controllers

package
v0.0.0-...-73ceaf7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 16, 2025 License: MPL-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccountsController 

type AccountsController struct {
	// contains filtered or unexported fields
}

func NewAccountsController 

func NewAccountsController(opaqueService *services.OpaqueService, jwtService *services.JWTService, twoFAService *services.TwoFAService, ds *datastore.Datastore, verificationService *services.VerificationService, sesService services.SES) *AccountsController

func (*AccountsController) DeleteAccount 

func (ac *AccountsController) DeleteAccount(w http.ResponseWriter, r *http.Request)

@Summary Delete account @Description Deletes the authenticated account and all associated data @Tags Accounts @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Success 204 "No Content" @Failure 401 {object} util.ErrorResponse @Failure 403 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts [delete]

func (*AccountsController) DeleteRecoveryKey 

func (ac *AccountsController) DeleteRecoveryKey(w http.ResponseWriter, r *http.Request)

@Summary Delete 2FA recovery key @Description Deletes the 2FA recovery key for the account @Tags Accounts @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Success 204 "No Content" @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts/2fa/recovery [delete]

func (*AccountsController) DisableTOTP 

func (ac *AccountsController) DisableTOTP(w http.ResponseWriter, r *http.Request)

@Summary Disable TOTP 2FA @Description Disables TOTP 2FA for the account and deletes the associated TOTP key @Tags Accounts @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Success 204 "No Content" @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts/2fa/totp [delete]

func (*AccountsController) GetTwoFASettings 

func (ac *AccountsController) GetTwoFASettings(w http.ResponseWriter, r *http.Request)

@Summary Get 2FA settings @Description Returns the 2FA methods enabled for the authenticated account and related timestamps @Tags Accounts @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Success 200 {object} datastore.TwoFADetails @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts/2fa [get]

func (*AccountsController) RegenerateRecoveryKey 

func (ac *AccountsController) RegenerateRecoveryKey(w http.ResponseWriter, r *http.Request)

@Summary Regenerate 2FA recovery key @Description Generates a new 2FA recovery key for the account, replacing any existing key @Tags Accounts @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Success 200 {object} RecoveryKeyResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts/2fa/recovery [post]

func (*AccountsController) Router 

func (ac *AccountsController) Router(verificationMiddleware func(http.Handler) http.Handler, optionalVerificationMiddleware func(http.Handler) http.Handler, authMiddleware func(http.Handler) http.Handler, accountDeletionEnabled bool) chi.Router

func (*AccountsController) SetupPasswordFinalize 

func (ac *AccountsController) SetupPasswordFinalize(w http.ResponseWriter, r *http.Request)

@Summary Finalize password setup @Description Complete the password setup process and return auth token. @Description Either `publicKey`, `maskingKey` and `envelope` must be provided together, @Description or `serializedRecord` must be provided. @Tags Accounts @Accept json @Produce json @Param Authorization header string true "Bearer + verification token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param request body RegistrationRecord true "Registration record" @Success 200 {object} PasswordFinalizeResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 403 {object} util.ErrorResponse @Failure 404 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts/password/finalize [post]

func (*AccountsController) SetupPasswordFinalize2FA 

func (ac *AccountsController) SetupPasswordFinalize2FA(w http.ResponseWriter, r *http.Request)

@Summary Finalize password setup with 2FA @Description Complete the password setup process after 2FA verification. If a recovery key is used, 2FA will be disabled. @Tags Accounts @Accept json @Produce json @Param Authorization header string true "Bearer + verification token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param request body services.TwoFAAuthRequest true "2FA verification request" @Success 200 {object} RegistrationFinalize2FAResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts/password/finalize_2fa [post]

func (*AccountsController) SetupPasswordInit 

func (ac *AccountsController) SetupPasswordInit(w http.ResponseWriter, r *http.Request)

