service

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AdminStats 

type AdminStats struct {
	TotalUsers        int `json:"total_users"`
	ActiveUsers       int `json:"active_users"`
	PendingKYC        int `json:"pending_kyc"`
	TotalWallets      int `json:"total_wallets"`
	TotalTransactions int `json:"total_transactions"`
}

AdminStats represents admin dashboard statistics.

type AuthService 

type AuthService struct {
	// contains filtered or unexported fields
}

AuthService handles authentication and authorization.

func NewAuthService 

func NewAuthService(
	userRepo UserRepositoryInterface,
	userAdminRepo UserAdminRepositoryInterface,
	kycRepo KYCRepositoryInterface,
	sessionRepo SessionRepositoryInterface,
	rbacClient RBACClientInterface,
	walletClient *WalletClient,
	notificationClient *clients.NotificationClient,
	jwtSecret string,
	jwtExpiry time.Duration,
	eventPublisher *events.Publisher,
) *AuthService

NewAuthService creates a new authentication service.

func (*AuthService) ChangePassword 

func (s *AuthService) ChangePassword(ctx context.Context, userID string, req *models.ChangePasswordRequest) *errors.Error

ChangePassword changes a user's password after verifying the current password.

func (*AuthService) ChangePasswordWithToken 

func (s *AuthService) ChangePasswordWithToken(ctx context.Context, userID string, verificationToken string, newPassword string) *errors.Error

ChangePasswordWithToken changes the user's password using a verification token. This is used when the user is logged in and wants to change their password.

func (*AuthService) GetAdminStats 

func (s *AuthService) GetAdminStats(ctx context.Context) (*AdminStats, *errors.Error)

GetAdminStats retrieves statistics for admin dashboard.

func (*AuthService) GetAdminUserID 

func (s *AuthService) GetAdminUserID(ctx context.Context, userID string) (string, *errors.Error)

GetAdminUserID returns the User-Admin ID for a given regular user account.

func (*AuthService) GetPairedUserID 

func (s *AuthService) GetPairedUserID(ctx context.Context, adminUserID string) (string, *errors.Error)

GetPairedUserID returns the regular user ID for a given User-Admin account.

func (*AuthService) GetUserByEmail 

func (s *AuthService) GetUserByEmail(ctx context.Context, email string, accountType models.AccountType) (*models.User, *errors.Error)

GetUserByEmail retrieves a user by email and account type.

func (*AuthService) GetUserByID 

func (s *AuthService) GetUserByID(ctx context.Context, userID string) (*models.User, *errors.Error)

GetUserByID retrieves a user by ID.

func (*AuthService) IsUserAdmin 

func (s *AuthService) IsUserAdmin(ctx context.Context, userID string) (bool, *errors.Error)

IsUserAdmin checks if a user ID belongs to a User-Admin account.

func (*AuthService) ListPendingKYCs 

func (s *AuthService) ListPendingKYCs(ctx context.Context, limit, offset int) ([]repository.KYCWithUser, *errors.Error)

ListPendingKYCs retrieves all pending KYC submissions for admin review.

func (*AuthService) Login 

func (s *AuthService) Login(ctx context.Context, req *models.LoginRequest, ipAddress, userAgent string) (*models.LoginResponse, *errors.Error)

Login authenticates a user and returns a JWT token. Portal-aware login: same email can exist for different account types. - User portal (nivomoney.com): looks up user with AccountTypeUser - Admin portal (admin.nivomoney.com): looks up user_admin, admin, or super_admin accounts

func (*AuthService) Logout 

func (s *AuthService) Logout(ctx context.Context, token string) *errors.Error

Logout invalidates a user's session.

func (*AuthService) LogoutAll 

func (s *AuthService) LogoutAll(ctx context.Context, userID string) *errors.Error

LogoutAll invalidates all sessions for a user.

func (*AuthService) LookupUserByPhone 

func (s *AuthService) LookupUserByPhone(ctx context.Context, phone string) (*models.User, *errors.Error)

LookupUserByPhone finds a user by phone number (for recipient lookup in transfers).

func (*AuthService) Register 

func (s *AuthService) Register(ctx context.Context, req *models.CreateUserRequest) (*models.User, *errors.Error)

Register creates a new user account with a paired User-Admin account. Both accounts are created atomically to enable self-service verification flows.

