selfservice

package

v0.8.0 Latest Latest Go to latest Published: Mar 28, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/goatkit/goatflow

Links

Open Source Insights

Documentation ¶

Overview ¶

Package selfservice implements self-service authentication: password recovery, customer registration, email verification, and CAPTCHA.

Index ¶

Constants
func GenerateToken() (string, error)
func HandleAdminApproveRegistration(c *gin.Context)
func HandleAdminListPendingRegistrations(c *gin.Context)
func HandleAdminRejectRegistration(c *gin.Context)
func HandleCustomerRegister(captchaCfg *CAPTCHAConfig) gin.HandlerFunc
func HandleForgotPassword(c *gin.Context)
func HandleForgotPasswordSubmit(captchaCfg *CAPTCHAConfig) gin.HandlerFunc
func HandleResetPassword(c *gin.Context)
func HandleVerifyEmail(c *gin.Context)
func VerifyCAPTCHA(cfg *CAPTCHAConfig, responseToken string) error
type AuthToken
type CAPTCHAConfig
type RegistrationRequest
type Repository
- func NewRepository() (*Repository, error)
- func NewRepositoryWithDB(db *sql.DB) *Repository

Constants ¶

View Source

const (
	TokenPasswordReset       = "password_reset"
	TokenEmailVerify         = "email_verify"
	TokenRegistrationApprove = "registration_approve"
)

Token types.

View Source

const (
	UserAgent    = "agent"
	UserCustomer = "customer"
)

User types.

View Source

const (
	StatusPending  = "pending"
	StatusApproved = "approved"
	StatusRejected = "rejected"
)

Registration statuses.

View Source

const (
	CAPTCHANone      = ""
	CAPTCHARecaptcha = "recaptcha_v3"
	CAPTCHAHCaptcha  = "hcaptcha"
)

CAPTCHA providers.

View Source

const DefaultTokenExpiry = 1 * time.Hour

DefaultTokenExpiry is the expiry duration for password reset tokens.

View Source

const DefaultVerifyExpiry = 24 * time.Hour

DefaultVerifyExpiry is the expiry duration for email verification tokens.

Variables ¶

This section is empty.

Functions ¶

func GenerateToken ¶

func GenerateToken() (string, error)

GenerateToken creates a cryptographically random 32-byte hex token.

func HandleAdminApproveRegistration ¶

func HandleAdminApproveRegistration(c *gin.Context)

HandleAdminApproveRegistration approves a pending registration.

func HandleAdminListPendingRegistrations ¶

func HandleAdminListPendingRegistrations(c *gin.Context)

HandleAdminListPendingRegistrations lists pending registrations.

func HandleAdminRejectRegistration ¶

func HandleAdminRejectRegistration(c *gin.Context)

HandleAdminRejectRegistration rejects a pending registration.

func HandleCustomerRegister ¶

func HandleCustomerRegister(captchaCfg *CAPTCHAConfig) gin.HandlerFunc

HandleCustomerRegister processes customer self-registration.

func HandleForgotPassword ¶

func HandleForgotPassword(c *gin.Context)

HandleForgotPassword renders the forgot password form. Title is set via i18n in the template using t("self_service.forgot_password.title").

func HandleForgotPasswordSubmit ¶

func HandleForgotPasswordSubmit(captchaCfg *CAPTCHAConfig) gin.HandlerFunc

HandleForgotPasswordSubmit processes the forgot password form. Generates a reset token and sends an email with the reset link.

func HandleResetPassword ¶

func HandleResetPassword(c *gin.Context)

HandleResetPassword processes the password reset form.

func HandleVerifyEmail ¶

func HandleVerifyEmail(c *gin.Context)

HandleVerifyEmail processes the email verification link.

func VerifyCAPTCHA ¶

func VerifyCAPTCHA(cfg *CAPTCHAConfig, responseToken string) error

VerifyCAPTCHA validates a CAPTCHA response token against the provider. Returns nil if CAPTCHA is disabled or verification passes.

Types ¶

type AuthToken ¶

type AuthToken struct {
	ID            int64      `json:"id" db:"id"`
	Token         string     `json:"token" db:"token"`
	TokenType     string     `json:"token_type" db:"token_type"`
	UserType      string     `json:"user_type" db:"user_type"`
	UserID        *int       `json:"user_id,omitempty" db:"user_id"`
	CustomerLogin *string    `json:"customer_login,omitempty" db:"customer_login"`
	Email         string     `json:"email" db:"email"`
	ExpiresAt     time.Time  `json:"expires_at" db:"expires_at"`
	UsedAt        *time.Time `json:"used_at,omitempty" db:"used_at"`
	CreatedAt     time.Time  `json:"created_at" db:"created_at"`
}

AuthToken represents a row in gk_auth_token.

func (*AuthToken) IsExpired ¶

func (t *AuthToken) IsExpired() bool

IsExpired returns true if the token has expired.

func (*AuthToken) IsUsed ¶

func (t *AuthToken) IsUsed() bool

IsUsed returns true if the token has been consumed.

func (*AuthToken) IsValid ¶

func (t *AuthToken) IsValid() bool

IsValid returns true if the token is not expired and not used.

type CAPTCHAConfig ¶

type CAPTCHAConfig struct {
	Provider  string  `json:"provider"`   // recaptcha_v3, hcaptcha, or empty (disabled)
	SiteKey   string  `json:"site_key"`   // public key for frontend
	SecretKey string  `json:"secret_key"` // server-side verification key
	Threshold float64 `json:"threshold"`  // minimum score for reCAPTCHA v3 (default: 0.5)
}

CAPTCHAConfig holds CAPTCHA provider configuration.

type RegistrationRequest ¶

type RegistrationRequest struct {
	ID             int64      `json:"id" db:"id"`
	Email          string     `json:"email" db:"email"`
	FirstName      string     `json:"first_name" db:"first_name"`
	LastName       string     `json:"last_name" db:"last_name"`
	CustomerID     *string    `json:"customer_id,omitempty" db:"customer_id"`
	Status         string     `json:"status" db:"status"`
	ApprovalToken  *string    `json:"approval_token,omitempty" db:"approval_token"`
	ApprovedBy     *int       `json:"approved_by,omitempty" db:"approved_by"`
	ApprovedAt     *time.Time `json:"approved_at,omitempty" db:"approved_at"`
	RejectedReason *string    `json:"rejected_reason,omitempty" db:"rejected_reason"`
	CreatedAt      time.Time  `json:"created_at" db:"created_at"`
}

RegistrationRequest represents a row in gk_registration_request.

type Repository ¶

type Repository struct {
	// contains filtered or unexported fields
}

Repository provides CRUD for auth tokens and registration requests.

func NewRepository ¶

func NewRepository() (*Repository, error)

NewRepository creates a repository using the global DB.

func NewRepositoryWithDB ¶

func NewRepositoryWithDB(db *sql.DB) *Repository

NewRepositoryWithDB creates a repository with an explicit DB.

func (*Repository) ApproveRegistration ¶

func (r *Repository) ApproveRegistration(id int64, approvedBy int) error

ApproveRegistration approves a registration request.

func (*Repository) CleanupExpired ¶

func (r *Repository) CleanupExpired() (int64, error)

CleanupExpired removes expired and used tokens older than 24 hours.

func (*Repository) ConsumeToken ¶

func (r *Repository) ConsumeToken(token string) error

ConsumeToken marks a token as used.

func (*Repository) CreateRegistration ¶

func (r *Repository) CreateRegistration(req *RegistrationRequest) (int64, error)

CreateRegistration creates a new registration request.

func (*Repository) CreateToken ¶

func (r *Repository) CreateToken(t *AuthToken) error

CreateToken creates a new auth token.

func (*Repository) GetRegistration ¶

func (r *Repository) GetRegistration(id int64) (*RegistrationRequest, error)

GetRegistration retrieves a registration request by ID.

func (*Repository) GetToken ¶

func (r *Repository) GetToken(token string) (*AuthToken, error)

GetToken retrieves and validates a token. Returns nil if not found.

func (*Repository) ListPendingRegistrations ¶

func (r *Repository) ListPendingRegistrations() ([]RegistrationRequest, error)

ListPendingRegistrations lists registration requests with pending status.

func (*Repository) RejectRegistration ¶

func (r *Repository) RejectRegistration(id int64, reason string, rejectedBy int) error

RejectRegistration rejects a registration request.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL