85 lines
2.6 KiB
Go
85 lines
2.6 KiB
Go
package domain
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
// MongoDB BSON field names for auth module collections.
|
|
const (
|
|
BSONFieldID = "_id"
|
|
BSONFieldTenantID = "tenant_id"
|
|
BSONFieldCodeHash = "code_hash"
|
|
BSONFieldMaxUses = "max_uses"
|
|
BSONFieldUsedCount = "used_count"
|
|
BSONFieldExpiresAt = "expires_at"
|
|
BSONFieldNewUsersOnly = "new_users_only"
|
|
BSONFieldCreateAt = "create_at"
|
|
BSONFieldUpdateAt = "update_at"
|
|
|
|
BSONFieldUID = "uid"
|
|
BSONFieldInviteCodeID = "invite_code_id"
|
|
BSONFieldAcceptTermsVersion = "accept_terms_version"
|
|
BSONFieldMarketingOptIn = "marketing_opt_in"
|
|
BSONFieldRegistrationChannel = "registration_channel"
|
|
BSONFieldClientIP = "client_ip"
|
|
BSONFieldUserAgent = "user_agent"
|
|
BSONFieldOccurredAt = "occurred_at"
|
|
)
|
|
|
|
const inviteConsumeLockTTLSeconds = 30
|
|
|
|
const (
|
|
OAuthStatePrefixRegister = "reg:"
|
|
OAuthStatePrefixLogin = "login:"
|
|
)
|
|
|
|
// RegistrationSessionRedisKey returns the Redis key for a social registration session.
|
|
func RegistrationSessionRedisKey(sessionID string) string {
|
|
return fmt.Sprintf("auth:register:session:%s", sessionID)
|
|
}
|
|
|
|
// LoginSessionRedisKey returns the Redis key for a social login session.
|
|
func LoginSessionRedisKey(sessionID string) string {
|
|
return fmt.Sprintf("auth:login:session:%s", sessionID)
|
|
}
|
|
|
|
// LoginMFAChallengeRedisKey returns the Redis key for a password-login MFA challenge.
|
|
func LoginMFAChallengeRedisKey(challengeID string) string {
|
|
return fmt.Sprintf("auth:login:mfa:%s", challengeID)
|
|
}
|
|
|
|
// NormalizeInviteCode trims and uppercases user input before hashing.
|
|
func NormalizeInviteCode(code string) string {
|
|
return strings.ToUpper(strings.TrimSpace(code))
|
|
}
|
|
|
|
// HashInviteCode returns a stable SHA-256 hex digest for storage and lookup.
|
|
func HashInviteCode(code string) string {
|
|
normalized := NormalizeInviteCode(code)
|
|
sum := sha256.Sum256([]byte(normalized))
|
|
return hex.EncodeToString(sum[:])
|
|
}
|
|
|
|
// InviteConsumeLockRedisKey returns the Redis key for serializing invite consumption.
|
|
func InviteConsumeLockRedisKey(tenantID, codeHash string) string {
|
|
return fmt.Sprintf("auth:invite:consume:%s:%s", tenantID, codeHash)
|
|
}
|
|
|
|
// InviteConsumeLockTTLSeconds is the Redis lock TTL for Consume.
|
|
func InviteConsumeLockTTLSeconds() int {
|
|
return inviteConsumeLockTTLSeconds
|
|
}
|
|
|
|
// JWTPairRedisKey maps an access or refresh jti to its paired jti.
|
|
func JWTPairRedisKey(jti string) string {
|
|
return fmt.Sprintf("auth:jwt:pair:%s", jti)
|
|
}
|
|
|
|
// JWTBlacklistRedisKey marks a revoked jti until natural expiry.
|
|
func JWTBlacklistRedisKey(jti string) string {
|
|
return fmt.Sprintf("auth:jwt:bl:%s", jti)
|
|
}
|