Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
Functions ¶
Types ¶
type BlacklistedTokenManager ¶
type BlacklistedTokenManager struct {
// contains filtered or unexported fields
}
BlacklistedTokenManager is a decorator around TokenManager that checks token revocation status on every VerifyToken call via a TokenBlacklist.
func NewBlacklistedTokenManager ¶
func NewBlacklistedTokenManager(inner TokenManager, blacklist TokenBlacklist) *BlacklistedTokenManager
NewBlacklistedTokenManager wraps an existing TokenManager with blacklist verification.
func (*BlacklistedTokenManager) CreateRefreshToken ¶
func (m *BlacklistedTokenManager) CreateRefreshToken(username, uid, role string) (string, *Payload, error)
func (*BlacklistedTokenManager) CreateToken ¶
func (m *BlacklistedTokenManager) CreateToken(username, uid, role string) (string, error)
func (*BlacklistedTokenManager) VerifyToken ¶
func (m *BlacklistedTokenManager) VerifyToken(token string) (*Payload, error)
VerifyToken delegates to the inner TokenManager and then checks the blacklist. Requires context — uses context.Background() as fallback since the interface is context-free.
type JWTMaker ¶
type JWTMaker struct {
// contains filtered or unexported fields
}
JWTMaker implements TokenManager using HMAC-SHA256 JWT tokens.
func NewJWTMaker ¶
NewJWTMaker creates a new JWTMaker.
func (*JWTMaker) CreateRefreshToken ¶
func (*JWTMaker) CreateToken ¶
type PasetoMaker ¶
type PasetoMaker struct {
// contains filtered or unexported fields
}
PasetoMaker implements TokenManager using PASETO v4 local tokens.
func NewPasetoMaker ¶
func NewPasetoMaker(keyHex string, ttl time.Duration) (*PasetoMaker, error)
NewPasetoMaker creates a new PasetoMaker. keyHex must be a 32-byte hex-encoded string.
func (*PasetoMaker) CreateRefreshToken ¶
func (m *PasetoMaker) CreateRefreshToken(username, uid, role string) (string, *Payload, error)
func (*PasetoMaker) CreateToken ¶
func (m *PasetoMaker) CreateToken(username, uid, role string) (string, error)
func (*PasetoMaker) VerifyToken ¶
func (m *PasetoMaker) VerifyToken(tokenStr string) (*Payload, error)
type Payload ¶
type Payload struct {
JTI string `json:"jti"`
Username string `json:"username"`
UID string `json:"uid"`
Role string `json:"role"`
IssuedAt time.Time `json:"issued_at"`
ExpiredAt time.Time `json:"expired_at"`
}
Payload holds the claims embedded in a token.
type TokenBlacklist ¶
type TokenBlacklist interface {
// Blacklist adds a token's JTI to the blacklist until expiresAt.
Blacklist(ctx context.Context, jti string, expiresAt time.Time) error
// IsBlacklisted checks whether a token's JTI has been revoked.
IsBlacklisted(ctx context.Context, jti string) (bool, error)
}
TokenBlacklist defines the interface for token revocation storage. Implementations store JTI (JWT ID) with TTL matching the token's expiration.
Source Files