auth

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 22, 2026 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const PasswordPolicy = "at least 8 characters with letters and numbers"

PasswordPolicy describes password rules for UI copy.

Variables

View Source
var ErrTOTPRequired = errors.New("totp required")

Functions

func CheckPassword

func CheckPassword(hash, password string) bool

func HashPassword

func HashPassword(password string) (string, error)

func NewSessionToken

func NewSessionToken() (string, error)

func NewTOTPSecret

func NewTOTPSecret(email string) (secret string, otpauthURL string, err error)

NewTOTPSecret generates a base32 secret for the given account email.

func NormalizeTOTPCode

func NormalizeTOTPCode(code string) string

NormalizeTOTPCode strips spaces from user input.

func ProvisioningLabel

func ProvisioningLabel(email string) string

ProvisioningLabel formats the manual-entry label shown during setup.

func QRCodeDataURI

func QRCodeDataURI(otpauthURL string) (string, error)

QRCodeDataURI returns a PNG data URI for an otpauth URL.

func RequireAdmin

func RequireAdmin(next http.Handler) http.Handler

func RequireAuth

func RequireAuth(svc *Service) func(http.Handler) http.Handler

func TOTPURL

func TOTPURL(email, secret string) string

TOTPURL builds the otpauth provisioning URL for an existing secret.

func TrimPassword

func TrimPassword(pw string) string

TrimPassword treats whitespace-only passwords as empty.

func UserFromContext

func UserFromContext(ctx context.Context) (*store.User, bool)

func ValidEmail

func ValidEmail(email string) bool

ValidEmail checks local@domain.tld (domain must include a dot before the TLD).

func ValidPassword

func ValidPassword(pw string) bool

ValidPassword requires length, letter+digit mix, and rejects trivial repeats.

func ValidTOTPCode

func ValidTOTPCode(secret, code string) bool

ValidTOTPCode checks a 6-digit authenticator code against the stored secret.

func WithUser

func WithUser(ctx context.Context, u *store.User) context.Context

Types

type Service

type Service struct {
	// contains filtered or unexported fields
}

func NewService

func NewService(st *store.Store, cfg config.SessionCfg) *Service

func (*Service) Authenticate

func (s *Service) Authenticate(ctx context.Context, email, password string) (*store.User, bool, error)

Authenticate verifies email/password. The bool is true when 2FA is enabled.

func (*Service) ClearPendingCookie

func (s *Service) ClearPendingCookie(w http.ResponseWriter)

func (*Service) ClearSessionCookie

func (s *Service) ClearSessionCookie(w http.ResponseWriter)

func (*Service) CompletePendingLogin

func (s *Service) CompletePendingLogin(ctx context.Context, pendingID string) (string, *store.User, error)

func (*Service) CookieName

func (s *Service) CookieName() string

func (*Service) CreateSession

func (s *Service) CreateSession(ctx context.Context, userID int64, remember bool) (string, error)

func (*Service) Login

func (s *Service) Login(ctx context.Context, email, password string, remember bool) (string, *store.User, error)

func (*Service) Logout

func (s *Service) Logout(ctx context.Context, token string) error

func (*Service) PendingIDFromRequest

func (s *Service) PendingIDFromRequest(r *http.Request) (string, error)

func (*Service) SetPendingCookie

func (s *Service) SetPendingCookie(w http.ResponseWriter, pendingID string)

func (*Service) SetSessionCookie

func (s *Service) SetSessionCookie(w http.ResponseWriter, token string, remember bool)

func (*Service) StartPendingLogin

func (s *Service) StartPendingLogin(ctx context.Context, userID int64, remember bool) (string, error)

func (*Service) UserFromRequest

func (s *Service) UserFromRequest(ctx context.Context, r *http.Request) (*store.User, error)

func (*Service) VerifyUserTOTP

func (s *Service) VerifyUserTOTP(ctx context.Context, userID int64, code string) (bool, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL