controllers

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 24, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package controllers holds the goravel-authkit HTTP controllers: the auth endpoints (login/logout/me/change-password) and the admin user-management CRUD. They map service sentinel errors to the {"error","message"} envelope using net/http status constants.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthController 

type AuthController struct {
	// contains filtered or unexported fields
}

AuthController handles the auth endpoints.

func NewAuthController 

func NewAuthController(auth *services.Auth, audit *services.Audit, twoFactor *services.TwoFactor, remember *services.Remember, sessions *services.Sessions, guard, rememberCookieName string) *AuthController

NewAuthController builds the auth controller. Pass a nil audit to disable audit writes, a nil twoFactor to disable the two-factor login gate, a nil remember to disable persistent "remember me" logins, and a nil sessions to disable active-session tracking. rememberCookieName is the per-instance remember cookie name (empty → the package default).

func (*AuthController) ChangePassword 

func (c *AuthController) ChangePassword(ctx contractshttp.Context) contractshttp.Response

ChangePassword verifies the current password, validates the new one, updates the hash, and bumps password_changed_at so every OTHER session is logged out on its next request while this session stays valid. Handles PUT {prefix}/auth/password.

func (*AuthController) Login 

func (c *AuthController) Login(ctx contractshttp.Context) contractshttp.Response

Login verifies credentials and establishes an httpOnly session cookie, handling POST {prefix}/auth/login. It stamps password_changed_at into the session so a later password change invalidates other sessions, and is rate-limited. When the user has 2FA enabled it returns {two_factor:true} and defers the session until the challenge succeeds.

func (*AuthController) LoginHistory 

func (c *AuthController) LoginHistory(ctx contractshttp.Context) contractshttp.Response

LoginHistory returns the current user's most recent successful sign-ins (password or remember cookie) with the IP they came from. Handles GET {prefix}/auth/logins.

func (*AuthController) Logout 

func (c *AuthController) Logout(ctx contractshttp.Context) contractshttp.Response

Logout invalidates the current session and clears the session cookie. Handles POST {prefix}/auth/logout.

func (*AuthController) Me 

func (c *AuthController) Me(ctx contractshttp.Context) contractshttp.Response

Me returns the currently authenticated user. Handles GET {prefix}/auth/me.

func (*AuthController) UpdateProfile 

func (c *AuthController) UpdateProfile(ctx contractshttp.Context) contractshttp.Response

UpdateProfile updates the authenticated user's own name and email, handling PUT {prefix}/auth/me. The role is not changeable here (it is admin-managed) and a duplicate email is rejected with a conflict.

type MetaController 

type MetaController struct {
	// contains filtered or unexported fields
}

MetaController serves the public, non-sensitive package config so the frontend can fetch role options and feature flags instead of hardcoding them.

func NewMetaController 

func NewMetaController(roles []string, minPasswordLength int, features responses.MetaFeatures) *MetaController

NewMetaController builds the meta controller from the resolved route options.

func (*MetaController) Show 

func (c *MetaController) Show(ctx contractshttp.Context) contractshttp.Response

Show returns the assignable roles, password rules, and feature flags so the UI can adapt without hardcoding them. The response is unauthenticated and non-sensitive. Handles GET {prefix}/auth/meta.

type SessionsController 

type SessionsController struct {
	// contains filtered or unexported fields
}

SessionsController exposes the current user's active sessions and lets them terminate individual sessions or every session other than the current one.

func NewSessionsController 

func NewSessionsController(sessions *services.Sessions, audit *services.Audit, guard string) *SessionsController

NewSessionsController builds the sessions controller.

func (*SessionsController) Destroy 

func (c *SessionsController) Destroy(ctx contractshttp.Context) contractshttp.Response

Destroy signs out one of the current user's other sessions by id. The current session cannot be terminated here (use logout). Handles DELETE {prefix}/auth/sessions/{id}.

func (*SessionsController) DestroyOthers 

func (c *SessionsController) DestroyOthers(ctx contractshttp.Context) contractshttp.Response

DestroyOthers terminates every session for the current user except the current one. Handles DELETE {prefix}/auth/sessions.

func (*SessionsController) Index 

func (c *SessionsController) Index(ctx contractshttp.Context) contractshttp.Response

Index returns the current user's active sessions, most recent first, with the current session flagged. Handles GET {prefix}/auth/sessions.

