123 lines
3.6 KiB
Go
123 lines
3.6 KiB
Go
package auth
|
|
|
|
import (
|
|
"encoding/json"
|
|
"time"
|
|
)
|
|
|
|
type DeviceTrustStatus string
|
|
|
|
const (
|
|
DeviceTrustStatusPending DeviceTrustStatus = "pending"
|
|
DeviceTrustStatusTrusted DeviceTrustStatus = "trusted"
|
|
DeviceTrustStatusRevoked DeviceTrustStatus = "revoked"
|
|
)
|
|
|
|
type User struct {
|
|
ID string `json:"id"`
|
|
Email string `json:"email"`
|
|
PasswordHash string `json:"-"`
|
|
MFAEnabled bool `json:"mfa_enabled"`
|
|
PlatformRole string `json:"platform_role"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
}
|
|
|
|
type Device struct {
|
|
ID string
|
|
UserID string
|
|
Fingerprint string
|
|
Label string
|
|
TrustStatus DeviceTrustStatus
|
|
TrustedAt *time.Time
|
|
LastSeenAt *time.Time
|
|
RevokedAt *time.Time
|
|
RevokedReason *string
|
|
CreatedAt time.Time
|
|
UpdatedAt time.Time
|
|
}
|
|
|
|
type AuthSession struct {
|
|
ID string
|
|
UserID string
|
|
DeviceID string
|
|
RefreshTokenHash string `json:"-"`
|
|
RefreshExpiresAt time.Time
|
|
LastSeenAt *time.Time
|
|
LastRotatedAt *time.Time
|
|
RevokedAt *time.Time
|
|
RevokedReason *string
|
|
CreatedAt time.Time
|
|
UpdatedAt time.Time
|
|
}
|
|
|
|
type LoginCommand struct {
|
|
Email string `json:"email"`
|
|
Password string `json:"password"`
|
|
DeviceFingerprint string `json:"device_fingerprint"`
|
|
DeviceLabel string `json:"device_label"`
|
|
TrustDevice bool `json:"trust_device"`
|
|
}
|
|
|
|
type RefreshCommand struct {
|
|
RefreshToken string `json:"refresh_token"`
|
|
}
|
|
|
|
type BootstrapOwnerCommand struct {
|
|
Email string `json:"email"`
|
|
Password string `json:"password"`
|
|
ActivationPayload json.RawMessage `json:"activation_payload"`
|
|
ActivationSignature string `json:"activation_signature"`
|
|
}
|
|
|
|
type CreateUserCommand struct {
|
|
ActorUserID string `json:"actor_user_id"`
|
|
Email string `json:"email"`
|
|
Password string `json:"password"`
|
|
PlatformRole string `json:"platform_role"`
|
|
}
|
|
|
|
type RevokeAuthSessionCommand struct {
|
|
UserID string `json:"user_id"`
|
|
AuthSessionID string `json:"auth_session_id"`
|
|
Reason string `json:"reason"`
|
|
}
|
|
|
|
type RevokeDeviceCommand struct {
|
|
UserID string `json:"user_id"`
|
|
DeviceID string `json:"device_id"`
|
|
Reason string `json:"reason"`
|
|
}
|
|
|
|
type TokenPair struct {
|
|
AccessToken string `json:"access_token"`
|
|
AccessTokenExpiresAt time.Time `json:"access_token_expires_at"`
|
|
RefreshToken string `json:"refresh_token"`
|
|
RefreshTokenExpiresAt time.Time `json:"refresh_token_expires_at"`
|
|
}
|
|
|
|
type AuthResult struct {
|
|
User User `json:"user"`
|
|
Device Device `json:"device"`
|
|
AuthSession AuthSession `json:"auth_session"`
|
|
Tokens TokenPair `json:"tokens"`
|
|
}
|
|
|
|
type InstallationStatus struct {
|
|
Bootstrapped bool `json:"bootstrapped"`
|
|
AuthorityState string `json:"authority_state"`
|
|
InstallID string `json:"install_id,omitempty"`
|
|
BootstrappedOwnerEmail string `json:"bootstrapped_owner_email,omitempty"`
|
|
BootstrappedAt *time.Time `json:"bootstrapped_at,omitempty"`
|
|
AuthorityMode string `json:"authority_mode"`
|
|
StrictAuthority bool `json:"strict_authority"`
|
|
RootFingerprint string `json:"root_fingerprint,omitempty"`
|
|
InsecureBootstrapAllowed bool `json:"insecure_bootstrap_allowed"`
|
|
}
|
|
|
|
type BootstrapOwnerResult struct {
|
|
Installation InstallationStatus `json:"installation"`
|
|
User User `json:"user"`
|
|
PlatformRole string `json:"platform_role"`
|
|
}
|