auth

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2026 License: AGPL-3.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	HeaderNuwaDate      = "X-Nuwa-Date"
	HeaderAuthorization = "Authorization"
	Algorithm           = "HMAC-SHA256"
)
View Source 
const (
	RecoveryCodeLength = 8  // 8-character recovery codes
	RecoveryCodeCount  = 10 // Generate 10 recovery codes
)

Variables

This section is empty.

Functions

func AppendPasswordHistory 

func AppendPasswordHistory(history []string, newHash string) []string

AppendPasswordHistory adds new hash and keeps max 5

func CheckPasswordHash 

func CheckPasswordHash(password, hash string) bool

CheckPasswordHash compares a password with a hash

func CheckPasswordHistory 

func CheckPasswordHistory(history []string, newPassword string) bool

CheckPasswordHistory checks if the new password has been used recently (in last 5).

func CountRemainingCodes 

func CountRemainingCodes(hashedCodes []string) int

CountRemainingCodes counts how many recovery codes are still valid

func GenerateAccessKey 

func GenerateAccessKey() (string, error)

GenerateAccessKey generates a random Access Key (AK) Format: NW + 18 characters random alphanumeric (approx) Example: NWABC123...

func GenerateQRCode 

func GenerateQRCode(key *otp.Key) ([]byte, error)

GenerateQRCode returns the QR code image bytes for a key.

func GenerateRSAKeyPair 

func GenerateRSAKeyPair() (*rsa.PrivateKey, *rsa.PublicKey, error)

GenerateRSAKeyPair generates a new RSA key pair of 2048 bits

func GenerateRecoveryCodes 

func GenerateRecoveryCodes(count int) ([]string, error)

GenerateRecoveryCodes generates N random recovery codes Returns plaintext codes for display to user

func GenerateSTSToken 

func GenerateSTSToken(roleID int, roleName string, tenantID int, duration time.Duration, mfaAuth bool, signKey *rsa.PrivateKey) (string, error)

GenerateSTSToken generates a temporary JWT token for an assumed role (RS256)

func GenerateSecretKey 

func GenerateSecretKey() (string, error)

GenerateSecretKey generates a random Secret Key (SK) Typically 40 characters.

func GenerateTOTPKey 

func GenerateTOTPKey(accountName string) (*otp.Key, error)

GenerateTOTPKey generates a new TOTP key for a user.

func GenerateToken 

func GenerateToken(userID int, username string, tenantID int, mfaAuth bool, signKey *rsa.PrivateKey) (string, error)

GenerateToken generates a new JWT token for a user (RS256)

func HashPassword 

func HashPassword(password string) (string, error)

HashPassword hashes the password using bcrypt

func HashRecoveryCode 

func HashRecoveryCode(code string) (string, error)

HashRecoveryCode hashes a recovery code using bcrypt This allows secure storage and one-time use verification

func HashRecoveryCodes 

func HashRecoveryCodes(codes []string) ([]string, error)

HashRecoveryCodes hashes multiple recovery codes

func InvalidateRecoveryCode 

func InvalidateRecoveryCode(hashedCodes []string, index int) []string

InvalidateRecoveryCode marks a recovery code as used by clearing it

func IsEmail 

func IsEmail(s string) bool

IsEmail checks if string looks like an email

func ParsePrivateKeyFromPEM 

func ParsePrivateKeyFromPEM(pemStr string) (*rsa.PrivateKey, error)

ParsePrivateKeyFromPEM parses a PEM encoded private key

func ParsePublicKeyFromPEM 

func ParsePublicKeyFromPEM(pemStr string) (*rsa.PublicKey, error)

ParsePublicKeyFromPEM parses a PEM encoded public key

func PrivateKeyToPEM 

func PrivateKeyToPEM(priv *rsa.PrivateKey) string

PrivateKeyToPEM encodes Private Key to PEM

func PublicKeyToPEM 

func PublicKeyToPEM(pub *rsa.PublicKey) string

PublicKeyToPEM encodes Public Key to PEM

func SignRequest 

func SignRequest(req *http.Request, accessKey, secretKey string) error

SignRequest calculates the signature and adds the Authorization header to the request. It also sets X-Nuwa-Date if not present. Format: Nuwa <AccessKey>:<Signature>

func TenantIDFromContext 

func TenantIDFromContext(ctx context.Context) (int, bool)

TenantIDFromContext returns the tenant ID from the context

func UserIDFromContext 

func UserIDFromContext(ctx context.Context) (int, bool)

UserIDFromContext returns the user ID from the context

func UsernameFromContext 

func UsernameFromContext(ctx context.Context) (string, bool)

UsernameFromContext returns the username from the context

func ValidatePassword 

func ValidatePassword(password string) error

ValidatePassword enforces password complexity policy

func ValidateTOTP 

func ValidateTOTP(passcode string, secret string) bool

ValidateTOTP validates a passcode against the secret.

func VerifyRecoveryCode 

func VerifyRecoveryCode(hashedCodes []string, inputCode string) (int, bool)

VerifyRecoveryCode verifies a recovery code against hashed codes Returns (matched, index) where index is the position of the matched code Returns (-1, false) if no match found

func VerifySignature 

func VerifySignature(req *http.Request, secretKey string, signatureToVerify string) (bool, error)

VerifySignature verifies the request signature. Returns true if valid.

func WithTenantID 

func WithTenantID(ctx context.Context, tenantID int) context.Context

WithTenantID returns a new context with the given tenant ID

func WithUserID 

func WithUserID(ctx context.Context, userID int) context.Context

WithUserID returns a new context with the given user ID

func WithUsername 

func WithUsername(ctx context.Context, username string) context.Context

WithUsername returns a new context with the given username

Types

type Claims 

type Claims struct {
	UserID           int    `json:"user_id,omitempty"`
	Username         string `json:"username,omitempty"`
	TenantID         int    `json:"tenant_id,omitempty"`
	RoleID           int    `json:"role_id,omitempty"` // For STS
	MfaAuthenticated bool   `json:"mfa_authenticated,omitempty"`
	jwt.RegisteredClaims
}

Claims defines the custom claims for our JWT

func ParseToken 

func ParseToken(tokenString string, verifyKey *rsa.PublicKey) (*Claims, error)

ParseToken parses and validates a JWT token using Public Key

type RedisValidator 

type RedisValidator struct {
	// contains filtered or unexported fields
}

RedisValidator implements Validator using Redis

func NewRedisValidator 

func NewRedisValidator(cache cache.Cache) *RedisValidator

func (*RedisValidator) Validate 

func (v *RedisValidator) Validate(ctx context.Context, target string, code string, purpose string) bool

Validate checks if the code matches the one stored in cache target: email or phone number code: user provided code purpose: login, reset_password, etc.

type Validator 

type Validator interface {
	Validate(ctx context.Context, target string, code string, purpose string) bool
}

Validator defines the interface for verifying codes

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.