auth

package module
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 31, 2025 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

Package auth includes the collection of authentication solutions

Index

Constants

View Source 
const (
	AuthorizationHeader                  = "authorization"
	AuthBearer          AuthProviderType = "Bearer"
	AuthJWT             AuthProviderType = "jwt"
	AuthFirebase        AuthProviderType = "firebase"

	ActivityLogin         ActivityType = "L"
	ActivityLoginFailure  ActivityType = "LF"
	ActivityLogout        ActivityType = "LO"
	ActivityOTP           ActivityType = "O"
	ActivityOTPFailure    ActivityType = "OF"
	ActivityOTP2FA        ActivityType = "O2"
	ActivityOTP2FASuccess ActivityType = "O2S"

	Auth2FASms Auth2FAType = "sms"

	HasuraClaims          = "https://hasura.io/jwt/claims"
	XHasuraDefaultRole    = "x-hasura-default-role"
	XHasuraAllowedRoles   = "x-hasura-allowed-roles"
	XHasuraUserID         = "x-hasura-user-id"
	XHasuraUserEmail      = "x-hasura-user-email"
	XHasuraDisplayName    = "x-hasura-display-name"
	XHasuraRequestIP      = "x-hasura-request-ip"
	XHasuraLatitude       = "x-hasura-latitude"
	XHasuraLongitude      = "x-hasura-longitude"
	XHasuraGroupIDs       = "x-hasura-group-ids"
	XCoreAPIKey           = "x-core-api-key"
	XHasuraAcceptLanguage = "x-hasura-accept-language"
	XHasuraPhoneCode      = "x-hasura-phone-code"
	XHasuraPhoneNumber    = "x-hasura-phone-number"
	XHasuraFirstName      = "x-hasura-first-name"
	XHasuraLastName       = "x-hasura-last-name"
	XHasuraAvatarURL      = "x-hasura-avatar-url"
	XHasuraPermissions    = "x-hasura-permissions"

	OTPTestCodeName = "test_code"
)
View Source 
const (
	ErrCodeUnsupported                      = "unsupported"
	ErrCodeTokenExpired                     = "token_expired"
	ErrCodeJWTInvalidIssuer                 = "jwt_invalid_issuer"
	ErrCodeTokenMismatched                  = "token_mismatched"
	ErrCodeTokenAudienceMismatched          = "token_audience_mismatched"
	ErrCodeRefreshTokenAudienceMismatched   = "refresh_token_audience_mismatched"
	ErrCodePasswordRequired                 = "required_password"
	ErrCodeCurrentPasswordRequired          = "required_current_password"
	ErrCodeNewPasswordRequired              = "required_new_password"
	ErrCodeNewPasswordEqualCurrentPassword  = "new_pw_equal_current_pw"
	ErrCodeEmailRequired                    = "required_email"
	ErrCodePhoneRequired                    = "required_phone"
	ErrCodePhoneNotRegistered               = "phone_not_registered"
	ErrCodeInvalidPhone                     = "invalid_phone"
	ErrCodePasswordNotMatch                 = "password_not_match"
	ErrCodeCurrentPasswordNotMatch          = "current_password_not_match"
	ErrCodeAccountNotFound                  = "account_not_found"
	ErrCodeAccountNotAnonymous              = "account_not_anonymous"
	ErrCodeAccountTemporarilyLocked         = "account_temporarily_locked"
	ErrCodeAccountDisabled                  = "account_disabled"
	ErrCodeAccountExisted                   = "account_existed"
	ErrCodeAccountNoProvider                = "account_no_provider"
	ErrCodeAccountInsertZero                = "account_insert_zero"
	ErrCodeAccountProviderInsertZero        = "account_provider_insert_zero"
	ErrCodeAPIKeyInvalidIP                  = "api_key_invalid_ip"
	ErrCodeAPIKeyInvalidFQDN                = "api_key_invalid_fqdn"
	ErrCodeAPIKeyExpired                    = "api_key_expired"
	ErrCodeAPIKeyRequired                   = "api_key_required"
	ErrCodeAPIKeyNotFound                   = "api_key_not_found"
	ErrCodeUpdateProviderNonExistentAccount = "update_provider_nonexistent_account"
	ErrCodeUpdatePasswordNonExistentAccount = "update_password_nonexistent_account"
	ErrCodeOTPAlreadySent                   = "otp_already_sent"
	ErrCodeInvalidOTP                       = "invalid_otp"
	ErrCodeInvalidAuthProvider              = "invalid_auth_provider"
)

Variables

This section is empty.

Functions

func GetRequestIP added in v0.3.0 

func GetRequestIP(r *http.Request) string

GetRequestIP gets a requests IP address by reading off the forwarded-for header (for proxies) and falls back to use the remote address.

func GetRequestIpFromHeader added in v0.3.0 

func GetRequestIpFromHeader(r http.Header) string

GetRequestIpFromHeader gets a requests IP address by reading off the forwarded-for header (for proxies) and falls back to use the remote address.

Types

type APIKey 

type APIKey struct {
	ID           string    `graphql:"id" json:"id"`
	Type         string    `graphql:"type" json:"type"`
	AllowedFQDN  []string  `graphql:"allowed_fqdn" json:"allowed_fqdn"`
	AllowedIPs   []string  `graphql:"allowed_ips" json:"allowed_ips"`
	ExpiredAt    time.Time `graphql:"expired_at" json:"expired_at"`
	HasuraRoles  []string  `graphql:"hasura_roles" json:"hasura_roles"`
	PermissionID string    `graphql:"permission_id" json:"permission_id"`
}

APIKey represents an API key model

type APIKeys 

type APIKeys []APIKey

func (APIKeys) Get 

func (ak APIKeys) Get() []APIKey

type APIKeysGetter 

type APIKeysGetter interface {
	Get() []APIKey
}

APIKeyGetter abstracts an API key model with getter

type AccessToken 

type AccessToken struct {
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
	RefreshToken string `json:"refresh_token,omitempty"`
	Scope        string `json:"scope,omitempty"`
}

type AccessTokenOption 

type AccessTokenOption interface {
	Type() string
	Value() interface{}
}

AccessTokenOption the extensible interface for token encoding

func NewTokenClaims 

func NewTokenClaims(claims map[string]interface{}) AccessTokenOption

NewTokenClaims create the access token option for custom claims

type Account 

type Account struct {
	BaseAccount
	Password         string            `json:"password,omitempty" graphql:"password"`
	AccountProviders []AccountProvider `json:"account_providers" graphql:"account_providers"`
}

type AccountManager 

type AccountManager struct {
	// contains filtered or unexported fields
}

AccountManager account business method

func NewAccountManager 

func NewAccountManager(config AccountManagerConfig) (*AccountManager, error)

NewAccountManager create new AccountManager instance

func (AccountManager) As 

func (am AccountManager) As(providerType AuthProviderType) *AccountManager

As create new account manager with target provider

func (*AccountManager) ChangeAllProvidersPassword 

func (am *AccountManager) ChangeAllProvidersPassword(providers []AccountProvider, password string) error

ChangeAllProvidersPassword change all providers's password of current user

func (*AccountManager) ChangePassword 

func (am *AccountManager) ChangePassword(id string, currentPassword string, newPassword string, isAdmin bool) error

ChangePassword change all providers's password of current user

func (*AccountManager) ChangeProviderPassword 

func (am *AccountManager) ChangeProviderPassword(uid string, newPassword string) error

ChangeProviderPassword change account password with provider

func (*AccountManager) CreateAccountWithProvider 

func (am *AccountManager) CreateAccountWithProvider(input *CreateAccountInput, extraFields map[string]any, extraFilters map[string]any) (*Account, error)

CreateAccountWithProvider get or create account with provider

func (*AccountManager) CreateActivity 

func (am *AccountManager) CreateActivity(sessionVariables map[string]string, accountID string, activityType ActivityType, metadata map[string]interface{}) error

