core

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 15, 2026 License: MIT Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditStore added in v0.20.0 

type AuditStore interface {
	CreateAuditLog(log *models.AuditLog) error
	CreateAuditLogBatch(logs []*models.AuditLog) error
	GetAuditLogsPaginated(
		params types.PaginationParams,
		filters types.AuditLogFilters,
	) ([]models.AuditLog, types.PaginationResult, error)
	DeleteOldAuditLogs(olderThan time.Time) (int64, error)
	GetAuditLogStats(startTime, endTime time.Time) (types.AuditLogStats, error)
}

AuditStore groups audit log operations.

type AuthProvider 

type AuthProvider interface {
	Authenticate(ctx context.Context, username, password string) (*AuthResult, error)
	Name() string
}

AuthProvider is the interface that password-based authentication backends must implement.

type AuthResult 

type AuthResult struct {
	Username   string
	ExternalID string // External user ID (e.g., LDAP DN, API user ID)
	Email      string // Optional
	FullName   string // Optional
}

AuthResult holds the outcome of an authentication attempt.

type AuthorizationCodeStore added in v0.20.0 

type AuthorizationCodeStore interface {
	CreateAuthorizationCode(code *models.AuthorizationCode) error
	GetAuthorizationCodeByHash(hash string) (*models.AuthorizationCode, error)
	MarkAuthorizationCodeUsed(id uint) error
}

AuthorizationCodeStore groups authorization code operations.

type Cache 

type Cache[T any] interface {
	// Get retrieves a single value from cache.
	// Returns ErrCacheMiss if the key does not exist or has expired.
	Get(ctx context.Context, key string) (T, error)

	// Set stores a single value in cache with TTL
	Set(ctx context.Context, key string, value T, ttl time.Duration) error

	// Delete removes a key from cache
	Delete(ctx context.Context, key string) error

	// Close closes the cache connection
	Close() error

	// Health checks if the cache is healthy
	Health(ctx context.Context) error

	// GetWithFetch retrieves a value using the cache-aside pattern.
	// On cache miss, fetchFunc is called and the result is stored in cache.
	// Implementations may provide stampede protection (e.g. RueidisAsideCache).
	GetWithFetch(
		ctx context.Context,
		key string,
		ttl time.Duration,
		fetchFunc func(ctx context.Context, key string) (T, error),
	) (T, error)
}

Cache[T] defines the primitive operations for a key-value cache. T is the type of value stored in the cache (e.g. int64, string, or a struct).

type CleanupStore added in v0.20.0 

type CleanupStore interface {
	DeleteExpiredTokens() error
	DeleteExpiredDeviceCodes() error
}

CleanupStore groups expired-data cleanup operations.

type ClientReader added in v0.20.0 

type ClientReader interface {
	GetClient(clientID string) (*models.OAuthApplication, error)
	GetClientByIntID(id int64) (*models.OAuthApplication, error)
	GetClientsByIDs(clientIDs []string) (map[string]*models.OAuthApplication, error)
	ListClientsPaginated(
		params types.PaginationParams,
	) ([]models.OAuthApplication, types.PaginationResult, error)
	ListClientsByUserID(
		userID string,
		params types.PaginationParams,
	) ([]models.OAuthApplication, types.PaginationResult, error)
	CountClientsByStatus(status string) (int64, error)
	CountActiveTokensByClientID(clientID string) (int64, error)
}

ClientReader groups read-only client operations.

type ClientWriter added in v0.20.0 

type ClientWriter interface {
	CreateClient(client *models.OAuthApplication) error
	UpdateClient(client *models.OAuthApplication) error
	DeleteClient(clientID string) error
}

ClientWriter groups client mutation operations.

type DeviceCodeStore added in v0.20.0 

type DeviceCodeStore interface {
	CreateDeviceCode(dc *models.DeviceCode) error
	GetDeviceCodesByID(deviceCodeID string) ([]*models.DeviceCode, error)
	GetDeviceCodeByUserCode(userCode string) (*models.DeviceCode, error)
	UpdateDeviceCode(dc *models.DeviceCode) error
	DeleteDeviceCodeByID(id int64) error
}

DeviceCodeStore groups device code operations.

type IDTokenParams 

type IDTokenParams struct {
	Issuer   string
	Subject  string // UserID
	Audience string // ClientID
	AuthTime time.Time
	Nonce    string
	Expiry   time.Duration
	AtHash   string // base64url(SHA-256(access_token)[:16]) – optional

	// Scope-gated profile claims (include when "profile" scope was granted)
	Name              string
	PreferredUsername string
	Picture           string
	UpdatedAt         *time.Time

	// Scope-gated email claims (include when "email" scope was granted)
	Email         string
	EmailVerified bool
}

IDTokenParams holds all data needed to generate an OIDC ID Token (OIDC Core 1.0 §2).

type IDTokenProvider 

type IDTokenProvider interface {
	GenerateIDToken(params IDTokenParams) (string, error)
}

IDTokenProvider is an optional capability of a TokenProvider. Only LocalTokenProvider implements it; HTTP API providers cannot produce OIDC ID tokens.

type Infrastructure added in v0.20.0 

type Infrastructure interface {
	Close(ctx context.Context) error
	Health() error
}

Infrastructure groups lifecycle and health operations.

type MetricsStore 

type MetricsStore interface {
	CountActiveTokensByCategory(category string) (int64, error)
	CountTotalDeviceCodes() (int64, error)
	CountPendingDeviceCodes() (int64, error)
}

MetricsStore defines the DB operations needed by CacheWrapper.

type OAuthConnectionStore added in v0.20.0 

type OAuthConnectionStore interface {
	CreateOAuthConnection(conn *models.OAuthConnection) error
	GetOAuthConnection(provider, providerUserID string) (*models.OAuthConnection, error)
	GetOAuthConnectionByUserAndProvider(userID, provider string) (*models.OAuthConnection, error)
	GetOAuthConnectionsByUserID(userID string) ([]models.OAuthConnection, error)
	UpdateOAuthConnection(conn *models.OAuthConnection) error
	DeleteOAuthConnection(id string) error
}

OAuthConnectionStore groups external OAuth connection operations.

type Recorder 

type Recorder interface {
	// OAuth Device Flow
	RecordOAuthDeviceCodeGenerated(success bool)
	RecordOAuthDeviceCodeAuthorized(authorizationTime time.Duration)
	RecordOAuthDeviceCodeValidation(result string)

	// Token Operations
	RecordTokenIssued(tokenType, grantType string, generationTime time.Duration, provider string)
	RecordTokenRevoked(tokenType, reason string)
	RecordTokenRefresh(success bool)
	RecordTokenValidation(result string, duration time.Duration, provider string)

	// Authentication
	RecordAuthAttempt(method string, success bool, duration time.Duration)
	RecordLogin(authSource string, success bool)
	RecordLogout(sessionDuration time.Duration)
	RecordOAuthCallback(provider string, success bool)

	// Gauge Setters (for periodic updates)
	SetActiveTokensCount(tokenType string, count int)
	SetActiveDeviceCodesCount(total, pending int)

	// Database Operations
	RecordDatabaseQueryError(operation string)
}

Recorder defines the interface for recording application metrics. Implementations include Metrics (Prometheus-based) and NoopMetrics (no-op).

type Store added in v0.20.0 

type Store interface {
	UserReader
	UserWriter
	ClientReader
	ClientWriter
	DeviceCodeStore
	TokenReader
	TokenWriter
	AuthorizationCodeStore
	UserAuthorizationStore
	OAuthConnectionStore
	AuditStore
	MetricsStore
	CleanupStore
	Transactor
	Infrastructure
}

Store is the aggregate data-access interface. Services accept this; the composition root passes the concrete *store.Store.

type TokenProvider 

type TokenProvider interface {
	GenerateToken(ctx context.Context, userID, clientID, scopes string) (*TokenResult, error)
	GenerateRefreshToken(ctx context.Context, userID, clientID, scopes string) (*TokenResult, error)
	// GenerateClientCredentialsToken generates a token for the client_credentials grant.
	// HTTP API provider delegates to GenerateToken; local provider may apply
	// a different expiry or claim set.
	GenerateClientCredentialsToken(
		ctx context.Context,
		userID, clientID, scopes string,
	) (*TokenResult, error)
	ValidateToken(ctx context.Context, tokenString string) (*TokenValidationResult, error)
	RefreshAccessToken(
		ctx context.Context,
		refreshToken string,
	) (*TokenRefreshResult, error)
	Name() string
}

TokenProvider is the interface that token-generation backends must implement. Both LocalTokenProvider and HTTPTokenProvider satisfy this interface.

type TokenReader added in v0.20.0 

type TokenReader interface {
	GetAccessTokenByHash(hash string) (*models.AccessToken, error)
	GetAccessTokenByID(tokenID string) (*models.AccessToken, error)
	GetTokensByUserID(userID string) ([]models.AccessToken, error)
	GetTokensByUserIDPaginated(
		userID string,
		params types.PaginationParams,
	) ([]models.AccessToken, types.PaginationResult, error)
	GetTokensByCategoryAndStatus(userID, category, status string) ([]models.AccessToken, error)
}

TokenReader groups read-only token operations.

type TokenRefreshResult 

type TokenRefreshResult struct {
	AccessToken  *TokenResult // required
	RefreshToken *TokenResult // non-nil only in rotation mode
}

TokenRefreshResult is the outcome of a refresh-token exchange.

type TokenResult 

type TokenResult struct {
	TokenString string
	TokenType   string
	ExpiresAt   time.Time
	Claims      map[string]any
}

TokenResult is the outcome of a token generation call.

type TokenValidationResult 

type TokenValidationResult struct {
	Valid     bool
	UserID    string
	ClientID  string
	Scopes    string
	ExpiresAt time.Time
	Claims    map[string]any
}

TokenValidationResult is the outcome of a token validation call.

type TokenWriter added in v0.20.0 

type TokenWriter interface {
	CreateAccessToken(token *models.AccessToken) error
	RevokeToken(tokenID string) error
	RevokeTokensByUserID(userID string) error
	RevokeTokensByClientID(clientID string) error
	RevokeTokenFamily(familyID string) (int64, error)
	UpdateTokenStatus(tokenID, status string) error
	UpdateTokenLastUsedAt(tokenID string, t time.Time) error
	RevokeTokensByAuthorizationID(authorizationID uint) error
	RevokeAllActiveTokensByClientID(clientID string) (int64, error)
}

TokenWriter groups token mutation operations.

type Transactor added in v0.20.0 

type Transactor interface {
	RunInTransaction(fn func(tx Store) error) error
}

Transactor provides database transaction support.

type UserAuthorizationStore added in v0.20.0 

type UserAuthorizationStore interface {
	GetUserAuthorization(userID string, applicationID int64) (*models.UserAuthorization, error)
	GetUserAuthorizationByUUID(authUUID, userID string) (*models.UserAuthorization, error)
	UpsertUserAuthorization(auth *models.UserAuthorization) error
	RevokeUserAuthorization(authUUID, userID string) (*models.UserAuthorization, error)
	ListUserAuthorizations(userID string) ([]models.UserAuthorization, error)
	GetClientAuthorizations(clientID string) ([]models.UserAuthorization, error)
	RevokeAllUserAuthorizationsByClientID(clientID string) error
}

UserAuthorizationStore groups per-app consent grant operations.

type UserReader added in v0.20.0 

type UserReader interface {
	GetUserByUsername(username string) (*models.User, error)
	GetUserByID(id string) (*models.User, error)
	GetUserByEmail(email string) (*models.User, error)
	GetUserByExternalID(externalID, authSource string) (*models.User, error)
	GetUsersByIDs(userIDs []string) (map[string]*models.User, error)
}

UserReader groups read-only user lookup operations.

type UserWriter added in v0.20.0 

type UserWriter interface {
	CreateUser(user *models.User) error
	UpdateUser(user *models.User) error
	DeleteUser(id string) error
	UpsertExternalUser(
		username, externalID, authSource, email, fullName string,
	) (*models.User, error)
}

UserWriter groups user mutation operations.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.