services

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2026 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package services contains all business logic for chiauth.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthService 

type AuthService struct {
	// contains filtered or unexported fields
}

AuthService handles all auth business logic.

func NewAuthService 

func NewAuthService(cfg AuthServiceConfig) *AuthService

NewAuthService constructs an AuthService.

func (*AuthService) ActivateAccount 

func (s *AuthService) ActivateAccount(ctx context.Context, rawToken string) (*models.User, error)

ActivateAccount verifies a user's email using a token sent to their inbox.

func (*AuthService) ChangePassword 

func (s *AuthService) ChangePassword(ctx context.Context, userID uuid.UUID, req models.ChangePasswordRequest, r *http.Request) error

ChangePassword validates the current password and sets a new one.

func (*AuthService) DeleteAccount 

func (s *AuthService) DeleteAccount(ctx context.Context, userID uuid.UUID, hardDelete bool, r *http.Request) error

DeleteAccount soft-deletes the authenticated user's account.

func (*AuthService) ForgotPassword 

func (s *AuthService) ForgotPassword(ctx context.Context, emailAddr string, r *http.Request) error

ForgotPassword generates a password reset token and sends it by email. Always returns nil to prevent email enumeration attacks.

func (*AuthService) Login 

func (s *AuthService) Login(ctx context.Context, req models.LoginRequest, r *http.Request) (*models.TokenResponse, error)

Login authenticates a user and returns access + refresh tokens.

func (*AuthService) Logout 

func (s *AuthService) Logout(ctx context.Context, rawRefreshToken string, userID uuid.UUID, r *http.Request) error

Logout revokes the presented refresh token.

func (*AuthService) LogoutAll 

func (s *AuthService) LogoutAll(ctx context.Context, userID uuid.UUID, r *http.Request) error

LogoutAll revokes every session for the user.

func (*AuthService) RefreshTokens 

func (s *AuthService) RefreshTokens(ctx context.Context, rawRefreshToken string, r *http.Request) (*models.TokenResponse, error)

RefreshTokens validates a refresh token and issues a new access token.

func (*AuthService) Register 

func (s *AuthService) Register(ctx context.Context, req models.RegisterRequest) (*models.User, error)

Register creates a new user account. If RequireVerify is true, the account starts inactive and a verification email is sent. If RequireVerify is false, the account is immediately active.

func (*AuthService) ResendVerification 

func (s *AuthService) ResendVerification(ctx context.Context, email string) error

ResendVerification sends a new verification email.

func (*AuthService) ResetPassword 

func (s *AuthService) ResetPassword(ctx context.Context, req models.ResetPasswordRequest, r *http.Request) error

ResetPassword applies a new password using a valid reset token.

func (*AuthService) UpdateProfile 

func (s *AuthService) UpdateProfile(ctx context.Context, userID uuid.UUID, req models.UpdateProfileRequest, r *http.Request) (*models.User, error)

UpdateProfile applies profile field changes for the authenticated user.

type AuthServiceConfig 

type AuthServiceConfig struct {
	UserStore     store.UserStore
	RoleStore     store.RoleStore
	OTPStore      store.OTPStore
	AuditStore    store.AuditStore
	TokenService  *TokenService
	EmailSender   email.Sender
	MaxAttempts   int
	MinPwdLength  int
	RequireVerify bool
	BaseURL       string
	AppName       string
	SupportEmail  string

	OnUserCreated    func(*models.User)
	OnUserActivated  func(*models.User)
	OnLogin          func(*models.User, string)
	OnPasswordReset  func(*models.User)
	OnAccountLocked  func(*models.User)
	OnAccountDeleted func(*models.User)
}

AuthServiceConfig holds dependencies for AuthService.

type JWTClaims 

type JWTClaims struct {
	UserID      uuid.UUID `json:"user_id"`
	Email       string    `json:"email"`
	IsStaff     bool      `json:"is_staff"`
	IsSuperuser bool      `json:"is_superuser"`
	Roles       []string  `json:"roles"` // role slugs only — keep payload small
	jwt.RegisteredClaims
}

JWTClaims holds the payload of a chiauth access token.

type RoleService 

type RoleService struct {
	// contains filtered or unexported fields
}

RoleService handles role and permission management.

func NewRoleService 

func NewRoleService(roleStore store.RoleStore, userStore store.UserStore, auditStore store.AuditStore) *RoleService

NewRoleService constructs a RoleService.

func (*RoleService) AssignRoleToUser 

func (s *RoleService) AssignRoleToUser(ctx context.Context, userID uuid.UUID, roleSlug string, actorID uuid.UUID) error

AssignRoleToUser assigns a role to a user by role slug.

func (*RoleService) CreateRole 

func (s *RoleService) CreateRole(ctx context.Context, req models.CreateRoleRequest) (*models.Role, error)

CreateRole creates a new role and optionally assigns permissions by codename.

func (*RoleService) DeleteRole 

func (s *RoleService) DeleteRole(ctx context.Context, id uuid.UUID) error

DeleteRole deletes a role. Fails if the role is a system role.

func (*RoleService) GetRole 

func (s *RoleService) GetRole(ctx context.Context, id uuid.UUID) (*models.Role, error)

GetRole returns a single role by ID.

func (*RoleService) GrantPermissionToUser 

func (s *RoleService) GrantPermissionToUser(ctx context.Context, userID uuid.UUID, codename string, actorID uuid.UUID) error

GrantPermissionToUser grants a direct permission to a user.

func (*RoleService) ListPermissions 

func (s *RoleService) ListPermissions(ctx context.Context) ([]models.Permission, error)

ListPermissions returns all seeded permissions.

func (*RoleService) ListRoles 

func (s *RoleService) ListRoles(ctx context.Context) ([]models.Role, error)

ListRoles returns all roles with their permissions.

func (*RoleService) RemoveRoleFromUser 

func (s *RoleService) RemoveRoleFromUser(ctx context.Context, userID, roleID uuid.UUID, actorID uuid.UUID) error

RemoveRoleFromUser removes a role from a user.

func (*RoleService) RevokePermissionFromUser 

func (s *RoleService) RevokePermissionFromUser(ctx context.Context, userID, permissionID uuid.UUID, actorID uuid.UUID) error

RevokePermissionFromUser removes a direct permission from a user.

func (*RoleService) SeedPermissions 

func (s *RoleService) SeedPermissions(ctx context.Context, permissions []models.Permission) error

SeedPermissions upserts a list of permissions. Idempotent — safe to call on every boot.

func (*RoleService) SeedRoles 

func (s *RoleService) SeedRoles(ctx context.Context, inputs []models.SeedRoleInput) error

SeedRoles creates roles and assigns their permissions. Idempotent.

type TokenService 

type TokenService struct {
	// contains filtered or unexported fields
}

TokenService handles JWT and refresh token lifecycle.

func NewTokenService 

func NewTokenService(
	secret string,
	accessTTL, refreshTTL time.Duration,
	rotateTokens bool,
	tokenStore store.TokenStore,
) *TokenService

NewTokenService creates a TokenService.

func (*TokenService) GenerateAccessToken 

func (s *TokenService) GenerateAccessToken(user *models.User) (string, time.Time, error)

GenerateAccessToken signs a short-lived JWT for the given user.

func (*TokenService) GetRefreshToken 

func (s *TokenService) GetRefreshToken(ctx context.Context, rawToken string) (*models.RefreshToken, error)

GetRefreshToken retrieves and validates a stored refresh token by raw value.

func (*TokenService) IssueRefreshToken 

func (s *TokenService) IssueRefreshToken(ctx context.Context, user *models.User, r *http.Request) (string, error)

IssueRefreshToken generates a cryptographically random refresh token, stores its hash in the database, and returns the raw token to the caller.

func (*TokenService) RevokeAllUserTokens 

func (s *TokenService) RevokeAllUserTokens(ctx context.Context, userID uuid.UUID) error

RevokeAllUserTokens invalidates every session for a user.

func (*TokenService) RevokeRefreshToken 

func (s *TokenService) RevokeRefreshToken(ctx context.Context, rawToken string) error

RevokeRefreshToken invalidates a single refresh token.

func (*TokenService) RotateRefreshToken 

func (s *TokenService) RotateRefreshToken(ctx context.Context, rawToken string, user *models.User, r *http.Request) (string, error)

RotateRefreshToken revokes the presented token and issues a new one. If the presented token was already revoked, it revokes ALL tokens for the user — this indicates possible token theft.

func (*TokenService) ValidateAccessToken 

func (s *TokenService) ValidateAccessToken(tokenStr string) (*JWTClaims, error)

ValidateAccessToken parses and validates a JWT string.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.