Documentation
¶
Index ¶
- Constants
- Variables
- type ActivityFilter
- type ActivityPage
- type ActivityRecord
- type ActivityRepository
- type ActivitySink
- type ActivityStats
- type ActivityStatsFilter
- type ActorRef
- type AllowAllAuthorizationPolicy
- type AuthRepository
- type AuthUser
- type AuthorizationPolicy
- type AuthorizationPolicyFunc
- type Clock
- type Hooks
- type IDGenerator
- type LifecycleEvent
- type LifecycleState
- type LifecycleTransition
- type Logger
- type NopLogger
- type Pagination
- type PassthroughScopeResolver
- type PasswordResetRecord
- type PasswordResetRepository
- type PasswordResetStatus
- type PolicyAction
- type PolicyCheck
- type PreferenceEvent
- type PreferenceFilter
- type PreferenceLevel
- type PreferenceRecord
- type PreferenceRepository
- type PreferenceSnapshot
- type PreferenceTrace
- type PreferenceTraceLayer
- type ProfileEvent
- type ProfilePatch
- type ProfileRepository
- type RoleAssignment
- type RoleAssignmentFilter
- type RoleDefinition
- type RoleEvent
- type RoleFilter
- type RoleMutation
- type RolePage
- type RoleRegistry
- type ScopeEnforcer
- type ScopeFilter
- type ScopeResolver
- type ScopeResolverFunc
- type SecureLinkConfigurator
- type SecureLinkManager
- type SecureLinkPayload
- type StaticTransitionPolicy
- type SystemClock
- type TransitionConfig
- type TransitionOption
- type TransitionPolicy
- type UUIDGenerator
- type UserInventoryFilter
- type UserInventoryPage
- type UserInventoryRepository
- type UserProfile
- type UserToken
- type UserTokenRepository
- type UserTokenStatus
- type UserTokenType
Constants ¶
const ( // ActorRoleSystemAdmin represents site-wide administrators with unrestricted access. ActorRoleSystemAdmin = "system_admin" // ActorRoleTenantAdmin represents administrators scoped to a tenant/org. ActorRoleTenantAdmin = "tenant_admin" // ActorRoleOrgAdmin is reserved for nested org/workspace administrators. ActorRoleOrgAdmin = "org_admin" // ActorRoleSupport represents support agents that should be limited to self/owner scopes. ActorRoleSupport = "support" )
Variables ¶
var ( // ErrMissingSecureLinkManager occurs when securelink manager is not configured. ErrMissingSecureLinkManager = errors.New("go-users: missing securelink manager") // ErrMissingUserTokenRepository occurs when token persistence is unavailable. ErrMissingUserTokenRepository = errors.New("go-users: missing user token repository") // ErrMissingPasswordResetRepository occurs when reset persistence is unavailable. ErrMissingPasswordResetRepository = errors.New("go-users: missing password reset repository") )
var ( // ErrActorRequired indicates an actor reference was not supplied. ErrActorRequired = errors.New("go-users: actor reference required") // ErrUserIDRequired indicates a user identifier was omitted. ErrUserIDRequired = errors.New("go-users: user id required") // ErrServiceNotReady indicates the service has not been properly configured. ErrServiceNotReady = errors.New("go-users: service not ready") // ErrMissingAuthRepository occurs when no auth repository was supplied. ErrMissingAuthRepository = errors.New("go-users: missing auth repository") // ErrMissingRoleRegistry occurs when no role registry was supplied. ErrMissingRoleRegistry = errors.New("go-users: missing role registry") // ErrMissingActivitySink occurs when no activity sink was supplied. ErrMissingActivitySink = errors.New("go-users: missing activity sink") // ErrMissingInventoryRepository occurs when the service lacks a user inventory data source. ErrMissingInventoryRepository = errors.New("go-users: missing inventory repository") // ErrMissingActivityRepository occurs when no activity repository was supplied. ErrMissingActivityRepository = errors.New("go-users: missing activity repository") // ErrMissingProfileRepository occurs when profile commands lack a storage backend. ErrMissingProfileRepository = errors.New("go-users: missing profile repository") // ErrMissingPreferenceRepository occurs when preference commands or queries lack storage. ErrMissingPreferenceRepository = errors.New("go-users: missing preference repository") // ErrMissingPreferenceResolver occurs when preference queries lack a resolver. ErrMissingPreferenceResolver = errors.New("go-users: missing preference resolver") )
var ErrTransitionNotAllowed = fmt.Errorf("go-users: lifecycle transition not allowed")
ErrTransitionNotAllowed reports that the target lifecycle state is not reachable from the current state according to configured policies.
var ( // actor according to the configured authorization policy. ErrUnauthorizedScope = errors.New("go-users: actor not authorized for scope") )
Functions ¶
This section is empty.
