template-monorepo/internal/model/member/config/config.go

package config

// Config is member module settings (embedded in gateway root config).
type Config struct {
	OTP          OTPConfig          `json:",optional"`
	TOTP         TOTPConfig         `json:",optional"`
	Registration RegistrationConfig `json:",optional"`
}

// RegistrationConfig governs platform registration flows.
type RegistrationConfig struct {
	RequireInviteCode        bool `json:",optional"`
	TrustSocialEmailVerified bool `json:",optional"`
}

// OTPConfig governs the business OTP primitive (email/phone verification).
type OTPConfig struct {
	Length                int `json:",optional"`
	TTLSeconds            int `json:",optional"`
	MaxAttempts           int `json:",optional"`
	ResendCooldownSeconds int `json:",optional"`
	DailyVerifyLimit      int `json:",optional"`
}

// TOTPConfig governs business-tier RFC 6238 TOTP (step-up MFA).
//
// SecretKEK is the 32-byte master key used to AES-256-GCM encrypt member
// secrets at rest. Accepts hex (64 chars) or base64. Empty disables the
// TOTPUseCase wiring (factory returns an error).
type TOTPConfig struct {
	Issuer           string `json:",optional"`
	Algorithm        string `json:",optional"`
	Digits           int    `json:",optional"`
	PeriodSeconds    int    `json:",optional"`
	Window           int    `json:",optional"`
	BackupCodeCount  int    `json:",optional"`
	BackupCodeLength int    `json:",optional"`
	EnrollTTLSeconds int    `json:",optional"`
	ReplayTTLSeconds int    `json:",optional"`
	StepUpTTLSeconds int    `json:",optional"`
	SecretKEK        string `json:",optional,env=TOTP_SECRET_KEK"`
}

// Defaults returns zero-value-safe defaults.
func (c Config) Defaults() Config {
	if c.OTP.Length <= 0 {
		c.OTP.Length = 6
	}
	if c.OTP.TTLSeconds <= 0 {
		c.OTP.TTLSeconds = 300
	}
	if c.OTP.MaxAttempts <= 0 {
		c.OTP.MaxAttempts = 5
	}
	if c.OTP.ResendCooldownSeconds <= 0 {
		c.OTP.ResendCooldownSeconds = 60
	}
	if c.OTP.DailyVerifyLimit <= 0 {
		c.OTP.DailyVerifyLimit = 10
	}
	if c.TOTP.Issuer == "" {
		c.TOTP.Issuer = "CloudEP"
	}
	if c.TOTP.Algorithm == "" {
		c.TOTP.Algorithm = "SHA1"
	}
	if c.TOTP.Digits <= 0 {
		c.TOTP.Digits = 6
	}
	if c.TOTP.PeriodSeconds <= 0 {
		c.TOTP.PeriodSeconds = 30
	}
	if c.TOTP.Window < 0 {
		c.TOTP.Window = 0
	}
	if c.TOTP.Window == 0 {
		c.TOTP.Window = 1
	}
	if c.TOTP.BackupCodeCount <= 0 {
		c.TOTP.BackupCodeCount = 10
	}
	if c.TOTP.BackupCodeLength <= 0 {
		c.TOTP.BackupCodeLength = 12
	}
	if c.TOTP.EnrollTTLSeconds <= 0 {
		c.TOTP.EnrollTTLSeconds = 600
	}
	if c.TOTP.ReplayTTLSeconds <= 0 {
		c.TOTP.ReplayTTLSeconds = 90
	}
	if c.TOTP.StepUpTTLSeconds <= 0 {
		c.TOTP.StepUpTTLSeconds = 300
	}
	// RequireInviteCode defaults true when unset (zero value).
	// TrustSocialEmailVerified defaults true when unset (zero value).
	return c
}
add notification and member modules with local dev stack Implement outbound notification (sync/async, idempotency, quota, DLQ), member OTP/verification, SMTP/SES/Mitake providers, shared Redis wiring, docker-compose for Mongo/Redis, and gateway config documentation. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-20 07:01:08 +00:00			`package config`

			`// Config is member module settings (embedded in gateway root config).`
chore: gitignore local gateway.dev.yaml and add example template Stop tracking personal dev config (ports, credentials). Developers copy etc/gateway.dev.example.yaml to etc/gateway.dev.yaml locally. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-20 07:14:44 +00:00			`type Config struct {`
feat(auth): add unified registration/login module with Zitadel + lint cleanup - Introduce auth module: handlers, logic, domain/repository/usecase, JWT middleware, and Zitadel OIDC client (password + authorization code + userinfo + JWKS verification) - Wire member rate-limit, structured errors, and refactored member/ notification usecases (introduce shared errors, drop repo_errors.go) - Bring the codebase to zero golangci-lint issues: * goimports formatting * errcheck on io.ReadAll/Unlock cleanup paths * contextcheck: HandlerContext now takes (ctx, http.Request) gocritic: rename shadowed `max`, use http.NoBody * goconst: extract test fixtures and bsonOpSet * testifylint: switch to assert inside httptest handlers Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-21 06:45:35 +00:00			OTP OTPConfig `json:",optional"`
			TOTP TOTPConfig `json:",optional"`
			Registration RegistrationConfig `json:",optional"`
			`}`

			`// RegistrationConfig governs platform registration flows.`
			`type RegistrationConfig struct {`
			RequireInviteCode bool `json:",optional"`
			TrustSocialEmailVerified bool `json:",optional"`
add notification and member modules with local dev stack Implement outbound notification (sync/async, idempotency, quota, DLQ), member OTP/verification, SMTP/SES/Mitake providers, shared Redis wiring, docker-compose for Mongo/Redis, and gateway config documentation. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-20 07:01:08 +00:00			`}`

add member totp 2026-05-20 13:03:59 +00:00			`// OTPConfig governs the business OTP primitive (email/phone verification).`
add notification and member modules with local dev stack Implement outbound notification (sync/async, idempotency, quota, DLQ), member OTP/verification, SMTP/SES/Mitake providers, shared Redis wiring, docker-compose for Mongo/Redis, and gateway config documentation. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-20 07:01:08 +00:00			`type OTPConfig struct {`
			Length int `json:",optional"`
			TTLSeconds int `json:",optional"`
			MaxAttempts int `json:",optional"`
			ResendCooldownSeconds int `json:",optional"`
			DailyVerifyLimit int `json:",optional"`
			`}`

add member totp 2026-05-20 13:03:59 +00:00			`// TOTPConfig governs business-tier RFC 6238 TOTP (step-up MFA).`
			`//`
			`// SecretKEK is the 32-byte master key used to AES-256-GCM encrypt member`
			`// secrets at rest. Accepts hex (64 chars) or base64. Empty disables the`
			`// TOTPUseCase wiring (factory returns an error).`
			`type TOTPConfig struct {`
			Issuer string `json:",optional"`
			Algorithm string `json:",optional"`
			Digits int `json:",optional"`
			PeriodSeconds int `json:",optional"`
			Window int `json:",optional"`
			BackupCodeCount int `json:",optional"`
			BackupCodeLength int `json:",optional"`
			EnrollTTLSeconds int `json:",optional"`
			ReplayTTLSeconds int `json:",optional"`
add fix eage case 2026-05-27 09:28:13 +00:00			StepUpTTLSeconds int `json:",optional"`
add member totp 2026-05-20 13:03:59 +00:00			SecretKEK string `json:",optional,env=TOTP_SECRET_KEK"`
			`}`

add notification and member modules with local dev stack Implement outbound notification (sync/async, idempotency, quota, DLQ), member OTP/verification, SMTP/SES/Mitake providers, shared Redis wiring, docker-compose for Mongo/Redis, and gateway config documentation. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-20 07:01:08 +00:00			`// Defaults returns zero-value-safe defaults.`
			`func (c Config) Defaults() Config {`
			`if c.OTP.Length <= 0 {`
			`c.OTP.Length = 6`
			`}`
			`if c.OTP.TTLSeconds <= 0 {`
			`c.OTP.TTLSeconds = 300`
			`}`
			`if c.OTP.MaxAttempts <= 0 {`
			`c.OTP.MaxAttempts = 5`
			`}`
			`if c.OTP.ResendCooldownSeconds <= 0 {`
			`c.OTP.ResendCooldownSeconds = 60`
			`}`
			`if c.OTP.DailyVerifyLimit <= 0 {`
			`c.OTP.DailyVerifyLimit = 10`
			`}`
add member totp 2026-05-20 13:03:59 +00:00			`if c.TOTP.Issuer == "" {`
			`c.TOTP.Issuer = "CloudEP"`
			`}`
			`if c.TOTP.Algorithm == "" {`
			`c.TOTP.Algorithm = "SHA1"`
			`}`
			`if c.TOTP.Digits <= 0 {`
			`c.TOTP.Digits = 6`
			`}`
			`if c.TOTP.PeriodSeconds <= 0 {`
			`c.TOTP.PeriodSeconds = 30`
			`}`
			`if c.TOTP.Window < 0 {`
			`c.TOTP.Window = 0`
			`}`
			`if c.TOTP.Window == 0 {`
			`c.TOTP.Window = 1`
			`}`
			`if c.TOTP.BackupCodeCount <= 0 {`
			`c.TOTP.BackupCodeCount = 10`
			`}`
			`if c.TOTP.BackupCodeLength <= 0 {`
			`c.TOTP.BackupCodeLength = 12`
			`}`
			`if c.TOTP.EnrollTTLSeconds <= 0 {`
			`c.TOTP.EnrollTTLSeconds = 600`
			`}`
			`if c.TOTP.ReplayTTLSeconds <= 0 {`
			`c.TOTP.ReplayTTLSeconds = 90`
			`}`
add fix eage case 2026-05-27 09:28:13 +00:00			`if c.TOTP.StepUpTTLSeconds <= 0 {`
			`c.TOTP.StepUpTTLSeconds = 300`
			`}`
feat(auth): add unified registration/login module with Zitadel + lint cleanup - Introduce auth module: handlers, logic, domain/repository/usecase, JWT middleware, and Zitadel OIDC client (password + authorization code + userinfo + JWKS verification) - Wire member rate-limit, structured errors, and refactored member/ notification usecases (introduce shared errors, drop repo_errors.go) - Bring the codebase to zero golangci-lint issues: * goimports formatting * errcheck on io.ReadAll/Unlock cleanup paths * contextcheck: HandlerContext now takes (ctx, http.Request) gocritic: rename shadowed `max`, use http.NoBody * goconst: extract test fixtures and bsonOpSet * testifylint: switch to assert inside httptest handlers Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-21 06:45:35 +00:00			`// RequireInviteCode defaults true when unset (zero value).`
			`// TrustSocialEmailVerified defaults true when unset (zero value).`
add notification and member modules with local dev stack Implement outbound notification (sync/async, idempotency, quota, DLQ), member OTP/verification, SMTP/SES/Mitake providers, shared Redis wiring, docker-compose for Mongo/Redis, and gateway config documentation. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-20 07:01:08 +00:00			`return c`
			`}`