user

package
v1.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 6, 2026 License: GPL-3.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrAccountLocked = errors.New("account is temporarily locked due to too many failed login attempts")

ErrAccountLocked is returned when the account is temporarily locked due to too many failed login attempts.

Functions

func CountUsers added in v1.0.0 

func CountUsers() (int, error)

CountUsers returns the total number of users in the database.

func DeleteUser 

func DeleteUser(id string) error

func DisableMfa added in v1.3.2 

func DisableMfa(userID string) error

DisableMfa clears the TOTP secret and marks MFA as disabled.

func GetVerificationTokenInfo added in v1.5.8 

func GetVerificationTokenInfo(tokenHash string) (userID string, expiresAt time.Time, err error)

GetVerificationTokenInfo returns the userID and expiry for a given token hash. Returns sql.ErrNoRows if the token does not exist.

func HandleCreateUser 

func HandleCreateUser(w http.ResponseWriter, r *http.Request)

HandleCreateUser godoc @Summary Create a new user @Description Registers a new user in the system (admin only) @Tags users-admin @Accept json @Produce json @Param user body UserCreateRequest true "User creation payload" @Security BearerAuth @Success 201 {object} UserResponse @Failure 400 {object} model.ApiError @Failure 500 {object} model.ApiError @Router /admin/api/users [post]

func HandleDeleteUser added in v1.0.0 

func HandleDeleteUser(w http.ResponseWriter, r *http.Request)

HandleDeleteUser godoc @Summary Delete a user @Tags users-admin @Produce json @Param id path string true "User ID" @Security BearerAuth @Success 200 {object} map[string]string @Failure 400 {object} model.ApiError @Failure 500 {object} model.ApiError @Router /admin/api/users/{id} [delete]

func HandleGetUser added in v1.0.0 

func HandleGetUser(w http.ResponseWriter, r *http.Request)

HandleGetUser godoc @Summary Get a user by ID @Tags users-admin @Produce json @Param id path string true "User ID" @Security BearerAuth @Success 200 {object} UserResponse @Failure 400 {object} model.ApiError @Failure 404 {object} model.ApiError @Router /admin/api/users/{id} [get]

func HandleListUsers added in v1.0.0 

func HandleListUsers(w http.ResponseWriter, r *http.Request)

HandleListUsers godoc @Summary List all users @Tags users-admin @Produce json @Security BearerAuth @Success 200 {array} UserResponse @Failure 500 {object} model.ApiError @Router /admin/api/users [get]

func HandleUnlockUser added in v1.0.0 

func HandleUnlockUser(w http.ResponseWriter, r *http.Request)

HandleUnlockUser unlocks a user account after multiple failed login attempts. @Summary Unlock user account @Description Resets the failed login attempts and clears the lockout time for a user. @Tags users-admin @Produce json @Param id path string true "User ID" @Security BearerAuth @Success 200 {object} UserResponse @Router /admin/api/users/{id}/unlock [post]

func HandleUpdateUser added in v1.0.0 

func HandleUpdateUser(w http.ResponseWriter, r *http.Request)

HandleUpdateUser godoc @Summary Update a user @Tags users-admin @Accept json @Produce json @Param id path string true "User ID" @Param user body UserUpdateRequest true "User update payload" @Security BearerAuth @Success 200 {object} UserResponse @Failure 400 {object} model.ApiError @Failure 500 {object} model.ApiError @Router /admin/api/users/{id} [put]

func HardDeleteUser added in v1.3.2 

func HardDeleteUser(id string) error

HardDeleteUser permanently removes a user and all cascade-deleted related records. Use only for users that were never fully activated (e.g. failed passkey registration).

func MarkEmailVerified added in v1.5.8 

func MarkEmailVerified(userID string) error

func SaveTotpSecret added in v1.0.0 

func SaveTotpSecret(userID, secret string) error

func SetEmailVerificationToken added in v1.5.8 

func SetEmailVerificationToken(userID, tokenHash string, expiresAt time.Time) error

func SetRegisteredAt added in v1.4.0 

func SetRegisteredAt(id string) error

SetRegisteredAt marks the user's registration as complete by stamping registered_at.

func StoreTotpSecretPending added in v1.3.2 

func StoreTotpSecretPending(userID, secret string) error

StoreTotpSecretPending stores the TOTP secret without marking it as verified. Used during the setup flow — call SaveTotpSecret after the user confirms the code.

func UnlockUser added in v1.0.0 

func UnlockUser(id string) error

func UpdateUser 

func UpdateUser(id string, req UserUpdateRequest) error

func UserExistsByEmail added in v1.3.2 

func UserExistsByEmail(email string) bool

UserExistsByEmail returns true if any non-deactivated user has the given email, regardless of email verification status. Used to prevent duplicate email assignment.

func ValidatePasskeyUserCreateRequest added in v1.3.2 

func ValidatePasskeyUserCreateRequest(input PasskeyUserCreateRequest) error

func ValidateUserCreateRequest 

func ValidateUserCreateRequest(input UserCreateRequest) error

func ValidateUserUpdateRequest added in v1.0.0 

func ValidateUserUpdateRequest(input UserUpdateRequest) error

Types

type ApiUserResponse 

type ApiUserResponse struct {
	Data  *UserResponse   `json:"data,omitempty"`
	Error *model.ApiError `json:"error,omitempty"`
}

ApiUserResponse is used for Swagger documentation

type PasskeyUserCreateRequest added in v1.3.2 

type PasskeyUserCreateRequest struct {
	Username string `json:"username"`
	Email    string `json:"email,omitempty"`
}

type User 

type User struct {
	ID                  string
	Username            string
	Password            string
	Email               string
	CreatedAt           time.Time
	Role                string
	FailedLoginAttempts int
	LockedUntil         *time.Time
	TotpSecret          string
	TotpVerified        bool
	IsEmailVerified     bool
	DeactivatedAt       *time.Time
	RegisteredAt        *time.Time
	UpdatedAt           time.Time
	// OIDC standard profile claims
	GivenName           string
	FamilyName          string
	MiddleName          string
	Nickname            string
	Website             string
	Gender              string
	Birthdate           string
	ProfileURL          string
	PhoneNumber         string
	PhoneNumberVerified bool
	Picture             string
	Locale              string
	Zoneinfo            string
	AddressStreet       string
	AddressLocality     string
	AddressRegion       string
	AddressPostalCode   string
	AddressCountry      string
}

func AuthenticateUser 

func AuthenticateUser(username, password string) (*User, error)

AuthenticateUser checks if the provided username and password match a user in the database. It enforces account lockout after repeated failed attempts when configured.

func GetUserFromRequest added in v1.3.2 

func GetUserFromRequest(r *http.Request) (*User, error)

GetUserFromRequest extracts the user and role from the Authorization header

func ListUsers added in v1.0.0 

func ListUsers() ([]*User, error)

func UserByEmail added in v1.1.2 

func UserByEmail(email string) (*User, error)

UserByEmail returns the user with the given verified email address. Only returns users with is_email_verified = TRUE and no deactivated_at.

func UserByID 

func UserByID(userID string) (*User, error)

func UserByUsername added in v1.0.0 

func UserByUsername(username string) (*User, error)

func (*User) GetID added in v1.6.0 

func (u *User) GetID() string

GetID satisfies the audit.Actor interface.

func (*User) GetUsername added in v1.6.0 

func (u *User) GetUsername() string

GetUsername satisfies the audit.Actor interface.

func (*User) ToResponse added in v1.0.0 

func (u *User) ToResponse() UserResponse

type UserCreateRequest 

type UserCreateRequest struct {
	Username string `json:"username"`
	Password string `json:"password"`
	Email    string `json:"email,omitempty"`
	Role     string `json:"role,omitempty"` // optional role assignment
}

type UserResponse 

type UserResponse struct {
	ID                  string     `json:"id"`
	Username            string     `json:"username"`
	Email               string     `json:"email"`
	CreatedAt           time.Time  `json:"created_at"`
	Role                string     `json:"role"`
	FailedLoginAttempts int        `json:"failed_login_attempts"`
	LockedUntil         *time.Time `json:"locked_until,omitempty"`
	IsEmailVerified     bool       `json:"is_email_verified"`
	TotpVerified        bool       `json:"totp_verified"`
	// OIDC standard profile claims
	GivenName           string `json:"given_name,omitempty"`
	FamilyName          string `json:"family_name,omitempty"`
	MiddleName          string `json:"middle_name,omitempty"`
	Nickname            string `json:"nickname,omitempty"`
	Website             string `json:"website,omitempty"`
	Gender              string `json:"gender,omitempty"`
	Birthdate           string `json:"birthdate,omitempty"`
	ProfileURL          string `json:"profile,omitempty"`
	PhoneNumber         string `json:"phone_number,omitempty"`
	PhoneNumberVerified bool   `json:"phone_number_verified,omitempty"`
	Picture             string `json:"picture,omitempty"`
	Locale              string `json:"locale,omitempty"`
	Zoneinfo            string `json:"zoneinfo,omitempty"`
	AddressStreet       string `json:"address_street,omitempty"`
	AddressLocality     string `json:"address_locality,omitempty"`
	AddressRegion       string `json:"address_region,omitempty"`
	AddressPostalCode   string `json:"address_postal_code,omitempty"`
	AddressCountry      string `json:"address_country,omitempty"`
}

func CreatePasskeyUser added in v1.3.2 

func CreatePasskeyUser(username, email string) (*UserResponse, error)

CreatePasskeyUser creates a user with a NULL password for passkey-only authentication.

func CreateUser 

func CreateUser(username, password, email string) (*UserResponse, error)

type UserUpdateRequest added in v1.0.0 

type UserUpdateRequest struct {
	Username        string `json:"username,omitempty"`
	Password        string `json:"password,omitempty"`
	Email           string `json:"email,omitempty"`
	Role            string `json:"role,omitempty"`
	IsEmailVerified *bool  `json:"is_email_verified,omitempty"`
	TotpVerified    *bool  `json:"totp_verified,omitempty"`
	// OIDC standard profile claims
	GivenName           string `json:"given_name,omitempty"`
	FamilyName          string `json:"family_name,omitempty"`
	MiddleName          string `json:"middle_name,omitempty"`
	Nickname            string `json:"nickname,omitempty"`
	Website             string `json:"website,omitempty"`
	Gender              string `json:"gender,omitempty"`
	Birthdate           string `json:"birthdate,omitempty"`
	ProfileURL          string `json:"profile,omitempty"`
	PhoneNumber         string `json:"phone_number,omitempty"`
	PhoneNumberVerified *bool  `json:"phone_number_verified,omitempty"`
	Picture             string `json:"picture,omitempty"`
	Locale              string `json:"locale,omitempty"`
	Zoneinfo            string `json:"zoneinfo,omitempty"`
	AddressStreet       string `json:"address_street,omitempty"`
	AddressLocality     string `json:"address_locality,omitempty"`
	AddressRegion       string `json:"address_region,omitempty"`
	AddressPostalCode   string `json:"address_postal_code,omitempty"`
	AddressCountry      string `json:"address_country,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.