domain

package
v0.0.0-...-1f1dc5f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 30, 2026 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package domain defines authentication-owned business state.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrInvalidLoginSession indicates malformed session state.
	ErrInvalidLoginSession = errors.New("invalid login session")
	// ErrLoginSessionExpired indicates a session that passed its idle or
	// absolute expiry.
	ErrLoginSessionExpired = errors.New("login session expired")
	// ErrLoginSessionRevoked indicates a session explicitly signed out or
	// revoked by a security event.
	ErrLoginSessionRevoked = errors.New("login session revoked")
)

Functions

This section is empty.

Types

type LoginSession

type LoginSession struct {
	ID                int64
	AdminID           int64
	ActiveRoleID      int64
	TokenHash         string
	IP                string
	UserAgent         string
	CreatedAt         time.Time
	LastSeenAt        time.Time
	IdleExpiresAt     time.Time
	AbsoluteExpiresAt time.Time
	RevokedAt         *time.Time
	RevokedReason     string
	UpdatedAt         time.Time
}

LoginSession is one browser login state for an administrator. It stores the active role for that browser, but authorization still reads current role grants from the access module.

func NewLoginSession

func NewLoginSession(input LoginSessionInput) (LoginSession, error)

NewLoginSession creates an active login session.

func RestoreLoginSession

func RestoreLoginSession(id, adminID, activeRoleID int64, tokenHash, ip, userAgent string, createdAt, lastSeenAt, idleExpiresAt, absoluteExpiresAt time.Time, revokedAt *time.Time, revokedReason string, updatedAt time.Time) (LoginSession, error)

RestoreLoginSession restores persisted session state.

func (LoginSession) AvailabilityError

func (s LoginSession) AvailabilityError(now time.Time) error

AvailabilityError returns the reason a session cannot authenticate a request.

func (LoginSession) NeedsRefresh

func (s LoginSession) NeedsRefresh(now time.Time, interval time.Duration) bool

NeedsRefresh reports whether last-seen metadata should be refreshed. The interval prevents hot admin pages from turning session reads into write load.

func (LoginSession) Refreshed

func (s LoginSession) Refreshed(now time.Time, idleTTL time.Duration) LoginSession

Refreshed returns a session with renewed idle expiry capped by absolute lifetime.

type LoginSessionInput

type LoginSessionInput struct {
	AdminID           int64
	ActiveRoleID      int64
	TokenHash         string
	IP                string
	UserAgent         string
	CreatedAt         time.Time
	IdleExpiresAt     time.Time
	AbsoluteExpiresAt time.Time
}

LoginSessionInput carries the data needed to create a login session.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL