auth

package
v1.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Authentication errors
	ErrInvalidCredentials    = errors.New("invalid credentials")
	ErrUserNotFound          = errors.New("user not found")
	ErrUserAlreadyExists     = errors.New("user already exists")
	ErrInvalidPassword       = errors.New("invalid password")
	ErrPasswordHashingFailed = errors.New("password hashing failed")

	// Token errors
	ErrTokenGenerationFailed = errors.New("token generation failed")
	ErrTokenExpired          = errors.New("token expired")
	ErrInvalidToken          = errors.New("invalid token")
	ErrNoRefreshToken        = errors.New("no refresh token available")

	// Session errors
	ErrSessionNotFound       = errors.New("session not found")
	ErrSessionCreationFailed = errors.New("session creation failed")
	ErrSessionDeletionFailed = errors.New("session deletion failed")
	ErrSessionExpired        = errors.New("session expired")

	// Verification errors
	ErrVerificationNotFound = errors.New("verification token not found")
	ErrVerificationExpired  = errors.New("verification token expired")
	ErrVerificationInvalid  = errors.New("invalid verification token")

	// Account errors
	ErrAccountNotFound        = errors.New("account not found")
	ErrAccountCreationFailed  = errors.New("account creation failed")
	ErrAccountUpdateFailed    = errors.New("account update failed")
	ErrAccountLinkingRequired = errors.New("account linking required: user exists with a different provider")

	// Email verification errors
	ErrEmailVerificationFailed = errors.New("email verification failed")

	// Email change errors
	ErrEmailAlreadyExists       = errors.New("email already exists")
	ErrEmailChangeRequestFailed = errors.New("email change request failed")

	// Password reset errors
	ErrPasswordResetFailed        = errors.New("password reset failed")
	ErrPasswordResetRequestFailed = errors.New("password reset request failed")

	// Configuration errors
	ErrConfigInvalid = errors.New("invalid configuration")

	// OAuth2 errors
	ErrOAuth2ProviderNotConfigured = errors.New("oauth2 provider not configured")
	ErrOAuth2ExchangeFailed        = errors.New("oauth2 token exchange failed")
	ErrOAuth2UserInfoFailed        = errors.New("failed to get oauth2 user info")
)

Functions

This section is empty.

Types

type AccountService 

type AccountService struct {
	// contains filtered or unexported fields
}

func NewAccountService 

func NewAccountService(config *domain.Config, db *gorm.DB) *AccountService

func (*AccountService) CreateAccount 

func (s *AccountService) CreateAccount(a *domain.Account) error

CreateAccount creates a new account in the database.

func (*AccountService) GetAccountByProviderAndAccountID added in v1.0.4 

func (s *AccountService) GetAccountByProviderAndAccountID(provider domain.ProviderType, accountID string) (*domain.Account, error)

GetAccountByProviderAndAccountID retrieves an account by provider and provider's account ID.

func (*AccountService) GetAccountByUserID 

func (s *AccountService) GetAccountByUserID(userID string) (*domain.Account, error)

GetAccountByUserID retrieves an account by the associated user ID.

func (*AccountService) UpdateAccount 

func (s *AccountService) UpdateAccount(account *domain.Account) error

UpdateAccount updates an existing account in the database.

type EmailChangeRequestResult 

type EmailChangeRequestResult struct {
	Message string `json:"message"`
}

EmailChangeRequestResult represents the result of an email change request

type EmailChangeResult 

type EmailChangeResult struct {
	Message string       `json:"message"`
	User    *domain.User `json:"user,omitempty"`
}

EmailChangeResult represents the result of confirming an email change

type MeResult 

type MeResult struct {
	User    *domain.User    `json:"user"`
	Session *domain.Session `json:"session"`
}

type PasswordResetRequestResult 

type PasswordResetRequestResult struct {
	Message string `json:"message"`
}

PasswordResetRequestResult represents the result of a password reset request

type PasswordResetResult 

type PasswordResetResult struct {
	Message string `json:"message"`
}

PasswordResetResult represents the result of a password reset

type RateLimitService added in v1.0.4 

type RateLimitService struct {
	// contains filtered or unexported fields
}

func NewRateLimitService added in v1.0.4 

func NewRateLimitService(config *domain.Config) *RateLimitService

func (*RateLimitService) Allow added in v1.0.4 

func (s *RateLimitService) Allow(ctx context.Context, key string, req *http.Request) (bool, error)

Allow checks if a request is allowed based on rate limiting rules

func (*RateLimitService) BuildKey added in v1.0.8 

func (s *RateLimitService) BuildKey(key string) string

BuildKey constructs a rate limit key for storage

func (*RateLimitService) GetClientIP added in v1.0.4 

func (s *RateLimitService) GetClientIP(req *http.Request) string

GetClientIP extracts the client's IP address from the request based on configured headers

type Service 

type Service struct {
	UserService            *UserService
	AccountService         *AccountService
	SessionService         *SessionService
	VerificationService    *VerificationService
	TokenService           *TokenService
	OAuth2ProviderRegistry *oauth2.OAuth2ProviderRegistry
	RateLimitService       *RateLimitService
	// contains filtered or unexported fields
}

Service encapsulates all authentication use-cases

func NewService 

func NewService(
	config *domain.Config,
	userService *UserService,
	accountService *AccountService,
	sessionService *SessionService,
	verificationService *VerificationService,
	tokenService *TokenService,
	rateLimitService *RateLimitService,
) *Service

NewService creates a new Auth service with all dependencies

func (*Service) ChangePassword 

func (s *Service) ChangePassword(rawToken, newPassword string) error

ChangePassword completes a password reset with a verification token and new password

func (*Service) CreateSession 

func (s *Service) CreateSession(userID string) (string, error)

CreateSession creates a new session for a user

func (*Service) DeleteSession 

func (s *Service) DeleteSession(sessionToken string) error

DeleteSession deletes a session

func (*Service) EmailChange 

func (s *Service) EmailChange(userID string, newEmail string, callbackURL *string) error

EmailChange initiates an email change by sending a verification email to the new address

func (*Service) GetMe 

func (s *Service) GetMe(userID string) (*MeResult, error)

GetMe retrieves the current user and their session

func (*Service) GetValidAccessToken added in v1.0.4 

func (s *Service) GetValidAccessToken(ctx context.Context, account *domain.Account, providerName string) (string, error)

GetValidAccessToken ensures the access token is valid and refreshes it if expired or near expiry.

func (*Service) RefreshOAuth2AccessToken added in v1.0.4 

func (s *Service) RefreshOAuth2AccessToken(ctx context.Context, account *domain.Account, providerName string) (string, error)

RefreshOAuth2AccessToken refreshes the access token for a given account if a valid refresh token exists.

func (*Service) RefreshSession 

func (s *Service) RefreshSession(sessionToken string) (string, error)

RefreshSession refreshes an existing session token

func (*Service) ResetPassword 

func (s *Service) ResetPassword(email string, callbackURL *string) error

ResetPassword initiates a password reset by sending a verification email

func (*Service) SendVerificationEmail 

func (s *Service) SendVerificationEmail(userID string, callbackURL *string) error

SendVerificationEmail generates a verification token and sends a verification email to the user

func (*Service) SignInWithEmailAndPassword 

func (s *Service) SignInWithEmailAndPassword(email string, password string, callbackURL *string) (*SignInResult, error)

SignInWithEmailAndPassword handles email/password authentication

func (*Service) SignInWithOAuth2 added in v1.0.4 

func (s *Service) SignInWithOAuth2(ctx context.Context, providerName string, code string, opts ...oauth2.AuthCodeOption) (*SignInResult, error)

func (*Service) SignOut 

func (s *Service) SignOut(sessionToken string) error

SignOut handles user sign-out by deleting their session

func (*Service) SignUpWithEmailAndPassword 

func (s *Service) SignUpWithEmailAndPassword(name string, email string, password string, callbackURL *string) (*SignUpResult, error)

SignUpWithEmailAndPassword handles user registration with email and password

func (*Service) VerifyEmailToken 

func (s *Service) VerifyEmailToken(rawToken string) (*VerifyEmailResult, error)

VerifyEmailToken handles all email verification types: verification, password reset confirmation, and email change confirmation

type SessionService 

type SessionService struct {
	// contains filtered or unexported fields
}

func NewSessionService 

func NewSessionService(config *domain.Config, db *gorm.DB) *SessionService

func (*SessionService) CreateSession 

func (s *SessionService) CreateSession(userID string, token string) (*domain.Session, error)

CreateSession creates a new session for a user

func (*SessionService) DeleteSessionByID 

func (s *SessionService) DeleteSessionByID(ID string) error

DeleteSessionByID deletes a session by its ID.

func (*SessionService) GetSessionByToken 

func (s *SessionService) GetSessionByToken(token string) (*domain.Session, error)

GetSessionByToken retrieves a session by its token.

func (*SessionService) GetSessionByUserID 

func (s *SessionService) GetSessionByUserID(userID string) (*domain.Session, error)

GetSessionByUserID retrieves a session by the associated userID.

type SignInResult 

type SignInResult struct {
	Token     string       `json:"token"`
	User      *domain.User `json:"user"`
	CSRFToken string       `json:"csrf_token,omitempty"`
}

SignInResult represents the result of a sign-in operation

type SignOutResult 

type SignOutResult struct {
	Message string `json:"message"`
}

SignOutResult represents the result of a sign-out operation

type SignUpResult 

type SignUpResult struct {
	Token     string       `json:"token,omitempty"`
	User      *domain.User `json:"user"`
	CSRFToken string       `json:"csrf_token,omitempty"`
}

SignUpResult represents the result of a sign-up operation

type TokenService 

type TokenService struct {
	// contains filtered or unexported fields
}

TokenService manages token operations using the application secret. This service uses Config.Secret for signing, encryption, and hashing tokens.

func NewTokenService 

func NewTokenService(config *domain.Config) *TokenService

NewTokenService creates a new TokenService with the provided config.

func (*TokenService) DecryptToken 

func (ts *TokenService) DecryptToken(encryptedToken string) (string, error)

DecryptToken decrypts an encrypted token using the application secret.

func (*TokenService) EncryptToken added in v1.0.4 

func (ts *TokenService) EncryptToken(token string) (string, error)

EncryptToken encrypts a plain token using the application secret.

func (*TokenService) GenerateEncryptedToken 

func (ts *TokenService) GenerateEncryptedToken() (string, error)

GenerateEncryptedToken generates a token and encrypts it with the application secret.

func (*TokenService) GenerateToken 

func (ts *TokenService) GenerateToken() (string, error)

GenerateToken generates a new cryptographically secure random token.

func (*TokenService) HashToken 

func (ts *TokenService) HashToken(token string) string

HashToken creates a hash of the token using the application secret. This is more secure than plain SHA256 hashing for token storage.

type UserService 

type UserService struct {
	// contains filtered or unexported fields
}

func NewUserService 

func NewUserService(config *domain.Config, db *gorm.DB) *UserService

func (*UserService) CreateUser 

func (s *UserService) CreateUser(user *domain.User) error

CreateUser creates a new user in the database.

func (*UserService) GetUserByEmail 

func (s *UserService) GetUserByEmail(email string) (*domain.User, error)

GetUserByEmail retrieves a user by their email.

func (*UserService) GetUserByID 

func (s *UserService) GetUserByID(id string) (*domain.User, error)

GetUserByID retrieves a user by their ID.

func (*UserService) UpdateUser 

func (s *UserService) UpdateUser(user *domain.User) error

UpdateUser updates an existing user in the database.

type VerificationService 

type VerificationService struct {
	// contains filtered or unexported fields
}

func NewVerificationService 

func NewVerificationService(config *domain.Config, db *gorm.DB) *VerificationService

func (*VerificationService) CreateVerification 

func (s *VerificationService) CreateVerification(v *domain.Verification) error

Creates a new verification record

func (*VerificationService) DeleteVerification 

func (s *VerificationService) DeleteVerification(id string) error

Deletes a verification record by ID

func (*VerificationService) GetVerificationByToken 

func (s *VerificationService) GetVerificationByToken(token string) (*domain.Verification, error)

Retrieves a verification record by token

func (*VerificationService) IsExpired 

func (s *VerificationService) IsExpired(verification *domain.Verification) bool

Checks if the verification token is expired

type VerifyEmailResult 

type VerifyEmailResult struct {
	Message string       `json:"message"`
	User    *domain.User `json:"user,omitempty"`
}

VerifyEmailResult represents the result of email verification

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.