README
¶
tinywasm/user
User management library for the tinywasm ecosystem. Handles user entities,
password authentication, OAuth providers (Google, Microsoft), LAN (local network)
authentication by RUT + IP, and session management.
Applications import tinywasm/user directly to configure session behaviour and register
isomorphic UI modules into tinywasm/site.
Documentation
- docs/ARCHITECTURE.md — What & Why: schema, contracts, design principles
- docs/IMPLEMENTATION.md — How: file layout, reference code, test strategy
Note: RBAC is now integrated into the User module (see ARCHITECTURE.md).
Diagrams
- docs/diagrams/AUTH_FLOW.md — Local login credential validation
- docs/diagrams/SESSION_FLOW.md — Session lifecycle
- docs/diagrams/USER_CRUD_FLOW.md — User creation pipeline
- docs/diagrams/OAUTH_FLOW.md — OAuth begin/callback flow (all branches)
- docs/diagrams/LAN_AUTH_FLOW.md — LAN login: RUT validation + IP allowlist check
- docs/diagrams/LAN_IP_FLOW.md — LAN IP management: RegisterLAN, AssignLANIP, RevokeLANIP, GetLANIPs, UnregisterLAN
Integration
// main.go — application setup
// 1. Configure site (DB shared with user via applyUser internally)
site.SetDB(db)
site.SetUserID(extractUserID) // reads session cookie, calls user.GetSession
site.CreateRole('a', "Admin", "full access")
// 2. Configure user via Config struct (all optional, zero values = defaults)
site.SetUserConfig(user.Config{
SessionCookieName: "s", // default: "session"
SessionTTL: 86400, // default: 86400 (24h)
TrustProxy: true, // default: false
OAuthProviders: []user.OAuthProvider{
&user.GoogleProvider{
ClientID: os.Getenv("GOOGLE_CLIENT_ID"),
ClientSecret: os.Getenv("GOOGLE_CLIENT_SECRET"),
RedirectURL: "https://example.com/oauth/callback",
},
},
})
// 3. Register user modules alongside app modules
site.RegisterHandlers(
user.LoginModule, // /login — handles auth end-to-end (validate → login → session → cookie)
user.RegisterModule, // /register
user.ProfileModule, // /profile
user.LANModule, // /lan
user.OAuthCallback, // /oauth/callback
&myapp.Dashboard{},
)
site.Serve(":8080")
// site.Serve internally calls: applyUser() → user.Init(dbExecutor, cfg)
// After user registration/OAuth, assign default role:
// site.AssignRole(u.ID, 'v')
Status
Implementation pending. Documentation complete.
Documentation
¶
Overview ¶
Code generated by ormc; DO NOT EDIT. NOTE: Schema() and Values() must always be in the same field order. String PK: set via github.com/tinywasm/unixid before calling db.Create().
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( LoginModule *loginModule RegisterModule *registerModule ProfileModule *profileModule LANModule *lanModule OAuthCallback *oauthModule )
View Source
var ( ErrInvalidCredentials = fmt.Err("access", "denied") // EN: Access Denied / ES: Acceso Denegado ErrSuspended = fmt.Err("user", "suspended") // EN: User Suspended / ES: Usuario Suspendido ErrEmailTaken = fmt.Err("email", "registered") // EN: Email Registered / ES: Correo electrónico Registrado ErrWeakPassword = fmt.Err("password", "weak") // EN: Password Weak / ES: Contraseña Débil ErrSessionExpired = fmt.Err("token", "expired") // EN: Token Expired / ES: Token Expirado ErrNotFound = fmt.Err("user", "not", "found") // EN: User Not Found / ES: Usuario No Encontrado ErrProviderNotFound = fmt.Err("provider", "not", "found") // EN: Provider Not Found / ES: Proveedor No Encontrado ErrInvalidOAuthState = fmt.Err("state", "invalid") // EN: State Invalid / ES: Estado Inválido ErrCannotUnlink = fmt.Err("identity", "cannot", "unlink") // EN: Identity Cannot Unlink / ES: Identidad No puede Desvincular ErrInvalidRUT = fmt.Err("rut", "invalid") // EN: Rut Invalid / ES: Rut Inválido ErrRUTTaken = fmt.Err("rut", "registered") // EN: Rut Registered / ES: Rut Registrado ErrIPTaken = fmt.Err("ip", "registered") // EN: Ip Registered / ES: Ip Registrado )
View Source
var IdentityMeta = struct { TableName string ID string UserID string Provider string ProviderID string Email string CreatedAt string }{ TableName: "user_identities", ID: "id", UserID: "user_id", Provider: "provider", ProviderID: "provider_id", Email: "email", CreatedAt: "created_at", }
View Source
var LANIPMeta = struct { TableName string ID string UserID string IP string Label string CreatedAt string }{ TableName: "user_lan_ips", ID: "id", UserID: "user_id", IP: "ip", Label: "label", CreatedAt: "created_at", }
View Source
var OAuthStateMeta = struct { TableName string State string Provider string ExpiresAt string CreatedAt string }{ TableName: "user_oauth_states", State: "state", Provider: "provider", ExpiresAt: "expires_at", CreatedAt: "created_at", }
View Source
var PermissionMeta = struct { TableName string ID string Name string Resource string Action string }{ TableName: "rbac_permissions", ID: "id", Name: "name", Resource: "resource", Action: "action", }
View Source
var RoleMeta = struct { TableName string ID string Code string Name string Description string }{ TableName: "rbac_roles", ID: "id", Code: "code", Name: "name", Description: "description", }
View Source
var RolePermissionMeta = struct { TableName string RoleID string PermissionID string }{ TableName: "rbac_role_permissions", RoleID: "role_id", PermissionID: "permission_id", }
View Source
var SessionMeta = struct { TableName string ID string UserID string ExpiresAt string IP string UserAgent string CreatedAt string }{ TableName: "user_sessions", ID: "id", UserID: "user_id", ExpiresAt: "expires_at", IP: "ip", UserAgent: "user_agent", CreatedAt: "created_at", }
View Source
var UserMeta = struct { TableName string ID string Email string Name string Phone string Status string CreatedAt string }{ TableName: "users", ID: "id", Email: "email", Name: "name", Phone: "phone", Status: "status", CreatedAt: "created_at", }
View Source
var UserRoleMeta = struct { TableName string UserID string RoleID string }{ TableName: "rbac_user_roles", UserID: "user_id", RoleID: "role_id", }
Functions ¶
func SessionCookieName ¶ added in v0.0.2
func SessionCookieName() string
Types ¶
type Config ¶ added in v0.0.2
type Config struct {
SessionCookieName string // default: "session"
SessionTTL int // default: 86400 (24h)
TrustProxy bool // default: false
OAuthProviders []OAuthProvider
}
type Identity ¶ added in v0.0.2
type Identity struct {
ID string `json:"id" db:"pk"`
UserID string `json:"user_id" db:"ref=users"`
Provider string `json:"provider"`
ProviderID string `json:"provider_id"`
Email string `json:"email,omitempty"`
CreatedAt int64 `json:"created_at"`
}
Identity
func ReadOneIdentity ¶ added in v0.0.6
type LANIP ¶ added in v0.0.6
type LANIP struct {
ID string `json:"id" db:"pk"`
UserID string `json:"user_id" db:"ref=users"`
IP string `json:"ip"`
Label string `json:"label"`
CreatedAt int64 `json:"created_at"`
}
LANIP
type LoginData ¶ added in v0.0.2
LoginData is validated by LoginModule on both frontend and backend.