Types ¶
type ActivityFilter ¶
type ActivityFilter struct {
Actor ActorRef
Scope ScopeFilter
UserID uuid.UUID
ActorID uuid.UUID
Verbs []string
ObjectType string
ObjectID string
Channel string
Channels []string
// ChannelDenylist excludes channels after allow filtering is applied.
ChannelDenylist []string
// MachineActivityEnabled toggles filtering of machine/system activity.
MachineActivityEnabled *bool
// MachineActorTypes enumerates actor types treated as machine/system.
MachineActorTypes []string
// MachineDataKeys enumerates data keys used to flag machine/system activity.
MachineDataKeys []string
Since *time.Time
Until *time.Time
Pagination Pagination
Keyword string
}
ActivityFilter narrows activity feed queries.
func (ActivityFilter) Type ¶
func (ActivityFilter) Type() string
Type implements gocommand.Message for query inputs.
func (ActivityFilter) Validate ¶
func (filter ActivityFilter) Validate() error
Validate implements gocommand.Message.
type ActivityPage ¶
type ActivityPage struct {
Records []ActivityRecord
Total int
NextOffset int
HasMore bool
}
ActivityPage represents a paginated feed response.
type ActivityRecord ¶
type ActivityRecord struct {
ID uuid.UUID
UserID uuid.UUID
ActorID uuid.UUID
Verb string
ObjectType string
ObjectID string
Channel string
IP string
TenantID uuid.UUID
OrgID uuid.UUID
Data map[string]any
OccurredAt time.Time
}
ActivityRecord describes sink inputs and is shared across sink and query layers.
type ActivityRepository ¶
type ActivityRepository interface {
ListActivity(ctx context.Context, filter ActivityFilter) (ActivityPage, error)
ActivityStats(ctx context.Context, filter ActivityStatsFilter) (ActivityStats, error)
}
ActivityRepository exposes read-side access to activity logs.
type ActivitySink ¶
type ActivitySink interface {
Log(context.Context, ActivityRecord) error
}
ActivitySink is the minimal DI contract for emitting activity. Keep it stable and limited to Log so downstream modules can swap sinks without breaking changes.
type ActivityStats ¶
ActivityStats powers dashboard widgets summarizing verbs/channels.
type ActivityStatsFilter ¶
type ActivityStatsFilter struct {
Actor ActorRef
Scope ScopeFilter
UserID uuid.UUID
ActorID uuid.UUID
Since *time.Time
Until *time.Time
Verbs []string
// MachineActivityEnabled toggles filtering of machine/system activity.
MachineActivityEnabled *bool
// MachineActorTypes enumerates actor types treated as machine/system.
MachineActorTypes []string
// MachineDataKeys enumerates data keys used to flag machine/system activity.
MachineDataKeys []string
}
ActivityStatsFilter scopes aggregate activity queries.
func (ActivityStatsFilter) Type ¶
func (ActivityStatsFilter) Type() string
Type implements gocommand.Message for query inputs.
func (ActivityStatsFilter) Validate ¶
func (filter ActivityStatsFilter) Validate() error
Validate implements gocommand.Message.
type ActorRef ¶
ActorRef identifies who or what is initiating a lifecycle change.
func (ActorRef) IsSupport ¶
IsSupport reports whether the actor should be treated as a support agent.
func (ActorRef) IsSystemAdmin ¶
IsSystemAdmin reports whether the actor is a global/system administrator.
func (ActorRef) IsTenantAdmin ¶
IsTenantAdmin reports whether the actor is scoped as a tenant administrator.
type AllowAllAuthorizationPolicy ¶
type AllowAllAuthorizationPolicy struct{}
AllowAllAuthorizationPolicy allows every action/scope combination.
