Versions in this module Expand all Collapse all v0 v0.1.0 Jun 25, 2026 Changes in this version + type Config struct + ChallengeSecret []byte + ChallengeTTL time.Duration + LockoutMinutes int + LockoutThreshold int + OTPRatePer10Min int + OTPTTL time.Duration + PwMinLen int + type Lockout struct + Failures int + LastFailure time.Time + LockedUntil time.Time + type OTPCode struct + Code string + Expires time.Time + UserID string + type RecoveryCode struct + Hash string + Used bool + UserID string + type Service struct + func FromKernel(k *togo.Kernel) (*Service, bool) + func (s *Service) Cfg() Config + func (s *Service) DisableTOTP(userID string) + func (s *Service) EnrollTOTP(userID, issuer string) (secret, uri string, err error) + func (s *Service) GenerateRecoveryCodes(userID string, n int) []string + func (s *Service) IsLocked(userID string) (bool, time.Time) + func (s *Service) IssueChallenge(userID string) (string, error) + func (s *Service) MagicLinkToken(userID string) string + func (s *Service) RecordFailure(userID string) + func (s *Service) Required(userID string) bool + func (s *Service) Reset(userID string) + func (s *Service) SendOTP(userID string) (string, error) + func (s *Service) ValidatePassword(pw string) error + func (s *Service) ValidateTOTPAt(secret, code string, at time.Time) (bool, error) + func (s *Service) VerifyChallenge(token string) (string, error) + func (s *Service) VerifyMagicLink(token string) (string, error) + func (s *Service) VerifyOTP(userID, code string) bool + func (s *Service) VerifyRecoveryCode(userID, code string) bool + func (s *Service) VerifyTOTP(userID, code string) bool + func (s *Service) WithStore(store Store) *Service + type Store interface + AddRecoveryCodes func(userID string, hashes []string) + ConsumeRecovery func(userID, hash string) bool + DeleteOTP func(userID string) + DeleteTOTP func(userID string) + GetLockout func(userID string) Lockout + GetOTP func(userID string) (OTPCode, bool) + GetTOTP func(userID string) (TOTPSecret, bool) + OTPSendsSince func(userID string, since time.Time) int + RecordOTPSend func(userID string, at time.Time) + SetLockout func(userID string, l Lockout) + SetOTP func(OTPCode) + SetTOTP func(TOTPSecret) + type TOTPSecret struct + Activated bool + CreatedAt time.Time + Secret string + UserID string