auth

package
v0.0.0-...-4efd307 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2025 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AccessTokenLifeTime     = 1 * time.Hour
	RefreshTokenLifeTime    = 1 * 365 * 24 * time.Hour // 1 year for db and cookie, so db is cleaned up if unused
	RefreshTokenBytes       = 32
	AccessTokenHeaderName   = "Authorization"
	AccessTokenBearerPrefix = "Bearer "
)

Variables

View Source 
var (
	ErrExpiredToken         = jwt.ErrTokenExpired
	ErrRefreshTokenNotFound = errors.New("refresh token not found")
	ErrRefreshTokenExpired  = errors.New("refresh token expired")
	ErrRefreshTokenRevoked  = errors.New("refresh token revoked")
	ErrInvalidSigningMethod = errors.New("invalid signing method")
	ErrInvalidTokenClaims   = errors.New("invalid token claims")
	ErrParseToken           = errors.New("could not parse token")
)
View Source 
var RoleRank = roleRank{
	// contains filtered or unexported fields
}

Functions

func IsAuthorized 

func IsAuthorized(u *generated.User, role user.Role) bool

Types

type AppClaims 

type AppClaims struct {
	Email    string `json:"email"`
	Username string `json:"username"`
	jwt.RegisteredClaims
}

type Authentication 

type Authentication struct {
	// contains filtered or unexported fields
}

func NewAuthentication 

func NewAuthentication(entc *generated.Client) *Authentication

NewAuthentication returns a new authentication service.

func (*Authentication) CleanupExpiredAndRevokedTokens 

func (a *Authentication) CleanupExpiredAndRevokedTokens(ctx context.Context, userIDs ...uuid.UUID)

CleanupExpiredAndRevokedTokens removes old tokens to prevent database bloat

func (*Authentication) CreateAPIKeyForUser 

func (a *Authentication) CreateAPIKeyForUser(ctx context.Context, user *generated.User, expiresOn time.Time) (*generated.ApiKey, error)

CreateAPIKeyForUser creates a new API key for a user.

func (*Authentication) CreateAccessTokenForUser 

func (a *Authentication) CreateAccessTokenForUser(ctx context.Context, user *generated.User) (string, error)

CreateAccessTokenForUser creates just the JWT access token.

func (*Authentication) GetOrRegisterUserFromUserInfo 

func (a *Authentication) GetOrRegisterUserFromUserInfo(c *gin.Context, userinfo *oidc.UserInfo) (*generated.User, error)

GetOrRegisterUserFromUserInfo returns a user from user info.

func (*Authentication) GetUserFromAPIKey 

func (a *Authentication) GetUserFromAPIKey(ctx context.Context, key string) (*generated.User, error)

GetUserFromAPIKey returns a user from an api key.

func (*Authentication) GetUserFromAccessToken 

func (a *Authentication) GetUserFromAccessToken(ctx context.Context, token string) (*generated.User, error)

GetUserFromAccessToken returns a user from a token.

func (*Authentication) IssueNewTokenPair 

func (a *Authentication) IssueNewTokenPair(ctx context.Context, client *generated.Client, user *generated.User, ipAddress, userAgent string, createdAt *time.Time) (*TokenPair, error)

IssueNewTokenPair creates a new token pair.

func (*Authentication) ParseToken 

func (a *Authentication) ParseToken(ctx context.Context, token string) (*AppClaims, error)

ParseToken parses and validates the JWT access token.

func (*Authentication) ValidateAndRotateRefreshToken 

func (a *Authentication) ValidateAndRotateRefreshToken(ctx context.Context, oldRefreshTokenString string) (*generated.User, *TokenPair, error)

ValidateAndRotateRefreshToken validates an old refresh token, revokes it, issues a new pair, and returns the associated user and the new token pair.

type TokenPair 

type TokenPair struct {
	AccessToken  string
	RefreshToken string
}

TokenPair holds both access and refresh tokens

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.