Documentation
¶
Index ¶
- Constants
- func CheckPasswordHistory(userID uint, newPassword string, hashedPassword string, db *gorm.DB, ...) error
- func ComparePasswords(hashedPassword, plainPassword string) error
- func DecryptTOTPSecret(encryptedSecret string) (string, error)
- func EncryptTOTPSecret(secret string) (string, error)
- func GenerateBackupCodes() ([]string, string, error)
- func GenerateQRCodeURL(secret string, email string) (string, error)
- func GenerateTOTPSecret(email string) (string, string, error)
- func GenerateToken(userID uint, email, secret string, expirationTime time.Duration) (string, error)
- func IsPasswordExpired(lastPasswordChange time.Time, policy PasswordPolicy) bool
- func RemoveBackupCode(usedCode string, storedHashedCodes string) string
- func UpdatePasswordHistory(userID uint, hashedPassword string, db *gorm.DB, policy PasswordPolicy) error
- func ValidateBackupCode(providedCode string, storedHashedCodes string) bool
- func ValidatePassword(password string, policy PasswordPolicy) error
- func ValidateTOTPCode(encryptedSecret string, code string) bool
- type BackupCodePair
- type Claims
- type PasswordHistory
- type PasswordPolicy
Constants ¶
const ( // IssuerName is the name of the issuer that appears in authenticator apps IssuerName = "GoMFT" // SecretSize is the size of the TOTP secret in bytes SecretSize = 20 // BackupCodeCount is the number of backup codes to generate BackupCodeCount = 8 // BackupCodeLength is the length of each backup code BackupCodeLength = 8 )
Variables ¶
This section is empty.
Functions ¶
func CheckPasswordHistory ¶
func CheckPasswordHistory(userID uint, newPassword string, hashedPassword string, db *gorm.DB, policy PasswordPolicy) error
CheckPasswordHistory verifies the password against the user's password history
func ComparePasswords ¶
ComparePasswords compares a hashed password with a plain text password
func DecryptTOTPSecret ¶ added in v0.1.15
DecryptTOTPSecret decrypts the TOTP secret with AES-256-GCM
func EncryptTOTPSecret ¶ added in v0.1.15
EncryptTOTPSecret encrypts the TOTP secret with AES-256-GCM
func GenerateBackupCodes ¶ added in v0.1.14
GenerateBackupCodes generates a set of backup codes Returns both plaintext codes (to show to user) and hashed codes (to store in DB)
func GenerateQRCodeURL ¶ added in v0.1.14
GenerateQRCodeURL generates a QR code URL for an existing secret
func GenerateTOTPSecret ¶ added in v0.1.14
GenerateTOTPSecret generates a new TOTP secret for a user
func GenerateToken ¶
GenerateToken creates a new JWT token for a user
func IsPasswordExpired ¶
func IsPasswordExpired(lastPasswordChange time.Time, policy PasswordPolicy) bool
IsPasswordExpired checks if the user's password has expired
func RemoveBackupCode ¶ added in v0.1.14
RemoveBackupCode removes a used backup code from the list
func UpdatePasswordHistory ¶
func UpdatePasswordHistory(userID uint, hashedPassword string, db *gorm.DB, policy PasswordPolicy) error
UpdatePasswordHistory adds the new password to the user's password history
func ValidateBackupCode ¶ added in v0.1.14
ValidateBackupCode validates a backup code against a list of hashed codes
func ValidatePassword ¶
func ValidatePassword(password string, policy PasswordPolicy) error
ValidatePassword checks if a password meets the policy requirements
func ValidateTOTPCode ¶ added in v0.1.14
ValidateTOTPCode validates a TOTP code against an encrypted secret
Types ¶
type BackupCodePair ¶ added in v0.1.15
BackupCodePair represents a backup code and its hash
type Claims ¶
type Claims struct {
UserID uint `json:"user_id"`
Email string `json:"email"`
jwt.RegisteredClaims
}
Claims represents the JWT claims
func ValidateToken ¶
ValidateToken validates a JWT token and returns the claims
type PasswordHistory ¶
type PasswordHistory struct {
ID uint `gorm:"primarykey"`
UserID uint `gorm:"not null"`
PasswordHash string `gorm:"not null"`
CreatedAt time.Time
}
PasswordHistory represents a historical password entry
type PasswordPolicy ¶
type PasswordPolicy struct {
MinLength int // Minimum password length
RequireUppercase bool // Require at least one uppercase letter
RequireLowercase bool // Require at least one lowercase letter
RequireNumbers bool // Require at least one number
RequireSpecial bool // Require at least one special character
ExpirationDays int // Number of days until password expires (0 = never)
HistoryCount int // Number of previous passwords to remember (0 = disabled)
DisallowCommon bool // Disallow common passwords
MaxLoginAttempts int // Maximum failed login attempts before lockout
LockoutDuration time.Duration // Duration of account lockout after max failed attempts
}
PasswordPolicy defines the requirements for password strength and management
func DefaultPasswordPolicy ¶
func DefaultPasswordPolicy() PasswordPolicy
DefaultPasswordPolicy returns the default password policy
Source Files