Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

admin

package

Go to main page

Versions in this module

v0

v0.1.1

Feb 12, 2026

v0.1.0

Feb 12, 2026

Changes in this version

+ const APIKeyLength

+ const APIKeyPrefix

+ const AuditActionAdminActivate

+ const AuditActionAdminCreate

+ const AuditActionAdminDeactivate

+ const AuditActionAdminDelete

+ const AuditActionAdminRotateKey

+ const AuditActionAdminUpdate

+ const AuditActionAgentCreate

+ const AuditActionAgentDelete

+ const AuditActionAgentDisable

+ const AuditActionAgentEnable

+ const AuditActionAgentUpdate

+ const AuditActionAuthFailure

+ const AuditActionAuthSuccess

+ const AuditActionJobCancel

+ const AuditActionTargetMappingCreate

+ const AuditActionTargetMappingDelete

+ const AuditActionTargetMappingUpdate

+ const AuditActionTokenCreate

+ const AuditActionTokenDelete

+ const AuditActionTokenRevoke

+ const BcryptCost

+ const LockoutDuration

+ const MaxFailedLoginAttempts

+ const ResourceTypeAdmin

+ const ResourceTypeAgent

+ const ResourceTypeJob

+ const ResourceTypeTargetMapping

+ const ResourceTypeToken

+ var ErrAdminAlreadyExists = fmt.Errorf("%w: admin user with this email already exists", shared.ErrAlreadyExists)

+ var ErrAdminInactive = fmt.Errorf("%w: admin user is inactive", shared.ErrForbidden)

+ var ErrAdminNotFound = fmt.Errorf("%w: admin user not found", shared.ErrNotFound)

+ var ErrAuditLogNotFound = fmt.Errorf("%w: audit log not found", shared.ErrNotFound)

+ var ErrCannotDeactivateSelf = fmt.Errorf("%w: cannot deactivate your own admin account", shared.ErrForbidden)

+ var ErrCannotDeleteSelf = fmt.Errorf("%w: cannot delete your own admin account", shared.ErrForbidden)

+ var ErrCannotDemoteSelf = fmt.Errorf("%w: cannot demote your own admin account", shared.ErrForbidden)

+ var ErrInsufficientRole = fmt.Errorf("%w: insufficient role permissions", shared.ErrForbidden)

+ var ErrInvalidAPIKey = fmt.Errorf("%w: invalid admin API key", shared.ErrUnauthorized)

+ var ErrLastSuperAdmin = fmt.Errorf("%w: cannot remove the last super admin", shared.ErrForbidden)

+ func DeriveNameFromEmail(email string) string

+ func ExtractAPIKeyPrefix(rawKey string) string

+ func GenerateAPIKey() (string, error)

+ func HashAPIKeyBcrypt(rawKey string) (string, error)

+ func IsAdminAlreadyExists(err error) bool

+ func IsAdminInactive(err error) bool

+ func IsAdminNotFound(err error) bool

+ func IsAuditLogNotFound(err error) bool

+ func IsAuthError(err error) bool

+ func IsAuthorizationError(err error) bool

+ func IsInvalidAPIKey(err error) bool

+ func IsSelfModificationError(err error) bool

+ type AdminRole string

+ const AdminRoleOpsAdmin

+ const AdminRoleReadonly

+ const AdminRoleSuperAdmin

+ const RoleViewer

+ func (r AdminRole) CanCancelJobs() bool

+ func (r AdminRole) CanManageAdmins() bool

+ func (r AdminRole) CanManageAgents() bool

+ func (r AdminRole) CanManageTokens() bool

+ func (r AdminRole) CanViewAuditLogs() bool

+ func (r AdminRole) DisplayName() string

+ func (r AdminRole) IsValid() bool

+ func (r AdminRole) String() string

+ type AdminUser struct

+ func NewAdminUser(email, name string, role AdminRole, createdBy *shared.ID) (*AdminUser, string, error)

+ func Reconstitute(id shared.ID, email, name string, apiKeyHash, apiKeyPrefix string, ...) *AdminUser

+ func (a *AdminUser) APIKeyHash() string

+ func (a *AdminUser) APIKeyPrefix() string

+ func (a *AdminUser) Activate()

+ func (a *AdminUser) CanAuthenticate() bool

+ func (a *AdminUser) CreatedAt() time.Time

+ func (a *AdminUser) CreatedBy() *shared.ID

+ func (a *AdminUser) Deactivate()

+ func (a *AdminUser) Email() string

+ func (a *AdminUser) FailedLoginCount() int

+ func (a *AdminUser) HasPermission(action string) bool

+ func (a *AdminUser) ID() shared.ID

+ func (a *AdminUser) IsActive() bool

+ func (a *AdminUser) IsLocked() bool

+ func (a *AdminUser) LastFailedLoginAt() *time.Time

+ func (a *AdminUser) LastFailedLoginIP() string

+ func (a *AdminUser) LastUsedAt() *time.Time

+ func (a *AdminUser) LastUsedIP() string

+ func (a *AdminUser) LockedUntil() *time.Time

+ func (a *AdminUser) LockoutRemainingTime() time.Duration

+ func (a *AdminUser) Name() string

+ func (a *AdminUser) RecordFailedLogin(ip string)

+ func (a *AdminUser) RecordUsage(ip string)

+ func (a *AdminUser) ResetFailedLogins()

+ func (a *AdminUser) Role() AdminRole

+ func (a *AdminUser) RotateAPIKey() (string, error)

+ func (a *AdminUser) UpdateEmail(email string) error

+ func (a *AdminUser) UpdateName(name string) error

+ func (a *AdminUser) UpdateRole(role AdminRole) error

+ func (a *AdminUser) UpdatedAt() time.Time

+ func (a *AdminUser) VerifyAPIKey(rawKey string) bool

+ type AuditLog struct

+ Action string

+ AdminEmail string

+ AdminID *shared.ID

+ CreatedAt time.Time

+ ErrorMessage string

+ ID shared.ID

+ IPAddress string

+ RequestBody map[string]interface{}

+ RequestMethod string

+ RequestPath string

+ ResourceID *shared.ID

+ ResourceName string

+ ResourceType string

+ ResponseStatus int

+ Success bool

+ UserAgent string

+ func NewAuditLog(admin *AdminUser, action string, resourceType string, resourceID *shared.ID, ...) *AuditLog

+ func (a *AuditLog) SetContext(ip, userAgent string)

+ func (a *AuditLog) SetError(message string)

+ func (a *AuditLog) SetRequest(method, path string, body map[string]interface{})

+ func (a *AuditLog) SetResponse(status int)

+ type AuditLogBuilder struct

+ func NewAuditLogBuilder(admin *AdminUser, action string) *AuditLogBuilder

+ func (b *AuditLogBuilder) Build() *AuditLog

+ func (b *AuditLogBuilder) Context(ip, userAgent string) *AuditLogBuilder

+ func (b *AuditLogBuilder) Error(message string) *AuditLogBuilder

+ func (b *AuditLogBuilder) Request(method, path string, body map[string]interface{}) *AuditLogBuilder

+ func (b *AuditLogBuilder) Resource(resourceType string, resourceID *shared.ID, resourceName string) *AuditLogBuilder

+ func (b *AuditLogBuilder) Response(status int) *AuditLogBuilder

+ type AuditLogFilter struct

+ Action string

+ AdminEmail string

+ AdminID *shared.ID

+ EndTime *time.Time

+ ResourceID *shared.ID

+ ResourceType string

+ Search string

+ StartTime *time.Time

+ Success *bool

+ type AuditLogRepository interface

+ Count func(ctx context.Context, filter AuditLogFilter) (int64, error)

+ CountOlderThan func(ctx context.Context, olderThan time.Time) (int64, error)

+ Create func(ctx context.Context, log *AuditLog) error

+ DeleteOlderThan func(ctx context.Context, olderThan time.Time) (int64, error)

+ GetByID func(ctx context.Context, id shared.ID) (*AuditLog, error)

+ GetFailedActions func(ctx context.Context, since time.Duration, limit int) ([]*AuditLog, error)

+ GetRecentActions func(ctx context.Context, limit int) ([]*AuditLog, error)

+ List func(ctx context.Context, filter AuditLogFilter, page pagination.Pagination) (pagination.Result[*AuditLog], error)

+ ListByAdmin func(ctx context.Context, adminID shared.ID, page pagination.Pagination) (pagination.Result[*AuditLog], error)

+ ListByResource func(ctx context.Context, resourceType string, resourceID shared.ID, ...) (pagination.Result[*AuditLog], error)

+ type Filter struct

+ Email string

+ IsActive *bool

+ Role *AdminRole

+ Search string

+ type Repository interface

+ AuthenticateByAPIKey func(ctx context.Context, rawKey string) (*AdminUser, error)

+ Count func(ctx context.Context, filter Filter) (int, error)

+ CountByRole func(ctx context.Context, role AdminRole) (int, error)

+ Create func(ctx context.Context, admin *AdminUser) error

+ Delete func(ctx context.Context, id shared.ID) error

+ GetByAPIKeyPrefix func(ctx context.Context, prefix string) (*AdminUser, error)

+ GetByEmail func(ctx context.Context, email string) (*AdminUser, error)

+ GetByID func(ctx context.Context, id shared.ID) (*AdminUser, error)

+ List func(ctx context.Context, filter Filter, page pagination.Pagination) (pagination.Result[*AdminUser], error)

+ RecordUsage func(ctx context.Context, id shared.ID, ip string) error

+ Update func(ctx context.Context, admin *AdminUser) error