Documentation
¶
Overview ¶
Package auth provides core authentication functionality using graphical passwords. Instead of a traditional text-based password, users provide a sequence of image indices. This sequence is converted to a string, hashed with bcrypt, and stored in MongoDB.
Package auth provides advanced security features such as brute-force protection and password reset capabilities.
Package auth provides helper functions including email validation.
Index ¶
- Variables
- func AuthenticateUser(username string, graphicalPassword []int) (bool, error)
- func CheckGraphicalPasswordHash(gp []int, hash string) error
- func HashGraphicalPassword(gp []int) (string, error)
- func IsValidEmail(email string) bool
- func RegisterUser(username, email string, graphicalPassword []int) error
- type SecureAuthManager
- type User
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUserExists is returned when a user with the same username or email already exists. ErrUserExists = errors.New("username or email already exists") // ErrUserNotFound is returned when no user is found for a given username. ErrUserNotFound = errors.New("user not found") // ErrInvalidGraphicalPassword is returned when the provided graphical password does not match the stored hash. ErrInvalidGraphicalPassword = errors.New("invalid graphical password") )
var (
ErrAccountBlocked = fmt.Errorf("account is temporarily blocked")
)
Predefined error for blocked accounts.
Functions ¶
func AuthenticateUser ¶
AuthenticateUser authenticates a user using their username and graphical password. It returns true if authentication is successful, false otherwise, and an error if any issues occur.
func CheckGraphicalPasswordHash ¶
CheckGraphicalPasswordHash compares the provided graphical password (as a slice of ints) with the stored hash. It returns nil if the password matches, or an error otherwise.
func HashGraphicalPassword ¶
HashGraphicalPassword converts the provided graphical password (slice of ints) into a string and hashes it using bcrypt.
func IsValidEmail ¶
IsValidEmail returns true if the provided email address is valid; false otherwise. It uses the net/mail package to parse and verify the email address format.
func RegisterUser ¶
RegisterUser registers a new user using their username, email, and a graphical password. The graphicalPassword parameter is the sequence of image indices chosen by the user. It returns an error if the user already exists or if registration fails.
Types ¶
type SecureAuthManager ¶
type SecureAuthManager struct {
// contains filtered or unexported fields
}
SecureAuthManager manages brute-force protection and password reset tokens.
func NewSecureAuthManager ¶
func NewSecureAuthManager(threshold int, blockDuration, tokenDuration time.Duration) *SecureAuthManager
NewSecureAuthManager creates a new SecureAuthManager with the specified settings.
func (*SecureAuthManager) AuthenticateWithProtection ¶
func (m *SecureAuthManager) AuthenticateWithProtection(username string, graphicalPassword []int, userEmail string) (bool, error)
AuthenticateWithProtection wraps AuthenticateUser with brute-force protection. If authentication fails repeatedly, the account is blocked and an alert email is sent.
func (*SecureAuthManager) InitiatePasswordReset ¶
func (m *SecureAuthManager) InitiatePasswordReset(username, userEmail string) (string, error)
InitiatePasswordReset generates a secure reset token for the given username, stores it, and sends a reset link to the user's email. Returns the generated token or an error.
func (*SecureAuthManager) ValidateResetToken ¶
func (m *SecureAuthManager) ValidateResetToken(username, token string) bool
ValidateResetToken checks if the provided token for the given username is valid and not expired.