Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
- API
  
  Reference documentation for the pkg.go.dev API
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

admin

package

Go to main page

Versions in this module

v0

v0.1.23

May 26, 2026

Changes in this version

+ const ActionAllowlistEmailAdded

+ const ActionAllowlistEmailRemoved

+ const ActionUserAdminGranted

+ const ActionUserAdminRevoked

+ const ActionUserDisabled

+ const ActionUserEnabled

+ const ActionUserSessionRevoked

+ const ActionUserSessionsRevoked

+ const ReasonLastAdmin

+ const ReasonSelfDisable

+ const ReasonSelfRevokeAdmin

+ const ReasonSelfRevokeSessions

+ var ErrAllowedEmailAlreadyAdded = errors.New("allowed email already exists")

+ var ErrAllowlistDisabled = errors.New("allowlist feature disabled")

+ var ErrInvalidEmail = errors.New("invalid email")

+ var ErrLastAdmin = errors.New("operation would leave no active admins")

+ var ErrSelfDisable = errors.New("admin cannot disable themselves")

+ var ErrSelfRevokeAdmin = errors.New("admin cannot remove their own admin role")

+ var ErrSelfRevokeSessions = errors.New("admin cannot revoke all sessions for themselves")

+ type ActionAvailability struct

+ Allowed bool

+ Reason string

+ type Actor struct

+ Email string

+ Roles roles.Roles

+ UserID uuid.UUID

+ type AllowedEmailPage struct

+ Emails []domain.AllowedEmail

+ Message string

+ Page int

+ Query string

+ Size int

+ Total int

+ func (p AllowedEmailPage) HasNext() bool

+ func (p AllowedEmailPage) HasPrevious() bool

+ type AuditEventPage struct

+ Events []domain.AdminAuditEvent

+ Page int

+ Size int

+ type AuthProviderSummary struct

+ CreatedAt time.Time

+ HasOAuthID bool

+ HasPassword bool

+ ID uuid.UUID

+ Provider string

+ type Config struct

+ AllowlistEnabled bool

+ AuditRetention time.Duration

+ Now func() time.Time

+ Store *store.Store

+ Tx *tx.Manager

+ type DashboardStats struct

+ ActiveSessions int

+ DisabledUsers int

+ SignupsLast24Hours int

+ TotalUsers int

+ type Page struct

+ Page int

+ Size int

+ type PasskeySummary struct

+ BackupEligible bool

+ BackupState bool

+ CloneWarning bool

+ CreatedAt time.Time

+ DeviceLabel string

+ ID uuid.UUID

+ LastUsedAt *time.Time

+ Name string

+ Transport []string

+ type RecentFailures struct

+ Challenges []domain.Challenge

+ EmailJobs []domain.EmailJob

+ Page int

+ Size int

+ type RequestMeta struct

+ IP string

+ UserAgent string

+ type Service struct

+ func New(cfg Config) *Service

+ func (s *Service) AddAllowedEmail(ctx context.Context, actor Actor, email string, meta RequestMeta) error

+ func (s *Service) CanRevokeAllSessions(actorID uuid.UUID, targetID uuid.UUID) ActionAvailability

+ func (s *Service) CleanupExpiredAuditEvents(ctx context.Context, now time.Time) (int64, error)

+ func (s *Service) DashboardStats(ctx context.Context) (DashboardStats, error)

+ func (s *Service) DisableUser(ctx context.Context, actor Actor, userID uuid.UUID, meta RequestMeta) error

+ func (s *Service) EnableUser(ctx context.Context, actor Actor, userID uuid.UUID, meta RequestMeta) error

+ func (s *Service) GetUserDetail(ctx context.Context, actor Actor, userID uuid.UUID) (UserDetail, error)

+ func (s *Service) GrantAdmin(ctx context.Context, actor Actor, userID uuid.UUID, meta RequestMeta) error

+ func (s *Service) ListAllowedEmails(ctx context.Context, query string, page Page) (AllowedEmailPage, error)

+ func (s *Service) ListAuditEvents(ctx context.Context, page Page) (AuditEventPage, error)

+ func (s *Service) RecentFailures(ctx context.Context, page Page) (RecentFailures, error)

+ func (s *Service) RemoveAllowedEmail(ctx context.Context, actor Actor, allowedEmailID uuid.UUID, meta RequestMeta) error

+ func (s *Service) RevokeAdmin(ctx context.Context, actor Actor, userID uuid.UUID, meta RequestMeta) error

+ func (s *Service) RevokeAllUserSessions(ctx context.Context, actor Actor, userID uuid.UUID, meta RequestMeta) error

+ func (s *Service) RevokeUserSession(ctx context.Context, actor Actor, userID, sessionID uuid.UUID, ...) error

+ func (s *Service) SearchUser(ctx context.Context, query string) (UserSummary, error)

+ func (s *Service) StartAuditCleanupWorker(ctx context.Context, logger *slog.Logger, interval time.Duration)

+ type SessionSummary struct

+ CreatedAt time.Time

+ ExpiresAt time.Time

+ ID uuid.UUID

+ RevokedAt *time.Time

+ Status string

+ UserAgent string

+ UserAgentSummary string

+ type UserDetail struct

+ Actions UserDetailActions

+ AuthProviders []AuthProviderSummary

+ Passkeys []PasskeySummary

+ Sessions []SessionSummary

+ User UserSummary

+ type UserDetailActions struct

+ Disable ActionAvailability

+ Enable ActionAvailability

+ GrantAdmin ActionAvailability

+ RevokeAdmin ActionAvailability

+ RevokeAllSessions ActionAvailability

+ type UserSummary struct

+ ActiveSessionCount int

+ AuthProviderCount int

+ CreatedAt time.Time

+ DisabledAt *time.Time

+ Email string

+ ID uuid.UUID

+ Roles []string

+ UpdatedAt time.Time

+ Username string

+ func (u UserSummary) Disabled() bool

+ func (u UserSummary) HasRole(roleName string) bool