func (AllowAllAuthorizationPolicy) Authorize ¶
func (AllowAllAuthorizationPolicy) Authorize(context.Context, PolicyCheck) error
Authorize implements AuthorizationPolicy.
type AuthRepository ¶
type AuthRepository interface {
GetByID(ctx context.Context, id uuid.UUID) (*AuthUser, error)
GetByIdentifier(ctx context.Context, identifier string) (*AuthUser, error)
Create(ctx context.Context, input *AuthUser) (*AuthUser, error)
Update(ctx context.Context, input *AuthUser) (*AuthUser, error)
UpdateStatus(ctx context.Context, actor ActorRef, id uuid.UUID, next LifecycleState, opts ...TransitionOption) (*AuthUser, error)
AllowedTransitions(ctx context.Context, id uuid.UUID) ([]LifecycleTransition, error)
ResetPassword(ctx context.Context, id uuid.UUID, passwordHash string) error
}
AuthRepository abstracts whichever upstream user repository go-users sits on. Implementations typically wrap go-auth's Users repository, but any Bun-backed store that honors these semantics can be injected.
type AuthUser ¶
type AuthUser struct {
ID uuid.UUID
Role string
Status LifecycleState
Email string
Username string
FirstName string
LastName string
Metadata map[string]any
CreatedAt *time.Time
UpdatedAt *time.Time
Raw any
}
AuthUser is the storage-agnostic representation of an upstream auth user. Fields mirror the values go-users needs to orchestrate lifecycle, profile, and preference flows without binding to go-auth structs.
type AuthorizationPolicy ¶
type AuthorizationPolicy interface {
Authorize(ctx context.Context, check PolicyCheck) error
}
AuthorizationPolicy governs whether an actor can access the requested scope for the supplied action.
type AuthorizationPolicyFunc ¶
type AuthorizationPolicyFunc func(ctx context.Context, check PolicyCheck) error
AuthorizationPolicyFunc adapts bare functions to AuthorizationPolicy.
func (AuthorizationPolicyFunc) Authorize ¶
func (f AuthorizationPolicyFunc) Authorize(ctx context.Context, check PolicyCheck) error
Authorize implements AuthorizationPolicy.
type Hooks ¶
type Hooks struct {
AfterLifecycle func(context.Context, LifecycleEvent)
AfterRoleChange func(context.Context, RoleEvent)
AfterPreferenceChange func(context.Context, PreferenceEvent)
AfterProfileChange func(context.Context, ProfileEvent)
AfterActivity func(context.Context, ActivityRecord)
}
Hooks groups optional callbacks invoked after key workflows complete.
type IDGenerator ¶
IDGenerator abstracts UUID creation.
type LifecycleEvent ¶
type LifecycleEvent struct {
UserID uuid.UUID
ActorID uuid.UUID
FromState LifecycleState
ToState LifecycleState
Reason string
OccurredAt time.Time
Scope ScopeFilter
Metadata map[string]any
}
LifecycleEvent is emitted after lifecycle transitions.
type LifecycleState ¶
type LifecycleState string
LifecycleState represents the allowed user states for lifecycle commands.
const ( LifecycleStatePending LifecycleState = "pending" LifecycleStateActive LifecycleState = "active" LifecycleStateSuspended LifecycleState = "suspended" LifecycleStateDisabled LifecycleState = "disabled" LifecycleStateArchived LifecycleState = "archived" )
type LifecycleTransition ¶
type LifecycleTransition struct {
From LifecycleState
To LifecycleState
}
LifecycleTransition describes an allowed move between states.
type Logger ¶
type Logger interface {
Debug(msg string, fields ...any)
Info(msg string, fields ...any)
Error(msg string, err error, fields ...any)
}
Logger captures basic logging hooks used by the service.
type Pagination ¶
Pagination supports query pagination across admin panels.
type PassthroughScopeResolver ¶
type PassthroughScopeResolver struct{}
PassthroughScopeResolver returns the requested scope as-is. This is used when host applications do not provide a custom resolver.
func (PassthroughScopeResolver) ResolveScope ¶
func (PassthroughScopeResolver) ResolveScope(_ context.Context, _ ActorRef, requested ScopeFilter) (ScopeFilter, error)
ResolveScope implements ScopeResolver.
type PasswordResetRecord ¶ added in v0.11.0
type PasswordResetRecord struct {
ID uuid.UUID
UserID uuid.UUID
Email string
Status PasswordResetStatus
JTI string
IssuedAt time.Time
ExpiresAt time.Time
UsedAt time.Time
ResetAt time.Time
Scope ScopeFilter
CreatedAt time.Time
UpdatedAt time.Time
}
PasswordResetRecord captures password reset lifecycle metadata.
type PasswordResetRepository ¶ added in v0.11.0
type PasswordResetRepository interface {
CreateReset(ctx context.Context, record PasswordResetRecord) (*PasswordResetRecord, error)
GetResetByJTI(ctx context.Context, jti string) (*PasswordResetRecord, error)
ConsumeReset(ctx context.Context, jti string, usedAt time.Time) error
UpdateResetStatus(ctx context.Context, jti string, status PasswordResetStatus, usedAt time.Time) error
}
PasswordResetRepository persists password reset lifecycle records.
type PasswordResetStatus ¶ added in v0.11.0
type PasswordResetStatus string
PasswordResetStatus tracks password_reset lifecycle values.
const ( PasswordResetStatusUnknown PasswordResetStatus = "unknown" PasswordResetStatusRequested PasswordResetStatus = "requested" PasswordResetStatusExpired PasswordResetStatus = "expired" PasswordResetStatusChanged PasswordResetStatus = "changed" )
type PolicyAction ¶
type PolicyAction string
PolicyAction enumerates the supported authorization actions enforced by the multi-tenant scope guard. Host applications can remap these actions to their own policies or ACL systems.
const ( PolicyActionUsersRead PolicyAction = "users:read" PolicyActionUsersWrite PolicyAction = "users:write" PolicyActionRolesRead PolicyAction = "roles:read" PolicyActionRolesWrite PolicyAction = "roles:write" PolicyActionActivityRead PolicyAction = "activity:read" PolicyActionActivityWrite PolicyAction = "activity:write" PolicyActionPreferencesRead PolicyAction = "preferences:read" PolicyActionPreferencesWrite PolicyAction = "preferences:write" PolicyActionProfilesRead PolicyAction = "profiles:read" PolicyActionProfilesWrite PolicyAction = "profiles:write" )
type PolicyCheck ¶
type PolicyCheck struct {
Actor ActorRef
Scope ScopeFilter
Action PolicyAction
TargetID uuid.UUID
}
PolicyCheck captures the authorization context for a single command/query.
type PreferenceEvent ¶
type PreferenceEvent struct {
UserID uuid.UUID
Scope ScopeFilter
Key string
Action string
ActorID uuid.UUID
OccurredAt time.Time
}
PreferenceEvent signals preference mutations so downstream systems can invalidate caches or push notifications.
type PreferenceFilter ¶
type PreferenceFilter struct {
UserID uuid.UUID
Scope ScopeFilter
Level PreferenceLevel
Keys []string
}
PreferenceFilter narrows preference listing queries.
type PreferenceLevel ¶
type PreferenceLevel string
PreferenceLevel identifies the precedence layer for a stored preference.
const ( PreferenceLevelSystem PreferenceLevel = "system" PreferenceLevelTenant PreferenceLevel = "tenant" PreferenceLevelOrg PreferenceLevel = "org" PreferenceLevelUser PreferenceLevel = "user" )
type PreferenceRecord ¶
type PreferenceRecord struct {
ID uuid.UUID
UserID uuid.UUID
Scope ScopeFilter
Level PreferenceLevel
Key string
Value map[string]any
Version int
CreatedAt time.Time
UpdatedAt time.Time
CreatedBy uuid.UUID
UpdatedBy uuid.UUID
}
PreferenceRecord represents a stored scoped preference entry.
type PreferenceRepository ¶
type PreferenceRepository interface {
ListPreferences(ctx context.Context, filter PreferenceFilter) ([]PreferenceRecord, error)
UpsertPreference(ctx context.Context, record PreferenceRecord) (*PreferenceRecord, error)
DeletePreference(ctx context.Context, userID uuid.UUID, scope ScopeFilter, level PreferenceLevel, key string) error
}
PreferenceRepository exposes CRUD helpers for scoped preferences.
