usecase

package
v0.0.0-...-1f1dc5f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 30, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package usecase coordinates authentication and authorization workflows.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIReader

type APIReader interface {
	FindAPIByRoute(context.Context, string, string) (accessdomain.API, error)
}

APIReader reads managed backend routes needed for API-level authorization.

type Admin

type Admin struct {
	ID           int64     `json:"id"`
	Username     string    `json:"username"`
	DisplayName  string    `json:"display_name"`
	Email        string    `json:"email"`
	RoleIDs      []int64   `json:"role_ids"`
	ActiveRoleID int64     `json:"active_role_id"`
	Active       bool      `json:"active"`
	CreatedAt    time.Time `json:"created_at"`
	UpdatedAt    time.Time `json:"updated_at"`
}

Admin is the current-user administrator DTO.

type AdminReader

type AdminReader interface {
	FindByUsername(context.Context, string) (identitydomain.Admin, error)
	FindByID(context.Context, int64) (identitydomain.Admin, error)
	Update(context.Context, identitydomain.Admin) (identitydomain.Admin, error)
}

AdminReader reads administrator credentials and profiles for authentication.

type Button

type Button struct {
	ID          int64     `json:"id"`
	MenuID      int64     `json:"menu_id"`
	Name        string    `json:"name"`
	Description string    `json:"description"`
	CreatedAt   time.Time `json:"created_at"`
	UpdatedAt   time.Time `json:"updated_at"`
}

Button is a page-level operation key returned with the current user's menu.

type ChangePasswordInput

type ChangePasswordInput struct {
	CurrentPassword string
	NewPassword     string
}

ChangePasswordInput carries current-user password rotation data.

type CurrentUser

type CurrentUser struct {
	ID           int64    `json:"id"`
	Username     string   `json:"username"`
	DisplayName  string   `json:"display_name"`
	Email        string   `json:"email"`
	ActiveRoleID int64    `json:"active_role_id"`
	ActiveRole   Role     `json:"active_role"`
	DefaultPath  string   `json:"default_path"`
	Roles        []Role   `json:"roles"`
	Permissions  []string `json:"permissions"`
	Menus        []Menu   `json:"menus"`
}

CurrentUser is the adapter-facing current-user snapshot.

type LoginAttemptLimiter

type LoginAttemptLimiter interface {
	CheckLoginAttempt(context.Context, string, time.Time) error
	RecordLoginFailure(context.Context, string, time.Time) error
	ResetLoginAttempts(context.Context, string) error
}

LoginAttemptLimiter blocks repeated failed sign-in attempts across app instances. The key is already hashed by the usecase so stores do not need to persist raw usernames or client addresses.

type LoginInput

type LoginInput struct {
	Username  string
	Password  string
	IP        string
	UserAgent string
}

LoginInput carries administrator credentials from a delivery adapter.

type LoginOutput

type LoginOutput struct {
	SessionToken     string      `json:"-"`
	SessionExpiresAt time.Time   `json:"-"`
	User             CurrentUser `json:"user"`
}

LoginOutput is returned after successful authentication.

type LoginRecord

type LoginRecord struct {
	AdminID   int64
	Username  string
	IP        string
	UserAgent string
	Success   bool
	Reason    string
}

LoginRecord carries a safe sign-in audit event.

type LoginRecorder

type LoginRecorder interface {
	RecordLogin(context.Context, LoginRecord) error
}

LoginRecorder stores sign-in attempts without exposing audit storage details.

type LoginSessionIdentity

type LoginSessionIdentity struct {
	SessionID int64
	AdminID   int64
	RoleID    int64
}

LoginSessionIdentity is the authenticated browser login identity stored on request context by HTTP middleware.

type LoginSessionStore

type LoginSessionStore interface {
	CreateLoginSession(context.Context, authdomain.LoginSession) (authdomain.LoginSession, error)
	FindLoginSessionByTokenHash(context.Context, string) (authdomain.LoginSession, bool, error)
	RefreshLoginSession(context.Context, authdomain.LoginSession) error
	UpdateLoginSessionRole(context.Context, int64, int64, time.Time) error
	RevokeLoginSession(context.Context, int64, string, time.Time) error
	RevokeOtherLoginSessions(context.Context, int64, int64, string, time.Time) error
	RevokeLoginSessions(context.Context, int64, string, time.Time) error
}

LoginSessionStore persists browser login sessions without storing the raw cookie credential.

type Menu struct {
	ID         int64     `json:"id"`
	ParentID   int64     `json:"parent_id"`
	Name       string    `json:"name"`
	Path       string    `json:"path"`
	Icon       string    `json:"icon"`
	Hidden     bool      `json:"hidden"`
	Component  string    `json:"component"`
	Meta       MenuMeta  `json:"meta"`
	Permission string    `json:"permission"`
	Sort       int       `json:"sort"`
	Active     bool      `json:"active"`
	Buttons    []Button  `json:"buttons"`
	CreatedAt  time.Time `json:"created_at"`
	UpdatedAt  time.Time `json:"updated_at"`
}

