auth

package

v1.7.0 Latest Latest Go to latest Published: Mar 15, 2026 License: GPL-3.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/studiowebux/minimaldoc

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth provides authentication for minimaldoc-server. Supports local email/password and OAuth 2.0/OIDC providers.

Index ¶

func GenerateAPIKey() (string, error)
func GenerateRefreshToken(userID, secret string, expiry time.Duration) (string, error)
func GenerateSessionToken() (string, error)
func GenerateToken(userID, email, role, siteID, secret string, expiry time.Duration) (string, error)
func GenerateVerificationToken() (string, error)
func HashAPIKey(key string) string
func HashPassword(password string, cost int) (string, error)
func HashSessionToken(token string) string
func ValidateRefreshToken(tokenString, secret string) (string, error)
func VerifyPassword(password, hash string) bool
type Claims
- func ValidateToken(tokenString, secret string) (*Claims, error)
type LocalProvider
- func NewLocalProvider(db *sql.DB, bcryptCost int) *LocalProvider
- func (p *LocalProvider) Authenticate(ctx context.Context, credentials map[string]string) (*UserInfo, error)
- func (p *LocalProvider) CreateUser(ctx context.Context, siteID, email, password, name, role string) (*UserInfo, error)
- func (p *LocalProvider) GetAuthURL(state string) string
- func (p *LocalProvider) HandleCallback(ctx context.Context, code string) (*UserInfo, error)
- func (p *LocalProvider) Name() string
- func (p *LocalProvider) UpdatePassword(ctx context.Context, userID, newPassword string) error
type OAuthProvider
- func NewOAuthProvider(cfg config.OAuthProvider) *OAuthProvider
- func (p *OAuthProvider) Authenticate(ctx context.Context, credentials map[string]string) (*UserInfo, error)
- func (p *OAuthProvider) GetAuthURL(state string) string
- func (p *OAuthProvider) HandleCallback(ctx context.Context, code string) (*UserInfo, error)
- func (p *OAuthProvider) Name() string
type Provider
type ProviderRegistry
- func NewRegistry() *ProviderRegistry
- func (r *ProviderRegistry) Get(name string) (Provider, error)
- func (r *ProviderRegistry) List() []string
- func (r *ProviderRegistry) Register(p Provider)
type UserInfo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateAPIKey ¶

func GenerateAPIKey() (string, error)

GenerateAPIKey creates a cryptographically secure API key.

func GenerateRefreshToken ¶

func GenerateRefreshToken(userID, secret string, expiry time.Duration) (string, error)

GenerateRefreshToken creates a longer-lived refresh token.

func GenerateSessionToken ¶

func GenerateSessionToken() (string, error)

GenerateSessionToken creates a random session token.

func GenerateToken ¶

func GenerateToken(userID, email, role, siteID, secret string, expiry time.Duration) (string, error)

GenerateToken creates a new JWT token.

func GenerateVerificationToken ¶

func GenerateVerificationToken() (string, error)

GenerateVerificationToken creates a token for email verification.

func HashAPIKey ¶

func HashAPIKey(key string) string

HashAPIKey creates a SHA-256 hash of an API key for storage.

func HashPassword ¶

func HashPassword(password string, cost int) (string, error)

HashPassword creates a bcrypt hash of the password.

func HashSessionToken ¶

func HashSessionToken(token string) string

HashSessionToken creates a hash of a session token for storage.

func ValidateRefreshToken ¶

func ValidateRefreshToken(tokenString, secret string) (string, error)

ValidateRefreshToken parses and validates a refresh token.

func VerifyPassword ¶

func VerifyPassword(password, hash string) bool

VerifyPassword compares a password with its hash.

