template-monorepo/internal/model/member/domain/usecase/totp.go

package usecase

import "context"

// TOTPUseCase manages business-tier RFC 6238 TOTP enrollment and verification.
//
// The contract mirrors internal/model/member/SDD.md §3.5: enrollment is split
// in two steps (start → confirm) so the secret is only committed after the
// user proves possession; backup codes are returned exactly once on
// confirmation and replenished via RegenerateBackupCodes.
type TOTPUseCase interface {
	// StartEnroll generates a fresh secret, stashes it in a short-lived cache,
	// and returns the otpauth URL for QR rendering. Calling it twice replaces
	// the staged secret.
	StartEnroll(ctx context.Context, tenantID, uid, account string) (*EnrollStartDTO, error)

	// ConfirmEnroll validates the first user-supplied code against the staged
	// secret, persists the encrypted secret on the profile, and returns the
	// plaintext backup codes (only returned here once).
	ConfirmEnroll(ctx context.Context, tenantID, uid, code string) ([]string, error)

	// VerifyCode validates a code (TOTP or backup) for step-up. Backup codes
	// are single-use; replays of a successful TOTP code are rejected.
	VerifyCode(ctx context.Context, tenantID, uid, code string) error

	// Disable clears the secret and backup codes; intended to be guarded by a
	// step-up token in the logic layer.
	Disable(ctx context.Context, tenantID, uid string) error

	// RegenerateBackupCodes replaces existing backup codes with a new batch.
	RegenerateBackupCodes(ctx context.Context, tenantID, uid string) ([]string, error)

	// Status reports the current enrollment state for UI/admin views.
	Status(ctx context.Context, tenantID, uid string) (*TOTPStatusDTO, error)
}

// EnrollStartDTO is returned by TOTPUseCase.StartEnroll. Secret material is
// never returned in plaintext outside the otpauth URL.
type EnrollStartDTO struct {
	OtpauthURL string `json:"otpauth_url"`
	Issuer     string `json:"issuer"`
	Account    string `json:"account"`
	Digits     int    `json:"digits"`
	PeriodSec  int    `json:"period_seconds"`
	ExpiresIn  int    `json:"expires_in"`
}

// TOTPStatusDTO reports whether TOTP is active for the member and how many
// backup codes remain unused.
type TOTPStatusDTO struct {
	Enrolled             bool  `json:"enrolled"`
	EnrolledAt           int64 `json:"enrolled_at,omitempty"`
	BackupCodesRemaining int   `json:"backup_codes_remaining"`
}
add member totp 2026-05-20 13:03:59 +00:00			`package usecase`

			`import "context"`

			`// TOTPUseCase manages business-tier RFC 6238 TOTP enrollment and verification.`
			`//`
docs: 統整模組 README ↔ SDD 分工，砍重複內容讓「找規格」跟「日常速查」兩種需求各有歸宿，避免同樣資訊散落多處： - 改寫 docs/identity-member-design.md：從 Big5 亂碼的 2673 行設計草稿 → ~200 行 UTF-8 跨模組總覽（架構決策、模組依賴、UID、JWT、Casbin、 Pub/Sub、Notification 全部一頁看完），不再跟模組 README 重疊 - 新增 internal/model/auth/README.md：合併原 auth-unified-registration + auth/SDD 的高層概念，留 SDD 給規格細節 - 精簡 member / permission / notification README：保留 sequence diagram、 curl、ServiceContext wiring 等日常開發要的東西；逐欄位 schema / Redis key TTL / API endpoint list 等規格細節改指向各模組 SDD.md - 每個 README 頂部加「規格 vs 速查」一行指路，找欄位 → SDD，找流程 → README - root README 同步補上各模組 README + SDD 並列連結 - code comment 裡的 internal/model/{member,permission}/SDD.md §X.Y 引用全部對齊新章節編號 Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-22 09:18:08 +00:00			`// The contract mirrors internal/model/member/SDD.md §3.5: enrollment is split`
			`// in two steps (start → confirm) so the secret is only committed after the`
			`// user proves possession; backup codes are returned exactly once on`
			`// confirmation and replenished via RegenerateBackupCodes.`
add member totp 2026-05-20 13:03:59 +00:00			`type TOTPUseCase interface {`
			`// StartEnroll generates a fresh secret, stashes it in a short-lived cache,`
			`// and returns the otpauth URL for QR rendering. Calling it twice replaces`
			`// the staged secret.`
			`StartEnroll(ctx context.Context, tenantID, uid, account string) (*EnrollStartDTO, error)`

			`// ConfirmEnroll validates the first user-supplied code against the staged`
			`// secret, persists the encrypted secret on the profile, and returns the`
			`// plaintext backup codes (only returned here once).`
			`ConfirmEnroll(ctx context.Context, tenantID, uid, code string) ([]string, error)`

			`// VerifyCode validates a code (TOTP or backup) for step-up. Backup codes`
			`// are single-use; replays of a successful TOTP code are rejected.`
			`VerifyCode(ctx context.Context, tenantID, uid, code string) error`

			`// Disable clears the secret and backup codes; intended to be guarded by a`
			`// step-up token in the logic layer.`
			`Disable(ctx context.Context, tenantID, uid string) error`

			`// RegenerateBackupCodes replaces existing backup codes with a new batch.`
			`RegenerateBackupCodes(ctx context.Context, tenantID, uid string) ([]string, error)`

			`// Status reports the current enrollment state for UI/admin views.`
			`Status(ctx context.Context, tenantID, uid string) (*TOTPStatusDTO, error)`
			`}`

			`// EnrollStartDTO is returned by TOTPUseCase.StartEnroll. Secret material is`
			`// never returned in plaintext outside the otpauth URL.`
			`type EnrollStartDTO struct {`
			OtpauthURL string `json:"otpauth_url"`
			Issuer string `json:"issuer"`
			Account string `json:"account"`
			Digits int `json:"digits"`
			PeriodSec int `json:"period_seconds"`
			ExpiresIn int `json:"expires_in"`
			`}`

			`// TOTPStatusDTO reports whether TOTP is active for the member and how many`
			`// backup codes remain unused.`
			`type TOTPStatusDTO struct {`
			Enrolled bool `json:"enrolled"`
			EnrolledAt int64 `json:"enrolled_at,omitempty"`
			BackupCodesRemaining int `json:"backup_codes_remaining"`
			`}`