Documentation
¶
Index ¶
- type AuthConfig
- type AuthService
- func (s *AuthService) AuthenticateUser(username, password string, r *http.Request) (*models.Token, error)
- func (s *AuthService) ChangePassword(userID int64, oldPassword, newPassword string) error
- func (s *AuthService) Close()
- func (s *AuthService) CreateUser(username, password string, role models.Role) error
- func (s *AuthService) GetActiveSessions(userID int64) ([]models.Session, error)
- func (s *AuthService) GetConfig() AuthConfig
- func (s *AuthService) GetUserById(userID int64) (*models.User, error)
- func (s *AuthService) IsPasswordExpired(user *models.User) bool
- func (s *AuthService) RefreshToken(refreshToken string, r *http.Request) (*models.Token, error)
- func (s *AuthService) RevokeToken(tokenString string) error
- func (s *AuthService) ValidatePasswordHistory(newPassword string, previousPasswords []string) error
- func (s *AuthService) ValidateToken(tokenString string) (*jwt.MapClaims, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthConfig ¶
type AuthConfig struct {
JWTSecret []byte // Secret key used for signing JWT tokens.
TokenExpiry time.Duration // Duration after which access tokens expire.
RefreshTokenExpiry time.Duration // Duration after which refresh tokens expire.
MaxLoginAttempts int // Maximum number of failed login attempts before locking the account.
LockDuration time.Duration // Duration for which the account is locked after exceeding login attempts.
MaxActiveTokens int // Maximum number of active tokens a user can have simultaneously.
PasswordMinLength int // Minimum required length for user passwords.
RequireSpecialChar bool // Whether passwords must include at least one special character.
RequireNumber bool // Whether passwords must include at least one numeric character.
RequireUppercase bool // Whether passwords must include at least one uppercase letter.
TokenCleanupInterval time.Duration // Interval at which expired tokens are cleaned up from the database.
PasswordExpiryDays int // Number of days after which passwords expire.
PasswordHistoryLimit int // Number of previous passwords to retain and prevent reuse.
}
AuthConfig holds the configuration settings for the authentication service. JWT settings, token expiration durations, password policies, and more.
type AuthService ¶
type AuthService struct {
// contains filtered or unexported fields
}
AuthService manages user authentication, token generation, password policies, and related functionalities.
func NewAuthService ¶
func NewAuthService(db *database.SQLiteDB, config AuthConfig) *AuthService
NewAuthService initializes and returns a new instance of AuthService. Sets up the authentication service with the provided database and configuration, and starts a background routine for cleaning up expired tokens.
func (*AuthService) AuthenticateUser ¶
func (s *AuthService) AuthenticateUser(username, password string, r *http.Request) (*models.Token, error)
AuthenticateUser authenticates a user with the provided username and password. Verifies credentials, checks account lock status and password expiry, generates a new token upon successful authentication, and logs the login event.
func (*AuthService) ChangePassword ¶
func (s *AuthService) ChangePassword(userID int64, oldPassword, newPassword string) error
ChangePassword allows a user to update their password. It verifies the old password, validates the new password against policies, checks password history, hashes the new password, updates the user's record, and revokes all existing tokens to enforce the password change.
func (*AuthService) Close ¶
func (s *AuthService) Close()
func (*AuthService) CreateUser ¶
func (s *AuthService) CreateUser(username, password string, role models.Role) error
CreateUser registers a new user with the provided username, password, and role. Check for username uniqueness, validates the password, hashes it, and stores the user in the database.
func (*AuthService) GetActiveSessions ¶
func (s *AuthService) GetActiveSessions(userID int64) ([]models.Session, error)
GetActiveSessions retrieves all active sessions (tokens) for a given user. Allows users or administrators to view currently active authentication sessions.
func (*AuthService) GetConfig ¶
func (s *AuthService) GetConfig() AuthConfig
func (*AuthService) GetUserById ¶ added in v0.4.1
func (s *AuthService) GetUserById(userID int64) (*models.User, error)
func (*AuthService) IsPasswordExpired ¶
func (s *AuthService) IsPasswordExpired(user *models.User) bool
IsPasswordExpired checks whether a user's password has expired based on the PasswordChangedAt timestamp. Returns true if the password is older than the configured passwordExpiry duration.
func (*AuthService) RefreshToken ¶
RefreshToken generates a new access token using a valid refresh token. It validates the refresh token, revokes the old token, generates a new one, and stores it in the database.
func (*AuthService) RevokeToken ¶
func (s *AuthService) RevokeToken(tokenString string) error
RevokeToken revokes a specific JWT token by its token string. Marks the token as revoked in the database to prevent further use.
func (*AuthService) ValidatePasswordHistory ¶
func (s *AuthService) ValidatePasswordHistory(newPassword string, previousPasswords []string) error
ValidatePasswordHistory checks whether the new password has been used recently by the user. Compare the new password against a list of previous password hashes to prevent reuse.
func (*AuthService) ValidateToken ¶
func (s *AuthService) ValidateToken(tokenString string) (*jwt.MapClaims, error)
ValidateToken verifies the validity of a JWT token. It checks the token's signature, expiration, and revocation status.
Source Files