Documentation
¶
Index ¶
- Variables
- func DefaultKey(phoneNumber string) string
- type Clearer
- type MemoryValidator
- type OneTimePINValidator
- type PhonePinAuth
- func (auth *PhonePinAuth) AuthViewer(w http.ResponseWriter, r *http.Request) viewer.ViewerContext
- func (auth *PhonePinAuth) Authenticate(ctx context.Context, phoneNumber, pin string) (*entjwt.AuthedIdentity, error)
- func (auth *PhonePinAuth) AvailableAndValid(ctx context.Context, phoneNumber, pin string) (bool, error)
- func (auth *PhonePinAuth) ExtendTokenExpiration(tokenStr string) (string, error)
- func (auth *PhonePinAuth) ViewerFromToken(tokenStr string) (viewer.ViewerContext, error)
- type RedisValidator
- type Validator
Constants ¶
This section is empty.
Variables ¶
var DefaultRegion = "US"
DefaultRegion is the default region used to parse the phone number
Functions ¶
func DefaultKey ¶
DefaultKey is the default key for the phone number|pin combo stored in the cache
Types ¶
type Clearer ¶
type Clearer interface {
Clear(string) // clear key? separate func
}
Clearer is an object that takes the phone number and clears the key associated with it from its storage only if the PIN is valid. If you want to clear even if the PIN provided was incorrect, wrap whatever validator that's being used by OneTimePINValidator
type MemoryValidator ¶
type MemoryValidator struct {
// Required. Instance of Memory responsible for storing phone number
Memory *cache.Memory
// function that takes a phonenumber and returns the key. Defaults to DefaultKey when not provided
KeyFunc func(string) string
}
MemoryValidator is used to store the PIN in memory (using go-cache) and then checking that there was previously a mapping from phone number to pin stored
func (*MemoryValidator) Clear ¶
func (v *MemoryValidator) Clear(phoneNumber string)
Clear clears the key mapping phone number to pin in memory
func (*MemoryValidator) Valid ¶
func (v *MemoryValidator) Valid(phoneNumber, pin string) error
Valid returns error if the pin stored for phone number doesn't match the provided pin
type OneTimePINValidator ¶
type OneTimePINValidator struct {
Validator Validator
}
OneTimePINValidator wraps any validator to ensure that the PIN is cleared from storage even if there was an error validating the PIN. Does not allow PIN reuses. Having default lenient behavior with this as the backup provides the most optionality
func (*OneTimePINValidator) Valid ¶
func (v *OneTimePINValidator) Valid(phoneNumber, pin string) error
Valid returns error if pin is not valid for phone number
type PhonePinAuth ¶
type PhonePinAuth struct {
// Required function to take the phone number and returns an (ID, error) tuple indicating
// if phone number maps to something in the database
IDFromPhoneNumber func(string) (string, error)
// Required function takes the ID above and returns a (ViewerContext, error) tuple. Called by AuthFromViewer method to return the ViewerContext
// to be used for the current request
VCFromID func(string) (viewer.ViewerContext, error)
// Required. Used to sign the token used to auth the user
SigningKey interface{}
// Length of time the access token should be valid for. Default is jwt.DefaultDuration
Duration time.Duration
// What algorithm method should be used to sign this token. Default is jwt.DefaultSigningMethod
SigningMethod jwt.SigningMethod
// ClaimFunc is used to return a new instance of jwt.Claims to be used instead of jwt.MapClaims
// when generating token. It's passed to jwt.NewWithClaims
ClaimFunc func(string) entjwt.Claims
// This pairs well with ClaimFunc to generate a new empty claims instance which is passed to jwt.ParseWithClaims
BaseClaimFunc func() entjwt.Claims
// DefaultRegion modifies the default region passed to phonennumbers.Parse when parsing the phone number
// defaults to "US"
DefaultRegion string
// Format modifies the format used when formatting the phone number so
// it's a consistent API: defaults to phonenumbers.E164 similar to
// the phonenumber field which is how the phone number is probably stored
Format phonenumbers.PhoneNumberFormat
// Required to validate the phone number/pin combo as valid
// Can use default Memory or Redis Validator if need be
Validator Validator
// ExtendTokenDuration defines the window for which the token can be extended
// (with a valid existing token and without a refresh token)
// If not set (default), token can be extended whenever e.g. sliding window every 10 minutes, every request, etc.
// If set, token can only be extended within that window e.g. if set to 5 minutes, will be 5 minutes
// before token expires
// By default, auth handler doesn't do anything and since DefaultDuration is currently 1 hour,
// developer needs to pick *something* to do to extend tokens or provide a
// longer duration
ExtendTokenDuration time.Duration
// contains filtered or unexported fields
}
PhonePinAuth is an implementation of the auth.Auth interface that verifies that a phone number/PIN combination is valid
func NewPhonePinAuth ¶
func NewPhonePinAuth(
signingKey interface{},
idFromPhoneNumber func(string) (string, error),
vcFromID func(string) (viewer.ViewerContext, error),
validator Validator,
) *PhonePinAuth
NewPhonePinAuth returns a new instance of PhonePinAuth with all requried fields
func (*PhonePinAuth) AuthViewer ¶
func (auth *PhonePinAuth) AuthViewer(w http.ResponseWriter, r *http.Request) viewer.ViewerContext
AuthViewer takes the authorization token from the request and verifies if valid and then returns a ViewerContext which maps to user encoded in the token
func (*PhonePinAuth) Authenticate ¶
func (auth *PhonePinAuth) Authenticate(ctx context.Context, phoneNumber, pin string) (*entjwt.AuthedIdentity, error)
Authenticate takes credentials from the request and authenticates the user. Can be called from your GraphQL mutation, REST API, etc.
func (*PhonePinAuth) AvailableAndValid ¶
func (auth *PhonePinAuth) AvailableAndValid(ctx context.Context, phoneNumber, pin string) (bool, error)
AvailableAndValid returns a boolean indicating that the phoneNumber/pin combo can be used to sign-in or register Doesn't clear the PIN because it could eventually be used in the corresponding account create mutation If this is a OneTimePINValidator or anything that clears when Validate is called, beware!
func (*PhonePinAuth) ExtendTokenExpiration ¶
func (auth *PhonePinAuth) ExtendTokenExpiration(tokenStr string) (string, error)
ExtendTokenExpiration takes the current token and gets a new auth token for the user See ExtendTokenDuration for more information
func (*PhonePinAuth) ViewerFromToken ¶
func (auth *PhonePinAuth) ViewerFromToken(tokenStr string) (viewer.ViewerContext, error)
ViewerFromToken takes the token string and verifies if valid and then returns a ViewerContext which maps to user encoded in the token
type RedisValidator ¶
type RedisValidator struct {
// Required. Instance of Redis responsible for storing phone number
Redis *cache.Redis
// function that takes a phonenumber and returns the key. Defaults to DefaultKey when not provided
KeyFunc func(string) string
}
RedisValidator is used to store the PIN in redis and then checking that there was previously a mapping from phone number to pin stored
func (*RedisValidator) Clear ¶
func (v *RedisValidator) Clear(phoneNumber string)
Clear clears the key mapping phone number to pin in memory
func (*RedisValidator) Valid ¶
func (v *RedisValidator) Valid(phoneNumber, pin string) error
Valid returns error if the pin stored for phone number doesn't match the provided pin
type Validator ¶
type Validator interface {
// takes phone number|pin and returns error if not valid
// could be email/pin? or email/password
Valid(string, string) error
}
Validator takes a phonenumber/pin combo and validates that it's a valid Note that this already assumes a valid phone number via the IDFromPhoneNumber function passed to PhonePinAuth
Source Files