Documentation
¶
Overview ¶
Package auth provides authentication for GoSPA projects. Includes OAuth2 (Google, Facebook, GitHub, Microsoft, Discord), JWT sessions, and TOTP/OTP.
Index ¶
- func GenerateBackupCodes(count int) ([]string, error)
- func HashBackupCode(code string) string
- func VerifyBackupCode(code, storedHash string) bool
- type AuthPlugin
- func (p *AuthPlugin) Commands() []plugin.Command
- func (p *AuthPlugin) CreateToken(userID, email, role string) (string, error)
- func (p *AuthPlugin) Dependencies() []plugin.Dependency
- func (p *AuthPlugin) EnableOTPHandler() fiber.Handler
- func (p *AuthPlugin) EnableTOTP() fiber.Handler
- func (p *AuthPlugin) GenerateOTP(account string) (string, string, error)
- func (p *AuthPlugin) GenerateOTPSecret() (string, error)
- func (p *AuthPlugin) GenerateOTPURL(secret, account, issuer string) string
- func (p *AuthPlugin) GetConfig() *Config
- func (p *AuthPlugin) Init() error
- func (p *AuthPlugin) Name() string
- func (p *AuthPlugin) OAuthCallback(providerName string) fiber.Handler
- func (p *AuthPlugin) OAuthRedirect(providerName string) fiber.Handler
- func (p *AuthPlugin) OnHook(hook plugin.Hook, ctx map[string]interface{}) error
- func (p *AuthPlugin) RequireAuth() fiber.Handler
- func (p *AuthPlugin) SetStorage(s store.Storage)
- func (p *AuthPlugin) ValidateToken(tokenString string) (*Claims, error)
- func (p *AuthPlugin) VerifyOTP(secret, code string) bool
- func (p *AuthPlugin) VerifyOTPHandler() fiber.Handler
- func (p *AuthPlugin) VerifyTOTP() fiber.Handler
- type BackupCode
- type Claims
- type Config
- type OAuthProvider
- type OTPConfig
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateBackupCodes ¶
GenerateBackupCodes generates backup codes.
func HashBackupCode ¶
HashBackupCode hashes a backup code using HMAC-SHA256 with a per-code salt.
func VerifyBackupCode ¶ added in v0.1.35
VerifyBackupCode checks whether a plaintext code matches a stored salt:hash.
Types ¶
type AuthPlugin ¶
type AuthPlugin struct {
// contains filtered or unexported fields
}
AuthPlugin provides authentication capabilities.
func (*AuthPlugin) Commands ¶
func (p *AuthPlugin) Commands() []plugin.Command
Commands returns custom CLI commands.
func (*AuthPlugin) CreateToken ¶ added in v0.1.7
func (p *AuthPlugin) CreateToken(userID, email, role string) (string, error)
CreateToken creates a new JWT token.
func (*AuthPlugin) Dependencies ¶
func (p *AuthPlugin) Dependencies() []plugin.Dependency
Dependencies returns required dependencies.
func (*AuthPlugin) EnableOTPHandler ¶ added in v0.1.7
func (p *AuthPlugin) EnableOTPHandler() fiber.Handler
EnableOTPHandler returns a handler that generates OTP setup info.
func (*AuthPlugin) EnableTOTP ¶ added in v0.1.7
func (p *AuthPlugin) EnableTOTP() fiber.Handler
EnableTOTP is an alias for EnableOTPHandler for backward compatibility.
func (*AuthPlugin) GenerateOTP ¶ added in v0.1.7
func (p *AuthPlugin) GenerateOTP(account string) (string, string, error)
GenerateOTP generates an OTP secret and URL for 2FA setup.
func (*AuthPlugin) GenerateOTPSecret ¶
func (p *AuthPlugin) GenerateOTPSecret() (string, error)
GenerateOTPSecret generates a new OTP secret.
func (*AuthPlugin) GenerateOTPURL ¶
func (p *AuthPlugin) GenerateOTPURL(secret, account, issuer string) string
GenerateOTPURL generates the otpauth:// URL.
func (*AuthPlugin) GetConfig ¶
func (p *AuthPlugin) GetConfig() *Config
GetConfig returns the current configuration.
func (*AuthPlugin) OAuthCallback ¶ added in v0.1.7
func (p *AuthPlugin) OAuthCallback(providerName string) fiber.Handler
OAuthCallback returns a handler that handles the OAuth callback.
func (*AuthPlugin) OAuthRedirect ¶ added in v0.1.7
func (p *AuthPlugin) OAuthRedirect(providerName string) fiber.Handler
OAuthRedirect returns a handler that redirects to an OAuth provider.
func (*AuthPlugin) OnHook ¶
func (p *AuthPlugin) OnHook(hook plugin.Hook, ctx map[string]interface{}) error
OnHook handles lifecycle hooks.
func (*AuthPlugin) RequireAuth ¶ added in v0.1.7
func (p *AuthPlugin) RequireAuth() fiber.Handler
RequireAuth returns a middleware that requires authentication.
func (*AuthPlugin) SetStorage ¶ added in v0.1.34
func (p *AuthPlugin) SetStorage(s store.Storage)
SetStorage sets the storage backend for the plugin.
func (*AuthPlugin) ValidateToken ¶ added in v0.1.7
func (p *AuthPlugin) ValidateToken(tokenString string) (*Claims, error)
ValidateToken validates a JWT token and returns the claims.
func (*AuthPlugin) VerifyOTP ¶ added in v0.1.7
func (p *AuthPlugin) VerifyOTP(secret, code string) bool
VerifyOTP verifies a TOTP code.
func (*AuthPlugin) VerifyOTPHandler ¶ added in v0.1.7
func (p *AuthPlugin) VerifyOTPHandler() fiber.Handler
VerifyOTPHandler returns a handler that verifies an OTP code.
func (*AuthPlugin) VerifyTOTP ¶ added in v0.1.7
func (p *AuthPlugin) VerifyTOTP() fiber.Handler
VerifyTOTP is an alias for VerifyOTPHandler for backward compatibility.
type BackupCode ¶
BackupCode represents a backup code for 2FA.
type Claims ¶ added in v0.1.7
type Claims struct {
UserID string `json:"user_id"`
Email string `json:"email"`
Role string `json:"role"`
jwt.RegisteredClaims
}
Claims represents JWT claims.
type Config ¶
type Config struct {
// JWTSecret is the secret key for JWT signing.
JWTSecret string `yaml:"jwt_secret" json:"jwtSecret"`
// JWTExpiry is the JWT token expiry duration in hours.
JWTExpiry int `yaml:"jwt_expiry" json:"jwtExpiry"`
// Issuer is the JWT issuer.
Issuer string `yaml:"issuer" json:"issuer"`
// OAuthProviders is a list of enabled OAuth providers.
OAuthProviders []string `yaml:"oauth_providers" json:"oauthProviders"`
// Google OAuth config.
GoogleClientID string `yaml:"google_client_id" json:"googleClientId"`
GoogleClientSecret string `yaml:"google_client_secret" json:"googleClientSecret"`
// Facebook OAuth config.
FacebookClientID string `yaml:"facebook_client_id" json:"facebookClientId"`
FacebookClientSecret string `yaml:"facebook_client_secret" json:"facebookClientSecret"`
// GitHub OAuth config.
GitHubClientID string `yaml:"github_client_id" json:"githubClientId"`
GitHubClientSecret string `yaml:"github_client_secret" json:"githubClientSecret"`
// Microsoft OAuth config.
MicrosoftClientID string `yaml:"microsoft_client_id" json:"microsoftClientId"`
MicrosoftClientSecret string `yaml:"microsoft_client_secret" json:"microsoftClientSecret"`
// Discord OAuth config.
DiscordClientID string `yaml:"discord_client_id" json:"discordClientId"`
DiscordClientSecret string `yaml:"discord_client_secret" json:"discordClientSecret"`
// Telegram OAuth config.
TelegramBotToken string `yaml:"telegram_bot_token" json:"telegramBotToken"`
// Twitter/X OAuth config.
TwitterClientID string `yaml:"twitter_client_id" json:"twitterClientId"`
TwitterClientSecret string `yaml:"twitter_client_secret" json:"twitterClientSecret"`
// OTP config.
OTPEnabled bool `yaml:"otp_enabled" json:"otpEnabled"`
OTPIssuer string `yaml:"otp_issuer" json:"otpIssuer"`
OTPDigits int `yaml:"otp_digits" json:"otpDigits"`
OTPPeriod int `yaml:"otp_period" json:"otpPeriod"`
BackupCodeCount int `yaml:"backup_code_count" json:"backupCodeCount"`
// OutputDir is where generated auth code is written.
OutputDir string `yaml:"output_dir" json:"outputDir"`
// AllowOutputEscape allows code generation output outside project/workspace root.
AllowOutputEscape bool `yaml:"allow_output_escape" json:"allowOutputEscape"`
// ResolveOTPSecret resolves the OTP secret for an authenticated user ID.
// If nil, storage key auth:otp:secret:user:<id> is used when storage is configured.
ResolveOTPSecret func(userID string) (string, error) `yaml:"-" json:"-"`
}
Config holds auth plugin configuration.
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns the default auth configuration. JWTSecret MUST be set via JWT_SECRET environment variable in production. The application will panic if JWT_SECRET is not set in production.
type OAuthProvider ¶
type OAuthProvider struct {
Name string
ClientID string
ClientSecret string
AuthURL string
TokenURL string
UserURL string
Scopes []string
}
OAuthProvider represents an OAuth provider configuration.