func (*AuthService) RejectKYC 

func (s *AuthService) RejectKYC(ctx context.Context, userID string, reason string) *errors.Error

RejectKYC rejects a user's KYC (admin operation).

func (*AuthService) ResetPasswordWithToken 

func (s *AuthService) ResetPasswordWithToken(ctx context.Context, verificationToken string, newPassword string) *errors.Error

ResetPasswordWithToken resets the user's password using a verification token. This is used for "forgot password" flows where the user may not be logged in.

func (*AuthService) SearchUsers 

func (s *AuthService) SearchUsers(ctx context.Context, query string, limit, offset int) ([]*models.User, *errors.Error)

SearchUsers searches for users by email, phone, or name (admin operation).

func (*AuthService) SetCache 

func (s *AuthService) SetCache(c cache.Cache)

SetCache sets the cache for session and user data caching. This is optional - if not set, all lookups go directly to the database.

func (*AuthService) SuspendUser 

func (s *AuthService) SuspendUser(ctx context.Context, userID string, reason string, adminUserID string) *errors.Error

SuspendUser suspends a user account (admin operation).

func (*AuthService) UnsuspendUser 

func (s *AuthService) UnsuspendUser(ctx context.Context, userID string) *errors.Error

UnsuspendUser reactivates a suspended user account (admin operation).

func (*AuthService) UpdateKYC 

func (s *AuthService) UpdateKYC(ctx context.Context, userID string, req *models.UpdateKYCRequest) (*models.KYCInfo, *errors.Error)

UpdateKYC updates or creates KYC information for a user.

func (*AuthService) UpdateProfile 

func (s *AuthService) UpdateProfile(ctx context.Context, userID string, req *models.UpdateProfileRequest) (*models.User, *errors.Error)

UpdateProfile updates a user's profile information.

func (*AuthService) ValidatePairing 

func (s *AuthService) ValidatePairing(ctx context.Context, adminUserID, userID string) (bool, *errors.Error)

ValidatePairing checks if the adminUserID is authorized to act on userID.

func (*AuthService) ValidateToken 

func (s *AuthService) ValidateToken(ctx context.Context, tokenString string) (*models.User, *errors.Error)

ValidateToken validates a JWT token and returns the user.

func (*AuthService) VerifyCurrentPassword 

func (s *AuthService) VerifyCurrentPassword(ctx context.Context, userID string, password string) *errors.Error

VerifyCurrentPassword verifies that the provided password matches the user's current password.

func (*AuthService) VerifyKYC 

func (s *AuthService) VerifyKYC(ctx context.Context, userID string) *errors.Error

VerifyKYC approves a user's KYC (admin operation).

type CreateWalletRequest 

type CreateWalletRequest struct {
	UserID   string `json:"user_id"`
	Type     string `json:"type"`
	Currency string `json:"currency"`
}

CreateWalletRequest represents the request to create a wallet.

type JWTClaims 

type JWTClaims struct {
	UserID      string   `json:"user_id"`
	Email       string   `json:"email"`
	Status      string   `json:"status"`
	AccountType string   `json:"account_type,omitempty"` // Account type (user, user_admin, admin, super_admin)
	Roles       []string `json:"roles,omitempty"`        // User's role names
	Permissions []string `json:"permissions,omitempty"`  // Flattened permission list
	jwt.RegisteredClaims
}

JWTClaims represents the JWT token claims with RBAC support.

type KYCRepositoryInterface 

type KYCRepositoryInterface interface {
	GetByUserID(ctx context.Context, userID string) (*models.KYCInfo, *errors.Error)
	Create(ctx context.Context, kyc *models.KYCInfo) *errors.Error
	UpdateStatus(ctx context.Context, userID string, status models.KYCStatus, reason string) *errors.Error
	ListPending(ctx context.Context, limit, offset int) ([]repository.KYCWithUser, *errors.Error)
}

KYCRepositoryInterface defines the interface for KYC repository operations.

type Permission 

type Permission struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

Permission represents a permission.

type RBACClient 

type RBACClient struct {
	*clients.BaseClient
}

RBACClient handles communication with the RBAC service.

func NewRBACClient 

func NewRBACClient(baseURL string) *RBACClient

NewRBACClient creates a new RBAC service client.

func NewRBACClientWithSecret 

func NewRBACClientWithSecret(baseURL, internalSecret string) *RBACClient

NewRBACClientWithSecret creates an RBAC client with internal service authentication.

func (*RBACClient) AssignDefaultRole 

func (c *RBACClient) AssignDefaultRole(ctx context.Context, userID string) error

AssignDefaultRole assigns the default "user" role to a newly registered user.

func (*RBACClient) AssignRoleToUser 

func (c *RBACClient) AssignRoleToUser(ctx context.Context, userID, roleID string) error

AssignRoleToUser assigns a role to a user.

func (*RBACClient) AssignUserAdminRole 

func (c *RBACClient) AssignUserAdminRole(ctx context.Context, userID string) error

AssignUserAdminRole assigns the "user_admin" role to a User-Admin account.

func (*RBACClient) GetUserPermissions 

func (c *RBACClient) GetUserPermissions(ctx context.Context, userID string) (*UserPermissionsResponse, error)

GetUserPermissions fetches all roles and permissions for a user. Uses internal endpoint for service-to-service communication (no auth required).

type RBACClientInterface 

type RBACClientInterface interface {
	AssignDefaultRole(ctx context.Context, userID string) error
	AssignUserAdminRole(ctx context.Context, userID string) error
	GetUserPermissions(ctx context.Context, userID string) (*UserPermissionsResponse, error)
}

RBACClientInterface defines the interface for RBAC client operations.

type RoleInfo 

type RoleInfo struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

RoleInfo represents basic role information.

type SessionRepositoryInterface 

type SessionRepositoryInterface interface {
	Create(ctx context.Context, session *models.Session) *errors.Error
	GetByTokenHash(ctx context.Context, tokenHash string) (*models.Session, *errors.Error)
	DeleteByTokenHash(ctx context.Context, tokenHash string) *errors.Error
	DeleteByUserID(ctx context.Context, userID string) *errors.Error
}

SessionRepositoryInterface defines the interface for session repository operations.

type UserAdminRepositoryInterface 

type UserAdminRepositoryInterface interface {
	CreatePairing(ctx context.Context, userID, adminUserID string) *errors.Error
	GetPairedUserID(ctx context.Context, adminUserID string) (string, *errors.Error)
	GetAdminUserID(ctx context.Context, userID string) (string, *errors.Error)
	IsUserAdmin(ctx context.Context, userID string) (bool, *errors.Error)
	ValidatePairing(ctx context.Context, adminUserID, userID string) (bool, *errors.Error)
}

UserAdminRepositoryInterface defines the interface for user-admin pairing operations.

type UserPermissionsResponse 

type UserPermissionsResponse struct {
	UserID      string       `json:"user_id"`
	Roles       []RoleInfo   `json:"roles"`
	Permissions []Permission `json:"permissions"`
}

UserPermissionsResponse represents the response from RBAC service.

type UserRepositoryInterface 

type UserRepositoryInterface interface {
	Create(ctx context.Context, user *models.User) *errors.Error
	GetByEmail(ctx context.Context, email string) (*models.User, *errors.Error)
	GetByEmailAndAccountType(ctx context.Context, email string, accountType models.AccountType) (*models.User, *errors.Error)
	GetByPhone(ctx context.Context, phone string) (*models.User, *errors.Error)
	GetByID(ctx context.Context, id string) (*models.User, *errors.Error)
	Update(ctx context.Context, user *models.User) *errors.Error
	UpdatePassword(ctx context.Context, userID string, passwordHash string) *errors.Error
	UpdateStatus(ctx context.Context, userID string, status models.UserStatus) *errors.Error
	Delete(ctx context.Context, userID string) *errors.Error
	Count(ctx context.Context) (int, *errors.Error)
	CountByStatus(ctx context.Context, status models.UserStatus) (int, *errors.Error)
	SearchUsers(ctx context.Context, query string, limit, offset int) ([]*models.User, *errors.Error)
	SuspendUser(ctx context.Context, userID string, reason string, suspendedBy string) *errors.Error
	UnsuspendUser(ctx context.Context, userID string) *errors.Error
}

UserRepositoryInterface defines the interface for user repository operations.

type VerificationService 

type VerificationService struct {
	// contains filtered or unexported fields
}

VerificationService handles verification request business logic.

func NewVerificationService 

func NewVerificationService(
	repo *repository.VerificationRepository,
	userAdminRepo *repository.UserAdminRepository,
) *VerificationService

NewVerificationService creates a new verification service.

