auth

package
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 22, 2025 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Package auth provides core authentication functionality using graphical passwords. Instead of a traditional text-based password, users provide a sequence of image indices. This sequence is converted to a string, hashed with bcrypt, and stored in MongoDB.

Package auth provides advanced security features such as brute-force protection and password reset capabilities.

Package auth provides helper functions including email validation.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrUserExists is returned when a user with the same username or email already exists.
	ErrUserExists = errors.New("username or email already exists")
	// ErrUserNotFound is returned when no user is found for a given username.
	ErrUserNotFound = errors.New("user not found")
	// ErrInvalidGraphicalPassword is returned when the provided graphical password does not match the stored hash.
	ErrInvalidGraphicalPassword = errors.New("invalid graphical password")
)
View Source
var (
	ErrAccountBlocked = fmt.Errorf("account is temporarily blocked")
)

Predefined error for blocked accounts.

Functions

func AuthenticateUser

func AuthenticateUser(username string, graphicalPassword []int) (bool, error)

AuthenticateUser authenticates a user using their username and graphical password. It returns true if authentication is successful, false otherwise, and an error if any issues occur.

func CheckGraphicalPasswordHash

func CheckGraphicalPasswordHash(gp []int, hash string) error

CheckGraphicalPasswordHash compares the provided graphical password (as a slice of ints) with the stored hash. It returns nil if the password matches, or an error otherwise.

func HashGraphicalPassword

func HashGraphicalPassword(gp []int) (string, error)

HashGraphicalPassword converts the provided graphical password (slice of ints) into a string and hashes it using bcrypt.

func IsValidEmail

func IsValidEmail(email string) bool

IsValidEmail returns true if the provided email address is valid; false otherwise. It uses the net/mail package to parse and verify the email address format.

func RegisterUser

func RegisterUser(username, email string, graphicalPassword []int) error

RegisterUser registers a new user using their username, email, and a graphical password. The graphicalPassword parameter is the sequence of image indices chosen by the user. It returns an error if the user already exists or if registration fails.

Types

type SecureAuthManager

type SecureAuthManager struct {
	// contains filtered or unexported fields
}

SecureAuthManager manages brute-force protection and password reset tokens.

func NewSecureAuthManager

func NewSecureAuthManager(threshold int, blockDuration, tokenDuration time.Duration) *SecureAuthManager

NewSecureAuthManager creates a new SecureAuthManager with the specified settings.

func (*SecureAuthManager) AuthenticateWithProtection

func (m *SecureAuthManager) AuthenticateWithProtection(username string, graphicalPassword []int, userEmail string) (bool, error)

AuthenticateWithProtection wraps AuthenticateUser with brute-force protection. If authentication fails repeatedly, the account is blocked and an alert email is sent.

func (*SecureAuthManager) InitiatePasswordReset

func (m *SecureAuthManager) InitiatePasswordReset(username, userEmail string) (string, error)

InitiatePasswordReset generates a secure reset token for the given username, stores it, and sends a reset link to the user's email. Returns the generated token or an error.

func (*SecureAuthManager) ValidateResetToken

func (m *SecureAuthManager) ValidateResetToken(username, token string) bool

ValidateResetToken checks if the provided token for the given username is valid and not expired.

type User

type User struct {
	ID                    primitive.ObjectID `bson:"_id,omitempty"`
	Username              string             `bson:"username"`
	Email                 string             `bson:"email"`
	GraphicalPasswordHash string             `bson:"graphical_password_hash"`
}

User represents a user in the system.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL