Documentation
¶
Overview ¶
Package usecase coordinates authentication and authorization workflows.
Index ¶
- type APIReader
- type Admin
- type AdminReader
- type Button
- type ChangePasswordInput
- type CurrentUser
- type LoginAttemptLimiter
- type LoginInput
- type LoginOutput
- type LoginRecord
- type LoginRecorder
- type LoginSessionIdentity
- type LoginSessionStore
- type Menu
- type MenuMeta
- type MenuReader
- type Option
- type Role
- type RoleReader
- type RoleSwitchInput
- type RoleSwitchOutput
- type UpdateProfileInput
- type Usecase
- func (u *Usecase) AuthenticateLoginSession(ctx context.Context, rawToken string) (LoginSessionIdentity, error)
- func (u *Usecase) AuthorizeRoute(ctx context.Context, method, path string) error
- func (u *Usecase) ChangePassword(ctx context.Context, input ChangePasswordInput) error
- func (u *Usecase) CurrentUser(ctx context.Context) (CurrentUser, error)
- func (u *Usecase) Login(ctx context.Context, input LoginInput) (LoginOutput, error)
- func (u *Usecase) Logout(ctx context.Context) error
- func (u *Usecase) LogoutOthers(ctx context.Context) error
- func (u *Usecase) RequirePermission(ctx context.Context, permission string) error
- func (u *Usecase) RevokeLoginSessions(ctx context.Context, adminID int64) error
- func (u *Usecase) SwitchRole(ctx context.Context, input RoleSwitchInput) (RoleSwitchOutput, error)
- func (u *Usecase) UpdateProfile(ctx context.Context, input UpdateProfileInput) (CurrentUser, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type APIReader ¶
type APIReader interface {
FindAPIByRoute(context.Context, string, string) (accessdomain.API, error)
}
APIReader reads managed backend routes needed for API-level authorization.
type Admin ¶
type Admin struct {
ID int64 `json:"id"`
Username string `json:"username"`
DisplayName string `json:"display_name"`
Email string `json:"email"`
RoleIDs []int64 `json:"role_ids"`
ActiveRoleID int64 `json:"active_role_id"`
Active bool `json:"active"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
Admin is the current-user administrator DTO.
type AdminReader ¶
type AdminReader interface {
FindByUsername(context.Context, string) (identitydomain.Admin, error)
FindByID(context.Context, int64) (identitydomain.Admin, error)
Update(context.Context, identitydomain.Admin) (identitydomain.Admin, error)
}
AdminReader reads administrator credentials and profiles for authentication.
type Button ¶
type Button struct {
ID int64 `json:"id"`
MenuID int64 `json:"menu_id"`
Name string `json:"name"`
Description string `json:"description"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
Button is a page-level operation key returned with the current user's menu.
type ChangePasswordInput ¶
ChangePasswordInput carries current-user password rotation data.
type CurrentUser ¶
type CurrentUser struct {
ID int64 `json:"id"`
Username string `json:"username"`
DisplayName string `json:"display_name"`
Email string `json:"email"`
ActiveRoleID int64 `json:"active_role_id"`
ActiveRole Role `json:"active_role"`
DefaultPath string `json:"default_path"`
Roles []Role `json:"roles"`
Permissions []string `json:"permissions"`
Menus []Menu `json:"menus"`
}
CurrentUser is the adapter-facing current-user snapshot.
type LoginAttemptLimiter ¶
type LoginAttemptLimiter interface {
CheckLoginAttempt(context.Context, string, time.Time) error
RecordLoginFailure(context.Context, string, time.Time) error
ResetLoginAttempts(context.Context, string) error
}
LoginAttemptLimiter blocks repeated failed sign-in attempts across app instances. The key is already hashed by the usecase so stores do not need to persist raw usernames or client addresses.
type LoginInput ¶
LoginInput carries administrator credentials from a delivery adapter.
type LoginOutput ¶
type LoginOutput struct {
SessionToken string `json:"-"`
SessionExpiresAt time.Time `json:"-"`
User CurrentUser `json:"user"`
}
LoginOutput is returned after successful authentication.
type LoginRecord ¶
type LoginRecord struct {
AdminID int64
Username string
IP string
UserAgent string
Success bool
Reason string
}
LoginRecord carries a safe sign-in audit event.
type LoginRecorder ¶
type LoginRecorder interface {
RecordLogin(context.Context, LoginRecord) error
}
LoginRecorder stores sign-in attempts without exposing audit storage details.
type LoginSessionIdentity ¶
LoginSessionIdentity is the authenticated browser login identity stored on request context by HTTP middleware.
type LoginSessionStore ¶
type LoginSessionStore interface {
CreateLoginSession(context.Context, authdomain.LoginSession) (authdomain.LoginSession, error)
FindLoginSessionByTokenHash(context.Context, string) (authdomain.LoginSession, bool, error)
RefreshLoginSession(context.Context, authdomain.LoginSession) error
UpdateLoginSessionRole(context.Context, int64, int64, time.Time) error
RevokeLoginSession(context.Context, int64, string, time.Time) error
RevokeOtherLoginSessions(context.Context, int64, int64, string, time.Time) error
RevokeLoginSessions(context.Context, int64, string, time.Time) error
}
LoginSessionStore persists browser login sessions without storing the raw cookie credential.
type Menu ¶
type Menu struct {
ID int64 `json:"id"`
ParentID int64 `json:"parent_id"`
Name string `json:"name"`
Path string `json:"path"`
Icon string `json:"icon"`
Hidden bool `json:"hidden"`
Component string `json:"component"`
Meta MenuMeta `json:"meta"`
Permission string `json:"permission"`
Sort int `json:"sort"`
Active bool `json:"active"`
Buttons []Button `json:"buttons"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
Menu is the current-user menu DTO.
type MenuMeta ¶
type MenuMeta struct {
ActiveName string `json:"active_name"`
KeepAlive bool `json:"keep_alive"`
DefaultMenu bool `json:"default_menu"`
CloseTab bool `json:"close_tab"`
TransitionType string `json:"transition_type"`
}
MenuMeta is router metadata returned with the current-user menu tree.
type MenuReader ¶
type MenuReader interface {
ListMenus(context.Context) ([]accessdomain.Menu, error)
}
MenuReader reads menus needed to build the current-user navigation tree.
type Role ¶
type Role struct {
ID int64 `json:"id"`
ParentID int64 `json:"parent_id"`
Code string `json:"code"`
Name string `json:"name"`
Permissions []string `json:"permissions"`
MenuIDs []int64 `json:"menu_ids"`
APIIDs []int64 `json:"api_ids"`
ButtonIDs []int64 `json:"button_ids"`
DataRoleIDs []int64 `json:"data_role_ids"`
DefaultPath string `json:"default_path"`
Active bool `json:"active"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
Role is the current-user role DTO.
type RoleReader ¶
RoleReader reads roles needed to build authorization grants.
type RoleSwitchInput ¶
type RoleSwitchInput struct {
RoleID int64
}
RoleSwitchInput carries the requested active role.
type RoleSwitchOutput ¶
type RoleSwitchOutput struct {
User CurrentUser `json:"user"`
}
RoleSwitchOutput is returned after the active role changes.
type UpdateProfileInput ¶
UpdateProfileInput carries current-user profile fields.
type Usecase ¶
type Usecase struct {
// contains filtered or unexported fields
}
Usecase coordinates sign-in, current user, and permission checks.
func New ¶
func New(admins AdminReader, roles RoleReader, menus MenuReader, apis APIReader, sessions LoginSessionStore, loginLimiter LoginAttemptLimiter, logins LoginRecorder, opts ...Option) *Usecase
New creates an auth usecase with its required readers and login-session store.
func (*Usecase) AuthenticateLoginSession ¶
func (u *Usecase) AuthenticateLoginSession(ctx context.Context, rawToken string) (LoginSessionIdentity, error)
AuthenticateLoginSession validates a raw browser session token and returns the identity that middleware should attach to request context.
func (*Usecase) AuthorizeRoute ¶
AuthorizeRoute verifies that the current active role may call the managed API route. The path must be Echo's registered route pattern rather than the raw URL, so IDs and other path parameters are authorized by one catalog row.
func (*Usecase) ChangePassword ¶
func (u *Usecase) ChangePassword(ctx context.Context, input ChangePasswordInput) error
ChangePassword verifies the current password, stores the new hash, and revokes other login sessions for the same administrator.
func (*Usecase) CurrentUser ¶
func (u *Usecase) CurrentUser(ctx context.Context) (CurrentUser, error)
CurrentUser returns the authenticated administrator profile and active-role grants.
func (*Usecase) Login ¶
func (u *Usecase) Login(ctx context.Context, input LoginInput) (LoginOutput, error)
Login authenticates an administrator and creates a browser login session.
func (*Usecase) LogoutOthers ¶
LogoutOthers revokes every other login session for the current administrator.
func (*Usecase) RequirePermission ¶
RequirePermission verifies that the current admin has permission through the active role.
func (*Usecase) RevokeLoginSessions ¶
RevokeLoginSessions revokes all login sessions for one administrator after a security event such as disabling or deleting the account.
func (*Usecase) SwitchRole ¶
func (u *Usecase) SwitchRole(ctx context.Context, input RoleSwitchInput) (RoleSwitchOutput, error)
SwitchRole changes the active role for the current login session.
func (*Usecase) UpdateProfile ¶
func (u *Usecase) UpdateProfile(ctx context.Context, input UpdateProfileInput) (CurrentUser, error)
UpdateProfile changes the current administrator's display fields only.