jwt

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidToken is returned when token is invalid
	ErrInvalidToken = errors.New("invalid token")

	// ErrExpiredToken is returned when token is expired
	ErrExpiredToken = errors.New("token has expired")

	// ErrInvalidClaims is returned when claims are invalid
	ErrInvalidClaims = errors.New("invalid token claims")
)

Functions

This section is empty.

Types

type Claims 

type Claims struct {
	UserID            uuid.UUID `json:"userId"` // User's UUID (primary key)
	Username          string    `json:"username"`
	Email             string    `json:"email"`
	TenantID          string    `json:"tenantId,omitempty"`
	ActingTenantID    string    `json:"actingTenantId,omitempty"`
	Roles             []string  `json:"roles"` // User roles
	IsSuperAdmin      bool      `json:"isSuperAdmin,omitempty"`
	Type              string    `json:"type"` // "access" or "refresh"
	IsImpersonating   bool      `json:"isImpersonating,omitempty"`
	ImpersonateReason string    `json:"impersonateReason,omitempty"`
	ImpersonateExpiry int64     `json:"impersonateExpiry,omitempty"`
	jwt.RegisteredClaims
}

Claims represents JWT claims

type Config 

type Config struct {
	AccessSecret  string
	RefreshSecret string
	InviteSecret  string
	AccessExpiry  time.Duration // e.g., 15 * time.Minute
	RefreshExpiry time.Duration // e.g., 7 * 24 * time.Hour
	InviteExpiry  time.Duration // e.g., 7 * 24 * time.Hour
}

Config for JWT service

type InviteClaims 

type InviteClaims struct {
	Email      string   `json:"email"`
	DomainType string   `json:"domainType"`
	DomainKey  string   `json:"domainKey"`
	RoleIDs    []string `json:"roleIds"`
	Type       string   `json:"type"`
	jwt.RegisteredClaims
}

InviteClaims defines JWT claims for one-time invitation activation.

type InviteClaimsInput 

type InviteClaimsInput struct {
	JTI        string
	Email      string
	DomainType string
	DomainKey  string
	RoleIDs    []string
}

InviteClaimsInput defines payload fields for creating an invite token.

type JWTService 

type JWTService struct {
	// contains filtered or unexported fields
}

JWTService handles JWT token operations

func NewJWTService 

func NewJWTService(cfg Config) *JWTService

NewJWTService creates a new JWT service

func (*JWTService) GenerateAccessToken 

func (s *JWTService) GenerateAccessToken(
	userID uuid.UUID,
	username, email, tenantID string,
	roles []string,
	isSuperAdmin bool,
) (string, error)

GenerateAccessToken generates an access token

func (*JWTService) GenerateImpersonationAccessToken 

func (s *JWTService) GenerateImpersonationAccessToken(
	userID uuid.UUID,
	username, email string,
	roles []string,
	isSuperAdmin bool,
	actingTenantID, reason string,
	expiresAt time.Time,
) (string, error)

GenerateImpersonationAccessToken 生成带代管上下文的访问令牌。

func (*JWTService) GenerateInviteToken 

func (s *JWTService) GenerateInviteToken(in InviteClaimsInput) (string, error)

GenerateInviteToken creates an invitation token.

func (*JWTService) GeneratePasswordResetToken 

func (s *JWTService) GeneratePasswordResetToken(in PasswordResetClaimsInput) (string, error)

GeneratePasswordResetToken creates a password-reset JWT.

func (*JWTService) GenerateRefreshToken 

func (s *JWTService) GenerateRefreshToken(
	userID uuid.UUID,
	username, email, tenantID string,
	roles []string,
	isSuperAdmin bool,
) (string, error)

GenerateRefreshToken generates a refresh token

func (*JWTService) InvalidateToken 

func (s *JWTService) InvalidateToken(tokenString string) error

InvalidateToken adds a token to the blacklist

func (*JWTService) IsTokenBlacklisted 

func (s *JWTService) IsTokenBlacklisted(tokenString string) bool

IsTokenBlacklisted checks if a token is blacklisted

func (*JWTService) RefreshAccessToken 

func (s *JWTService) RefreshAccessToken(refreshTokenString string) (string, error)

RefreshAccessToken generates a new access token from a refresh token

func (*JWTService) ValidateAccessToken 

func (s *JWTService) ValidateAccessToken(tokenString string) (*Claims, error)

ValidateAccessToken validates an access token

func (*JWTService) ValidateInviteToken 

func (s *JWTService) ValidateInviteToken(tokenString string) (*InviteClaims, error)

ValidateInviteToken validates an invitation token.

func (*JWTService) ValidatePasswordResetToken 

func (s *JWTService) ValidatePasswordResetToken(tokenString string) (*PasswordResetClaims, error)

ValidatePasswordResetToken validates a password-reset JWT.

func (*JWTService) ValidateRefreshToken 

func (s *JWTService) ValidateRefreshToken(tokenString string) (*Claims, error)

ValidateRefreshToken validates a refresh token

type PasswordResetClaims 

type PasswordResetClaims struct {
	UserID uuid.UUID `json:"userId"`
	Email  string    `json:"email"`
	Type   string    `json:"type"`
	jwt.RegisteredClaims
}

PasswordResetClaims defines JWT claims for password-reset flow.

type PasswordResetClaimsInput 

type PasswordResetClaimsInput struct {
	JTI    string
	UserID uuid.UUID
	Email  string
}

PasswordResetClaimsInput defines payload fields for creating password-reset JWT.

type TokenBlacklist 

type TokenBlacklist struct {
	// contains filtered or unexported fields
}

TokenBlacklist manages invalidated tokens

func NewTokenBlacklist 

func NewTokenBlacklist() *TokenBlacklist

NewTokenBlacklist creates a new token blacklist

func (*TokenBlacklist) Add 

func (bl *TokenBlacklist) Add(token string, expiresAt time.Time)

Add adds a token to the blacklist

func (*TokenBlacklist) IsBlacklisted 

func (bl *TokenBlacklist) IsBlacklisted(token string) bool

IsBlacklisted checks if a token is blacklisted

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.