Skip to main content

auth.go

auth.go - Overview

  1. Overview This file provides authentication and authorization functionalities, including user registration, login, invitation, password reset, and JWT management.

  2. Detailed Documentation

Constants

  • AccessJwtKey

    • Purpose: Context key for storing the access JWT.
    • Type: JwtContextKeyType
    • Value: "accessJwt"

  • RefreshJwtKey

    • Purpose: Context key for storing the refresh JWT.
    • Type: JwtContextKeyType
    • Value: "refreshJwt"

  • opaqueTokenSize

    • Purpose: Defines the size of the opaque token (in bytes) used for invite tokens and reset password tokens.
    • Type: int
    • Value: 16

  • minimumPasswordLength

    • Purpose: Defines the minimum allowed length for user passwords.
    • Type: int
    • Value: 8

  • ErrorInvalidCreds

    • Purpose: Error returned when the provided credentials are invalid.
    • Type: error
    • Value: fmt.Errorf("invalid credentials")

Type: InviteEmailData

  • Purpose: Struct to hold data required for sending invite emails.
    • Fields:
      • CustomerName: Name of the invited user.
      • InviterName: Name of the user sending the invite.
      • InviterEmail: Email of the user sending the invite.
      • Link: Invitation link.

Function: Invite

  • Purpose: Invites a new user to the system. Generates an invite token, creates an invite entry in the database, and sends an email if SMTP is enabled.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*model.InviteRequest): Request containing the invite details (email, name, role, frontend base URL).
  • Returns:
    • *model.InviteResponse: Response containing the invited user's email and invite token.
    • error: An error if the invitation fails.

Function: InviteUsers

  • Purpose: Invites multiple users to the system in bulk.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*model.BulkInviteRequest): Request containing a list of user invite requests.
  • Returns:
    • *model.BulkInviteResponse: Response containing the status of the bulk invite operation, a summary of invites, successful invites, and failed invites.
    • error: An error if the bulk invitation process fails.

Function: inviteUser

  • Purpose: Helper function to handle individual user invites within a bulk invite request.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*model.InviteRequest): Request containing the invite details for a single user.
    • au (*types.GettableUser): The user initiating the invite.
  • Returns:
    • *model.InviteResponse: Response containing the invited user's email and invite token.
    • error: An error if the invitation fails.

Function: inviteEmail

  • Purpose: Sends an invitation email to the user.
  • Parameters:
    • req (*model.InviteRequest): Request containing the invite details (email, name, role, frontend base URL).
    • au (*types.GettableUser): The user initiating the invite.
    • token (string): Invite token.
  • Returns: None

Function: RevokeInvite

  • Purpose: Revokes an existing invitation for a given email address.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • email (string): Email address of the invite to revoke.
  • Returns:
    • error: An error if revoking the invite fails.

Function: GetInvite

  • Purpose: Retrieves an invitation object based on the invite token.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • token (string): The invite token.
  • Returns:
    • *model.InvitationResponseObject: The invitation object.
    • error: An error if retrieving the invitation fails.

Function: ValidateInvite

  • Purpose: Validates an invite based on the provided registration request, checking the email and invite token.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*RegisterRequest): The registration request containing the email and invite token.
  • Returns:
    • *types.Invite: The invite object if valid.
    • error: An error if the invite is invalid.

Function: CreateResetPasswordToken

  • Purpose: Creates a reset password token for a given user ID.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • userId (string): The ID of the user requesting the password reset.
  • Returns:
    • *types.ResetPasswordRequest: The reset password request object containing the token.
    • error: An error if creating the token fails.

Function: ResetPassword

  • Purpose: Resets a user's password using a reset password token.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*model.ResetPasswordRequest): The reset password request containing the token and new password.
  • Returns:
    • error: An error if resetting the password fails.

Function: ChangePassword

  • Purpose: Changes a user's password.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*model.ChangePasswordRequest): The change password request containing the user ID, old password, and new password.
  • Returns:
    • *model.ApiError: An API error if changing the password fails. Returns nil on success.

Type: RegisterRequest

  • Purpose: Struct to hold data required for user registration.
    • Fields:
      • Name (string): User's name.
      • OrgID (string): Organization ID.
      • OrgName (string): Organization Name.
      • Email (string): User's email.
      • Password (string): User's password.
      • InviteToken (string): Invite token.
      • IsAnonymous (bool): Indicates if the user is anonymous.
      • HasOptedUpdates (bool): Indicates if the user has opted for updates.
      • SourceUrl (string): Source URL where the registration request originated.

Function: RegisterFirstUser

  • Purpose: Registers the first user in the system (typically an admin user).
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*RegisterRequest): Registration request details.
  • Returns:
    • *types.User: The created user object.
    • *model.ApiError: An API error if registration fails.

Function: RegisterInvitedUser

  • Purpose: Registers a user who has been invited to the system.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*RegisterRequest): Registration request details.
    • nopassword (bool): Flag indicating if the user is registered without a password (e.g., SSO).
  • Returns:
    • *types.User: The created user object.
    • *model.ApiError: An API error if registration fails.

Function: Register

  • Purpose: Registers a new user. It handles both the first user registration (admin) and subsequent invited user registrations.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*RegisterRequest): Registration request details.
    • alertmanager (alertmanager.Alertmanager): Alertmanager instance.
  • Returns:
    • *types.User: The created user object.
    • *model.ApiError: An API error if registration fails.

Function: Login

  • Purpose: Logs in a user and returns access and refresh tokens.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • request (*model.LoginRequest): Login request containing email and password.
    • jwt (*authtypes.JWT): JWT configuration.
  • Returns:
    • *model.LoginResponse: Login response containing user JWT object and user ID.
    • error: An error if login fails.

Function: claimsToUserPayload

  • Purpose: Converts JWT claims to a user payload.
  • Parameters:
    • claims (authtypes.Claims): JWT claims.
  • Returns:
    • *types.GettableUser: User payload.
    • error: An error if conversion fails.

Function: authenticateLogin

  • Purpose: Authenticates a user's login request by verifying credentials against the database.
  • Parameters:
    • ctx (context.Context): Context for the request.
    • req (*model.LoginRequest): Login request containing email and password.
    • jwt (*authtypes.JWT): JWT configuration.
  • Returns:
    • *types.GettableUser: The authenticated user.
    • error: An error if authentication fails.

Function: PasswordHash

  • Purpose: Generates a bcrypt hash from the given password.
  • Parameters:
    • pass (string): The password to hash.
  • Returns:
    • string: The bcrypt hash of the password.
    • error: An error if hashing fails.

Function: passwordMatch

  • Purpose: Checks if the given password matches the given bcrypt hash.
  • Parameters:
    • hash (string): The bcrypt hash.
    • password (string): The password to check.
  • Returns:
    • bool: True if the password matches the hash, false otherwise.

Function: GenerateJWTForUser

  • Purpose: Generates JWT tokens (access and refresh) for a user.
  • Parameters:
    • user (*types.User): The user for whom to generate the JWTs.
    • jwt (*authtypes.JWT): JWT configuration.
  • Returns:
    • model.UserJwtObject: Object containing the access and refresh JWTs, along with their expiry times.
    • error: An error if JWT generation fails.

  1. Code Examples N/A

  2. Clarity and Accuracy The documentation is based on the code provided.

Include in Getting Started: NO