Versions in this module Expand all Collapse all v0 v0.2.0 Apr 23, 2026 Changes in this version + var ErrAccountLocked = errors.New("account is locked due to too many failed attempts") + var ErrAccountSuspended = errors.New("account is suspended") + var ErrEmailAlreadyExists = errors.New("email already exists") + var ErrEmailNotVerified = errors.New("email is not verified") + var ErrInvalidCredentials = errors.New("invalid email or password") + var ErrInvalidProvider = errors.New("invalid OAuth provider") + var ErrInvalidResetToken = errors.New("invalid or expired reset token") + var ErrInvalidState = errors.New("invalid OAuth state") + var ErrInvalidVerificationToken = errors.New("invalid or expired verification token") + var ErrOAuthDisabled = errors.New("OAuth is disabled") + var ErrOAuthExchangeFailed = errors.New("failed to exchange OAuth code") + var ErrOAuthUserInfoFailed = errors.New("failed to get user info from OAuth provider") + var ErrPasswordMismatch = errors.New("current password is incorrect") + var ErrProviderDisabled = errors.New("OAuth provider is disabled") + var ErrRegistrationDisabled = errors.New("registration is disabled") + var ErrSSODecryptionFailed = errors.New("failed to decrypt client secret") + var ErrSSODomainNotAllowed = errors.New("email domain not allowed for this SSO provider") + var ErrSSOExchangeFailed = errors.New("failed to exchange authorization code") + var ErrSSOInvalidDefaultRole = errors.New("invalid default role") + var ErrSSOInvalidRedirectURI = errors.New("invalid redirect URI") + var ErrSSOInvalidState = errors.New("invalid SSO state token") + var ErrSSONoActiveProviders = errors.New("no active SSO providers for this tenant") + var ErrSSONoEmail = errors.New("SSO provider did not return an email address") + var ErrSSOProviderInactive = errors.New("SSO provider is not active") + var ErrSSOProviderNotFound = errors.New("SSO provider not configured for this tenant") + var ErrSSOProviderUnsupported = errors.New("unsupported SSO provider type") + var ErrSSOTenantNotFound = errors.New("tenant not found") + var ErrSSOUserInfoFailed = errors.New("failed to get user info from SSO provider") + var ErrSessionLimitReached = errors.New("maximum number of active sessions reached") + var ErrTenantAccessDenied = errors.New("user does not have access to this tenant") + var ErrTenantRequired = errors.New("tenant_id is required") + var ErrTicketNotFound = errors.New("ws ticket not found") + func SMTPConfigFromIntegrationMeta() map[string]string + type AcceptInvitationWithRefreshTokenInput struct + InvitationToken string + RefreshToken string + type AcceptInvitationWithRefreshTokenResult struct + AccessToken string + ExpiresAt time.Time + RefreshToken string + Role string + Tenant TenantMembershipInfo + type AuthService struct + func NewAuthService(userRepo userdom.Repository, sessionRepo sessiondom.Repository, ...) *AuthService + func (s *AuthService) AcceptInvitationWithRefreshToken(ctx context.Context, input AcceptInvitationWithRefreshTokenInput) (*AcceptInvitationWithRefreshTokenResult, error) + func (s *AuthService) ChangePassword(ctx context.Context, userID string, input ChangePasswordInput) error + func (s *AuthService) CreateFirstTeam(ctx context.Context, input CreateFirstTeamInput) (*CreateFirstTeamResult, error) + func (s *AuthService) ExchangeToken(ctx context.Context, input ExchangeTokenInput) (*ExchangeTokenResult, error) + func (s *AuthService) ForgotPassword(ctx context.Context, input ForgotPasswordInput) (*ForgotPasswordResult, error) + func (s *AuthService) GenerateWSToken(ctx context.Context, userID, tenantID string) (string, error) + func (s *AuthService) Login(ctx context.Context, input LoginInput) (*LoginResult, error) + func (s *AuthService) Logout(ctx context.Context, sessionID string) error + func (s *AuthService) RefreshToken(ctx context.Context, input RefreshTokenInput) (*RefreshTokenResult, error) + func (s *AuthService) Register(ctx context.Context, input RegisterInput) (*RegisterResult, error) + func (s *AuthService) ResetPassword(ctx context.Context, input ResetPasswordInput) error + func (s *AuthService) SetRoleService(roleService *accesscontrol.RoleService) + func (s *AuthService) SetSMTPChecker(checker SMTPAvailabilityCheck) + func (s *AuthService) ValidateAccessToken(tokenString string) (*jwt.Claims, error) + func (s *AuthService) VerifyEmail(ctx context.Context, token string) error + type AuthorizationURLInput struct + FinalRedirect string + Provider OAuthProvider + RedirectURI string + type AuthorizationURLResult struct + AuthorizationURL string + State string + type CallbackInput struct + Code string + Provider OAuthProvider + RedirectURI string + State string + type CallbackResult struct + AccessToken string + ExpiresIn int64 + RefreshToken string + TokenType string + User *userdom.User + type ChangePasswordInput struct + CurrentPassword string + NewPassword string + type CreateFirstTeamInput struct + RefreshToken string + TeamName string + TeamSlug string + type CreateFirstTeamResult struct + AccessToken string + ExpiresAt time.Time + RefreshToken string + Tenant TenantMembershipInfo + type CreateProviderInput struct + AllowedDomains []string + AutoProvision bool + ClientID string + ClientSecret string + CreatedBy string + DefaultRole string + DisplayName string + IssuerURL string + Provider string + Scopes []string + TenantID string + TenantIdentifier string + type EmailService struct + func NewEmailService(sender emaildom.Sender, cfg config.SMTPConfig, appName string, ...) *EmailService + func (s *EmailService) HasSystemSMTP() bool + func (s *EmailService) HasTenantSMTP(ctx context.Context, tenantID string) bool + func (s *EmailService) IsConfigured() bool + func (s *EmailService) SendMemberReactivatedEmail(ctx context.Context, ...) error + func (s *EmailService) SendMemberSuspendedEmail(ctx context.Context, ...) error + func (s *EmailService) SendPasswordChangedEmail(ctx context.Context, userEmail, userName, ipAddress string) error + func (s *EmailService) SendPasswordResetEmail(ctx context.Context, userEmail, userName, token string, ...) error + func (s *EmailService) SendTeamInvitationEmail(ctx context.Context, recipientEmail, inviterName, teamName, token string, ...) error + func (s *EmailService) SendVerificationEmail(ctx context.Context, userEmail, userName, token string, ...) error + func (s *EmailService) SendWelcomeEmail(ctx context.Context, userEmail, userName string) error + func (s *EmailService) SetTenantSMTPResolver(resolver TenantSMTPResolver) + type ExchangeTokenInput struct + RefreshToken string + TenantID string + type ExchangeTokenResult struct + AccessToken string + ExpiresAt time.Time + Role string + TenantID string + TenantSlug string + type ForgotPasswordInput struct + Email string + type ForgotPasswordResult struct + Token string + type IntegrationSMTPResolver struct + func NewIntegrationSMTPResolver(repo integration.Repository, log *logger.Logger) *IntegrationSMTPResolver + func (r *IntegrationSMTPResolver) GetTenantSMTPConfig(ctx context.Context, tenantID string) (*emaildom.Config, error) + type LoginInput struct + Email string + IPAddress string + Password string + UserAgent string + type LoginResult struct + ExpiresAt time.Time + RefreshToken string + SessionID string + SuspendedTenants []TenantMembershipInfo + Tenants []TenantMembershipInfo + User *userdom.User + type OAuthProvider string + const OAuthProviderGitHub + const OAuthProviderGoogle + const OAuthProviderMicrosoft + func (p OAuthProvider) IsValid() bool + func (p OAuthProvider) ToAuthProvider() userdom.AuthProvider + type OAuthService struct + func NewOAuthService(userRepo userdom.Repository, sessionRepo sessiondom.Repository, ...) *OAuthService + func (s *OAuthService) GetAuthorizationURL(ctx context.Context, input AuthorizationURLInput) (*AuthorizationURLResult, error) + func (s *OAuthService) GetAvailableProviders() []ProviderInfo + func (s *OAuthService) HandleCallback(ctx context.Context, input CallbackInput) (*CallbackResult, error) + type OAuthUserInfo struct + AvatarURL string + Email string + ID string + Name string + type ProviderInfo struct + Enabled bool + ID string + Name string + type RefreshTokenInput struct + IPAddress string + RefreshToken string + TenantID string + UserAgent string + type RefreshTokenResult struct + AccessToken string + ExpiresAt time.Time + RefreshExpiresAt time.Time + RefreshToken string + Role string + TenantID string + TenantSlug string + type RegisterInput struct + Email string + InvitationToken string + Name string + Password string + type RegisterResult struct + EmailExisted bool + RequiresVerification bool + User *userdom.User + VerificationToken string + type ResetPasswordInput struct + NewPassword string + Token string + type SMTPAvailabilityCheck interface + HasSystemSMTP func() bool + HasTenantSMTP func(ctx context.Context, tenantID string) bool + type SSOAuthorizeInput struct + OrgSlug string + Provider string + RedirectURI string + type SSOAuthorizeResult struct + AuthorizationURL string + State string + type SSOCallbackInput struct + Code string + Provider string + RedirectURI string + State string + type SSOCallbackResult struct + AccessToken string + ExpiresIn int64 + RefreshToken string + TenantID string + TenantSlug string + TokenType string + User *userdom.User + type SSOProviderInfo struct + DisplayName string + ID string + Provider string + type SSOService struct + func NewSSOService(ipRepo identityproviderdom.Repository, tenantRepo tenantdom.Repository, ...) *SSOService + func (s *SSOService) CreateProvider(ctx context.Context, input CreateProviderInput) (*identityproviderdom.IdentityProvider, error) + func (s *SSOService) DeleteProvider(ctx context.Context, tenantID, id string) error + func (s *SSOService) GenerateAuthorizeURL(ctx context.Context, input SSOAuthorizeInput) (*SSOAuthorizeResult, error) + func (s *SSOService) GetProvider(ctx context.Context, tenantID, id string) (*identityproviderdom.IdentityProvider, error) + func (s *SSOService) GetProvidersForTenant(ctx context.Context, orgSlug string) ([]SSOProviderInfo, error) + func (s *SSOService) HandleCallback(ctx context.Context, input SSOCallbackInput) (*SSOCallbackResult, error) + func (s *SSOService) ListProviders(ctx context.Context, tenantID string) ([]*identityproviderdom.IdentityProvider, error) + func (s *SSOService) SetTenantMemberRepo(repo TenantMemberCreator) + func (s *SSOService) UpdateProvider(ctx context.Context, input UpdateProviderInput) (*identityproviderdom.IdentityProvider, error) + type SSOUserInfo struct + AvatarURL string + Email string + Name string + type SessionInfo struct + CreatedAt string + ID string + IPAddress string + IsCurrent bool + LastActivityAt string + UserAgent string + type SessionResult struct + AccessToken string + RefreshToken string + type SessionService struct + func NewSessionService(sessionRepo sessiondom.Repository, ...) *SessionService + func (s *SessionService) CleanupExpiredSessions(ctx context.Context) (int64, int64, error) + func (s *SessionService) CountActiveSessions(ctx context.Context, userID string) (int, error) + func (s *SessionService) GetSessionByAccessToken(ctx context.Context, accessToken string) (*sessiondom.Session, error) + func (s *SessionService) ListUserSessions(ctx context.Context, userID string, currentSessionID string) ([]SessionInfo, error) + func (s *SessionService) RevokeAllSessions(ctx context.Context, userID, exceptSessionID string) error + func (s *SessionService) RevokeSession(ctx context.Context, userID, sessionID string) error + func (s *SessionService) SetPermissionServices(cacheSvc *accesscontrol.PermissionCacheService, ...) + func (s *SessionService) UpdateSessionActivity(ctx context.Context, sessionID string) error + func (s *SessionService) ValidateSession(ctx context.Context, sessionID string) (*sessiondom.Session, error) + type SettingsStorageResolver struct + func NewSettingsStorageResolver(db *sql.DB, enc crypto.Encryptor, log *logger.Logger) *SettingsStorageResolver + func (r *SettingsStorageResolver) GetTenantStorageConfig(ctx context.Context, tenantID string) (*attachment.StorageConfig, error) + func (r *SettingsStorageResolver) SaveTenantStorageConfig(ctx context.Context, tenantID string, cfg attachment.StorageConfig) error + type TenantMemberCreator interface + CreateMembership func(ctx context.Context, m *tenantdom.Membership) error + type TenantMembershipInfo struct + Role string + TenantID string + TenantName string + TenantSlug string + type TenantMembershipProvider interface + GetUserTenantIDs func(ctx context.Context, userID shared.ID) ([]string, error) + type TenantSMTPResolver interface + GetTenantSMTPConfig func(ctx context.Context, tenantID string) (*emaildom.Config, error) + type UpdateProviderInput struct + AllowedDomains []string + AutoProvision *bool + ClientID *string + ClientSecret *string + DefaultRole *string + DisplayName *string + ID string + IsActive *bool + IssuerURL *string + Scopes []string + TenantID string + TenantIdentifier *string + type WSTicketClaims struct + IssuedAt int64 + TenantID string + UserID string + type WSTicketService struct + func NewWSTicketService(store WSTicketStore, ttl time.Duration, log *logger.Logger) *WSTicketService + func (s *WSTicketService) IssueTicket(ctx context.Context, userID, tenantID string) (string, error) + func (s *WSTicketService) RedeemTicket(ctx context.Context, ticket string) (*WSTicketClaims, error) + func (s *WSTicketService) TTLSeconds() int + type WSTicketStore interface + GetDel func(ctx context.Context, key string) (string, bool, error) + Set func(ctx context.Context, key, value string, ttl time.Duration) error
Go to main page