type TwoFactorController 

type TwoFactorController struct {
	// contains filtered or unexported fields
}

TwoFactorController handles TOTP two-factor: the login challenge (completing a pending login) and the management endpoints (enable/confirm/disable/recovery).

func NewTwoFactorController 

func NewTwoFactorController(users *services.Users, auth *services.Auth, twoFactor *services.TwoFactor, audit *services.Audit, remember *services.Remember, sessions *services.Sessions, guard, rememberCookieName string) *TwoFactorController

NewTwoFactorController builds the two-factor controller. Pass a nil remember to disable persistent "remember me" logins, and a nil sessions to disable active-session tracking. rememberCookieName is the per-instance remember cookie name (empty → the package default).

func (*TwoFactorController) Challenge 

func (c *TwoFactorController) Challenge(ctx contractshttp.Context) contractshttp.Response

Challenge completes a login that returned {two_factor:true} by verifying a TOTP code or a single-use recovery code against the pending user, establishing the session on success. It is rate-limited and handles POST {prefix}/auth/two-factor-challenge.

func (*TwoFactorController) Confirm 

func (c *TwoFactorController) Confirm(ctx contractshttp.Context) contractshttp.Response

Confirm verifies a TOTP code against the pending secret, activates 2FA, and returns the one-time recovery codes (shown only once). Handles POST {prefix}/auth/two-factor/confirm.

func (*TwoFactorController) Disable 

func (c *TwoFactorController) Disable(ctx contractshttp.Context) contractshttp.Response

Disable clears the user's two-factor secret and recovery codes, handling DELETE {prefix}/auth/two-factor. It requires the account password to confirm (re-auth), so a stolen session alone cannot silently remove 2FA.

func (*TwoFactorController) Enable 

func (c *TwoFactorController) Enable(ctx contractshttp.Context) contractshttp.Response

Enable starts 2FA enrollment by generating a TOTP secret (not yet active) and returning the secret plus otpauth URL for QR rendering; confirm with a code to activate. Handles POST {prefix}/auth/two-factor.

func (*TwoFactorController) RecoveryCodes 

func (c *TwoFactorController) RecoveryCodes(ctx contractshttp.Context) contractshttp.Response

RecoveryCodes returns how many unused recovery codes remain, handling GET {prefix}/auth/two-factor/recovery-codes. The codes are stored hashed and shown only once (at confirmation or regeneration); this endpoint never returns plaintext codes.

func (*TwoFactorController) RegenerateRecoveryCodes 

func (c *TwoFactorController) RegenerateRecoveryCodes(ctx contractshttp.Context) contractshttp.Response

RegenerateRecoveryCodes replaces the recovery codes, invalidating the previous set. Handles POST {prefix}/auth/two-factor/recovery-codes.

type UsersController 

type UsersController struct {
	// contains filtered or unexported fields
}

UsersController handles admin user-management CRUD.

func NewUsersController 

func NewUsersController(users *services.Users, audit *services.Audit) *UsersController

NewUsersController builds the user-management controller. Pass a nil audit to disable audit writes.

func (*UsersController) Destroy 

func (c *UsersController) Destroy(ctx contractshttp.Context) contractshttp.Response

Destroy deletes a user. Handles DELETE {prefix}/auth/users/{id} and refuses to let a user delete their own account.

func (*UsersController) Index 

func (c *UsersController) Index(ctx contractshttp.Context) contractshttp.Response

Index lists all users. Handles GET {prefix}/auth/users.

func (*UsersController) SetPassword 

func (c *UsersController) SetPassword(ctx contractshttp.Context) contractshttp.Response

SetPassword resets a user's password as an admin action. Handles POST {prefix}/auth/users/{id}/password.

func (*UsersController) Show 

func (c *UsersController) Show(ctx contractshttp.Context) contractshttp.Response

Show returns a single user by id. Handles GET {prefix}/auth/users/{id}.

func (*UsersController) Store 

func (c *UsersController) Store(ctx contractshttp.Context) contractshttp.Response

Store creates a user. Handles POST {prefix}/auth/users; a duplicate email is rejected with a conflict.

func (*UsersController) Update 

func (c *UsersController) Update(ctx contractshttp.Context) contractshttp.Response

Update changes a user's email, name, role, or disabled state. Handles PUT {prefix}/auth/users/{id} and refuses to let an admin disable their own account.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.