token

package

v0.0.1 Latest Latest Go to latest Published: Aug 18, 2025 License: AGPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/simpleauthlink/authapi

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidAppID           = fmt.Errorf("invalid app ID")
	ErrInvalidAppName         = fmt.Errorf("invalid app name")
	ErrInvalidRedirectURI     = fmt.Errorf("invalid redirect URI")
	ErrInvalidSessionDuration = fmt.Errorf("invalid session duration")
)

Functions ¶

This section is empty.

Types ¶

type App ¶

type App struct {
	Name            string
	RedirectURI     string
	SessionDuration time.Duration
	AppSecretHash   []byte
}

App represents an application that can request tokens. It has a name, a redirect URI, and a session duration.

func (*App) Attributes ¶

func (app *App) Attributes() []string

Attributes method returns the app's attributes as a slice of strings. This is useful for encoding the app.

func (*App) Bytes ¶

func (app *App) Bytes() []byte

Bytes method returns the app as a byte slice. This is useful for encoding the app. It is equivalent to converting the app to a string and then converting the string to a byte slice.

func (*App) ID ¶

func (app *App) ID(secret *Secret) *AppID

ID method returns the app ID of the app. The app ID is a self-contained representation of the app that can be used to generate tokens. It is created by encoding the app as a base64-encoded byte slice using the Marshal method.

func (*App) Marshal ¶

func (app *App) Marshal() []byte

Marshal method returns the app as a base64-encoded byte slice. It is used to be included in the app ID, which makes it self-contained.

func (*App) SetAttributes ¶

func (app *App) SetAttributes(attrs []string) *App

SetAttributes method sets the app's attributes from a slice of strings. This is useful for decoding the app.

func (*App) SetBytes ¶

func (app *App) SetBytes(data []byte) *App

SetBytes method sets the app from a byte slice. This is useful for decoding the app. It is equivalent to converting the byte slice to a string and then converting the string to the app.

func (*App) SetID ¶

func (app *App) SetID(id *AppID) *App

SetID method sets the app from an app ID. The app ID is a self-contained representation of the app that can be used to generate tokens. The app is extracted from the app ID by decoding the app as a base64-encoded byte slice using the Unmarshal method.

func (*App) SetSecret ¶

func (app *App) SetSecret(secret *Secret) *App

func (*App) SetString ¶

func (app *App) SetString(data string) *App

SetString method sets the app from a string. This is useful for decoding the app. The string should be the app's attributes joined by the app data separator.

func (*App) String ¶

func (app *App) String() string

String method returns the app as a string. This is useful for debugging and encoding the app. The resulting string is the app's attributes joined by the app data separator.

func (*App) Unmarshal ¶

func (app *App) Unmarshal(data []byte) *App

Unmarshal method sets the app from a base64-encoded byte slice. It is used to extract the app from the app ID.

func (*App) Valid ¶

func (app *App) Valid(secretHash []byte) bool

Valid method returns true if the app is valid, false otherwise. An app is considered valid if its name is between 3 and 20 characters, its redirect URI is a valid URI, and its session duration is between 5 minutes and 24 hours.

type AppID ¶

type AppID []byte

AppID represents an application ID that is used to generate and verify tokens. It is a wrapper around a byte slice that provides additional methods for setting and getting the application ID.

func (*AppID) Bytes ¶

func (id *AppID) Bytes() []byte

Bytes method returns the application ID as a byte slice.

func (*AppID) GenerateToken ¶

func (id *AppID) GenerateToken(secret Secret, email string) Token

GenerateToken method returns a token for the application ID. If the app ID is nil, the secret is invalid, or the email is empty, nil is returned. It internally calls the Message method to generate the message for the token and uses it to sign the message. The token is generated by hashing the application ID with the email and expiration time, and signing the result with the secret. The signature is then used to create a token with the expiration time and signature.

func (*AppID) Message ¶

func (id *AppID) Message(email string, exp Expiration) []byte

Message method returns the message for the application ID. If the app ID is nil, the email is empty, or the expiration time is invalid, nil is returned. It is used to generate the message for the token by hashing the application ID with the email and expiration time. The message is generated by appending the application ID with the email and expiration time, and hashing the result with sha256 to create a unique message for the token.

func (*AppID) PrivKey ¶

func (id *AppID) PrivKey(secret Secret) ed25519.PrivateKey

PrivKey method returns the private key for the application ID. If the application ID is nil or the secret is invalid, nil is returned. It internally calls the Bytes method to get the application ID as a byte slice and uses it to generate the private key. The private key is generated by hashing the application ID with the secret and using the resulting hash as the seed for an ed25519 private key.

func (*AppID) SetBytes ¶

func (id *AppID) SetBytes(data []byte) *AppID

SetBytes method sets the application ID from a byte slice. If the application ID is nil, a new application ID is created. If the byte slice is empty, the application ID is not set. It internally calls the Unmarshal method of the App to check that the application ID is valid before setting the application ID from the byte slice. If the resulting application is not valid, the application ID is not set and nil is returned.

func (*AppID) SetString ¶

func (id *AppID) SetString(data string) *AppID

SetString method sets the application ID from a string. If the application ID is nil, a new application ID is created. If the string is empty, the application ID is not set. It internally calls the SetBytes method to set the application ID from a byte slice.

func (*AppID) Sign ¶

func (id *AppID) Sign(secret Secret, msg []byte) []byte

Sign method returns the signature of the message for the application ID. If the application ID is nil, the message is empty, or the secret is invalid, nil is returned. It internally calls the PrivKey method to get the private key for the application ID and uses it to sign the message. The message is signed by appending a nonce to it and hashing the result with the private key. The signature is then encoded to base64 before being returned to be used as a part of the token, keeping it as short as possible.

func (*AppID) String ¶

func (id *AppID) String() string

String method returns the application ID as a string. If the application ID is nil, an empty string is returned. It internally calls the Bytes method to get the application ID as a byte slice and converts it to a string.

func (*AppID) Verify ¶

func (id *AppID) Verify(secret Secret, msg, sig []byte) bool

Verify method returns true if the signature of the message is valid for the application ID. If the application ID is nil, the message is empty, the signature is empty, or the secret is invalid, false is returned. It internally calls the PrivKey method to get the private key for the application ID and uses it to verify the signature. The message is verified by appending a nonce to it and hashing the result with the public key. The signature is then decoded from base64 and verified with the public key to ensure that it was signed by the private key.

func (*AppID) VerifyToken ¶

func (id *AppID) VerifyToken(token Token, secret Secret, email string) bool

VerifyToken method returns true if the token is valid for the application ID. If the app ID is nil, the token is nil, the secret is invalid, or the email is empty, false is returned. It is used to verify the token by checking that the expiration time is valid and the signature is correct. The token is verified by hashing the application ID with the email and expiration time, and verifying the signature with the secret.

type Expiration ¶

type Expiration time.Time

Expiration represents a time when a token expires. It is a wrapper around time.Time that provides additional methods for setting and getting the expiration time.

func (*Expiration) Bytes ¶

func (exp *Expiration) Bytes() []byte

Bytes method returns the expiration time as a byte slice. It is useful for encoding the expiration time. If the expiration is nil, nil is returned. It is equivalent to converting the expiration time to a string and then converting the string to a byte slice.

func (*Expiration) Duration ¶

func (exp *Expiration) Duration() time.Duration

Duration method returns the duration until the expiration time.

func (*Expiration) Marshal ¶

func (exp *Expiration) Marshal() []byte

Marshal method returns the expiration time as a base64 encoded byte slice. It is useful for encoding the expiration time. If the expiration is nil or invalid, nil is returned.

func (*Expiration) SetBytes ¶

func (exp *Expiration) SetBytes(data []byte) *Expiration

SetBytes method sets the expiration time from a byte slice. It is useful for decoding the expiration time. It is equivalent to converting the byte slice to a string and then setting the expiration time from the string.

func (*Expiration) SetDuration ¶

func (exp *Expiration) SetDuration(d time.Duration) *Expiration

SetDuration method sets the expiration time from a duration. If the duration is invalid, the expiration time is not set.

func (*Expiration) SetString ¶

func (exp *Expiration) SetString(data string) *Expiration

SetString method sets the expiration time from a string in RFC3339Nano format. It is useful for decoding the expiration time. If the string is invalid, the expiration time is not set and nil is returned. If the expiration is nil, a new expiration is created. If the resulting expiration is invalid, nil is returned.

func (*Expiration) SetTime ¶

func (exp *Expiration) SetTime(t time.Time) *Expiration

SetTime method sets the expiration time from a time.Time. If the expiration is nil, a new expiration is created.

func (*Expiration) String ¶

func (exp *Expiration) String() string

String method returns the expiration time as a string in RFC3339Nano format. It is useful for encoding the expiration time. If the expiration is nil, an empty string is returned.

func (*Expiration) Time ¶

func (exp *Expiration) Time() time.Time

Time method returns the expiration time as a time.Time.

func (*Expiration) Unmarshal ¶

func (exp *Expiration) Unmarshal(data []byte) *Expiration

Unmarshal method sets the expiration time from a base64 encoded byte slice. It is useful for decoding the expiration time. If the expiration is nil or invalid, nil is returned.

func (*Expiration) Valid ¶

func (exp *Expiration) Valid() bool

Valid method returns true if the expiration is valid, false otherwise. An expiration is considered valid if it is in the future.

type Secret ¶

type Secret []byte

Secret represents a secret that is used to sign and verify tokens. It is a wrapper around a byte slice that provides additional methods for setting and getting the secret. It should have at least 2 parts, each hashed to a sha256 size.

func (*Secret) Bytes ¶

func (s *Secret) Bytes() []byte

Bytes method returns the secret as a byte slice.

func (*Secret) Hash ¶

func (s *Secret) Hash() []byte

Hash method returns the hash of the secret as a byte slice. The hash is created by hashing the secret to a sha256 size. The hash is used to create the app ID and it is part of it, but is also used to sign and verify the user sessions in the token generation process.

func (*Secret) SetParts ¶

func (s *Secret) SetParts(raw ...[]byte) *Secret

SetParts method sets the secret's parts from a slice of byte slices. If the secret is nil, a new secret is created. If the parts are empty, the secret is not set. The parts are hashed to a sha256 size and concatenated to form the secret.

func (*Secret) Valid ¶

func (s *Secret) Valid() bool

Valid method returns true if the secret is valid, false otherwise. A secret is considered valid if it has more than 1 part, and each part is hashed to a sha256 size.

type Token ¶

type Token []byte

Token is a type that represents a user token. It is a wrapper around a byte slice that provides additional methods for setting and getting the token. It should have 2 parts, the first part is the expiration time, and the second part is the signature.

func (*Token) Bytes ¶

func (t *Token) Bytes() []byte

Bytes method returns the token as a byte slice. It is useful for encoding the token. If the token is nil, nil is returned. It internally calls the parts method to get the token's expiration time and signature as byte slices. It checks that the parts are valid before returning the token as a byte slice.

func (*Token) Expiration ¶

func (t *Token) Expiration() *Expiration

Expiration method returns the token's expiration time. It is useful for getting the expiration time. If the token is nil, nil is returned. It internally calls the parts method to get the token's expiration time and signature as byte slices. It checks that the expiration time is valid before returning it.

func (*Token) SetBytes ¶

func (t *Token) SetBytes(data []byte) *Token

SetBytes method sets the token from a byte slice. It is useful for decoding the token. The byte slice should be the token's expiration time and signature joined by the token separator. If the token is invalid, the token is not set. It internally calls the parts method to get the token's expiration time and signature as byte slices. It checks that the parts are valid before setting the token from the byte slice.

func (*Token) SetExpiration ¶

func (t *Token) SetExpiration(exp Expiration) *Token

SetExpiration method sets the token's expiration time. If the token is nil, a new token is created. If the expiration time is invalid, the token is not set. It internally calls the parts method to replace the token's expiration time with the new expiration time. It checks that the expiration time is valid before setting it.

func (*Token) SetSignature ¶

func (t *Token) SetSignature(sig []byte) *Token

SetSignature method sets the token's signature. If the token is nil, a new token is created. If the signature is nil, the token is not set. It internally calls the parts method to replace the token's signature with the new signature.

func (*Token) SetString ¶

func (t *Token) SetString(data string) *Token

SetString method sets the token from a string. It is useful for decoding the token. The string should be the token's expiration time and signature joined by the token separator. If the token is invalid, the token is not set. It internally calls the SetBytes method to set the token from a byte slice.

func (*Token) Signature ¶

func (t *Token) Signature() []byte

Signature method returns the token's signature. If the token is nil, nil is returned. It internally calls the parts method to get the signature part as byte slices.

func (*Token) String ¶

func (t *Token) String() string

String method returns the token as a string. It is useful for encoding the token. If the token is nil, an empty string is returned. It internally calls the Bytes method to get the token as a byte slice.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL