18 

func NewUserService(db *sql.DB) *UserService

NewUserService creates a new UserService with the given database connection.

func (*UserService) CreateUser added in v0.0.18 

func (s *UserService) CreateUser(user *User) error

CreateUser inserts a new user into the users table. If user_id is empty, a new UUID is generated automatically.

func (*UserService) GetByEmail added in v0.0.18 

func (s *UserService) GetByEmail(email string) (*User, error)

GetByEmail retrieves a user by their email address.

func (*UserService) GetByID added in v0.0.18 

func (s *UserService) GetByID(userID string) (*User, error)

GetByID retrieves a user by their primary key user_id.

func (*UserService) GetByUsername added in v0.0.18 

func (s *UserService) GetByUsername(username string) (*User, error)

GetByUsername retrieves a user by their unique username.

func (*UserService) ListByOrg added in v0.0.18 

func (s *UserService) ListByOrg(orgID string) ([]User, error)

ListByOrg returns all users belonging to the given organization.

func (*UserService) MarkPasskeySetupComplete added in v0.0.18 

func (s *UserService) MarkPasskeySetupComplete(userID string) error

MarkPasskeySetupComplete clears the needs_passkey_setup flag for the user.

func (*UserService) UpdateLastLogin added in v0.0.18 

func (s *UserService) UpdateLastLogin(userID string) error

UpdateLastLogin sets the last_login timestamp to the current time.

func (*UserService) UpdateRole added in v0.0.18 

func (s *UserService) UpdateRole(userID, role string) error

UpdateRole changes the role for the given user.

type WebAuthnUser added in v0.0.18 

type WebAuthnUser struct {
	ID             string
	Name           string
	DisplayName    string
	Role           string
	OrgID          string
	WebAuthnHandle []byte
	Credentials    []webauthn.Credential
}

WebAuthnUser implements the webauthn.User interface for passkey authentication.

func (*WebAuthnUser) WebAuthnCredentials added in v0.0.18 

func (u *WebAuthnUser) WebAuthnCredentials() []webauthn.Credential

WebAuthnCredentials returns all registered credentials for the user.

func (*WebAuthnUser) WebAuthnDisplayName added in v0.0.18 

func (u *WebAuthnUser) WebAuthnDisplayName() string

WebAuthnDisplayName returns the display name shown during ceremony prompts.

func (*WebAuthnUser) WebAuthnID added in v0.0.18 

func (u *WebAuthnUser) WebAuthnID() []byte

WebAuthnID returns the user handle used by the WebAuthn relying party. Uses the opaque WebAuthn handle when available, falling back to the user ID for legacy users that pre-date the random handle generation.

func (*WebAuthnUser) WebAuthnIcon added in v0.0.18 

func (u *WebAuthnUser) WebAuthnIcon() string

WebAuthnIcon returns an empty string; icon support is deprecated in the spec.

func (*WebAuthnUser) WebAuthnName added in v0.0.18 

func (u *WebAuthnUser) WebAuthnName() string

WebAuthnName returns the human-readable username.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.