CreateActivity insert an user activity record into the database

func (*AccountManager) CreateProvider 

func (am *AccountManager) CreateProvider(input AccountProvider) error

CreateProvider insert account provider to the database

func (*AccountManager) CreateProviderAccount 

func (am *AccountManager) CreateProviderAccount(input *CreateAccountInput) (*Account, error)

CreateProviderAccount create account with provider

func (*AccountManager) DeleteUser 

func (am *AccountManager) DeleteUser(id string, softDelete bool) error

DeleteUser delete user by id

func (*AccountManager) DeleteUsers 

func (am *AccountManager) DeleteUsers(where map[string]any, softDelete bool) (int, error)

DeleteUsers delete accounts from database if softDelete mode is enabled, disable the account and remove auth providers

func (*AccountManager) EncodeToken 

func (am *AccountManager) EncodeToken(cred *AccountProvider, scopes []AuthScope, options ...AccessTokenOption) (*AccessToken, error)

func (*AccountManager) FindAccountByEmail 

func (am *AccountManager) FindAccountByEmail(id string) (*Account, error)

FindAccountByEmail find account by id

func (*AccountManager) FindAccountByID 

func (am *AccountManager) FindAccountByID(id string) (*Account, error)

FindAccountByID find account by id

func (*AccountManager) FindAccountByProviderEmail 

func (am *AccountManager) FindAccountByProviderEmail(email string, accountBoolExp map[string]any) (*Account, error)

FindAccountByProviderEmail find account by email

func (*AccountManager) FindAll 

func (am *AccountManager) FindAll(where map[string]interface{}) ([]Account, error)

func (*AccountManager) FindOne 

func (am *AccountManager) FindOne(where map[string]interface{}) (*Account, error)

func (*AccountManager) Generate2FaOTP 

func (am *AccountManager) Generate2FaOTP(sessionVariables map[string]string, accountID string, phoneCode int, phoneNumber string) OTPOutput

Generate2FaOTP generate 2FA OTP to the logon user

func (*AccountManager) GenerateOTP 

func (am *AccountManager) GenerateOTP(sessionVariables map[string]string, input GenerateOTPInput) OTPOutput

GenerateOTP check if the account exists and generate the authentication otp

func (*AccountManager) GetAnonymousRole added in v0.3.0 

func (am *AccountManager) GetAnonymousRole() string

GetAnonymousRole get the unauthorized role name

func (*AccountManager) GetDefaultRole 

func (am *AccountManager) GetDefaultRole() string

GetDefaultRole get default role name

func (AccountManager) GetProviderName 

func (am AccountManager) GetProviderName() AuthProviderType

GetProviderName get provider name

func (*AccountManager) InsertAccount 

func (am *AccountManager) InsertAccount(input map[string]interface{}) (string, error)

func (*AccountManager) PromoteAnonymousUser 

func (am *AccountManager) PromoteAnonymousUser(accountID string, input *CreateAccountInput) (*Account, error)

PromoteAnonymousUser promotes the current anonymous user to the default user role

func (*AccountManager) RefreshToken 

func (am *AccountManager) RefreshToken(refreshToken string, options ...AccessTokenOption) (*AccessToken, error)

func (*AccountManager) SetCustomClaims 

func (am *AccountManager) SetCustomClaims(uid string, values map[string]interface{}) error

SetCustomClaims set custom claims for JWT token

func (*AccountManager) SetDefaultRole 

func (am *AccountManager) SetDefaultRole(role string)

SetDefaultRole set default role

func (*AccountManager) SignInByEmailAndPasswordWithExtraFields added in v0.3.1 

func (am *AccountManager) SignInByEmailAndPasswordWithExtraFields(email string, password string, extraFields map[string]any) (*Account, error)

func (*AccountManager) SignInByPhoneAndPasswordWithExtraFields added in v0.3.1 

func (am *AccountManager) SignInByPhoneAndPasswordWithExtraFields(phoneCode int, phoneNumber string, password string, extraFields map[string]any) (*Account, error)

func (*AccountManager) SignInWithEmailAndPassword 

func (am *AccountManager) SignInWithEmailAndPassword(email string, password string) (*Account, error)

func (*AccountManager) SignInWithPhoneAndPassword 

func (am *AccountManager) SignInWithPhoneAndPassword(phoneCode int, phoneNumber string, password string) (*Account, error)

func (*AccountManager) Verify2FaOTP 

func (am *AccountManager) Verify2FaOTP(sessionVariables map[string]string, accountID string, otp string, type2FA Auth2FAType) error

Verify2FaOTP verify 2FA OTP to the current user

func (*AccountManager) VerifyOTP 

func (am *AccountManager) VerifyOTP(sessionVariables map[string]string, input VerifyOTPInput) (*Account, error)

VerifyOTP verify if the otp code matches the current account

func (*AccountManager) VerifyPassword 

func (am *AccountManager) VerifyPassword(providerUserID string, password string) error

func (*AccountManager) VerifyRefreshToken 

func (am *AccountManager) VerifyRefreshToken(refreshToken string) (*AccountProvider, error)

func (*AccountManager) VerifyToken 

func (am *AccountManager) VerifyToken(token string, accountBoolExp map[string]any, extraFields map[string]any) (*Account, map[string]interface{}, error)

VerifyToken validate and return provider user id

type AccountManagerConfig 

type AccountManagerConfig struct {
	FirebaseApp *firebase.App `ignored:"true"`
	GQLClient   client.Client `ignored:"true"`
	JWT         *JWTAuthConfig
	OTP         AuthOTPConfig

	CreateFromToken      bool             `envconfig:"AUTH_CREATE_FROM_TOKEN" default:"false"`
	Enabled2FA           bool             `envconfig:"AUTH_2FA_ENABLED"`
	DefaultProvider      AuthProviderType `envconfig:"DEFAULT_AUTH_PROVIDER" required:"true"`
	DefaultRole          string           `envconfig:"DEFAULT_ROLE" required:"true"`
	DefaultRoleAnonymous string           `envconfig:"DEFAULT_ROLE_ANONYMOUS" default:"anonymous"`
	AutoLinkProvider     bool             `envconfig:"AUTH_AUTO_LINK_PROVIDER" default:"false"`
	Logger               *zerolog.Logger  `ignored:"true"`
}

AccountManagerConfig config options for AccountManager

type AccountProvider 

type AccountProvider struct {
	AccountID      *string        `json:"account_id,omitempty" graphql:"account_id"`
	Name           string         `json:"provider_name" graphql:"provider_name"`
	ProviderUserID string         `json:"provider_user_id" graphql:"provider_user_id"`
	Metadata       map[string]any `json:"metadata" graphql:"metadata" scalar:"true"`
}

type ActivityType 

type ActivityType string

type ApiKeyAuth 

type ApiKeyAuth struct {
	// contains filtered or unexported fields
}

ApiKeyAuth represents the api key authentication service

func NewAPIKeyAuth 

func NewAPIKeyAuth(client client.Client) *ApiKeyAuth

NewAPIKeyAuth create new APIKeyAuth instance

func (*ApiKeyAuth) Verify 

func (ak *ApiKeyAuth) Verify(apiKey string, headers http.Header) (*APIKey, error)

Verify and validate the api key

func (*ApiKeyAuth) VerifyCustomKey 

func (ak *ApiKeyAuth) VerifyCustomKey(input APIKeysGetter, apiKey string, headers http.Header) (*APIKey, error)