@Summary Initialize password setup @Description Start the password setup process using OPAQUE protocol. @Description If `serializeResponse` is set to true, the `serializedResponse` field will be populated @Description in the response, with other fields omitted. @Description Either provide a verification token for resetting/changing password OR include `newAccountEmail` for new account creation. @Tags Accounts @Accept json @Produce json @Param Authorization header string false "Bearer + verification token (optional if newAccountEmail is provided)" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param request body RegistrationRequest true "Registration request" @Success 200 {object} RegistrationResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 403 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts/password/init [post]

func (*AccountsController) SetupTOTPFinalize 

func (ac *AccountsController) SetupTOTPFinalize(w http.ResponseWriter, r *http.Request)

@Summary Finalize TOTP 2FA setup @Description Complete the TOTP 2FA setup process by validating a TOTP code and enabling 2FA for the account. @Tags Accounts @Accept json @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param request body TwoFAFinalizeRequest true "2FA finalization request" @Success 200 {object} TwoFAFinalizeResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts/2fa/totp/finalize [post]

func (*AccountsController) SetupTOTPInit 

func (ac *AccountsController) SetupTOTPInit(w http.ResponseWriter, r *http.Request)

@Summary Initialize TOTP 2FA setup @Description Start the TOTP 2FA setup process by generating a TOTP key and URL. @Description Optionally generates a QR code if requested. @Tags Accounts @Accept json @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param request body TwoFAInitRequest true "2FA initialization request" @Success 200 {object} TwoFAInitResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/accounts/2fa/totp/init [post]

type AuthController 

type AuthController struct {
	// contains filtered or unexported fields
}

func NewAuthController 

func NewAuthController(opaqueService *services.OpaqueService, jwtService *services.JWTService, twoFAService *services.TwoFAService, ds *datastore.Datastore, sesService services.SES) *AuthController

func (*AuthController) CreateServiceToken 

func (ac *AuthController) CreateServiceToken(w http.ResponseWriter, r *http.Request)

@Summary Create service token @Description Creates a new auth token for a specifc service using the current session @Tags Auth @Accept json @Produce json @Param Authorization header string true "Bearer + auth token" @Param request body CreateServiceTokenRequest true "Service token request" @Success 200 {object} CreateServiceTokenResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 403 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/auth/service_token [post]

func (*AuthController) LoginFinalize 

func (ac *AuthController) LoginFinalize(w http.ResponseWriter, r *http.Request)

@Summary Finalize login @Description Final step of login flow, verifies KE3 message and creates session or prompts for 2FA. @Tags Auth @Accept json @Produce json @Param Authorization header string true "Bearer + login state token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param request body LoginFinalizeRequest true "login finalize request" @Success 200 {object} LoginFinalizeResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/auth/login/finalize [post]

func (*AuthController) LoginFinalize2FA 

func (ac *AuthController) LoginFinalize2FA(w http.ResponseWriter, r *http.Request)

@Summary Finalize login with 2FA @Description Final step of 2FA login flow, verifies TOTP code or recovery key and creates a session. If a recovery key is used, 2FA will be disabled. @Tags Auth @Accept json @Produce json @Param Authorization header string true "Bearer + login state token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param request body services.TwoFAAuthRequest true "2FA verification request" @Success 200 {object} LoginFinalize2FAResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/auth/login/finalize_2fa [post]

func (*AuthController) LoginInit 

func (ac *AuthController) LoginInit(w http.ResponseWriter, r *http.Request)

@Summary Initialize login @Description First step of OPAQUE login flow, generates KE2 message. @Description Either `blindedMessage`, `clientEphemeralPublicKey` and `clientNonce` must be provided together, @Description or `serializedKE1` must be provided. @Description If the latter is provided, `serializedKE2` will be included in the response with other @Description KE2 fields omitted. @Tags Auth @Accept json @Produce json @Param request body LoginInitRequest true "login init request" @Param Brave-Key header string false "Brave services key (if one is configured)" @Success 200 {object} LoginInitResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/auth/login/init [post]

func (*AuthController) Router 

func (ac *AuthController) Router(authMiddleware func(http.Handler) http.Handler, validateAuthMiddleware func(http.Handler) http.Handler, passwordAuthEnabled bool) chi.Router

func (*AuthController) Validate 

func (ac *AuthController) Validate(w http.ResponseWriter, r *http.Request)

@Summary Validate auth token @Description Validates an auth token and returns session details @Tags Auth @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Success 200 {object} ValidateTokenResponse @Failure 401 {object} util.ErrorResponse @Failure 403 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/auth/validate [get]

type CreateServiceTokenRequest 

type CreateServiceTokenRequest struct {
	// Service is the name of the service for which to create the token
	Service string `json:"service" validate:"required,oneof=email-aliases sync premium"`
}

CreateServiceTokenRequest represents the request body for creating a service token

type CreateServiceTokenResponse 

type CreateServiceTokenResponse struct {
	// AuthToken is the JWT token created for the requested service
	AuthToken string `json:"authToken"`
}

CreateServiceTokenResponse represents the response body containing the generated service token

type JWTCreateRequest 

type JWTCreateRequest struct {
	// Claims represents the JWT claims to be included in the token
	Claims map[string]interface{} `json:"claims" validate:"required"`
}

JWTCreateRequest represents the request body for creating a JWT token

type JWTCreateResponse 

type JWTCreateResponse struct {
	// Token is the signed JWT token string
	Token string `json:"token"`
}

JWTCreateResponse represents the response body containing the created JWT token

type LoginFinalize2FAResponse 

type LoginFinalize2FAResponse struct {
	// Authentication token for future requests
	AuthToken string `json:"authToken"`
	// Indicates to the client that 2FA was disabled as a result of using a recovery
	// key (and should probably lead to the user being invited to re-enable 2FA)
	TwoFADisabled bool `json:"twoFADisabled"`
}

@Description Response after successful 2FA verification and login

type LoginFinalizeRequest 

type LoginFinalizeRequest struct {
	// Client MAC of KE3
	Mac *string `json:"clientMac" validate:"required"`
}

@Description Request to finalize login

func (*LoginFinalizeRequest) ToOpaqueKE3 

func (req *LoginFinalizeRequest) ToOpaqueKE3(opaqueService *services.OpaqueService) (*opaqueMsg.KE3, error)

type LoginFinalizeResponse 

type LoginFinalizeResponse struct {
	// Authentication token for future requests
	AuthToken *string `json:"authToken"`
	// Indicates if 2FA verification is required before authentication is complete
	RequiresTwoFA bool `json:"requiresTwoFA"`
}

@Description Response containing auth token after successful login

type LoginInitRequest 

type LoginInitRequest struct {
	// Email address of the account
	Email string `json:"email" validate:"required,email,ascii" example:"test@example.com"`
	// Blinded message component of KE1
	BlindedMessage *string `json:"blindedMessage" validate:"required_without=SerializedKE1"`
	// Client ephemeral public key of KE1
	EpkU *string `json:"clientEphemeralPublicKey" validate:"required_without=SerializedKE1"`
	// Client nonce of KE1
	NonceU *string `json:"clientNonce" validate:"required_without=SerializedKE1"`
	// Serialized KE1 message
	SerializedKE1 *string `json:"serializedKE1" validate:"required_without_all=BlindedMessage EpkU NonceU"`
}

@Description Request for account login

func (*LoginInitRequest) ToOpaqueKE1 

func (req *LoginInitRequest) ToOpaqueKE1(opaqueService *services.OpaqueService) (*opaqueMsg.KE1, error)

type LoginInitResponse 

type LoginInitResponse struct {
	// Interim authentication token for future login finalization
	LoginToken string `json:"loginToken"`
	// Evaluated message component of KE2
	EvaluatedMessage *string `json:"evaluatedMessage,omitempty"`
	// Server masking nonce of KE2
	MaskingNonce *string `json:"maskingNonce,omitempty"`
	// Server masked response of KE2
	MaskedResponse *string `json:"maskedResponse,omitempty"`
	// Server ephemeral public key of KE2
	EpkS *string `json:"serverEphemeralPublicKey,omitempty"`
	// Server nonce of KE2
	NonceS *string `json:"serverNonce,omitempty"`
	// Server MAC of KE2
	Mac *string `json:"serverMac,omitempty"`
	// Serialized KE2 message
	SerializedKE2 *string `json:"serializedKE2,omitempty"`
}

@Description Response for account login

func FromOpaqueKE2 

func FromOpaqueKE2(opaqueResp *opaqueMsg.KE2, loginToken string, useBinary bool) (*LoginInitResponse, error)

type OPRFSeedRequest 

type OPRFSeedRequest struct {
	// CredentialIdentifier is the unique identifier used to derive the OPRF seed
	CredentialIdentifier string `json:"credentialIdentifier" validate:"required"`
	// SeedID optionally specifies which server OPRF seed to use (defaults to latest)
	SeedID *int `json:"seedId"`
}

OPRFSeedRequest represents the request body for deriving an OPRF client seed

type OPRFSeedResponse 

type OPRFSeedResponse struct {
	// ClientSeed is the hex-encoded derived OPRF client seed
	ClientSeed string `json:"clientSeed"`
	// SeedID is the ID of the server OPRF seed that was used
	SeedID int `json:"seedId"`
}

OPRFSeedResponse represents the response body containing the derived OPRF client seed

type PasswordFinalizeResponse 

type PasswordFinalizeResponse struct {
	// Authentication token (only present if resetting/changing password)
	AuthToken *string `json:"authToken"`
	// Indicates to the client whether 2FA verification will be required before password setup is complete
	RequiresTwoFA bool `json:"requiresTwoFA"`
	// Indicates to the client whether email verification will be required before password setup is complete
	RequiresEmailVerification bool `json:"requiresEmailVerification"`
	// Indicates to the client that sessions were invalidated (only applicable when changing password)
	SessionsInvalidated bool `json:"sessionsInvalidated"`
}

@Description Response for password setup or change

type RecoveryKeyResponse 

type RecoveryKeyResponse struct {
	// Secret key for disabling 2FA in the event the authenticator is lost
	RecoveryKey string `json:"recoveryKey"`
}

@Description Response for recovery key operations

type RegistrationFinalize2FAResponse 

type RegistrationFinalize2FAResponse struct {
	// Authentication token for future requests
	AuthToken *string `json:"authToken"`
	// Indicates to the client that 2FA was disabled as a result of using a recovery
	// key (and should probably lead to the user being invited to re-enable 2FA)
	TwoFADisabled bool `json:"twoFADisabled"`
	// Indicates to the client that sessions were invalidated (only applicable when changing password)
	SessionsInvalidated bool `json:"sessionsInvalidated"`
}

@Description Response after successful 2FA verification for password setup

type RegistrationRecord 

type RegistrationRecord struct {
	// Public key of registation record
	PublicKey *string `json:"publicKey" validate:"required_without=SerializedRecord"`
	// Masking key of registation record
	MaskingKey *string `json:"maskingKey" validate:"required_without=SerializedRecord"`
	// Envelope of registation record
	Envelope *string `json:"envelope" validate:"required_without=SerializedRecord"`
	// Serialized registration record
	SerializedRecord *string `json:"serializedRecord" validate:"required_without_all=PublicKey MaskingKey Envelope"`
	// Locale for verification email
	Locale string `json:"locale" validate:"max=20" example:"en-US"`
	// Whether to invalidate existing sessions (only applicable when changing password)
	InvalidateSessions bool `json:"invalidateSessions"`
}

@Description OPAQUE registration record for a new account

func (*RegistrationRecord) ToOpaqueRecord 

func (rec *RegistrationRecord) ToOpaqueRecord(opaqueService *services.OpaqueService) (*opaqueMsg.RegistrationRecord, error)

type RegistrationRequest 

type RegistrationRequest struct {
	// Serialized OPAQUE registration request
	BlindedMessage string `json:"blindedMessage" validate:"required"`
	// Whether to serialize the response into binary/hex
	SerializeResponse bool `json:"serializeResponse"`
	// Email for new account creation (required if no verification token)
	NewAccountEmail *string `json:"newAccountEmail" validate:"omitempty,email"`
}

