Documentation
¶
Index ¶
- func ChangePassword(resetPassword dto.ResetPassword) error
- func ExtractToken(c *core.Ctx) string
- func ForgotPassword(forgotPassword dto.ForgotPassword) error
- func GenerateTokens(id string, credentials []string) (*auth.Token, error)
- func IsBlockedToken(jwtToken string) (bool, error)
- func IsValidRefreshToken(refreshToken string) bool
- func RefreshToken(jwtToken, refreshToken string) (*auth.Token, error)
- func SignIn(signIn dto.SignIn) (*auth.Token, error)
- func SignOut(jwtToken string) error
- func SignUp(signUp dto.SignUp) (*models.User, error)
- type TokenMetadata
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ChangePassword ¶
func ChangePassword(resetPassword dto.ResetPassword) error
ChangePassword processes a password reset request and updates the user's password.
This function handles the password reset flow by: 1. Verifying the reset token and retrieving associated user 2. Clearing the reset token 3. Updating the password with a new hashed value 4. Sending email notification about password change
Parameters:
- resetPassword: dto.ResetPassword struct containing the new password and reset token
Returns:
- error: nil if successful, otherwise:
- "invalid input data" if token is invalid/expired
- "service error" if database update or email notification fails
Example usage:
err := ChangePassword(dto.ResetPassword{
Password: "newpass123",
Token: "abc123token",
})
func ForgotPassword ¶
func ForgotPassword(forgotPassword dto.ForgotPassword) error
ForgotPassword processes a forgot password request by generating a reset token and sending a password reset email.
This function handles the forgot password flow by: 1. Looking up the user by their email address 2. Generating a secure reset token using SHA256 hash of email + timestamp 3. Saving the reset token to the user's record 4. Sending a password reset email with instructions
Parameters:
- forgotPassword: dto.ForgotPassword struct containing the user's email address
Returns:
- error: nil if successful, otherwise:
- "invalid input data" if user email is not found
- "service error" if database update or email notification fails
Example usage:
err := ForgotPassword(dto.ForgotPassword{
Username: "user@example.com"
})
func GenerateTokens ¶
GenerateTokens func for generate a new Access & Refresh tokens.
func IsBlockedToken ¶
IsBlockedToken checks if a JWT token has been blacklisted/blocked
Parameters:
- jwtToken: The JWT token string to check
Returns:
- bool: true if token is blocked, false otherwise
- error: Error if any issues occurred during check
Flow: 1. Checks if blacklist checking is enabled in config 2. If disabled, returns false immediately 3. Constructs Redis key by combining blacklist prefix with JWT token 4. Queries Redis to check if token exists in blacklist 5. Returns true if token value matches blocked status
func IsValidRefreshToken ¶
IsValidRefreshToken func for parse second argument from refresh token. A refresh token is valid is not expired.
func RefreshToken ¶
RefreshToken creates new tokens by validating the existing access and refresh tokens.
Parameters:
- jwtToken: The current access token to be refreshed
- refreshToken: The current refresh token to validate against stored token
Returns:
- *auth.Token: New token pair containing fresh access and refresh tokens
- error: Error if token validation fails or token generation encounters issues
Flow: 1. Extracts user ID and metadata from the access token 2. Validates the provided refresh token matches the one stored in Redis for the user 3. Generates new access and refresh token pair 4. Updates the new refresh token in Redis with TTL 5. Blacklists the old access token
Errors:
- Returns error if access token metadata extraction fails
- Returns error if refresh token validation against Redis fails
- Returns error if refresh tokens don't match
- Returns error if generating new tokens fails
- Returns error if storing new refresh token in Redis fails
func SignIn ¶
SignIn authenticates a user and generates access/refresh token pair
Parameters:
- signIn: *dto.SignIn - Contains validated login credentials:
- Username: Email address used for login
- Password: Plain text password to validate
Returns:
- *auth.Token: Token pair containing access and refresh tokens if successful
- error: Error if authentication fails:
- Invalid email/password
- User account not active
- Token generation failed
- Redis caching failed
Flow: 1. Looks up user by email address 2. Validates provided password against stored hash 3. Verifies user account is active 4. Generates new access/refresh token pair 5. Caches refresh token in Redis with TTL
Example:
credentials := &dto.SignIn{
Username: "user@example.com",
Password: "secret123"
}
tokens, err := SignIn(credentials)
func SignOut ¶
SignOut handles user logout by invalidating both refresh and access tokens
Parameters:
- jwtToken: The current access token to be invalidated
Returns:
- error: Error if token invalidation fails
Flow: 1. Extracts user ID and metadata from the access token 2. Uses the user ID to find and delete the refresh token from Redis 3. Adds the access token to the blacklist to invalidate it
Note that this implements a "logout everywhere" approach by: - Deleting the refresh token to prevent getting new access tokens - Blacklisting the current access token to immediately invalidate it
Errors:
- Returns error if access token metadata extraction fails
- Returns error if refresh token deletion from Redis fails
- Continues execution if blacklisting access token fails (best effort)
func SignUp ¶
SignUp creates a new user account with the provided signup details.
Parameters:
- signUp: *dto.SignUp - Contains validated user registration data including:
- Email: User's email address (will be converted to lowercase)
- Password: Plain text password that will be hashed
- Fullname: User's full name
- Phone: User's phone number
- Avatar: Optional profile image URL
- Status: Optional account status
Returns:
- *models.User: Newly created user record if successful
- error: Error if user creation fails:
- Email already exists
- Database errors during user creation
Flow: 1. Converts email to lowercase 2. Checks if email is already registered 3. Creates new user with provided details:
- Hashes the password
- Sets default status to active
- Sets creation/update timestamps
4. Saves user to database
Example:
signup := &dto.SignUp{
Email: "user@example.com",
Password: "secret123",
Fullname: "John Doe",
Phone: "1234567890"
}
user, err := SignUp(signup)
Types ¶
type TokenMetadata ¶
TokenMetadata struct to describe metadata in JWT.
func ExtractTokenMetadata ¶
func ExtractTokenMetadata(tokenString string) (*TokenMetadata, error)
ExtractTokenMetadata func to extract metadata from JWT.
Source Files