Menu is the current-user menu DTO.

type MenuMeta struct {
	ActiveName     string `json:"active_name"`
	KeepAlive      bool   `json:"keep_alive"`
	DefaultMenu    bool   `json:"default_menu"`
	CloseTab       bool   `json:"close_tab"`
	TransitionType string `json:"transition_type"`
}

MenuMeta is router metadata returned with the current-user menu tree.

type MenuReader interface {
	ListMenus(context.Context) ([]accessdomain.Menu, error)
}

MenuReader reads menus needed to build the current-user navigation tree.

type Option

type Option func(*Usecase)

Option customizes the auth usecase.

func WithClock

func WithClock(now func() time.Time) Option

WithClock replaces the clock used for tokens and records.

type Role

type Role struct {
	ID          int64     `json:"id"`
	ParentID    int64     `json:"parent_id"`
	Code        string    `json:"code"`
	Name        string    `json:"name"`
	Permissions []string  `json:"permissions"`
	MenuIDs     []int64   `json:"menu_ids"`
	APIIDs      []int64   `json:"api_ids"`
	ButtonIDs   []int64   `json:"button_ids"`
	DataRoleIDs []int64   `json:"data_role_ids"`
	DefaultPath string    `json:"default_path"`
	Active      bool      `json:"active"`
	CreatedAt   time.Time `json:"created_at"`
	UpdatedAt   time.Time `json:"updated_at"`
}

Role is the current-user role DTO.

type RoleReader

type RoleReader interface {
	FindRoleByID(context.Context, int64) (accessdomain.Role, error)
}

RoleReader reads roles needed to build authorization grants.

type RoleSwitchInput

type RoleSwitchInput struct {
	RoleID int64
}

RoleSwitchInput carries the requested active role.

type RoleSwitchOutput

type RoleSwitchOutput struct {
	User CurrentUser `json:"user"`
}

RoleSwitchOutput is returned after the active role changes.

type UpdateProfileInput

type UpdateProfileInput struct {
	DisplayName string
	Email       string
}

UpdateProfileInput carries current-user profile fields.

type Usecase

type Usecase struct {
	// contains filtered or unexported fields
}

Usecase coordinates sign-in, current user, and permission checks.

func New

func New(admins AdminReader, roles RoleReader, menus MenuReader, apis APIReader, sessions LoginSessionStore, loginLimiter LoginAttemptLimiter, logins LoginRecorder, opts ...Option) *Usecase

New creates an auth usecase with its required readers and login-session store.

func (*Usecase) AuthenticateLoginSession

func (u *Usecase) AuthenticateLoginSession(ctx context.Context, rawToken string) (LoginSessionIdentity, error)

AuthenticateLoginSession validates a raw browser session token and returns the identity that middleware should attach to request context.

func (*Usecase) AuthorizeRoute

func (u *Usecase) AuthorizeRoute(ctx context.Context, method, path string) error

AuthorizeRoute verifies that the current active role may call the managed API route. The path must be Echo's registered route pattern rather than the raw URL, so IDs and other path parameters are authorized by one catalog row.

func (*Usecase) ChangePassword

func (u *Usecase) ChangePassword(ctx context.Context, input ChangePasswordInput) error

ChangePassword verifies the current password, stores the new hash, and revokes other login sessions for the same administrator.

func (*Usecase) CurrentUser

func (u *Usecase) CurrentUser(ctx context.Context) (CurrentUser, error)

CurrentUser returns the authenticated administrator profile and active-role grants.

func (*Usecase) Login

func (u *Usecase) Login(ctx context.Context, input LoginInput) (LoginOutput, error)

Login authenticates an administrator and creates a browser login session.

func (*Usecase) Logout

func (u *Usecase) Logout(ctx context.Context) error

Logout revokes the current login session.

func (*Usecase) LogoutOthers

func (u *Usecase) LogoutOthers(ctx context.Context) error

LogoutOthers revokes every other login session for the current administrator.

func (*Usecase) RequirePermission

func (u *Usecase) RequirePermission(ctx context.Context, permission string) error

RequirePermission verifies that the current admin has permission through the active role.

func (*Usecase) RevokeLoginSessions

func (u *Usecase) RevokeLoginSessions(ctx context.Context, adminID int64) error

RevokeLoginSessions revokes all login sessions for one administrator after a security event such as disabling or deleting the account.

func (*Usecase) SwitchRole

func (u *Usecase) SwitchRole(ctx context.Context, input RoleSwitchInput) (RoleSwitchOutput, error)

SwitchRole changes the active role for the current login session.

func (*Usecase) UpdateProfile

func (u *Usecase) UpdateProfile(ctx context.Context, input UpdateProfileInput) (CurrentUser, error)

UpdateProfile changes the current administrator's display fields only.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL