auth

package

v0.1.7 Latest Latest Go to latest Published: Mar 2, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aydenstechdungeon/gospa

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth provides authentication for GoSPA projects. Includes OAuth2 (Google, Facebook, GitHub, Microsoft, Discord), JWT sessions, and TOTP/OTP.

Index ¶

func GenerateBackupCodes(count int) ([]string, error)
func HashBackupCode(code string) string
type AuthPlugin
- func New(cfg *Config) *AuthPlugin
type BackupCode
type Claims
type Config
- func DefaultConfig() *Config
type OAuthProvider
type OTPConfig
type User

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateBackupCodes ¶

func GenerateBackupCodes(count int) ([]string, error)

GenerateBackupCodes generates backup codes.

func HashBackupCode ¶

func HashBackupCode(code string) string

HashBackupCode hashes a backup code using SHA256.

Types ¶

type AuthPlugin ¶

type AuthPlugin struct {
	// contains filtered or unexported fields
}

AuthPlugin provides authentication capabilities.

func New ¶

func New(cfg *Config) *AuthPlugin

New creates a new Auth plugin.

func (*AuthPlugin) Commands ¶

func (p *AuthPlugin) Commands() []plugin.Command

Commands returns custom CLI commands.

func (*AuthPlugin) CreateToken ¶ added in v0.1.7

func (p *AuthPlugin) CreateToken(userID, email, role string) (string, error)

CreateToken creates a new JWT token.

func (*AuthPlugin) Dependencies ¶

func (p *AuthPlugin) Dependencies() []plugin.Dependency

Dependencies returns required dependencies.

func (*AuthPlugin) EnableOTPHandler ¶ added in v0.1.7

func (p *AuthPlugin) EnableOTPHandler() fiber.Handler

EnableOTPHandler returns a handler that generates OTP setup info.

func (*AuthPlugin) EnableTOTP ¶ added in v0.1.7

func (p *AuthPlugin) EnableTOTP() fiber.Handler

TOTP aliases for backward compatibility and documentation consistency.

func (*AuthPlugin) GenerateOTP ¶ added in v0.1.7

func (p *AuthPlugin) GenerateOTP(account string) (string, string, error)

GenerateOTP generates an OTP secret and URL for 2FA setup.

func (*AuthPlugin) GenerateOTPSecret ¶

func (p *AuthPlugin) GenerateOTPSecret() (string, error)

GenerateOTPSecret generates a new OTP secret.

func (*AuthPlugin) GenerateOTPURL ¶

func (p *AuthPlugin) GenerateOTPURL(secret, account, issuer string) string

GenerateOTPURL generates the otpauth:// URL.

func (*AuthPlugin) GetConfig ¶

func (p *AuthPlugin) GetConfig() *Config

GetConfig returns the current configuration.

func (*AuthPlugin) Init ¶

func (p *AuthPlugin) Init() error

Init initializes the auth plugin.

func (*AuthPlugin) Name ¶

func (p *AuthPlugin) Name() string

Name returns the plugin name.

func (*AuthPlugin) OAuthCallback ¶ added in v0.1.7

func (p *AuthPlugin) OAuthCallback(providerName string) fiber.Handler

OAuthCallback returns a handler that handles the OAuth callback.

func (*AuthPlugin) OAuthRedirect ¶ added in v0.1.7

func (p *AuthPlugin) OAuthRedirect(providerName string) fiber.Handler

OAuthRedirect returns a handler that redirects to an OAuth provider.

func (*AuthPlugin) OnHook ¶

func (p *AuthPlugin) OnHook(hook plugin.Hook, ctx map[string]interface{}) error

OnHook handles lifecycle hooks.

func (*AuthPlugin) RequireAuth ¶ added in v0.1.7

func (p *AuthPlugin) RequireAuth() fiber.Handler

RequireAuth returns a middleware that requires authentication.

func (*AuthPlugin) ValidateToken ¶ added in v0.1.7

func (p *AuthPlugin) ValidateToken(tokenString string) (*Claims, error)

ValidateToken validates a JWT token and returns the claims.

func (*AuthPlugin) VerifyOTP ¶ added in v0.1.7

func (p *AuthPlugin) VerifyOTP(secret, code string) bool

VerifyOTP verifies a TOTP code.

func (*AuthPlugin) VerifyOTPHandler ¶ added in v0.1.7

func (p *AuthPlugin) VerifyOTPHandler() fiber.Handler

VerifyOTPHandler returns a handler that verifies an OTP code.

func (*AuthPlugin) VerifyTOTP ¶ added in v0.1.7

func (p *AuthPlugin) VerifyTOTP() fiber.Handler

type BackupCode ¶

type BackupCode struct {
	Code   string
	Used   bool
	UsedAt *time.Time
}

BackupCode represents a backup code for 2FA.

type Claims ¶ added in v0.1.7

type Claims struct {
	UserID string `json:"user_id"`
	Email  string `json:"email"`
	Role   string `json:"role"`
	jwt.RegisteredClaims
}

Claims represents JWT claims.

type Config ¶

type Config struct {
	// JWTSecret is the secret key for JWT signing.
	JWTSecret string `yaml:"jwt_secret" json:"jwtSecret"`

	// JWTExpiry is the JWT token expiry duration in hours.
	JWTExpiry int `yaml:"jwt_expiry" json:"jwtExpiry"`

	// Issuer is the JWT issuer.
	Issuer string `yaml:"issuer" json:"issuer"`

	// OAuthProviders is a list of enabled OAuth providers.
	OAuthProviders []string `yaml:"oauth_providers" json:"oauthProviders"`

	// Google OAuth config.
	GoogleClientID     string `yaml:"google_client_id" json:"googleClientId"`
	GoogleClientSecret string `yaml:"google_client_secret" json:"googleClientSecret"`

	// Facebook OAuth config.
	FacebookClientID     string `yaml:"facebook_client_id" json:"facebookClientId"`
	FacebookClientSecret string `yaml:"facebook_client_secret" json:"facebookClientSecret"`

	// GitHub OAuth config.
	GitHubClientID     string `yaml:"github_client_id" json:"githubClientId"`
	GitHubClientSecret string `yaml:"github_client_secret" json:"githubClientSecret"`

	// Microsoft OAuth config.
	MicrosoftClientID     string `yaml:"microsoft_client_id" json:"microsoftClientId"`
	MicrosoftClientSecret string `yaml:"microsoft_client_secret" json:"microsoftClientSecret"`

	// Discord OAuth config.
	DiscordClientID     string `yaml:"discord_client_id" json:"discordClientId"`
	DiscordClientSecret string `yaml:"discord_client_secret" json:"discordClientSecret"`

	// Telegram OAuth config.
	TelegramBotToken string `yaml:"telegram_bot_token" json:"telegramBotToken"`

	// Twitter/X OAuth config.
	TwitterClientID     string `yaml:"twitter_client_id" json:"twitterClientId"`
	TwitterClientSecret string `yaml:"twitter_client_secret" json:"twitterClientSecret"`

	// OTP config.
	OTPEnabled      bool   `yaml:"otp_enabled" json:"otpEnabled"`
	OTPIssuer       string `yaml:"otp_issuer" json:"otpIssuer"`
	OTPDigits       int    `yaml:"otp_digits" json:"otpDigits"`
	OTPPeriod       int    `yaml:"otp_period" json:"otpPeriod"`
	BackupCodeCount int    `yaml:"backup_code_count" json:"backupCodeCount"`

	// OutputDir is where generated auth code is written.
	OutputDir string `yaml:"output_dir" json:"outputDir"`
}

Config holds auth plugin configuration.

func DefaultConfig ¶

func DefaultConfig() *Config

DefaultConfig returns the default auth configuration. JWTSecret is generated randomly if not set - this is safer than a hardcoded default.

type OAuthProvider ¶

type OAuthProvider struct {
	Name         string
	ClientID     string
	ClientSecret string
	AuthURL      string
	TokenURL     string
	UserURL      string
	Scopes       []string
}

OAuthProvider represents an OAuth provider configuration.

type OTPConfig ¶

type OTPConfig struct {
	Secret  string
	Digits  int
	Period  int
	Issuer  string
	Account string
}

OTPConfig represents TOTP configuration.

type User ¶ added in v0.1.7

type User struct {
	ID    string `json:"id"`
	Email string `json:"email"`
	Role  string `json:"role"`
}

User represents an authenticated user.

Source Files ¶

View all Source files

auth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL