services

package
v0.0.0-...-1cd555d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 7, 2026 License: MPL-2.0 Imports: 43 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ChildAuthTokenExpirationTime = time.Hour * 24 * 6
)

Variables

View Source 
var (
	ErrOPRFSeedNotAvailable = errors.New("OPRF seed not available")
)

Functions

This section is empty.

Types

type JWTService 

type JWTService struct {
	// contains filtered or unexported fields
}

func NewJWTService 

func NewJWTService(ds *datastore.Datastore, isKeyService bool) (*JWTService, error)

func (*JWTService) CreateAuthToken 

func (j *JWTService) CreateAuthToken(sessionID uuid.UUID, expiration *time.Duration, serviceName string) (string, error)

func (*JWTService) CreateEphemeralLoginToken 

func (j *JWTService) CreateEphemeralLoginToken(loginStateID uuid.UUID, expiration time.Duration) (string, error)

func (*JWTService) CreateToken 

func (j *JWTService) CreateToken(claims jwt.MapClaims) (string, error)

func (*JWTService) CreateVerificationToken 

func (j *JWTService) CreateVerificationToken(verificationID uuid.UUID, expiration time.Duration, serviceName string) (string, error)

func (*JWTService) ValidateAuthToken 

func (j *JWTService) ValidateAuthToken(tokenString string) (uuid.UUID, string, error)

func (*JWTService) ValidateEphemeralLoginToken 

func (j *JWTService) ValidateEphemeralLoginToken(tokenString string) (uuid.UUID, error)

func (*JWTService) ValidateVerificationToken 

func (j *JWTService) ValidateVerificationToken(tokenString string) (uuid.UUID, error)

type OpaqueService 

type OpaqueService struct {
	Config *opaque.Configuration
	// contains filtered or unexported fields
}

func NewOpaqueService 

func NewOpaqueService(ds *datastore.Datastore, isKeyService bool) (*OpaqueService, error)

func (*OpaqueService) BinaryDeserializer 

func (o *OpaqueService) BinaryDeserializer() (*opaque.Deserializer, error)

func (*OpaqueService) DeriveOPRFClientSeed 

func (o *OpaqueService) DeriveOPRFClientSeed(credentialIdentifier string, oprfSeedID *int) ([]byte, int, error)

func (*OpaqueService) LoginFinalize 

func (o *OpaqueService) LoginFinalize(loginStateID uuid.UUID, ke3 *opaqueMsg.KE3, clientAddr string) (*datastore.InterimPasswordState, error)

func (*OpaqueService) LoginInit 

func (o *OpaqueService) LoginInit(email string, ke1 *opaqueMsg.KE1, clientAddr string) (*opaqueMsg.KE2, *datastore.InterimPasswordState, error)

func (*OpaqueService) NewElement 

func (o *OpaqueService) NewElement() *ecc.Element

func (*OpaqueService) SetupPasswordFinalize 

func (o *OpaqueService) SetupPasswordFinalize(email string, registration *opaqueMsg.RegistrationRecord) (*datastore.InterimPasswordState, error)

func (*OpaqueService) SetupPasswordInit 

func (o *OpaqueService) SetupPasswordInit(email string, request *opaqueMsg.RegistrationRequest, clientAddr string) (*opaqueMsg.RegistrationResponse, error)

type SES 

type SES interface {
	SendVerificationEmail(ctx context.Context, email string, verification *datastore.Verification, locale string) error
	SendSimilarEmailAlert(ctx context.Context, email string, locale string) error
	SendPasswordChangeNotification(ctx context.Context, email string, locale string) error
}

type SESService 

type SESService struct {
	// contains filtered or unexported fields
}

func NewSESService 

func NewSESService(i18nBundle *i18n.Bundle, env string) (*SESService, error)

func (*SESService) SendPasswordChangeNotification 

func (s *SESService) SendPasswordChangeNotification(ctx context.Context, email string, locale string) error

func (*SESService) SendSimilarEmailAlert 

func (s *SESService) SendSimilarEmailAlert(ctx context.Context, email string, locale string) error

func (*SESService) SendVerificationEmail 

func (s *SESService) SendVerificationEmail(ctx context.Context, email string, verification *datastore.Verification, locale string) error

type TwoFAAuthRequest 

type TwoFAAuthRequest struct {
	// TOTP verification code (optional if recovery key is provided)
	TOTPCode *string `json:"totpCode,omitempty" validate:"required_without=RecoveryKey,excluded_with=RecoveryKey"`
	// Recovery key for 2FA bypass (optional if TOTP code is provided)
	RecoveryKey *string `json:"recoveryKey,omitempty" validate:"required_without=TOTPCode,excluded_with=TOTPCode"`
	// Whether to invalidate existing sessions (only applicable when changing password)
	InvalidateSessions bool `json:"invalidateSessions"`
}

TwoFAAuthRequest represents a request to authenticate with 2FA

type TwoFAService 

type TwoFAService struct {
	// contains filtered or unexported fields
}

TwoFAService provides methods for managing two-factor authentication

func NewTwoFAService 

func NewTwoFAService(ds *datastore.Datastore, isKeyService bool) *TwoFAService

NewTwoFAService creates a new TwoFAService instance with configuration from environment

func (*TwoFAService) DeleteTOTPKey 

func (t *TwoFAService) DeleteTOTPKey(accountID uuid.UUID) error

DeleteTOTPKey deletes a TOTP key for an account

func (*TwoFAService) DisableTwoFA 

func (t *TwoFAService) DisableTwoFA(accountID uuid.UUID) error

DisableTwoFA disables two-factor authentication for an account

func (*TwoFAService) GenerateAndStoreRecoveryKey 

func (t *TwoFAService) GenerateAndStoreRecoveryKey(accountID uuid.UUID) (string, error)

GenerateAndStoreRecoveryKey generates a 32-character recovery key and stores its hash in the database for the specified account

func (*TwoFAService) GenerateAndStoreTOTPKey 

func (t *TwoFAService) GenerateAndStoreTOTPKey(accountID uuid.UUID, email string) (*otp.Key, error)

GenerateAndStoreTOTPKey creates and stores a new TOTP key for an account

func (*TwoFAService) GenerateTOTPQRCode 

func (t *TwoFAService) GenerateTOTPQRCode(key *otp.Key) (string, error)

GenerateTOTPQRCode generates a QR code image for a TOTP key and returns it as a base64 encoded PNG string

func (*TwoFAService) ProcessChallenge 

func (t *TwoFAService) ProcessChallenge(loginState *datastore.InterimPasswordState, req *TwoFAAuthRequest, clientAddr string) error

ProcessChallenge verifies either TOTP code or recovery key for an account

func (*TwoFAService) ValidateTOTPCode 

func (t *TwoFAService) ValidateTOTPCode(accountID uuid.UUID, code string, clientAddr *string) error

ValidateTOTPCode checks if the provided code is valid for the specified account

type VerificationResult 

type VerificationResult struct {
	AuthToken *string
	Email     *string
	Service   string
}

type VerificationService 

type VerificationService struct {
	// contains filtered or unexported fields
}

func NewVerificationService 

func NewVerificationService(datastore *datastore.Datastore, jwtService *JWTService, sesService SES, passwordAuthEnabled bool, emailAuthEnabled bool) *VerificationService

func (*VerificationService) CompleteVerification 

func (vs *VerificationService) CompleteVerification(verification *datastore.Verification, code string, userAgent string) (*VerificationResult, error)

func (*VerificationService) InitializeVerification 

func (vs *VerificationService) InitializeVerification(ctx context.Context, email, intent, service string, session *datastore.SessionWithAccountInfo) (*datastore.Verification, *string, error)

func (*VerificationService) SendVerificationEmail 

func (vs *VerificationService) SendVerificationEmail(ctx context.Context, verification *datastore.Verification, locale string) error

type WebhookService 

type WebhookService struct {
	// contains filtered or unexported fields
}

func NewWebhookService 

func NewWebhookService(ds *datastore.Datastore) *WebhookService

func (*WebhookService) StartProcessingEvents 

func (w *WebhookService) StartProcessingEvents() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.