Documentation
¶
Index ¶
Constants ¶
View Source
const ( // AuditActorTypeUser identifies a regular user as the audit actor. AuditActorTypeUser = "user" // AuditActorTypeAdmin identifies an admin as the audit actor. AuditActorTypeAdmin = "admin" )
Audit actor type constants identify who performed an auditable action.
View Source
const ( // AuditResourceTypeUser represents a user entity. AuditResourceTypeUser = "user" // AuditResourceTypeSession represents a user session. AuditResourceTypeSession = "session" // AuditResourceTypeAdminSession represents an admin session. AuditResourceTypeAdminSession = "admin_session" // AuditResourceTypeWebhook represents a webhook entity. AuditResourceTypeWebhook = "webhook" // AuditResourceTypeEmailTemplate represents an email template entity. AuditResourceTypeEmailTemplate = "email_template" // AuditResourceTypeToken represents an auth token. AuditResourceTypeToken = "token" )
Audit resource type constants identify the type of resource affected by an auditable action.
View Source
const ( // AuditLoginSuccessEvent is logged when a user successfully authenticates. AuditLoginSuccessEvent = "user.login_success" // AuditLoginFailedEvent is logged when a user authentication attempt fails. AuditLoginFailedEvent = "user.login_failed" // AuditSignupEvent is logged when a new user registers. AuditSignupEvent = "user.signup" // AuditLogoutEvent is logged when a user logs out. AuditLogoutEvent = "user.logout" // AuditPasswordChangedEvent is logged when a user changes their password. AuditPasswordChangedEvent = "user.password_changed" // AuditPasswordResetEvent is logged when a user resets their password via token or OTP. AuditPasswordResetEvent = "user.password_reset" // AuditForgotPasswordEvent is logged when a user requests a password reset. AuditForgotPasswordEvent = "user.forgot_password_requested" // AuditMagicLinkRequestedEvent is logged when a user requests a magic link login. AuditMagicLinkRequestedEvent = "user.magic_link_requested" // AuditEmailVerifiedEvent is logged when a user's email is verified. AuditEmailVerifiedEvent = "user.email_verified" // AuditPhoneVerifiedEvent is logged when a user's phone number is verified. AuditPhoneVerifiedEvent = "user.phone_verified" // AuditMFAEnabledEvent is logged when a user enables multi-factor authentication. AuditMFAEnabledEvent = "user.mfa_enabled" // AuditMFADisabledEvent is logged when a user disables multi-factor authentication. AuditMFADisabledEvent = "user.mfa_disabled" // AuditProfileUpdatedEvent is logged when a user updates their profile. AuditProfileUpdatedEvent = "user.profile_updated" // AuditUserDeactivatedEvent is logged when a user deactivates their account. AuditUserDeactivatedEvent = "user.deactivated" // AuditOTPResentEvent is logged when an OTP is resent to a user. AuditOTPResentEvent = "user.otp_resent" // AuditVerifyEmailResentEvent is logged when a verification email is resent. AuditVerifyEmailResentEvent = "user.verify_email_resent" // AuditAdminLoginSuccessEvent is logged when an admin successfully authenticates. AuditAdminLoginSuccessEvent = "admin.login_success" // AuditAdminLoginFailedEvent is logged when an admin authentication attempt fails. AuditAdminLoginFailedEvent = "admin.login_failed" // AuditAdminLogoutEvent is logged when an admin logs out. AuditAdminLogoutEvent = "admin.logout" // AuditAdminUserCreatedEvent is logged when an admin creates a user. AuditAdminUserCreatedEvent = "admin.user_created" // AuditAdminUserUpdatedEvent is logged when an admin updates a user. AuditAdminUserUpdatedEvent = "admin.user_updated" // AuditAdminUserDeletedEvent is logged when an admin deletes a user. AuditAdminUserDeletedEvent = "admin.user_deleted" // AuditAdminAccessRevokedEvent is logged when an admin revokes a user's access. AuditAdminAccessRevokedEvent = "admin.access_revoked" // AuditAdminAccessEnabledEvent is logged when an admin restores a user's access. AuditAdminAccessEnabledEvent = "admin.access_enabled" // AuditAdminInviteSentEvent is logged when an admin sends a user invitation. AuditAdminInviteSentEvent = "admin.invite_sent" // AuditAdminConfigChangedEvent is logged when an admin modifies server configuration. AuditAdminConfigChangedEvent = "admin.config_changed" // AuditAdminWebhookCreatedEvent is logged when an admin creates a webhook. AuditAdminWebhookCreatedEvent = "admin.webhook_created" // AuditAdminWebhookUpdatedEvent is logged when an admin updates a webhook. AuditAdminWebhookUpdatedEvent = "admin.webhook_updated" // AuditAdminWebhookDeletedEvent is logged when an admin deletes a webhook. AuditAdminWebhookDeletedEvent = "admin.webhook_deleted" // AuditAdminEmailTemplateCreatedEvent is logged when an admin creates an email template. AuditAdminEmailTemplateCreatedEvent = "admin.email_template_created" // AuditAdminEmailTemplateUpdatedEvent is logged when an admin updates an email template. AuditAdminEmailTemplateUpdatedEvent = "admin.email_template_updated" // AuditAdminEmailTemplateDeletedEvent is logged when an admin deletes an email template. AuditAdminEmailTemplateDeletedEvent = "admin.email_template_deleted" // AuditOAuthLoginInitiatedEvent is logged when an OAuth login flow is started. AuditOAuthLoginInitiatedEvent = "oauth.login_initiated" // AuditOAuthCallbackSuccessEvent is logged when an OAuth callback completes successfully. AuditOAuthCallbackSuccessEvent = "oauth.callback_success" // AuditOAuthCallbackFailedEvent is logged when an OAuth callback fails. AuditOAuthCallbackFailedEvent = "oauth.callback_failed" // AuditTokenIssuedEvent is logged when a new token is issued. AuditTokenIssuedEvent = "token.issued" // AuditTokenRefreshedEvent is logged when a token is refreshed. AuditTokenRefreshedEvent = "token.refreshed" // AuditTokenRevokedEvent is logged when a token is revoked. AuditTokenRevokedEvent = "token.revoked" // AuditSessionCreatedEvent is logged when a new session is created. AuditSessionCreatedEvent = "session.created" // AuditSessionTerminatedEvent is logged when a session is terminated. AuditSessionTerminatedEvent = "session.terminated" )
Audit event type constants used for structured audit logging. Each constant represents a specific auditable action in the system, organized by domain: user authentication, admin operations, OAuth, token lifecycle, and session management.
View Source
const ( // AuthRecipeMethodBasicAuth is the basic_auth auth method AuthRecipeMethodBasicAuth = "basic_auth" // AuthRecipeMethodMobileBasicAuth is the mobile basic_auth method, where user can signup using mobile number and password AuthRecipeMethodMobileBasicAuth = "mobile_basic_auth" // AuthRecipeMethodMagicLinkLogin is the magic_link_login auth method AuthRecipeMethodMagicLinkLogin = "magic_link_login" // AuthRecipeMethodMobileOTP is the mobile_otp auth method AuthRecipeMethodMobileOTP = "mobile_otp" // AuthRecipeMethodGoogle is the google auth method AuthRecipeMethodGoogle = "google" // AuthRecipeMethodGithub is the github auth method AuthRecipeMethodGithub = "github" // AuthRecipeMethodFacebook is the facebook auth method AuthRecipeMethodFacebook = "facebook" // AuthRecipeMethodLinkedin is the linkedin auth method AuthRecipeMethodLinkedIn = "linkedin" // AuthRecipeMethodApple is the apple auth method AuthRecipeMethodApple = "apple" // AuthRecipeMethodDiscord is the discord auth method AuthRecipeMethodDiscord = "discord" // AuthRecipeMethodTwitter is the twitter auth method AuthRecipeMethodTwitter = "twitter" // AuthRecipeMethodMicrosoft is the microsoft auth method AuthRecipeMethodMicrosoft = "microsoft" // AuthRecipeMethodTwitch is the twitch auth method AuthRecipeMethodTwitch = "twitch" // AuthRecipeMethodRoblox is the roblox auth method AuthRecipeMethodRoblox = "roblox" )
View Source
const ( // AppCookieName is the name of the cookie that is used to store the application token AppCookieName = "cookie" // AdminCookieName is the name of the cookie that is used to store the admin token AdminCookieName = "authorizer-admin" // MfaCookieName is the name of the cookie that is used to store the mfa session MfaCookieName = "mfa" )
View Source
const ( // DbTypePostgres is the postgres database type DbTypePostgres = "postgres" // DbTypeSqlite is the sqlite database type DbTypeSqlite = "sqlite" // DbTypeLibSQL is the libsql / Turso database type DbTypeLibSQL = "libsql" // DbTypeMysql is the mysql database type DbTypeMysql = "mysql" // DbTypeSqlserver is the sqlserver database type DbTypeSqlserver = "sqlserver" // DbTypeYugabyte is the yugabyte database type DbTypeYugabyte = "yugabyte" // DbTypeMariaDB is the mariadb database type DbTypeMariaDB = "mariadb" // DbTypePlanetScaleDB is the planetscale database type DbTypePlanetScaleDB = "planetscale" // DbTypeCockroachDB is the cockroach database type DbTypeCockroachDB = "cockroachdb" // DbTypeArangoDB is the arangodb database type DbTypeArangoDB = "arangodb" // DbTypeMongoDB is the mongodb database type DbTypeMongoDB = "mongodb" // DbTypeCassandraDB is the cassandra database type DbTypeCassandraDB = "cassandradb" // DbTypeScyllaDB is the scylla database type DbTypeScyllaDB = "scylladb" // DbTypeDynamoDB is the Dynamo database type DbTypeDynamoDB = "dynamodb" // DbTypeCouchbaseDB is the Couchbase database type DbTypeCouchbaseDB = "couchbase" )
View Source
const ( // - query: for Authorization Code grant. 302 Found triggers redirect. ResponseModeQuery = "query" // - fragment: for Implicit grant. 302 Found triggers redirect. ResponseModeFragment = "fragment" // - form_post: 200 OK with response parameters embedded in an HTML form as hidden parameters. ResponseModeFormPost = "form_post" // - web_message: For Silent Authentication. Uses HTML5 web messaging. ResponseModeWebMessage = "web_message" // For the Authorization Code grant, use response_type=code to include the authorization code. ResponseTypeCode = "code" // For the Implicit grant, use response_type=token to include an access token. ResponseTypeToken = "token" // For the Implicit grant of id_token, use response_type=id_token to include an identifier token. ResponseTypeIDToken = "id_token" // Constant indicating the "signup" screen hint for customizing authentication process and redirect to a signup page. ScreenHintSignUp = "signup" )
View Source
const ( // Ref: https://github.com/qor/auth/blob/master/providers/google/google.go // deprecated and not used. instead we follow open id approach for google login GoogleUserInfoURL = "https://www.googleapis.com/oauth2/v3/userinfo" // Ref: https://github.com/qor/auth/blob/master/providers/facebook/facebook.go#L18 FacebookUserInfoURL = "https://graph.facebook.com/me?fields=id,first_name,last_name,name,email,picture&access_token=" // Ref: https://docs.github.com/en/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps#3-your-github-app-accesses-the-api-with-the-users-access-token GithubUserInfoURL = "https://api.github.com/user" // Get github user emails when user info email is empty Ref: https://stackoverflow.com/a/35387123 GithubUserEmails = "https://api.github.com/user/emails" // Ref: https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/profile-api LinkedInUserInfoURL = "" /* 142-byte string literal not displayed */ LinkedInEmailURL = "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))" TwitterUserInfoURL = "https://api.twitter.com/2/users/me?user.fields=id,name,profile_image_url,username" // RobloxUserInfoURL is the URL to get user info from Roblox RobloxUserInfoURL = "https://apis.roblox.com/oauth/v1/userinfo" DiscordUserInfoURL = "https://discord.com/api/oauth2/@me" // Get microsoft user info. // Ref: https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo MicrosoftUserInfoURL = "https://graph.microsoft.com/oidc/userinfo" )
View Source
const ( // TokenTypeRefreshToken is the refresh_token token type TokenTypeRefreshToken = "refresh_token" // TokenTypeAccessToken is the access_token token type TokenTypeAccessToken = "access_token" // TokenTypeIdentityToken is the identity_token token type TokenTypeIdentityToken = "id_token" // TokenTypeSessionToken is the session_token type used for browser session TokenTypeSessionToken = "session_token" )
View Source
const ( // VerificationTypeBasicAuthSignup is the basic_auth_signup verification type VerificationTypeBasicAuthSignup = "basic_auth_signup" // VerificationTypeMagicLinkLogin is the magic_link_login verification type VerificationTypeMagicLinkLogin = "magic_link_login" // VerificationTypeUpdateEmail is the update_email verification type VerificationTypeUpdateEmail = "update_email" // VerificationTypeForgotPassword is the forgot_password verification type VerificationTypeForgotPassword = "forgot_password" // VerificationTypeInviteMember is the invite_member verification type VerificationTypeInviteMember = "invite_member" // VerificationTypeOTP is the otp verification type VerificationTypeOTP = "verify_otp" )
View Source
const ( // UserLoginWebhookEvent name for login event UserLoginWebhookEvent = `user.login` // UserCreatedWebhookEvent name for user creation event // This is triggered when user entry is created but still not verified UserCreatedWebhookEvent = `user.created` // UserSignUpWebhookEvent name for signup event UserSignUpWebhookEvent = `user.signup` // UserAccessRevokedWebhookEvent name for user access revoke event UserAccessRevokedWebhookEvent = `user.access_revoked` // UserAccessEnabledWebhookEvent name for user access enable event UserAccessEnabledWebhookEvent = `user.access_enabled` // UserDeletedWebhookEvent name for user deleted event UserDeletedWebhookEvent = `user.deleted` // UserDeactivatedWebhookEvent name for user deactivated event UserDeactivatedWebhookEvent = `user.deactivated` )
View Source
const (
// EnvKeyTOTPAuthenticator key for env variable TOTP
EnvKeyTOTPAuthenticator = "totp"
)
Authenticators Methods
View Source
const (
// TestEnv is used for testing
TestEnv = "test"
)
Variables ¶
View Source
var DefaultLimit = 10
DefaultLimit is the default limit for pagination
View Source
var VERSION = "0.0.1"
View Source
var ( // VerificationTypes is slice of all verification types VerificationTypes = []string{ VerificationTypeBasicAuthSignup, VerificationTypeMagicLinkLogin, VerificationTypeUpdateEmail, VerificationTypeForgotPassword, VerificationTypeInviteMember, } )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.