@Description Request to register a new account

func (*RegistrationRequest) ToOpaqueRequest 

func (req *RegistrationRequest) ToOpaqueRequest(opaqueService *services.OpaqueService) (*opaqueMsg.RegistrationRequest, error)

type RegistrationResponse 

type RegistrationResponse struct {
	// Evaluated message of the OPAQUE registration response
	EvaluatedMessage *string `json:"evaluatedMessage,omitempty"`
	// PKS of the OPAQUE registration response
	Pks *string `json:"pks,omitempty"`
	// Serialized OPAQUE registration response
	SerializedResponse *string `json:"serializedResponse,omitempty"`
	// JWT token for checking verification status (only present when registering a new account)
	VerificationToken *string `json:"verificationToken,omitempty"`
}

@Description Response for registering a new account

func FromOpaqueRegistrationResponse 

func FromOpaqueRegistrationResponse(opaqueResp *opaqueMsg.RegistrationResponse, useBinary bool) (*RegistrationResponse, error)

type ServerKeysController 

type ServerKeysController struct {
	// contains filtered or unexported fields
}

func NewServerKeysController 

func NewServerKeysController(opaqueService *services.OpaqueService, jwtService *services.JWTService, twoFAService *services.TwoFAService) *ServerKeysController

func (*ServerKeysController) CreateJWT 

func (sc *ServerKeysController) CreateJWT(w http.ResponseWriter, r *http.Request)

@Summary Create JWT @Description Creates a JWT with provided claims using server signing key @Tags Server Keys (server-side use only) @Accept json @Produce json @Param Key-Service-Secret header string false "Key service secret" @Param request body JWTCreateRequest true "JWT claims" @Success 200 {object} JWTCreateResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/server_keys/jwt [post]

func (*ServerKeysController) CreateTOTPKey 

func (sc *ServerKeysController) CreateTOTPKey(w http.ResponseWriter, r *http.Request)

@Summary Create TOTP Key @Description Creates a TOTP key for an account using secure random generation @Tags Server Keys (server-side use only) @Accept json @Produce json @Param Key-Service-Secret header string false "Key service secret" @Param request body TOTPGenerateRequest true "TOTP key generation request" @Success 200 {object} TOTPGenerateResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/server_keys/totp [post]

func (*ServerKeysController) DeleteTOTPKey 

func (sc *ServerKeysController) DeleteTOTPKey(w http.ResponseWriter, r *http.Request)

@Summary Delete TOTP Key @Description Deletes a TOTP key for an account @Tags Server Keys (server-side use only) @Accept json @Produce json @Param Key-Service-Secret header string false "Key service secret" @Param accountId path string true "Account ID" @Success 204 "Success" @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 404 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/server_keys/totp/{accountId} [delete]

func (*ServerKeysController) DeriveOPRFKey 

func (sc *ServerKeysController) DeriveOPRFKey(w http.ResponseWriter, r *http.Request)

@Summary Derive OPRF Key @Description Derives an OPRF key using HKDF and the server OPRF seed @Tags Server Keys (server-side use only) @Accept json @Produce json @Param Key-Service-Secret header string false "Key service secret" @Param request body OPRFSeedRequest true "OPRF key derivation info" @Success 200 {object} OPRFSeedResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/server_keys/oprf_seed [post]

func (*ServerKeysController) Router 

func (sc *ServerKeysController) Router(keyServiceMiddleware func(http.Handler) http.Handler) chi.Router

func (*ServerKeysController) ValidateTOTPCode 

func (sc *ServerKeysController) ValidateTOTPCode(w http.ResponseWriter, r *http.Request)

@Summary Validate TOTP Code @Description Validates a TOTP code for an account @Tags Server Keys (server-side use only) @Accept json @Produce json @Param Key-Service-Secret header string false "Key service secret" @Param request body TOTPValidateRequest true "Validation request" @Success 204 "Success" @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 403 {object} util.ErrorResponse @Failure 404 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/server_keys/totp/validate [post]

type SessionsController 

type SessionsController struct {
	// contains filtered or unexported fields
}

func NewSessionsController 

func NewSessionsController(datastore *datastore.Datastore) *SessionsController

func (*SessionsController) DeleteSession 

func (sc *SessionsController) DeleteSession(w http.ResponseWriter, r *http.Request)

@Summary Delete session / log out @Description Deletes a specific session by ID @Tags Sessions @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param id path string true "Session ID (UUID)" @Success 204 "No Content" @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 404 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/sessions/{id} [delete]

func (*SessionsController) ListSessions 

func (sc *SessionsController) ListSessions(w http.ResponseWriter, r *http.Request)

@Summary List sessions @Description Lists all active sessions for the authenticated account @Tags Sessions @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Success 200 {array} datastore.Session @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/sessions [get]

func (*SessionsController) Router 

func (sc *SessionsController) Router(authMiddleware func(http.Handler) http.Handler) chi.Router

type TOTPGenerateRequest 

type TOTPGenerateRequest struct {
	// AccountID is the UUID of the account for which to generate/delete a TOTP key
	AccountID uuid.UUID `json:"accountId" validate:"required"`
	// Email is the email address for the account (used for TOTP generation)
	Email string `json:"email" validate:"required,email"`
}

TOTPGenerateRequest represents the request body for TOTP key operations

type TOTPGenerateResponse 

type TOTPGenerateResponse struct {
	// URI is the URI of the TOTP key QR code
	URI string `json:"uri"`
}

TOTPGenerateResponse represents the response body containing the generated TOTP key

type TOTPValidateRequest 

type TOTPValidateRequest struct {
	// AccountID is the UUID of the account to validate against
	AccountID uuid.UUID `json:"accountId" validate:"required"`
	// Code is the TOTP code to validate
	Code string `json:"code" validate:"required"`
}

TOTPValidateRequest represents the request body for validating a TOTP code

type TwoFAFinalizeRequest 

type TwoFAFinalizeRequest struct {
	// TOTP verification code
	Code string `json:"code" validate:"required,len=6"`
}

@Description Request to finalize 2FA setup

type TwoFAFinalizeResponse 

type TwoFAFinalizeResponse struct {
	// Recovery key for 2FA backup, only present when first enabling 2FA
	RecoveryKey *string `json:"recoveryKey"`
}

@Description Response for finalized 2FA setup

type TwoFAInitRequest 

type TwoFAInitRequest struct {
	// Whether to generate a QR code
	GenerateQR bool `json:"generateQR"`
}

@Description Request to initialize 2FA setup

type TwoFAInitResponse 

type TwoFAInitResponse struct {
	// TOTP URI for manual entry
	URI string `json:"uri"`
	// QR code as base64 encoded PNG (only if requested)
	QRCode *string `json:"qrCode,omitempty"`
}

@Description Response for 2FA initialization

type UserKey 

type UserKey struct {
	// Name identifies the type of key (wrapping_key or sync_enc_seed)
	Name string `json:"name"`
	// KeyMaterial contains the encrypted key data as hex bytes
	KeyMaterial string `json:"keyMaterial"`
	// UpdatedAt is the timestamp when the key was last updated
	UpdatedAt time.Time `json:"updatedAt"`
}

UserKey represents the HTTP response format for a key

func FromDBUserKey 

func FromDBUserKey(dbKey *datastore.DBUserKey) UserKey

FromDBUserKey converts a datastore.DBUserKey to a UserKey

type UserKeyStoreRequest 

type UserKeyStoreRequest struct {
	// Name identifies the type of key (wrapping_key or sync_enc_seed)
	Name string `json:"name" validate:"required,oneof=wrapping_key sync_enc_seed"`
	// KeyMaterial contains the encrypted key data as hex bytes
	KeyMaterial string `json:"keyMaterial" validate:"required,min=16,max=128"`
}

UserKey represents the HTTP request format for a key

func (*UserKeyStoreRequest) ToDBUserKey 

func (r *UserKeyStoreRequest) ToDBUserKey(accountID uuid.UUID) (*datastore.DBUserKey, error)

ToUserKey converts a UserKeyRequest to a UserKey

type UserKeysController 

type UserKeysController struct {
	// contains filtered or unexported fields
}

func NewUserKeysController 

func NewUserKeysController(ds *datastore.Datastore) *UserKeysController

func (*UserKeysController) GetKey 

func (uc *UserKeysController) GetKey(w http.ResponseWriter, r *http.Request)

@Summary Get user key @Description Get a specific key by name for the authenticated user @Tags User keys @Accept json @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param name path string true "Key name" @Success 200 {object} UserKey @Failure 401 {object} util.ErrorResponse @Failure 403 {object} util.ErrorResponse @Failure 404 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/keys/{name} [get]

func (*UserKeysController) ListKeys 

func (uc *UserKeysController) ListKeys(w http.ResponseWriter, r *http.Request)

@Summary List user keys @Description Get all keys for the authenticated user @Tags User keys @Accept json @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Success 200 {array} UserKey @Failure 401 {object} util.ErrorResponse @Failure 403 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/keys [get]

func (*UserKeysController) Router 

func (uc *UserKeysController) Router(authMiddleware func(http.Handler) http.Handler) chi.Router

func (*UserKeysController) SaveKey 

func (uc *UserKeysController) SaveKey(w http.ResponseWriter, r *http.Request)

@Summary Save user key @Description Save a new key or update existing key for the authenticated user @Tags User keys @Accept json @Produce json @Param Authorization header string true "Bearer + auth token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param key body UserKeyStoreRequest true "Key to save" @Success 204 "Key saved" @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 403 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/keys [post]

type ValidateTokenResponse 

type ValidateTokenResponse struct {
	// Email address associated with the account
	Email string `json:"email"`
	// UUID of the account
	AccountID string `json:"accountId"`
	// UUID of the session associated with the account
	SessionID string `json:"sessionId"`
	// Audience of the auth token
	Service string `json:"service"`
}

@Description Response containing validated token details

type VerificationController 

type VerificationController struct {
	// contains filtered or unexported fields
}

func NewVerificationController 

func NewVerificationController(datastore *datastore.Datastore, verificationService *services.VerificationService) *VerificationController

func (*VerificationController) EmailViewer 

func (vc *VerificationController) EmailViewer(w http.ResponseWriter, r *http.Request)

@Summary View sent emails in LocalStack SES @Description Retrieves and displays emails sent through LocalStack SES endpoint @Tags Development @Produce html @Success 200 {string} string "HTML page displaying emails" @Failure 500 {string} string "Internal Server Error" @Router /v2/verify/email_viewer [get]

func (*VerificationController) Router 

func (vc *VerificationController) Router(verificationAuthMiddleware func(http.Handler) http.Handler, servicesKeyMiddleware func(http.Handler) http.Handler, optionalAuthMiddleware func(http.Handler) http.Handler, devEndpointsEnabled bool) chi.Router

func (*VerificationController) VerifyComplete 

func (vc *VerificationController) VerifyComplete(w http.ResponseWriter, r *http.Request)

@Summary Complete email verification @Description Completes the email verification process @Tags Email verification @Accept json @Produce json @Param request body VerifyCompleteRequest true "Verify completion params" @Success 200 {object} VerifyCompleteResponse @Failure 400 {string} string "Missing/invalid verification parameters" @Failure 404 {string} string "Verification not found" @Failure 500 {string} string "Internal server error" @Router /v2/verify/complete [post]

func (*VerificationController) VerifyCompleteFrontend 

func (vc *VerificationController) VerifyCompleteFrontend(w http.ResponseWriter, r *http.Request)

@Summary Display default verification completion frontend @Description Returns the HTML page for completing email verification @Tags Development @Produce html @Success 200 {string} string "HTML content" @Router /v2/verify/complete_fe [get]

func (*VerificationController) VerifyInit 

func (vc *VerificationController) VerifyInit(w http.ResponseWriter, r *http.Request)

@Summary Initialize email verification @Description Starts email verification process by sending a verification email @Description One of the following intents must be provided with the request: @Description - `auth_token`: After verification, create an account if one does not exist, and generate an auth token. The token will be available via the "query result" endpoint. @Description - `verification`: After verification, do not create an account, but indicate that the email was verified in the "query result" response. Do not allow registration after verification. @Description - `reset_password`: After verification, indicate that the email was verified in the "query result" response. A password may be set for the existing account. @Description - `change_password`: After verification, indicate that the email was verified in the "query result" response. A password may be changed for the existing account. Requires a valid auth session. @Description @Description One of the following service names must be provided with the request: `email-aliases`, `accounts`, `premium`. @Tags Email verification @Accept json @Produce json @Param Authorization header string false "Bearer + auth token (required for change_password intent)" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param request body VerifyInitRequest true "Verification request params" @Success 200 {object} VerifyInitResponse @Failure 400 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/verify/init [post]

func (*VerificationController) VerifyQueryResult 

func (vc *VerificationController) VerifyQueryResult(w http.ResponseWriter, r *http.Request)

@Summary Query result of verification @Description Provides the status of a pending or successful verification. @Description If the wait option is set to true, the server will up to 20 seconds for verification. Feel free @Description to call this endpoint repeatedly to wait for verification. @Tags Email verification @Accept json @Produce json @Param Authorization header string true "Bearer + verification token" @Param Brave-Key header string false "Brave services key (if one is configured)" @Param request body VerifyResultRequest true "Auth token request params" @Success 200 {object} VerifyResultResponse @Failure 400 {object} util.ErrorResponse @Failure 401 {object} util.ErrorResponse @Failure 500 {object} util.ErrorResponse @Router /v2/verify/result [post]

func (*VerificationController) VerifyValidCheck 

func (vc *VerificationController) VerifyValidCheck(w http.ResponseWriter, r *http.Request)

@Summary Check verification code validity @Description Checks if email verification code is valid and still pending @Tags Email verification @Accept json @Produce json @Param id query string true "Verification ID" @Param code query string true "Verification code" @Success 204 "Verification is pending" @Failure 400 {string} string "Missing/invalid verification parameters" @Failure 404 {string} string "Verification not found or expired" @Failure 500 {string} string "Internal server error" @Router /v2/verify/complete [get]

type VerifyCompleteRequest 

type VerifyCompleteRequest struct {
	// Unique verification identifier
	ID uuid.UUID `json:"id" validate:"required"`
	// Verification code sent to user
	Code string `json:"code" validate:"required,ascii"`
}

@Description Request parameters for verification completion

type VerifyCompleteResponse 

type VerifyCompleteResponse struct {
	// JWT token for checking verification status
	VerificationToken *string `json:"verificationToken"`
	// Name of service requesting verification
	Service string `json:"service"`
}

@Description Response for verification completion

type VerifyInitRequest 

type VerifyInitRequest struct {
	// Email address to verify
	Email string `json:"email" validate:"required,email,ascii" example:"test@example.com"`
	// Purpose of verification (e.g., get auth token, simple verification)
	Intent string `json:"intent" validate:"required,oneof=auth_token verification reset_password change_password" example:"reset_password"`
	// Service requesting the verification
	Service string `json:"service" validate:"required,oneof=accounts premium email-aliases" example:"accounts"`
	// Locale for verification email
	Locale string `json:"locale" validate:"max=20" example:"en-US"`
}

@Description Request to initialize email verification

type VerifyInitResponse 

type VerifyInitResponse struct {
	// JWT token for checking verification status
	VerificationToken *string `json:"verificationToken"`
}

@Description Response containing verification check token

type VerifyResultRequest 

type VerifyResultRequest struct {
	// Whether to wait for verification to complete
	Wait bool `json:"wait"`
}

@Description Request for getting auth token after verification

type VerifyResultResponse 

type VerifyResultResponse struct {
	// JWT auth token, null if verification incomplete or if password setup is required
	AuthToken *string `json:"authToken"`
	// Email verification status
	Verified bool `json:"verified"`
	// Email associated wiith the verification
	Email *string `json:"email,omitempty"`
	// Name of service requesting verification
	Service string `json:"service"`
}

@Description Response containing auth token

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.