Documentation
¶
Index ¶
- Variables
- func IsSafeForPublicKey(scope string) bool
- type APIKey
- func (a *APIKey) CanPerformAdminOperation() bool
- func (a *APIKey) GetAllScopes() []string
- func (a *APIKey) HasPermission(permission string) bool
- func (a *APIKey) HasScope(scope string) bool
- func (a *APIKey) HasScopeWildcard(scope string) bool
- func (a *APIKey) IsExpired() bool
- func (a *APIKey) IsPublishable() bool
- func (a *APIKey) IsRestricted() bool
- func (a *APIKey) IsSecret() bool
- func (a *APIKey) ToSchema() *schema.APIKey
- type CreateAPIKeyRequest
- type IdentityVerification
- type IdentityVerificationSession
- type KeyType
- type ListAPIKeysResponse
- type RotateAPIKeyRequest
- type Session
- type SocialAccount
- type UpdateAPIKeyRequest
- type User
- type UserVerificationStatus
- type VerifyAPIKeyRequest
- type VerifyAPIKeyResponse
Constants ¶
This section is empty.
Variables ¶
View Source
var KeyTypeScopes = map[KeyType][]string{ KeyTypePublishable: { "app:identify", "sessions:create", "users:verify", "public:read", }, KeyTypeSecret: { "admin:full", }, KeyTypeRestricted: {}, }
KeyTypeScopes defines default scopes for each key type These are automatically granted based on key type
View Source
var SafePublicScopes = map[string]bool{ "app:identify": true, "sessions:create": true, "sessions:verify": true, "users:verify": true, "users:read": true, "public:read": true, "webhooks:verify": true, }
SafePublicScopes defines scopes that are safe for publishable keys Only these scopes can be granted to pk_ keys
Functions ¶
func IsSafeForPublicKey ¶
IsSafeForPublicKey checks if a scope is safe for publishable keys
Types ¶
type APIKey ¶
type APIKey struct {
ID xid.ID `json:"id"`
AppID xid.ID `json:"appID"` // Platform tenant
EnvironmentID xid.ID `json:"environmentID"` // Required: environment-scoped
OrganizationID *xid.ID `json:"organizationID,omitempty"` // Optional: org-scoped
UserID xid.ID `json:"userID"` // User who created the key
Name string `json:"name"`
Description string `json:"description,omitempty"`
Prefix string `json:"prefix"`
KeyType KeyType `json:"keyType"` // pk/sk/rk
Scopes []string `json:"scopes"`
Permissions map[string]string `json:"permissions"`
RateLimit int `json:"rate_limit"`
AllowedIPs []string `json:"allowed_ips,omitempty"`
Active bool `json:"active"`
ExpiresAt *time.Time `json:"expires_at,omitempty"`
UsageCount int64 `json:"usage_count"`
LastUsedAt *time.Time `json:"last_used_at,omitempty"`
LastUsedIP string `json:"last_used_ip,omitempty"`
LastUsedUA string `json:"last_used_ua,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
Metadata map[string]string `json:"metadata,omitempty"`
// RBAC Integration (Hybrid Approach)
DelegateUserPermissions bool `json:"delegateUserPermissions"` // Inherit creator's permissions
ImpersonateUserID *xid.ID `json:"impersonateUserID,omitempty"` // Act as specific user
Roles []string `json:"roles,omitempty"` // Role IDs or names
RBACPermissions []string `json:"rbacPermissions,omitempty"` // Computed RBAC permissions
// Transient field - only populated during creation
Key string `json:"key,omitempty"`
}
APIKey represents an API key with its metadata (DTO) Updated for V2 architecture: App → Environment → Organization
func FromSchemaAPIKey ¶
FromSchemaAPIKey converts a schema.APIKey to APIKey DTO
func FromSchemaAPIKeys ¶
FromSchemaAPIKeys converts multiple schema.APIKey to APIKey DTOs
func (*APIKey) CanPerformAdminOperation ¶
CanPerformAdminOperation returns true if the key has admin privileges
func (*APIKey) GetAllScopes ¶
GetAllScopes returns all scopes including default key type scopes
func (*APIKey) HasPermission ¶
HasPermission checks if the API key has a specific permission
func (*APIKey) HasScopeWildcard ¶
HasScopeWildcard checks if the API key has a scope, supporting wildcards Examples: "admin:*" matches "admin:users", "admin:settings", etc.
func (*APIKey) IsPublishable ¶
IsPublishable returns true if this is a publishable (frontend-safe) key
func (*APIKey) IsRestricted ¶
IsRestricted returns true if this is a restricted (backend-only, scoped) key
type CreateAPIKeyRequest ¶
type CreateAPIKeyRequest struct {
AppID xid.ID `json:"appID" validate:"required"` // Platform tenant
EnvironmentID xid.ID `json:"environmentID" validate:"required"` // Required: environment-scoped
OrgID *xid.ID `json:"orgID,omitempty"` // Optional: org-scoped
UserID xid.ID `json:"userID" validate:"required"` // User creating the key
Name string `json:"name" validate:"required,min=1,max=100"`
Description string `json:"description,omitempty" validate:"max=500"`
KeyType KeyType `json:"keyType" validate:"required"` // pk/sk/rk
Scopes []string `json:"scopes" validate:"required,min=1"`
Permissions map[string]string `json:"permissions,omitempty"`
RateLimit int `json:"rate_limit,omitempty" validate:"min=0,max=10000"`
AllowedIPs []string `json:"allowed_ips,omitempty"` // IP whitelist (CIDR notation supported)
ExpiresAt *time.Time `json:"expires_at,omitempty"`
Metadata map[string]string `json:"metadata,omitempty"`
// RBAC Integration
DelegateUserPermissions bool `json:"delegateUserPermissions,omitempty"` // Inherit creator's permissions
ImpersonateUserID *xid.ID `json:"impersonateUserID,omitempty"` // Act as specific user
RoleIDs []xid.ID `json:"roleIDs,omitempty"` // Assign roles on creation
}
CreateAPIKeyRequest represents a request to create an API key Updated for V2 architecture
type IdentityVerification ¶ added in v0.0.2
type IdentityVerification struct {
ID string `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
// V2 Multi-tenant context
AppID string `json:"appId"`
EnvironmentID *string `json:"environmentId,omitempty"`
OrganizationID string `json:"organizationId"`
UserID string `json:"userId"`
// Provider information
Provider string `json:"provider"`
ProviderCheckID string `json:"providerCheckId,omitempty"`
// Verification type and status
VerificationType string `json:"verificationType"`
Status string `json:"status"`
// Document information
DocumentType string `json:"documentType,omitempty"`
DocumentNumber string `json:"documentNumber,omitempty"`
DocumentCountry string `json:"documentCountry,omitempty"`
// Verification results
IsVerified bool `json:"isVerified"`
RiskScore int `json:"riskScore,omitempty"`
RiskLevel string `json:"riskLevel,omitempty"`
ConfidenceScore int `json:"confidenceScore,omitempty"`
// Personal information extracted
FirstName string `json:"firstName,omitempty"`
LastName string `json:"lastName,omitempty"`
DateOfBirth *time.Time `json:"dateOfBirth,omitempty"`
Age int `json:"age,omitempty"`
Gender string `json:"gender,omitempty"`
Nationality string `json:"nationality,omitempty"`
// AML/Sanctions screening results
IsOnSanctionsList bool `json:"isOnSanctionsList"`
IsPEP bool `json:"isPep"`
SanctionsDetails string `json:"sanctionsDetails,omitempty"`
// Liveness detection
LivenessScore int `json:"livenessScore,omitempty"`
IsLive bool `json:"isLive"`
// Rejection/failure information
RejectionReasons []string `json:"rejectionReasons,omitempty"`
FailureReason string `json:"failureReason,omitempty"`
// Metadata
Metadata map[string]interface{} `json:"metadata,omitempty"`
ProviderData map[string]interface{} `json:"providerData,omitempty"`
IPAddress string `json:"ipAddress,omitempty"`
UserAgent string `json:"userAgent,omitempty"`
// Expiry and validity
ExpiresAt *time.Time `json:"expiresAt,omitempty"`
VerifiedAt *time.Time `json:"verifiedAt,omitempty"`
// Webhook tracking
WebhookDeliveryStatus string `json:"webhookDeliveryStatus,omitempty"`
WebhookDeliveredAt *time.Time `json:"webhookDeliveredAt,omitempty"`
}
IdentityVerification represents a verification attempt DTO
func FromSchemaIdentityVerification ¶ added in v0.0.2
func FromSchemaIdentityVerification(v *schema.IdentityVerification) *IdentityVerification
FromSchemaIdentityVerification converts schema to DTO
func FromSchemaIdentityVerifications ¶ added in v0.0.2
func FromSchemaIdentityVerifications(verifications []*schema.IdentityVerification) []*IdentityVerification
FromSchemaIdentityVerifications converts slice of schema to DTOs
type IdentityVerificationSession ¶ added in v0.0.2
type IdentityVerificationSession struct {
ID string `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
// V2 Multi-tenant context
AppID string `json:"appId"`
EnvironmentID *string `json:"environmentId,omitempty"`
OrganizationID string `json:"organizationId"`
UserID string `json:"userId"`
// Session details
Provider string `json:"provider"`
SessionURL string `json:"sessionUrl"`
SessionToken string `json:"sessionToken,omitempty"` // Excluded in most responses
// Configuration
RequiredChecks []string `json:"requiredChecks"`
Config map[string]interface{} `json:"config,omitempty"`
// Status tracking
Status string `json:"status"`
CompletedAt *time.Time `json:"completedAt,omitempty"`
ExpiresAt time.Time `json:"expiresAt"`
// Callback URLs
SuccessURL string `json:"successUrl,omitempty"`
CancelURL string `json:"cancelUrl,omitempty"`
// Tracking
IPAddress string `json:"ipAddress,omitempty"`
UserAgent string `json:"userAgent,omitempty"`
}
IdentityVerificationSession represents a verification session DTO
func FromSchemaIdentityVerificationSession ¶ added in v0.0.2
func FromSchemaIdentityVerificationSession(s *schema.IdentityVerificationSession) *IdentityVerificationSession
FromSchemaIdentityVerificationSession converts schema to DTO
type KeyType ¶
type KeyType string
KeyType represents the type of API key
const ( // KeyTypePublishable - Frontend-safe, identifies app, limited operations // Can be safely exposed in client-side code (browser, mobile apps) // Limited to read-only and session creation operations KeyTypePublishable KeyType = "pk" // KeyTypeSecret - Backend-only, full administrative privileges // Must be kept secret on server-side only // Has unrestricted access to all operations KeyTypeSecret KeyType = "sk" // KeyTypeRestricted - Backend-only, scoped to specific operations // Must be kept secret on server-side // Access limited to explicitly granted scopes KeyTypeRestricted KeyType = "rk" )
func (KeyType) GetDefaultScopes ¶
GetDefaultScopes returns the default scopes for this key type
func (KeyType) IsBackendOnly ¶
IsBackendOnly returns true if key must be used server-side only
type ListAPIKeysResponse ¶
type ListAPIKeysResponse = pagination.PageResponse[*APIKey]
ListAPIKeysResponse is a type alias for the paginated response
type RotateAPIKeyRequest ¶
type RotateAPIKeyRequest struct {
ID xid.ID `json:"id" validate:"required"`
AppID xid.ID `json:"appID" validate:"required"`
EnvironmentID xid.ID `json:"environmentID" validate:"required"`
OrganizationID *xid.ID `json:"organizationID,omitempty"`
UserID xid.ID `json:"userID" validate:"required"`
ExpiresAt *time.Time `json:"expires_at,omitempty"`
}
RotateAPIKeyRequest represents a request to rotate an API key Updated for V2 architecture
type Session ¶
type Session struct {
ID xid.ID `json:"id"`
Token string `json:"token"`
AppID xid.ID `json:"appID"`
EnvironmentID *xid.ID `json:"environmentID,omitempty"`
OrganizationID *xid.ID `json:"organizationID,omitempty"`
UserID xid.ID `json:"userId"`
ExpiresAt time.Time `json:"expiresAt"`
IPAddress string `json:"ipAddress"`
UserAgent string `json:"userAgent"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
// Refresh token support (Option 3)
RefreshToken *string `json:"refreshToken,omitempty"`
RefreshTokenExpiresAt *time.Time `json:"refreshTokenExpiresAt,omitempty"`
LastRefreshedAt *time.Time `json:"lastRefreshedAt,omitempty"`
// Device info (computed on-demand, not stored in DB)
Device interface{} `json:"device,omitempty" bun:"-"`
}
Session represents a user session (DTO)
type SocialAccount ¶ added in v0.0.2
type SocialAccount struct {
ID xid.ID `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
// User relationship
UserID xid.ID `json:"userId"`
AppID xid.ID `json:"appId"`
UserOrganizationID *xid.ID `json:"userOrganizationId,omitempty"`
// Provider information
Provider string `json:"provider"`
ProviderID string `json:"providerId"`
Email string `json:"email,omitempty"`
Name string `json:"name,omitempty"`
Avatar string `json:"avatar,omitempty"`
// OAuth tokens (access token excluded for security)
TokenType string `json:"tokenType"`
ExpiresAt *time.Time `json:"expiresAt,omitempty"`
RefreshExpiresAt *time.Time `json:"refreshExpiresAt,omitempty"`
Scope string `json:"scope,omitempty"`
// Account status
Revoked bool `json:"revoked"`
RevokedAt *time.Time `json:"revokedAt,omitempty"`
}
SocialAccount represents a social account connection DTO This is separate from schema.SocialAccount to maintain proper separation of concerns
func FromSchemaSocialAccount ¶ added in v0.0.2
func FromSchemaSocialAccount(sa *schema.SocialAccount) *SocialAccount
FromSchemaSocialAccount converts a schema.SocialAccount to a SocialAccount DTO
func FromSchemaSocialAccounts ¶ added in v0.0.2
func FromSchemaSocialAccounts(accounts []*schema.SocialAccount) []*SocialAccount
FromSchemaSocialAccounts converts a slice of schema.SocialAccount to SocialAccount DTOs
func (*SocialAccount) ToSchema ¶ added in v0.0.2
func (sa *SocialAccount) ToSchema() *schema.SocialAccount
ToSchema converts the SocialAccount DTO to a schema.SocialAccount model
type UpdateAPIKeyRequest ¶
type UpdateAPIKeyRequest struct {
Name *string `json:"name,omitempty" validate:"omitempty,min=1,max=100"`
Description *string `json:"description,omitempty" validate:"omitempty,max=500"`
Scopes []string `json:"scopes,omitempty" validate:"omitempty,min=1"`
Permissions map[string]string `json:"permissions,omitempty"`
RateLimit *int `json:"rate_limit,omitempty" validate:"omitempty,min=0,max=10000"`
ExpiresAt *time.Time `json:"expires_at,omitempty"`
Active *bool `json:"active,omitempty"`
Metadata map[string]string `json:"metadata,omitempty"`
}
UpdateAPIKeyRequest represents a request to update an API key
type User ¶
type User struct {
ID xid.ID `json:"id"`
AppID xid.ID `json:"appId"`
Email string `json:"email"`
EmailVerified bool `json:"emailVerified"`
EmailVerifiedAt *time.Time `json:"emailVerifiedAt,omitempty"`
Name string `json:"name"`
Image string `json:"image,omitempty"`
PasswordHash string `json:"-"` // Never expose in JSON
Username string `json:"username"`
DisplayUsername string `json:"displayUsername,omitempty"`
// Audit fields
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
DeletedAt *time.Time `json:"deletedAt,omitempty"`
}
User represents a user entity DTO This is separate from schema.User to maintain proper separation of concerns
type UserVerificationStatus ¶ added in v0.0.2
type UserVerificationStatus struct {
ID string `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
// V2 Multi-tenant context
AppID string `json:"appId"`
EnvironmentID *string `json:"environmentId,omitempty"`
OrganizationID string `json:"organizationId"`
UserID string `json:"userId"`
// Overall verification status
IsVerified bool `json:"isVerified"`
VerificationLevel string `json:"verificationLevel"`
LastVerifiedAt *time.Time `json:"lastVerifiedAt,omitempty"`
VerificationExpiry *time.Time `json:"verificationExpiry,omitempty"`
RequiresReverification bool `json:"requiresReverification"`
// Individual check statuses
DocumentVerified bool `json:"documentVerified"`
LivenessVerified bool `json:"livenessVerified"`
AgeVerified bool `json:"ageVerified"`
AMLScreened bool `json:"amlScreened"`
AMLClear bool `json:"amlClear"`
// Most recent verification IDs
LastDocumentVerificationID string `json:"lastDocumentVerificationId,omitempty"`
LastLivenessVerificationID string `json:"lastLivenessVerificationId,omitempty"`
LastAMLVerificationID string `json:"lastAMLVerificationId,omitempty"`
// Risk assessment
OverallRiskLevel string `json:"overallRiskLevel"`
RiskFactors []string `json:"riskFactors,omitempty"`
// Compliance flags
IsBlocked bool `json:"isBlocked"`
BlockReason string `json:"blockReason,omitempty"`
BlockedAt *time.Time `json:"blockedAt,omitempty"`
// Metadata
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
UserVerificationStatus tracks the overall verification status DTO
func FromSchemaUserVerificationStatus ¶ added in v0.0.2
func FromSchemaUserVerificationStatus(s *schema.UserVerificationStatus) *UserVerificationStatus
FromSchemaUserVerificationStatus converts schema to DTO
type VerifyAPIKeyRequest ¶
type VerifyAPIKeyRequest struct {
Key string `json:"key" validate:"required"`
RequiredScope string `json:"required_scope,omitempty"`
RequiredPermission string `json:"required_permission,omitempty"`
IP string `json:"ip,omitempty"`
UserAgent string `json:"user_agent,omitempty"`
}
VerifyAPIKeyRequest represents a request to verify an API key
type VerifyAPIKeyResponse ¶
type VerifyAPIKeyResponse struct {
Valid bool `json:"valid"`
APIKey *APIKey `json:"api_key,omitempty"`
Error string `json:"error,omitempty"`
}
VerifyAPIKeyResponse represents a response from API key verification
Source Files
Click to show internal directories.
Click to hide internal directories.