VerifyCustomKey verifies a custom API key model

type Auth2FAType 

type Auth2FAType string

type AuthOTPConfig 

type AuthOTPConfig struct {
	Enabled           bool          `envconfig:"AUTH_OTP_ENABLED"`
	OTPLength         uint          `envconfig:"AUTH_OTP_LENGTH" default:"6"`
	LoginLimit        uint          `envconfig:"AUTH_OTP_LOGIN_LIMIT" default:"3"`
	LoginDisableLimit uint          `envconfig:"AUTH_OTP_DISABLE_LIMIT" default:"9"`
	LoginLockDuration time.Duration `envconfig:"AUTH_OTP_LOCK_DURATION" default:"10m"`
	TTL               time.Duration `envconfig:"AUTH_OTP_TTL" default:"60s"`
	DevMode           bool          `envconfig:"AUTH_OTP_DEV" default:"false"`
	DevOTPCode        string        `envconfig:"AUTH_OTP_DEV_CODE" default:"123456"`
}

AuthOTPConfig contains authentication configurations from sms otp

type AuthProvider 

type AuthProvider interface {
	GetName() AuthProviderType
	CreateUser(*CreateAccountInput) (*Account, error)
	PromoteAnonymousUser(string, *CreateAccountInput) (*Account, error)
	GetOrCreateUserByPhone(*CreateAccountInput) (*Account, error)
	UpdateUser(string, UpdateAccountInput) (*Account, error)
	DeleteUser(id string) error
	GetUserByID(id string) (*Account, error)
	GetUserByEmail(email string) (*Account, error)
	SetCustomClaims(uid string, input map[string]interface{}) error
	EncodeToken(cred *AccountProvider, scopes []AuthScope, options ...AccessTokenOption) (*AccessToken, error)
	RefreshToken(refreshToken string, options ...AccessTokenOption) (*AccessToken, error)
	VerifyToken(token string) (*AccountProvider, map[string]interface{}, error)
	VerifyRefreshToken(refreshToken string) (*AccountProvider, error)
	VerifyPassword(uid string, password string) error
	ChangePassword(uid string, newPassword string) error
	SignInWithEmailAndPassword(email string, password string) (*Account, error)
	SignInWithPhoneAndPassword(phoneCode int, phoneNumber string, password string) (*Account, error)
	SignInByPhoneAndPasswordWithExtraFields(phoneCode int, phoneNumber string, password string, extraFields map[string]any) (*Account, error)
	SignInByEmailAndPasswordWithExtraFields(email string, password string, extraFields map[string]any) (*Account, error)
}

type AuthProviderType 

type AuthProviderType string

func GetAuthProviderTypes 

func GetAuthProviderTypes() []AuthProviderType

func (AuthProviderType) IsValid 

func (apt AuthProviderType) IsValid() bool

type AuthScope 

type AuthScope string

AuthScope represents the OAuth Scopes specification https://oauth.net/2/scope/ 

const (
	// openid scope is used to get an ID Token
	ScopeOpenID AuthScope = "openid"
	// offline_access is used to get a Refresh Token.
	ScopeOfflineAccess AuthScope = "offline_access"
	// email scope is used to add the email info into the ID token
	ScopeEmail AuthScope = "email"
	// profile scope is used to add the profile info into the ID token
	ScopeProfile AuthScope = "profile"
	// profile scope is used to add the role info into the ID token
	ScopeRole AuthScope = "role"
)

type BaseAccount 

type BaseAccount struct {
	ID           string `json:"id" graphql:"id"`
	Email        string `json:"email" graphql:"email"`
	PhoneCode    int    `json:"phone_code" graphql:"phone_code"`
	PhoneNumber  string `json:"phone_number" graphql:"phone_number"`
	DisplayName  string `json:"display_name" graphql:"display_name"`
	Role         string `json:"role" graphql:"role"`
	Verified     bool   `json:"verified" graphql:"verified"`
	EmailEnabled bool   `json:"email_enabled" graphql:"email_enabled"`
	PhoneEnabled bool   `json:"phone_enabled" graphql:"phone_enabled"`
	Disabled     bool   `json:"disabled" graphql:"disabled"`
}

type CreateAccountInput 

type CreateAccountInput struct {
	ID               *string           `json:"id,omitempty"`
	DisplayName      *string           `json:"display_name,omitempty"`
	Email            *string           `json:"email,omitempty"`
	PhoneCode        *int              `json:"phone_code,omitempty"`
	PhoneNumber      *string           `json:"phone_number,omitempty"`
	Role             *string           `json:"role,omitempty"`
	Password         *string           `json:"password,omitempty"`
	Verified         *bool             `json:"verified,omitempty"`
	AuthProviderType *AuthProviderType `json:"auth_provider_type,omitempty"`
	EmailEnabled     *bool             `json:"email_enabled,omitempty"`
	PhoneEnabled     *bool             `json:"phone_enabled,omitempty"`
}

CreateAccountInput represents the account insert input

func (CreateAccountInput) ToBaseAccount 

func (cai CreateAccountInput) ToBaseAccount() BaseAccount

ToBaseAccount converts to BaseAccount struct

type CreateUserOutput 

type CreateUserOutput struct {
	ID string `json:"id"`
}

type FirebaseAuth 

type FirebaseAuth struct {
	*firebase.App
	// contains filtered or unexported fields
}

FirebaseAuth implements the AuthProvider interface for Firebase authentication

func NewFirebaseAuth 

func NewFirebaseAuth(app *firebase.App) *FirebaseAuth

NewFirebaseAuth creates a FirebaseAuth instance

func (*FirebaseAuth) ChangePassword 

func (fa *FirebaseAuth) ChangePassword(uid string, newPassword string) error

ChangePassword change the password of user

func (*FirebaseAuth) CreateUser 

func (fa *FirebaseAuth) CreateUser(input *CreateAccountInput) (*Account, error)

func (*FirebaseAuth) DeleteUser 

func (fa *FirebaseAuth) DeleteUser(uid string) error

func (*FirebaseAuth) EncodeToken 

func (fa *FirebaseAuth) EncodeToken(cred *AccountProvider, scopes []AuthScope, options ...AccessTokenOption) (*AccessToken, error)

EncodeToken encodes the custom ID Token from Firebase Auth

func (FirebaseAuth) GetName 

func (fa FirebaseAuth) GetName() AuthProviderType

GetName gets the authentication provider type enum

func (*FirebaseAuth) GetOrCreateUserByPhone 

func (fa *FirebaseAuth) GetOrCreateUserByPhone(input *CreateAccountInput) (*Account, error)

GetOrCreateUserByPhone get or create user by phone number

func (*FirebaseAuth) GetUserByEmail 

func (fa *FirebaseAuth) GetUserByEmail(email string) (*Account, error)

func (*FirebaseAuth) GetUserByID 

func (fa *FirebaseAuth) GetUserByID(id string) (*Account, error)

func (*FirebaseAuth) PromoteAnonymousUser 

func (fa *FirebaseAuth) PromoteAnonymousUser(uid string, input *CreateAccountInput) (*Account, error)

PromoteAnonymousUser promotes the current anonymous user to the default user role

func (*FirebaseAuth) RefreshToken 

func (fa *FirebaseAuth) RefreshToken(refreshToken string, options ...AccessTokenOption) (*AccessToken, error)

RefreshToken verifies and refreshes user token. Firebase Auth doesn't support this

func (*FirebaseAuth) SetCustomClaims 

func (fa *FirebaseAuth) SetCustomClaims(uid string, input map[string]interface{}) error

func (*FirebaseAuth) SignInByEmailAndPasswordWithExtraFields added in v0.3.1 

func (fa *FirebaseAuth) SignInByEmailAndPasswordWithExtraFields(email string, password string, extraFields map[string]any) (*Account, error)

func (*FirebaseAuth) SignInByPhoneAndPasswordWithExtraFields added in v0.3.1 

func (fa *FirebaseAuth) SignInByPhoneAndPasswordWithExtraFields(phoneCode int, phoneNumber string, password string, extraFields map[string]any) (*Account, error)

func (*FirebaseAuth) SignInWithEmailAndPassword 

func (fa *FirebaseAuth) SignInWithEmailAndPassword(email string, password string) (*Account, error)

func (*FirebaseAuth) SignInWithPhoneAndPassword 

func (fa *FirebaseAuth) SignInWithPhoneAndPassword(phoneCode int, phoneNumber string, password string) (*Account, error)

func (*FirebaseAuth) UpdateUser 

func (fa *FirebaseAuth) UpdateUser(uid string, input UpdateAccountInput) (*Account, error)

func (*FirebaseAuth) VerifyPassword 

func (fa *FirebaseAuth) VerifyPassword(providerUserId string, password string) error

func (*FirebaseAuth) VerifyRefreshToken 

func (fa *FirebaseAuth) VerifyRefreshToken(refreshToken string) (*AccountProvider, error)

VerifyRefreshToken decode, verify signature and checksum of the refresh token Firebase Auth doesn't support this

func (*FirebaseAuth) VerifyToken 

func (fa *FirebaseAuth) VerifyToken(token string) (*AccountProvider, map[string]interface{}, error)

VerifyToken verifies the id token

type GenerateOTPInput 

type GenerateOTPInput struct {
	PhoneCode       int
	PhoneNumber     string
	ExtraConditions map[string]any
	ExtraInputs     map[string]any
}

GenerateOTPInput represents the otp generation input

type GeoPoint 

type GeoPoint struct {
	Type        string    `json:"type"`
	Coordinates []float64 `json:"coordinates"`
}

type JWTAuth 

type JWTAuth struct {
	// contains filtered or unexported fields
}

JWTAuth implements the AuthProvider interface for JWT authentication

func NewJWTAuth 

func NewJWTAuth(client client.Client, config JWTAuthConfig) *JWTAuth

NewJWTAuth creates a new JWTAuth instance

func (*JWTAuth) ChangePassword 

func (ja *JWTAuth) ChangePassword(uid string, newPassword string) error

func (*JWTAuth) CreateUser 

func (ja *JWTAuth) CreateUser(input *CreateAccountInput) (*Account, error)

func (*JWTAuth) DeleteUser 

func (ja *JWTAuth) DeleteUser(uid string) error

func (*JWTAuth) EncodeToken 

func (ja *JWTAuth) EncodeToken(cred *AccountProvider, scopes []AuthScope, options ...AccessTokenOption) (*AccessToken, error)

func (JWTAuth) GetName 

func (ja JWTAuth) GetName() AuthProviderType

func (*JWTAuth) GetOrCreateUserByPhone 

func (ja *JWTAuth) GetOrCreateUserByPhone(input *CreateAccountInput) (*Account, error)

func (*JWTAuth) GetUserByEmail 

func (ja *JWTAuth) GetUserByEmail(email string) (*Account, error)

func (*JWTAuth) GetUserByID 

func (ja *JWTAuth) GetUserByID(id string) (*Account, error)

func (*JWTAuth) PromoteAnonymousUser 

func (ja *JWTAuth) PromoteAnonymousUser(providerID string, input *CreateAccountInput) (*Account, error)

PromoteAnonymousUser promotes the current anonymous user to the default user role

func (*JWTAuth) RefreshToken 

func (ja *JWTAuth) RefreshToken(refreshToken string, options ...AccessTokenOption) (*AccessToken, error)

RefreshToken verify and generate new tokens

func (*JWTAuth) SetCustomClaims 

func (ja *JWTAuth) SetCustomClaims(uid string, input map[string]interface{}) error

func (*JWTAuth) SignInByEmailAndPasswordWithExtraFields added in v0.3.1 

func (ja *JWTAuth) SignInByEmailAndPasswordWithExtraFields(email string, password string, extraFields map[string]any) (*Account, error)

func (*JWTAuth) SignInByPhoneAndPasswordWithExtraFields added in v0.3.1 

func (ja *JWTAuth) SignInByPhoneAndPasswordWithExtraFields(phoneCode int, phoneNumber string, password string, extraFields map[string]any) (*Account, error)

func (*JWTAuth) SignInWithEmailAndPassword 

func (ja *JWTAuth) SignInWithEmailAndPassword(email string, password string) (*Account, error)

func (*JWTAuth) SignInWithPhoneAndPassword 

func (ja *JWTAuth) SignInWithPhoneAndPassword(phoneCode int, phoneNumber string, password string) (*Account, error)

func (*JWTAuth) UpdateUser 

func (ja *JWTAuth) UpdateUser(uid string, input UpdateAccountInput) (*Account, error)

func (*JWTAuth) VerifyPassword 

func (ja *JWTAuth) VerifyPassword(providerUserId string, password string) error

func (*JWTAuth) VerifyRefreshToken 

func (ja *JWTAuth) VerifyRefreshToken(refreshToken string) (*AccountProvider, error)

VerifyRefreshToken decode, verify signature and checksum of the refresh token

func (*JWTAuth) VerifyToken 

func (ja *JWTAuth) VerifyToken(token string) (*AccountProvider, map[string]interface{}, error)

VerifyToken decodes and verifies the JWT token

type JWTAuthConfig 

type JWTAuthConfig struct {
	Cost              int           `envconfig:"JWT_HASH_COST" default:"10"`
	SessionKey        string        `envconfig:"SESSION_KEY"`
	TTL               time.Duration `envconfig:"SESSION_TTL" default:"1h"`
	RefreshTTL        time.Duration `envconfig:"SESSION_REFRESH_TTL" default:"0ms"`
	Issuer            string        `envconfig:"JWT_ISSUER"`
	Algorithm         string        `envconfig:"JWT_ALGORITHM" default:"HS256"`
	HasChecksum       bool          `envconfig:"JWT_CHECKSUM" default:"false"`
	ChecksumLength    int           `envconfig:"JWT_CHECKSUM_LENGTH" default:"8"`
	LoginLimit        uint          `envconfig:"JWT_LOGIN_LIMIT" default:"5"`
	LoginLockLimit    uint          `envconfig:"JWT_DISABLE_LIMIT" default:"15"`
	LoginLockDuration time.Duration `envconfig:"JWT_LOCK_DURATION" default:"10m"`
}

func (JWTAuthConfig) Validate 

func (jac JWTAuthConfig) Validate() error

type OTPOutput 

type OTPOutput struct {
	Error          string
	LockedDuration uint
	Code           string
	Expiry         time.Time
	AccountID      string
}

OTPOutput represents the otp response

type Role added in v0.3.0 

type Role string
const (
	RoleBackend   Role = "backend"
	RoleModerator Role = "moderator"
	RoleUser      Role = "user"
	RoleCustomer  Role = "customer"
)

type UpdateAccountInput 

type UpdateAccountInput struct {
	DisplayName  *string `json:"display_name,omitempty"`
	Email        *string `json:"email,omitempty"`
	PhoneCode    *int    `json:"phone_code,omitempty"`
	PhoneNumber  *string `json:"phone_number,omitempty"`
	Password     *string `json:"password,omitempty"`
	Verified     *bool   `json:"verified,omitempty"`
	EmailEnabled *bool   `json:"email_enabled,omitempty"`
	PhoneEnabled *bool   `json:"phone_enabled,omitempty"`
	Role         *string `json:"role,omitempty"`
	Disabled     *bool   `json:"disabled,omitempty"`
}

UpdateAccountInput represents the update account input

func (UpdateAccountInput) GetGraphQLType 

func (uai UpdateAccountInput) GetGraphQLType() string

GetGraphQLType returns the graphql schema type

func (UpdateAccountInput) ToBaseAccount 

func (uai UpdateAccountInput) ToBaseAccount() BaseAccount

ToBaseAccount converts to BaseAccount struct

type VerifyOTPInput 

type VerifyOTPInput struct {
	PhoneCode       int            `json:"phone_code"`
	PhoneNumber     string         `json:"phone_number"`
	OTP             string         `json:"otp"`
	ExtraConditions map[string]any `json:"-"`
}

VerifyOTPInput represents the otp verification input

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.