Documentation
¶
Index ¶
- func HashRefreshToken(token string) string
- func NewJWTService(logger models.Logger, sessionService services.SessionService, ...) services.JWTService
- type BlacklistService
- type CacheService
- type JWTServiceImpl
- type JwtService
- type KeyService
- type RefreshTokenRepository
- type RefreshTokenResponse
- type RefreshTokenService
- type RefreshTokenStorage
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func HashRefreshToken ¶
HashRefreshToken creates a SHA256 hash of a refresh token
func NewJWTService ¶
func NewJWTService( logger models.Logger, sessionService services.SessionService, tokenService services.TokenService, keyService KeyService, cacheService CacheService, blacklistService BlacklistService, expiresIn time.Duration, refreshExpiresIn time.Duration, ) services.JWTService
NewJWTService creates a new JWT service implementation
Types ¶
type BlacklistService ¶
type BlacklistService interface {
// BlacklistToken adds a token JTI to the blacklist with TTL
BlacklistToken(ctx context.Context, jti string, expiresAt time.Time) error
// IsBlacklisted checks if a token JTI is blacklisted
IsBlacklisted(ctx context.Context, jti string) (bool, error)
// BlacklistAllSessionTokens blacklists all tokens for a session
BlacklistAllSessionTokens(ctx context.Context, sessionID string, expiresAt time.Time) error
// CleanupExpired removes expired blacklist entries (for non-TTL stores)
CleanupExpired(ctx context.Context) error
}
BlacklistService handles token blacklisting/revocation
func NewBlacklistService ¶
func NewBlacklistService(storage models.SecondaryStorage, logger models.Logger) BlacklistService
NewBlacklistService creates a new blacklist service
type CacheService ¶
type CacheService interface {
// GetCachedJWKS retrieves JWKS from cache if available and not expired
GetCachedJWKS(ctx context.Context) (jwk.Set, error)
// FetchJWKSFromDatabase loads all non-expired public keys from the database
FetchJWKSFromDatabase(ctx context.Context) (jwk.Set, error)
// CacheJWKS stores the JWKS in the cache with the configured TTL
CacheJWKS(ctx context.Context, set jwk.Set) error
// InvalidateCache removes the cached JWKS immediately and fetches fresh from DB
InvalidateCache(ctx context.Context) error
// GetJWKSWithFallback retrieves JWKS from cache with database fallback
GetJWKSWithFallback(ctx context.Context) (jwk.Set, error)
}
CacheService manages JWKS caching with database fallback
func NewCacheService ¶
func NewCacheService(repo repositories.JWKSRepository, secondaryStorage models.SecondaryStorage, logger models.Logger, cacheTTL time.Duration) CacheService
NewCacheService creates a new cache service
type JWTServiceImpl ¶
type JWTServiceImpl struct {
// contains filtered or unexported fields
}
JWTServiceImpl is the concrete implementation of the JWTService interface
func (*JWTServiceImpl) GenerateTokens ¶
func (s *JWTServiceImpl) GenerateTokens(ctx context.Context, userID string, sessionID string) (*types.TokenPair, error)
GenerateTokens creates access and refresh JWT tokens tied to a session
func (*JWTServiceImpl) ValidateToken ¶
func (s *JWTServiceImpl) ValidateToken(token string) (userID string, err error)
ValidateToken validates a JWT token and ensures the referenced session is still active
type JwtService ¶
type JwtService interface {
GenerateTokens(ctx context.Context, userID string, sessionID string) (*types.TokenPair, error)
}
JwtService defines the JWT operations
type KeyService ¶
type KeyService interface {
// GenerateKeysIfMissing generates the initial key pair if none exist in the database
GenerateKeysIfMissing(ctx context.Context) error
// GetActiveKey retrieves the currently active (non-expired) key
GetActiveKey(ctx context.Context) (*types.JWKS, error)
// IsKeyRotationDue returns true if the active key's age exceeds the rotation interval
IsKeyRotationDue(ctx context.Context, rotationInterval time.Duration) bool
// RotateKeysIfNeeded rotates keys if they're past the rotation interval
// gracePeriod specifies how long old keys remain valid after rotation
// Returns true if rotation occurred, false otherwise
RotateKeysIfNeeded(ctx context.Context, rotationInterval time.Duration, gracePeriod time.Duration, invalidateCacheFunc func(context.Context) error) (bool, error)
}
KeyService manages cryptographic key generation, rotation, and retrieval
func NewKeyService ¶
func NewKeyService(repo repositories.JWKSRepository, logger models.Logger, tokenService coreservices.TokenService, secret string, algorithm types.JWTAlgorithm) KeyService
NewKeyService creates a new key service
type RefreshTokenRepository ¶
type RefreshTokenRepository interface {
StoreRefreshToken(ctx context.Context, record *types.RefreshToken) error
GetRefreshToken(ctx context.Context, tokenHash string) (*types.RefreshToken, error)
RevokeRefreshToken(ctx context.Context, tokenHash string) error
RevokeAllSessionTokens(ctx context.Context, sessionID string) error
SetLastReuseAttempt(ctx context.Context, tokenHash string) error
CleanupExpiredTokens(ctx context.Context) error
}
RefreshTokenRepository defines data access operations for refresh tokens
type RefreshTokenResponse ¶
RefreshTokenResponse contains the result of a token refresh operation
type RefreshTokenService ¶
type RefreshTokenService interface {
// RefreshTokens refreshes the access and refresh tokens using the provided refresh token
RefreshTokens(ctx context.Context, refreshToken string) (*RefreshTokenResponse, error)
// StoreInitialRefreshToken stores the initial refresh token along with its session ID and expiration time
StoreInitialRefreshToken(ctx context.Context, refreshToken string, sessionID string, expiresAt time.Time) error
}
RefreshTokenService handles refresh token operations
func NewRefreshTokenService ¶
func NewRefreshTokenService( logger models.Logger, eventBus models.EventBus, sessionService coreservices.SessionService, jwtService JwtService, storage RefreshTokenRepository, gracePeriod time.Duration, refreshExpiresIn time.Duration, ) RefreshTokenService
NewRefreshTokenService creates a new refresh token service
type RefreshTokenStorage ¶
type RefreshTokenStorage interface {
StoreRefreshToken(ctx context.Context, record *types.RefreshToken) error
GetRefreshToken(ctx context.Context, tokenHash string) (*types.RefreshToken, error)
RevokeRefreshToken(ctx context.Context, tokenHash string) error
SetLastReuseAttempt(ctx context.Context, tokenHash string) error
RevokeAllSessionTokens(ctx context.Context, sessionID string) error
}
RefreshTokenStorage defines storage operations for refresh tokens
Source Files
Click to show internal directories.
Click to hide internal directories.