type PreferenceSnapshot ¶
type PreferenceSnapshot struct {
Effective map[string]any
Traces []PreferenceTrace
}
PreferenceSnapshot depicts the effective settings plus provenance per key.
type PreferenceTrace ¶
type PreferenceTrace struct {
Key string
Layers []PreferenceTraceLayer
}
PreferenceTrace captures how each scope contributed to a key.
type PreferenceTraceLayer ¶
type PreferenceTraceLayer struct {
Level PreferenceLevel
UserID uuid.UUID
Scope ScopeFilter
SnapshotID string
Value any
Found bool
}
PreferenceTraceLayer captures a single scope contribution.
type ProfileEvent ¶
type ProfileEvent struct {
UserID uuid.UUID
Scope ScopeFilter
ActorID uuid.UUID
OccurredAt time.Time
Profile UserProfile
}
ProfileEvent signals that a profile mutation occurred.
type ProfilePatch ¶
type ProfilePatch struct {
DisplayName *string
AvatarURL *string
Locale *string
Timezone *string
Bio *string
Contact map[string]any
Metadata map[string]any
}
ProfilePatch represents partial updates applied to a user profile.
type ProfileRepository ¶
type ProfileRepository interface {
GetProfile(ctx context.Context, userID uuid.UUID, scope ScopeFilter) (*UserProfile, error)
UpsertProfile(ctx context.Context, profile UserProfile) (*UserProfile, error)
}
ProfileRepository persists and retrieves profile records.
type RoleAssignment ¶
type RoleAssignment struct {
UserID uuid.UUID
RoleID uuid.UUID
RoleName string
Scope ScopeFilter
AssignedAt time.Time
AssignedBy uuid.UUID
}
RoleAssignment describes a user->role mapping.
type RoleAssignmentFilter ¶
type RoleAssignmentFilter struct {
Actor ActorRef
Scope ScopeFilter
UserID uuid.UUID
RoleID uuid.UUID
UserIDs []uuid.UUID
RoleIDs []uuid.UUID
}
RoleAssignmentFilter filters assignment queries.
func (RoleAssignmentFilter) Type ¶
func (RoleAssignmentFilter) Type() string
Type implements gocommand.Message for query inputs.
func (RoleAssignmentFilter) Validate ¶
func (filter RoleAssignmentFilter) Validate() error
Validate implements gocommand.Message.
type RoleDefinition ¶
type RoleDefinition struct {
ID uuid.UUID
Name string
Order int
Description string
RoleKey string
Permissions []string
Metadata map[string]any
IsSystem bool
Scope ScopeFilter
CreatedAt time.Time
UpdatedAt time.Time
CreatedBy uuid.UUID
UpdatedBy uuid.UUID
}
RoleDefinition mirrors the persisted role data returned by the registry.
type RoleEvent ¶
type RoleEvent struct {
RoleID uuid.UUID
UserID uuid.UUID
Action string
ActorID uuid.UUID
Scope ScopeFilter
OccurredAt time.Time
Role RoleDefinition
}
RoleEvent is emitted when a custom role or assignment changes.
type RoleFilter ¶
type RoleFilter struct {
Actor ActorRef
Scope ScopeFilter
Keyword string
RoleKey string
IncludeSystem bool
RoleIDs []uuid.UUID
Pagination Pagination
}
RoleFilter narrows role listings.
func (RoleFilter) Type ¶
func (RoleFilter) Type() string
Type implements gocommand.Message for query inputs.
func (RoleFilter) Validate ¶
func (filter RoleFilter) Validate() error
Validate implements gocommand.Message.
type RoleMutation ¶
type RoleMutation struct {
Name string
Order int
Description string
RoleKey string
Permissions []string
Metadata map[string]any
IsSystem bool
Scope ScopeFilter
ActorID uuid.UUID
}
RoleMutation describes create/update payloads for roles.
type RolePage ¶
type RolePage struct {
Roles []RoleDefinition
Total int
NextOffset int
HasMore bool
}
RolePage represents a paginated set of roles.
type RoleRegistry ¶
type RoleRegistry interface {
CreateRole(ctx context.Context, input RoleMutation) (*RoleDefinition, error)
UpdateRole(ctx context.Context, id uuid.UUID, input RoleMutation) (*RoleDefinition, error)
DeleteRole(ctx context.Context, id uuid.UUID, scope ScopeFilter, actor uuid.UUID) error
AssignRole(ctx context.Context, userID, roleID uuid.UUID, scope ScopeFilter, actor uuid.UUID) error
UnassignRole(ctx context.Context, userID, roleID uuid.UUID, scope ScopeFilter, actor uuid.UUID) error
ListRoles(ctx context.Context, filter RoleFilter) (RolePage, error)
GetRole(ctx context.Context, id uuid.UUID, scope ScopeFilter) (*RoleDefinition, error)
ListAssignments(ctx context.Context, filter RoleAssignmentFilter) ([]RoleAssignment, error)
}
RoleRegistry describes custom role CRUD operations.
type ScopeEnforcer ¶ added in v0.11.0
type ScopeEnforcer func(ctx context.Context, payload SecureLinkPayload, scope ScopeFilter) error
ScopeEnforcer lets hosts validate securelink scope data against the request context.
type ScopeFilter ¶
ScopeFilter carries tenant/org scoping fields used by commands/queries.
func (ScopeFilter) Clone ¶
func (s ScopeFilter) Clone() ScopeFilter
Clone returns a copy of the scope filter with labels detached from the original map reference so callers can mutate safely.
func (ScopeFilter) Label ¶
func (s ScopeFilter) Label(key string) uuid.UUID
Label returns the identifier previously stored under the key (case insensitive). When the label has not been set, uuid.Nil is returned.
func (ScopeFilter) WithLabel ¶
func (s ScopeFilter) WithLabel(key string, id uuid.UUID) ScopeFilter
WithLabel returns a cloned scope filter with the provided label set. Keys are normalized to lower-case so lookups stay consistent across transports.
type ScopeResolver ¶
type ScopeResolver interface {
ResolveScope(ctx context.Context, actor ActorRef, requested ScopeFilter) (ScopeFilter, error)
}
ScopeResolver resolves requested scopes into canonical tenant/org values based on the actor and host application rules.
type ScopeResolverFunc ¶
type ScopeResolverFunc func(ctx context.Context, actor ActorRef, requested ScopeFilter) (ScopeFilter, error)
ScopeResolverFunc adapts bare functions to ScopeResolver.
func (ScopeResolverFunc) ResolveScope ¶
func (f ScopeResolverFunc) ResolveScope(ctx context.Context, actor ActorRef, requested ScopeFilter) (ScopeFilter, error)
ResolveScope implements ScopeResolver.
type SecureLinkConfigurator ¶ added in v0.11.0
type SecureLinkConfigurator interface {
GetSigningKey() string
GetExpiration() time.Duration
GetBaseURL() string
GetQueryKey() string
GetRoutes() map[string]string
GetAsQuery() bool
}
SecureLinkConfigurator mirrors the external securelink configurator interface.
type SecureLinkManager ¶ added in v0.11.0
type SecureLinkManager interface {
Generate(route string, payloads ...SecureLinkPayload) (string, error)
Validate(token string) (map[string]any, error)
GetAndValidate(fn func(string) string) (SecureLinkPayload, error)
GetExpiration() time.Duration
}
SecureLinkManager mirrors the external securelink manager interface.
type SecureLinkPayload ¶ added in v0.11.0
SecureLinkPayload carries data to embed in a secure link token.
type StaticTransitionPolicy ¶
type StaticTransitionPolicy struct {
// contains filtered or unexported fields
}
StaticTransitionPolicy enforces a fixed transition graph.
func DefaultTransitionPolicy ¶
func DefaultTransitionPolicy() *StaticTransitionPolicy
DefaultTransitionPolicy returns the policy matching the upstream auth state machine (pending→active/disabled, active→suspended/disabled/archived, etc.).
func NewStaticTransitionPolicy ¶
func NewStaticTransitionPolicy(graph map[LifecycleState][]LifecycleState) *StaticTransitionPolicy
NewStaticTransitionPolicy creates a policy from a transition graph.
func (*StaticTransitionPolicy) AllowedTargets ¶
func (p *StaticTransitionPolicy) AllowedTargets(current LifecycleState) []LifecycleState
AllowedTargets returns the slice of valid targets from the provided state.
func (*StaticTransitionPolicy) Validate ¶
func (p *StaticTransitionPolicy) Validate(current, target LifecycleState) error
Validate ensures the target is allowed from the current state.
type TransitionConfig ¶
TransitionConfig captures metadata supplied to lifecycle changes.
type TransitionOption ¶
type TransitionOption func(*TransitionConfig)
TransitionOption customizes lifecycle transitions triggered through the AuthRepository.
func WithForceTransition ¶
func WithForceTransition() TransitionOption
WithForceTransition bypasses policy checks (use sparingly).
func WithTransitionMetadata ¶
func WithTransitionMetadata(metadata map[string]any) TransitionOption
WithTransitionMetadata merges metadata into the transition audit payload.
func WithTransitionReason ¶
func WithTransitionReason(reason string) TransitionOption
WithTransitionReason sets the human readable reason recorded for a transition.
type TransitionPolicy ¶
type TransitionPolicy interface {
Validate(current, target LifecycleState) error
AllowedTargets(current LifecycleState) []LifecycleState
}
TransitionPolicy validates lifecycle transitions.
type UUIDGenerator ¶
type UUIDGenerator struct{}
UUIDGenerator produces UUIDv4 identifiers.
func (UUIDGenerator) UUID ¶
func (UUIDGenerator) UUID() uuid.UUID
UUID returns a randomly generated UUID.
type UserInventoryFilter ¶
type UserInventoryFilter struct {
Actor ActorRef
Scope ScopeFilter
Statuses []LifecycleState
Role string
Keyword string
Pagination Pagination
UserIDs []uuid.UUID
}
UserInventoryFilter collects filters accepted by admin search panels.
func (UserInventoryFilter) Type ¶
func (UserInventoryFilter) Type() string
Type implements gocommand.Message for query inputs.
func (UserInventoryFilter) Validate ¶
func (filter UserInventoryFilter) Validate() error
Validate implements gocommand.Message.
type UserInventoryPage ¶
UserInventoryPage represents a paginated list of auth users.
type UserInventoryRepository ¶
type UserInventoryRepository interface {
ListUsers(ctx context.Context, filter UserInventoryFilter) (UserInventoryPage, error)
}
UserInventoryRepository exposes list/search helpers powering admin panels.
type UserProfile ¶
type UserProfile struct {
UserID uuid.UUID
DisplayName string
AvatarURL string
Locale string
Timezone string
Bio string
Contact map[string]any
Metadata map[string]any
Scope ScopeFilter
CreatedAt time.Time
UpdatedAt time.Time
CreatedBy uuid.UUID
UpdatedBy uuid.UUID
}
UserProfile captures the structured profile data stored alongside auth users.
type UserToken ¶ added in v0.11.0
type UserToken struct {
ID uuid.UUID
UserID uuid.UUID
Type UserTokenType
JTI string
Status UserTokenStatus
IssuedAt time.Time
ExpiresAt time.Time
UsedAt time.Time
CreatedAt time.Time
UpdatedAt time.Time
}
UserToken captures persisted onboarding token metadata.
type UserTokenRepository ¶ added in v0.11.0
type UserTokenRepository interface {
CreateToken(ctx context.Context, token UserToken) (*UserToken, error)
GetTokenByJTI(ctx context.Context, tokenType UserTokenType, jti string) (*UserToken, error)
UpdateTokenStatus(ctx context.Context, tokenType UserTokenType, jti string, status UserTokenStatus, usedAt time.Time) error
}
UserTokenRepository persists invite/registration tokens.
type UserTokenStatus ¶ added in v0.11.0
type UserTokenStatus string
UserTokenStatus tracks lifecycle state for user_tokens records.
const ( UserTokenStatusIssued UserTokenStatus = "issued" UserTokenStatusUsed UserTokenStatus = "used" UserTokenStatusExpired UserTokenStatus = "expired" )
type UserTokenType ¶ added in v0.11.0
type UserTokenType string
UserTokenType identifies onboarding token types stored in user_tokens.
const ( UserTokenInvite UserTokenType = "invite" UserTokenRegistration UserTokenType = "register" UserTokenPasswordReset UserTokenType = "password_reset" )
Source Files