Types ¶

type Claims ¶

type Claims struct {
	jwt.RegisteredClaims
	UserID string `json:"uid"`
	Email  string `json:"email"`
	Role   string `json:"role"`
	SiteID string `json:"sid"`
}

Claims represents JWT token claims.

func ValidateToken ¶

func ValidateToken(tokenString, secret string) (*Claims, error)

ValidateToken parses and validates a JWT token.

type LocalProvider ¶

type LocalProvider struct {
	// contains filtered or unexported fields
}

LocalProvider implements email/password authentication.

func NewLocalProvider ¶

func NewLocalProvider(db *sql.DB, bcryptCost int) *LocalProvider

NewLocalProvider creates a new local authentication provider.

func (*LocalProvider) Authenticate ¶

func (p *LocalProvider) Authenticate(ctx context.Context, credentials map[string]string) (*UserInfo, error)

Authenticate validates email/password credentials.

func (*LocalProvider) CreateUser ¶

func (p *LocalProvider) CreateUser(ctx context.Context, siteID, email, password, name, role string) (*UserInfo, error)

CreateUser creates a new user with email/password.

func (*LocalProvider) GetAuthURL ¶

func (p *LocalProvider) GetAuthURL(state string) string

GetAuthURL is not applicable for local auth.

func (*LocalProvider) HandleCallback ¶

func (p *LocalProvider) HandleCallback(ctx context.Context, code string) (*UserInfo, error)

HandleCallback is not applicable for local auth.

func (*LocalProvider) Name ¶

func (p *LocalProvider) Name() string

Name returns the provider identifier.

func (*LocalProvider) UpdatePassword ¶

func (p *LocalProvider) UpdatePassword(ctx context.Context, userID, newPassword string) error

UpdatePassword changes a user's password.

type OAuthProvider ¶

type OAuthProvider struct {
	// contains filtered or unexported fields
}

OAuthProvider implements OAuth 2.0 / OIDC authentication.

func NewOAuthProvider ¶

func NewOAuthProvider(cfg config.OAuthProvider) *OAuthProvider

NewOAuthProvider creates a new OAuth provider.

func (*OAuthProvider) Authenticate ¶

func (p *OAuthProvider) Authenticate(ctx context.Context, credentials map[string]string) (*UserInfo, error)

Authenticate is not used for OAuth (redirects are used instead).

func (*OAuthProvider) GetAuthURL ¶

func (p *OAuthProvider) GetAuthURL(state string) string

GetAuthURL returns the URL to redirect for OAuth login.

func (*OAuthProvider) HandleCallback ¶

func (p *OAuthProvider) HandleCallback(ctx context.Context, code string) (*UserInfo, error)

HandleCallback processes the OAuth callback and returns user info.

func (*OAuthProvider) Name ¶

func (p *OAuthProvider) Name() string

Name returns the provider identifier.

type Provider ¶

type Provider interface {
	// Name returns the provider identifier.
	Name() string

	// Authenticate validates credentials and returns user info.
	Authenticate(ctx context.Context, credentials map[string]string) (*UserInfo, error)

	// GetAuthURL returns the URL to redirect for OAuth login (OAuth providers only).
	GetAuthURL(state string) string

	// HandleCallback processes the OAuth callback and returns user info.
	HandleCallback(ctx context.Context, code string) (*UserInfo, error)
}

Provider defines the interface for authentication providers.

type ProviderRegistry ¶

type ProviderRegistry struct {
	// contains filtered or unexported fields
}

ProviderRegistry manages authentication providers.

func NewRegistry ¶

func NewRegistry() *ProviderRegistry

NewRegistry creates a new provider registry.

func (*ProviderRegistry) Get ¶

func (r *ProviderRegistry) Get(name string) (Provider, error)

Get retrieves a provider by name.

func (*ProviderRegistry) List ¶

func (r *ProviderRegistry) List() []string

List returns all registered provider names.

func (*ProviderRegistry) Register ¶

func (r *ProviderRegistry) Register(p Provider)

Register adds a provider to the registry.

type UserInfo ¶

type UserInfo struct {
	ID            string
	Email         string
	Name          string
	AvatarURL     string
	EmailVerified bool
	Provider      string // "local", "google", "github", "cognito", etc.
	ProviderID    string // ID from OAuth provider
	Role          string // admin, editor, viewer
}

UserInfo contains authenticated user information.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL