auth

package
v1.2.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2025 License: AGPL-3.0, AGPL-3.0-or-later Imports: 17 Imported by: 0

Documentation

Overview

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

SPDX-License-Identifier: AGPL-3.0-or-later

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	BaseURL       string
	ClientID      string
	ClientSecret  string
	AuthURL       string
	TokenURL      string
	UserInfoURL   string
	LogoutURL     string
	Scopes        []string
	AllowedDomain string
	CookieSecret  []byte
	SecureCookies bool
	SessionRepo   SessionRepository
}

type OAuthProvider added in v1.2.1 

type OAuthProvider struct {
	// contains filtered or unexported fields
}

OAuthProvider handles OAuth2 authentication flow This component is optional and can be nil if OAuth is disabled

func NewOAuthProvider added in v1.2.1 

func NewOAuthProvider(config OAuthProviderConfig) *OAuthProvider

NewOAuthProvider creates a new OAuth provider

func (*OAuthProvider) CreateAuthURL added in v1.2.1 

func (p *OAuthProvider) CreateAuthURL(w http.ResponseWriter, r *http.Request, nextURL string) string

CreateAuthURL creates an OAuth authorization URL with PKCE

func (*OAuthProvider) GetLogoutURL added in v1.2.1 

func (p *OAuthProvider) GetLogoutURL() string

GetLogoutURL returns the SSO logout URL if configured

func (*OAuthProvider) HandleCallback added in v1.2.1 

func (p *OAuthProvider) HandleCallback(ctx context.Context, w http.ResponseWriter, r *http.Request, code, state string) (*models.User, string, error)

HandleCallback processes the OAuth callback and returns the authenticated user

func (*OAuthProvider) IsAllowedDomain added in v1.2.1 

func (p *OAuthProvider) IsAllowedDomain(email string) bool

IsAllowedDomain checks if the user's email domain is allowed

func (*OAuthProvider) VerifyState added in v1.2.1 

func (p *OAuthProvider) VerifyState(w http.ResponseWriter, r *http.Request, stateToken string) bool

VerifyState validates the OAuth state token for CSRF protection

type OAuthProviderConfig added in v1.2.1 

type OAuthProviderConfig struct {
	BaseURL       string
	ClientID      string
	ClientSecret  string
	AuthURL       string
	TokenURL      string
	UserInfoURL   string
	LogoutURL     string
	Scopes        []string
	AllowedDomain string
	SessionSvc    *SessionService
}

OAuthProviderConfig holds configuration for the OAuth provider

type OauthService 

type OauthService struct {
	SessionService *SessionService // ALWAYS present - manages user sessions
	OAuthProvider  *OAuthProvider  // OPTIONAL - nil if OAuth disabled
}

OauthService is a wrapper that composes SessionService and OAuthProvider SessionService is ALWAYS present (required for all auth methods) OAuthProvider is OPTIONAL (nil if OAuth is disabled)

func NewOAuthService 

func NewOAuthService(config Config) *OauthService

func (*OauthService) CreateAuthURL 

func (s *OauthService) CreateAuthURL(w http.ResponseWriter, r *http.Request, nextURL string) string

func (*OauthService) GetLogoutURL 

func (s *OauthService) GetLogoutURL() string

func (*OauthService) GetUser 

func (s *OauthService) GetUser(r *http.Request) (*models.User, error)

func (*OauthService) HandleCallback 

func (s *OauthService) HandleCallback(ctx context.Context, w http.ResponseWriter, r *http.Request, code, state string) (*models.User, string, error)

func (*OauthService) IsAllowedDomain 

func (s *OauthService) IsAllowedDomain(email string) bool

func (*OauthService) Logout 

func (s *OauthService) Logout(w http.ResponseWriter, r *http.Request)

func (*OauthService) SetUser 

func (s *OauthService) SetUser(w http.ResponseWriter, r *http.Request, user *models.User) error

func (*OauthService) VerifyState 

func (s *OauthService) VerifyState(w http.ResponseWriter, r *http.Request, stateToken string) bool

type SessionRepository 

type SessionRepository interface {
	Create(ctx context.Context, session *models.OAuthSession) error
	GetBySessionID(ctx context.Context, sessionID string) (*models.OAuthSession, error)
	UpdateRefreshToken(ctx context.Context, sessionID string, encryptedToken []byte, expiresAt time.Time) error
	DeleteBySessionID(ctx context.Context, sessionID string) error
	DeleteExpired(ctx context.Context, olderThan time.Duration) (int64, error)
}

SessionRepository defines the interface for OAuth session storage

type SessionService added in v1.2.1 

type SessionService struct {
	// contains filtered or unexported fields
}

SessionService manages user sessions independently of authentication method This service is always required, regardless of whether OAuth or MagicLink is used

func NewSessionService added in v1.2.1 

func NewSessionService(config SessionServiceConfig) *SessionService

NewSessionService creates a new session service

func (*SessionService) GetNewSession added in v1.2.1 

func (s *SessionService) GetNewSession(r *http.Request) (*sessions.Session, error)

GetNewSession creates a new session

func (*SessionService) GetSession added in v1.2.1 

func (s *SessionService) GetSession(r *http.Request) (*sessions.Session, error)

GetSession returns the raw session (useful for storing additional data like OAuth state)

func (*SessionService) GetUser added in v1.2.1 

func (s *SessionService) GetUser(r *http.Request) (*models.User, error)

GetUser retrieves the authenticated user from the session

func (*SessionService) Logout added in v1.2.1 

func (s *SessionService) Logout(w http.ResponseWriter, r *http.Request)

Logout clears the user session

func (*SessionService) SetUser added in v1.2.1 

func (s *SessionService) SetUser(w http.ResponseWriter, r *http.Request, user *models.User) error

SetUser stores a user in the session (works for both OAuth and MagicLink)

func (*SessionService) StoreRefreshToken added in v1.2.1 

func (s *SessionService) StoreRefreshToken(ctx context.Context, w http.ResponseWriter, r *http.Request, token *oauth2.Token, user *models.User) error

StoreRefreshToken encrypts and stores the OAuth refresh token This is called by OAuthProvider after successful authentication

type SessionServiceConfig added in v1.2.1 

type SessionServiceConfig struct {
	CookieSecret  []byte
	SecureCookies bool
	SessionRepo   SessionRepository
}

SessionServiceConfig holds configuration for the session service

type SessionWorker 

type SessionWorker struct {
	// contains filtered or unexported fields
}

SessionWorker handles background cleanup of expired OAuth sessions

func NewSessionWorker 

func NewSessionWorker(sessionRepo SessionRepository, config SessionWorkerConfig, db *sql.DB, tenants tenant.Provider) *SessionWorker

NewSessionWorker creates a new OAuth session cleanup worker

func (*SessionWorker) Start 

func (w *SessionWorker) Start() error

Start begins the cleanup worker

func (*SessionWorker) Stop 

func (w *SessionWorker) Stop() error

Stop gracefully stops the worker

type SessionWorkerConfig 

type SessionWorkerConfig struct {
	CleanupInterval time.Duration // How often to run cleanup (default: 24 hours)
	CleanupAge      time.Duration // Age of sessions to delete (default: 37 days = 30 + 7 grace period)
}

SessionWorkerConfig contains configuration for the session worker

func DefaultSessionWorkerConfig 

func DefaultSessionWorkerConfig() SessionWorkerConfig

DefaultSessionWorkerConfig returns default session worker configuration

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.