type OAuthProvider ¶ added in v0.0.2
type OAuthState ¶ added in v0.0.6
type OAuthState struct {
State string `json:"state" db:"pk"`
Provider string `json:"provider"`
ExpiresAt int64 `json:"expires_at"`
CreatedAt int64 `json:"created_at"`
}
OAuthState
func ReadAllOAuthState ¶ added in v0.0.6
func ReadAllOAuthState(qb *orm.QB) ([]*OAuthState, error)
func ReadOneOAuthState ¶ added in v0.0.6
func ReadOneOAuthState(qb *orm.QB, model *OAuthState) (*OAuthState, error)
func (*OAuthState) Pointers ¶ added in v0.0.6
func (m *OAuthState) Pointers() []any
func (*OAuthState) Schema ¶ added in v0.0.6
func (m *OAuthState) Schema() []orm.Field
func (OAuthState) TableName ¶ added in v0.0.6
func (OAuthState) TableName() string
func (*OAuthState) Values ¶ added in v0.0.6
func (m *OAuthState) Values() []any
type OAuthUserInfo ¶ added in v0.0.2
type PasswordData ¶ added in v0.0.2
PasswordData is validated by ProfileModule (password change sub-form).
type Permission ¶ added in v0.0.6
type Permission struct {
ID string `json:"id" db:"pk"`
Name string `json:"name"`
Resource string `json:"resource"`
Action string `json:"action"`
}
Permission
func ReadAllPermission ¶ added in v0.0.6
func ReadAllPermission(qb *orm.QB) ([]*Permission, error)
func ReadOnePermission ¶ added in v0.0.6
func ReadOnePermission(qb *orm.QB, model *Permission) (*Permission, error)
func (*Permission) Pointers ¶ added in v0.0.6
func (m *Permission) Pointers() []any
func (*Permission) Schema ¶ added in v0.0.6
func (m *Permission) Schema() []orm.Field
func (Permission) TableName ¶ added in v0.0.6
func (Permission) TableName() string
func (*Permission) Values ¶ added in v0.0.6
func (m *Permission) Values() []any
type ProfileData ¶ added in v0.0.2
ProfileData is validated by ProfileModule (name/phone update).
type RegisterData ¶ added in v0.0.2
RegisterData is validated by RegisterModule.
type Role ¶ added in v0.0.6
type Role struct {
ID string `json:"id" db:"pk"`
Code string `json:"code"`
Name string `json:"name"`
Description string `json:"description"`
}
Role
type RolePermission ¶ added in v0.0.6
type RolePermission struct {
RoleID string `json:"role_id"`
PermissionID string `json:"permission_id"`
}
RolePermission
func ReadAllRolePermission ¶ added in v0.0.6
func ReadAllRolePermission(qb *orm.QB) ([]*RolePermission, error)
func ReadOneRolePermission ¶ added in v0.0.6
func ReadOneRolePermission(qb *orm.QB, model *RolePermission) (*RolePermission, error)
func (*RolePermission) Pointers ¶ added in v0.0.6
func (m *RolePermission) Pointers() []any
func (*RolePermission) Schema ¶ added in v0.0.6
func (m *RolePermission) Schema() []orm.Field
func (RolePermission) TableName ¶ added in v0.0.6
func (RolePermission) TableName() string
func (*RolePermission) Values ¶ added in v0.0.6
func (m *RolePermission) Values() []any
type Session ¶ added in v0.0.2
type Session struct {
ID string `json:"id" db:"pk"`
UserID string `json:"user_id" db:"ref=users"`
ExpiresAt int64 `json:"expires_at"`
IP string `json:"ip,omitempty"`
UserAgent string `json:"user_agent,omitempty"`
CreatedAt int64 `json:"created_at"`
}
Session
func ReadOneSession ¶ added in v0.0.6
type User ¶
type User struct {
ID string `json:"id" db:"pk"`
Email string `json:"email,omitempty" db:"unique"`
Name string `json:"name"`
Phone string `json:"phone,omitempty"`
Status string `json:"status"` // "active", "suspended"
CreatedAt int64 `json:"created_at"`
Roles []Role `json:"roles,omitempty" db:"-"`
Permissions []Permission `json:"permissions,omitempty" db:"-"`
}
User
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.