func (*VerificationService) CanUserAdminAccessVerification 

func (s *VerificationService) CanUserAdminAccessVerification(
	ctx context.Context,
	adminUserID string,
	verification *models.VerificationRequest,
) (bool, *errors.Error)

CanUserAdminAccessVerification checks if a User-Admin can access a specific verification. Returns true only if the User-Admin is paired with the verification's owner.

func (*VerificationService) CancelAllPendingForUser 

func (s *VerificationService) CancelAllPendingForUser(ctx context.Context, userID string) *errors.Error

CancelAllPendingForUser cancels all pending verifications for a user.

func (*VerificationService) CancelVerification 

func (s *VerificationService) CancelVerification(
	ctx context.Context,
	verificationID string,
	userID string,
) *errors.Error

CancelVerification cancels a pending verification.

func (*VerificationService) CountPendingForUser 

func (s *VerificationService) CountPendingForUser(ctx context.Context, userID string) (int, *errors.Error)

CountPendingForUser returns the count of pending verifications for a user.

func (*VerificationService) CreateVerification 

func (s *VerificationService) CreateVerification(
	ctx context.Context,
	userID string,
	operationType models.OperationType,
	metadata map[string]interface{},
) (*models.VerificationRequest, *errors.Error)

CreateVerification creates a new verification request with OTP.

func (*VerificationService) GetByID 

func (s *VerificationService) GetByID(ctx context.Context, id string) (*models.VerificationRequest, *errors.Error)

GetByID retrieves a verification request by ID.

func (*VerificationService) GetPendingForUserAdmin 

func (s *VerificationService) GetPendingForUserAdmin(
	ctx context.Context,
	adminUserID string,
) ([]*models.VerificationRequest, *errors.Error)

GetPendingForUserAdmin retrieves pending verifications for User-Admin view. Includes OTP codes since this is the User-Admin portal.

func (*VerificationService) GetUserVerifications 

func (s *VerificationService) GetUserVerifications(
	ctx context.Context,
	userID string,
	status string,
) ([]*models.VerificationRequest, *errors.Error)

GetUserVerifications retrieves verifications for a user (sanitized, no OTP).

func (*VerificationService) ValidateVerificationToken 

func (s *VerificationService) ValidateVerificationToken(
	ctx context.Context,
	tokenString string,
	expectedOperation models.OperationType,
	expectedUserID string,
) (*models.VerificationClaims, *errors.Error)

ValidateVerificationToken validates a verification token for an operation.

func (*VerificationService) VerifyOTP 

func (s *VerificationService) VerifyOTP(
	ctx context.Context,
	verificationID string,
	userID string,
	otp string,
) (*models.VerificationToken, *errors.Error)

VerifyOTP validates OTP and returns verification token.

type WalletClient 

type WalletClient struct {
	*clients.BaseClient
}

WalletClient handles communication with the Wallet service.

func NewWalletClient 

func NewWalletClient(baseURL string) *WalletClient

NewWalletClient creates a new wallet service client.

func NewWalletClientWithSecret 

func NewWalletClientWithSecret(baseURL, internalSecret string) *WalletClient

NewWalletClientWithSecret creates a wallet client with internal service authentication.

func (*WalletClient) ActivateWallet 

func (c *WalletClient) ActivateWallet(ctx context.Context, walletID string) error

ActivateWallet activates a wallet by ID (called after KYC approval).

func (*WalletClient) CreateDefaultWallet 

func (c *WalletClient) CreateDefaultWallet(ctx context.Context, userID string) (*WalletResponse, error)

CreateDefaultWallet creates a default INR wallet for a user.

func (*WalletClient) ListUserWallets 

func (c *WalletClient) ListUserWallets(ctx context.Context, userID string) ([]WalletResponse, error)

ListUserWallets retrieves all wallets for a user.

type WalletResponse 

type WalletResponse struct {
	ID               string `json:"id"`
	UserID           string `json:"user_id"`
	Type             string `json:"type"`
	Currency         string `json:"currency"`
	Balance          int64  `json:"balance"`
	AvailableBalance int64  `json:"available_balance"`
	Status           string `json:"status"`
	LedgerAccountID  string `json:"ledger_account_id"`
	CreatedAt        string `json:"created_at"`
	UpdatedAt        string `json:"updated_at"`
}

WalletResponse represents a wallet from the wallet service.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.