auth

package
v0.0.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// CookieName is the name of the session cookie.
	CookieName = "shisho_session"
	// CookieMaxAge is how long the cookie is valid.
	CookieMaxAge = 7 * 24 * time.Hour // 7 days
)
View Source 
const (
	ContextKeyUserID   contextKey = "user_id"
	ContextKeyUsername contextKey = "username"
	ContextKeyUser     contextKey = "user"
)
View Source 
const (
	// BcryptCost is the cost factor for bcrypt hashing.
	BcryptCost = 12
	// TokenExpiry is how long JWT tokens are valid.
	TokenExpiry = 7 * 24 * time.Hour // 7 days
)

Variables

This section is empty.

Functions

func CheckPassword 

func CheckPassword(password, hash string) bool

CheckPassword compares a password with a hash.

func GetUserFromContext 

func GetUserFromContext(ctx context.Context) *models.User

GetUserFromContext retrieves the user from the context.

func GetUserIDFromContext 

func GetUserIDFromContext(c echo.Context) (int, bool)

GetUserIDFromContext retrieves the user ID from the Echo context.

func HashPassword 

func HashPassword(password string) (string, error)

HashPassword hashes a password using bcrypt.

Types

type JWTClaims 

type JWTClaims struct {
	UserID   int    `json:"user_id"`
	Username string `json:"username"`
	jwt.RegisteredClaims
}

JWTClaims represents the claims in a JWT token.

type LoginPayload 

type LoginPayload struct {
	Username string `json:"username" validate:"required,min=3,max=50"`
	Password string `json:"password" validate:"required,min=8"`
}

LoginPayload represents the login request body.

type MeResponse 

type MeResponse struct {
	ID                 int      `json:"id"`
	Username           string   `json:"username"`
	Email              *string  `json:"email,omitempty"`
	RoleID             int      `json:"role_id"`
	RoleName           string   `json:"role_name"`
	Permissions        []string `json:"permissions"`
	LibraryAccess      *[]int   `json:"library_access"` // nil = all libraries, empty = none, populated = specific libraries
	MustChangePassword bool     `json:"must_change_password"`
}

MeResponse represents the current user response.

type Middleware 

type Middleware struct {
	// contains filtered or unexported fields
}

Middleware provides authentication middleware.

func NewMiddleware 

func NewMiddleware(authService *Service) *Middleware

NewMiddleware creates a new auth middleware.

func (*Middleware) Authenticate 

func (m *Middleware) Authenticate(next echo.HandlerFunc) echo.HandlerFunc

Authenticate extracts and validates the JWT from the cookie. If valid, it verifies the user is still active and adds user info to the context. If not authenticated, it returns 401.

func (*Middleware) AuthenticateOptional 

func (m *Middleware) AuthenticateOptional(next echo.HandlerFunc) echo.HandlerFunc

AuthenticateOptional extracts user info if available but doesn't require authentication. If a valid token is present, it verifies the user is still active.

func (*Middleware) BasicAuth 

func (m *Middleware) BasicAuth(next echo.HandlerFunc) echo.HandlerFunc

BasicAuth provides HTTP Basic Auth for OPDS endpoints.

func (*Middleware) RequireLibraryAccess 

func (m *Middleware) RequireLibraryAccess(paramName string) echo.MiddlewareFunc

RequireLibraryAccess returns middleware that checks if the user can access the library specified by the :libraryId or :id route parameter. Must be used after Authenticate middleware.

func (*Middleware) RequirePermission 

func (m *Middleware) RequirePermission(resource, operation string) echo.MiddlewareFunc

RequirePermission returns middleware that checks if the user has the required permission. Must be used after Authenticate middleware.

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service handles authentication operations.

func NewService 

func NewService(db *bun.DB, jwtSecret string) *Service

NewService creates a new auth service.

func RegisterRoutes 

func RegisterRoutes(e *echo.Echo, db *bun.DB, jwtSecret string) *Service

RegisterRoutes registers all auth routes.

func (*Service) Authenticate 

func (s *Service) Authenticate(ctx context.Context, username, password string) (*models.User, error)

Authenticate validates credentials and returns the user if valid.

func (*Service) CountUsers 

func (s *Service) CountUsers(ctx context.Context) (int, error)

CountUsers returns the total number of users.

func (*Service) CreateFirstAdmin 

func (s *Service) CreateFirstAdmin(ctx context.Context, username string, email *string, password string) (*models.User, error)

CreateFirstAdmin creates the first admin user during setup.

func (*Service) GenerateToken 

func (s *Service) GenerateToken(user *models.User) (string, error)

GenerateToken creates a new JWT token for the user.

func (*Service) GetUserByID 

func (s *Service) GetUserByID(ctx context.Context, id int) (*models.User, error)

GetUserByID retrieves a user by ID with relations.

func (*Service) ValidateToken 

func (s *Service) ValidateToken(tokenString string) (*JWTClaims, error)

ValidateToken validates a JWT token and returns the claims.

type SetupPayload 

type SetupPayload struct {
	Username string  `json:"username" validate:"required,min=3,max=50"`
	Email    *string `json:"email" validate:"omitempty,email"`
	Password string  `json:"password" validate:"required,min=8"`
}

SetupPayload represents the initial setup request body.

type StatusResponse 

type StatusResponse struct {
	NeedsSetup bool `json:"needs_setup"`
}

StatusResponse represents the auth status response.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.