user

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrAccountLocked = errors.New("account is temporarily locked due to too many failed login attempts")

ErrAccountLocked is returned when the account is temporarily locked due to too many failed login attempts.

Functions

func CountUsers added in v1.0.0 

func CountUsers() (int, error)

CountUsers returns the total number of users in the database.

func DeleteUser 

func DeleteUser(id string) error

func DisableMfa added in v1.3.2 

func DisableMfa(userID string) error

DisableMfa clears the TOTP secret and marks MFA as disabled.

func HandleCreateUser 

func HandleCreateUser(w http.ResponseWriter, r *http.Request)

HandleCreateUser godoc @Summary Create a new user @Description Registers a new user in the system @Tags users @Accept json @Produce json @Param user body UserCreateRequest true "User creation payload" @Success 201 {object} UserResponse @Failure 400 {object} model.ApiError @Failure 500 {object} model.ApiError @Router /users/create [post]

func HandleDeleteUser added in v1.0.0 

func HandleDeleteUser(w http.ResponseWriter, r *http.Request)

HandleDeleteUser handles DELETE /user/{id}

func HandleGetUser added in v1.0.0 

func HandleGetUser(w http.ResponseWriter, r *http.Request)

HandleGetUser handles GET /user/{id} (read user by ID)

func HandleListUsers added in v1.0.0 

func HandleListUsers(w http.ResponseWriter, r *http.Request)

HandleListUsers handles GET /admin/api/users - lists all active users

func HandleUnlockUser added in v1.0.0 

func HandleUnlockUser(w http.ResponseWriter, r *http.Request)

HandleUnlockUser unlocks a user account after multiple failed login attempts. @Summary Unlock user account @Description Resets the failed login attempts and clear the lockout time for a user. @Tags users-admin @Accept json @Produce json @Param id query string true "User ID" @Security BearerAuth @Success 200 {object} UserResponse @Router /admin/api/users/unlock [post]

func HandleUpdateUser added in v1.0.0 

func HandleUpdateUser(w http.ResponseWriter, r *http.Request)

HandleUpdateUser handles PUT /user/{id} (update user)

func HandleUserAdminEndpoint added in v1.0.0 

func HandleUserAdminEndpoint(w http.ResponseWriter, r *http.Request)

HandleUserAdminEndpoint is the combined handler for /admin/api/users Routes requests based on HTTP method @Summary User administration @Description GET: List users or get user by ID. POST: Create user. PUT: Update user. DELETE: Soft-delete user. @Tags users-admin @Accept json @Produce json @Param id query string false "User ID (required for GET/PUT/DELETE single)" @Param user body UserCreateRequest false "User creation/update payload" @Security BearerAuth @Success 200 {object} UserResponse "Single user (GET/PUT)" @Success 200 {array} UserResponse "List of users (GET)" @Success 201 {object} UserResponse "Created user (POST)" @Router /admin/api/users [get] @Router /admin/api/users [post] @Router /admin/api/users [put] @Router /admin/api/users [delete]

func HardDeleteUser added in v1.3.2 

func HardDeleteUser(id string) error

HardDeleteUser permanently removes a user and all cascade-deleted related records. Use only for users that were never fully activated (e.g. failed passkey registration).

func SaveTotpSecret added in v1.0.0 

func SaveTotpSecret(userID, secret string) error

func SetRegisteredAt added in v1.4.0 

func SetRegisteredAt(id string) error

SetRegisteredAt marks the user's registration as complete by stamping registered_at.

func StoreTotpSecretPending added in v1.3.2 

func StoreTotpSecretPending(userID, secret string) error

StoreTotpSecretPending stores the TOTP secret without marking it as verified. Used during the setup flow — call SaveTotpSecret after the user confirms the code.

func UnlockUser added in v1.0.0 

func UnlockUser(id string) error

func UpdateUser 

func UpdateUser(id string, req UserUpdateRequest) error

func UserExistsByEmail added in v1.3.2 

func UserExistsByEmail(email string) bool

UserExistsByEmail returns true if any non-deactivated user has the given email, regardless of email verification status. Used to prevent duplicate email assignment.

func ValidatePasskeyUserCreateRequest added in v1.3.2 

func ValidatePasskeyUserCreateRequest(input PasskeyUserCreateRequest) error

func ValidateUserCreateRequest 

func ValidateUserCreateRequest(input UserCreateRequest) error

func ValidateUserUpdateRequest added in v1.0.0 

func ValidateUserUpdateRequest(input UserUpdateRequest) error

Types

type ApiUserResponse 

type ApiUserResponse struct {
	Data  *UserResponse   `json:"data,omitempty"`
	Error *model.ApiError `json:"error,omitempty"`
}

ApiUserResponse is used for Swagger documentation

type PasskeyUserCreateRequest added in v1.3.2 

type PasskeyUserCreateRequest struct {
	Username string `json:"username"`
	Email    string `json:"email,omitempty"`
}

type User 

type User struct {
	ID                  string
	Username            string
	Password            string
	Email               string
	CreatedAt           time.Time
	Role                string
	FailedLoginAttempts int
	LockedUntil         *time.Time
	TotpSecret          string
	TotpVerified        bool
	IsEmailVerified     bool
	DeactivatedAt       *time.Time
	RegisteredAt        *time.Time
	// OIDC standard profile claims
	GivenName         string
	FamilyName        string
	PhoneNumber       string
	Picture           string
	Locale            string
	Zoneinfo          string
	AddressStreet     string
	AddressLocality   string
	AddressRegion     string
	AddressPostalCode string
	AddressCountry    string
}

func AuthenticateUser 

func AuthenticateUser(username, password string) (*User, error)

AuthenticateUser checks if the provided username and password match a user in the database. It enforces account lockout after repeated failed attempts when configured.

func GetUserFromRequest added in v1.3.2 

func GetUserFromRequest(r *http.Request) (*User, error)

GetUserFromRequest extracts the user and role from the Authorization header

func ListUsers added in v1.0.0 

func ListUsers() ([]*User, error)

func UserByEmail added in v1.1.2 

func UserByEmail(email string) (*User, error)

UserByEmail returns the user with the given verified email address. Only returns users with is_email_verified = TRUE and no deactivated_at.

func UserByID 

func UserByID(userID string) (*User, error)

func UserByUsername added in v1.0.0 

func UserByUsername(username string) (*User, error)

func (*User) ToResponse added in v1.0.0 

func (u *User) ToResponse() UserResponse

type UserCreateRequest 

type UserCreateRequest struct {
	Username string `json:"username"`
	Password string `json:"password"`
	Email    string `json:"email,omitempty"`
	Role     string `json:"role,omitempty"` // optional role assignment
}

type UserResponse 

type UserResponse struct {
	ID                  string     `json:"id"`
	Username            string     `json:"username"`
	Email               string     `json:"email"`
	CreatedAt           time.Time  `json:"created_at"`
	Role                string     `json:"role"`
	FailedLoginAttempts int        `json:"failed_login_attempts"`
	LockedUntil         *time.Time `json:"locked_until,omitempty"`
	IsEmailVerified     bool       `json:"is_email_verified"`
	TotpVerified        bool       `json:"totp_verified"`
	// OIDC standard profile claims
	GivenName         string `json:"given_name,omitempty"`
	FamilyName        string `json:"family_name,omitempty"`
	PhoneNumber       string `json:"phone_number,omitempty"`
	Picture           string `json:"picture,omitempty"`
	Locale            string `json:"locale,omitempty"`
	Zoneinfo          string `json:"zoneinfo,omitempty"`
	AddressStreet     string `json:"address_street,omitempty"`
	AddressLocality   string `json:"address_locality,omitempty"`
	AddressRegion     string `json:"address_region,omitempty"`
	AddressPostalCode string `json:"address_postal_code,omitempty"`
	AddressCountry    string `json:"address_country,omitempty"`
}

func CreatePasskeyUser added in v1.3.2 

func CreatePasskeyUser(username, email string) (*UserResponse, error)

CreatePasskeyUser creates a user with a NULL password for passkey-only authentication.

func CreateUser 

func CreateUser(username, password, email string) (*UserResponse, error)

type UserUpdateRequest added in v1.0.0 

type UserUpdateRequest struct {
	Username        string `json:"username,omitempty"`
	Password        string `json:"password,omitempty"`
	Email           string `json:"email,omitempty"`
	Role            string `json:"role,omitempty"`
	IsEmailVerified *bool  `json:"is_email_verified,omitempty"`
	TotpVerified    *bool  `json:"totp_verified,omitempty"`
	// OIDC standard profile claims
	GivenName         string `json:"given_name,omitempty"`
	FamilyName        string `json:"family_name,omitempty"`
	PhoneNumber       string `json:"phone_number,omitempty"`
	Picture           string `json:"picture,omitempty"`
	Locale            string `json:"locale,omitempty"`
	Zoneinfo          string `json:"zoneinfo,omitempty"`
	AddressStreet     string `json:"address_street,omitempty"`
	AddressLocality   string `json:"address_locality,omitempty"`
	AddressRegion     string `json:"address_region,omitempty"`
	AddressPostalCode string `json:"address_postal_code,omitempty"`
	AddressCountry    string `json:"address_country,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.