session

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrSessionNotFound      = errors.New("session not found")
	ErrSessionExpired       = errors.New("session has expired")
	ErrSessionRevoked       = errors.New("session has been revoked")
	ErrRefreshTokenNotFound = errors.New("refresh token not found")
	ErrRefreshTokenExpired  = errors.New("refresh token has expired")
	ErrRefreshTokenUsed     = errors.New("refresh token has already been used")
	ErrRefreshTokenRevoked  = errors.New("refresh token has been revoked")
	ErrTokenFamilyMismatch  = errors.New("refresh token family mismatch (possible replay attack)")
	ErrMaxSessionsReached   = errors.New("maximum number of active sessions reached")
	ErrInvalidToken         = errors.New("invalid token")
)

Domain errors for session operations.

Functions

func HashToken 

func HashToken(token string) string

HashToken is exported for use in repositories.

func RefreshTokenNotFoundError 

func RefreshTokenNotFoundError(id shared.ID) error

RefreshTokenNotFoundError returns a refresh token not found error.

func SessionNotFoundError 

func SessionNotFoundError(id shared.ID) error

SessionNotFoundError returns a session not found error with ID.

Types

type RefreshToken 

type RefreshToken struct {
	// contains filtered or unexported fields
}

RefreshToken represents a refresh token for session renewal. Implements token rotation with family tracking for replay attack detection.

func NewRefreshToken 

func NewRefreshToken(
	userID shared.ID,
	sessionID shared.ID,
	token string,
	duration time.Duration,
) (*RefreshToken, error)

NewRefreshToken creates a new refresh token.

func NewRefreshTokenInFamily 

func NewRefreshTokenInFamily(
	userID shared.ID,
	sessionID shared.ID,
	token string,
	family shared.ID,
	duration time.Duration,
) (*RefreshToken, error)

NewRefreshTokenInFamily creates a new refresh token in an existing family (rotation).

func ReconstituteRefreshToken 

func ReconstituteRefreshToken(
	id shared.ID,
	userID shared.ID,
	sessionID shared.ID,
	tokenHash string,
	family shared.ID,
	expiresAt time.Time,
	usedAt *time.Time,
	revokedAt *time.Time,
	createdAt time.Time,
) *RefreshToken

ReconstituteRefreshToken creates a refresh token from persisted data.

func (*RefreshToken) CreatedAt 

func (rt *RefreshToken) CreatedAt() time.Time

CreatedAt returns when the token was created.

func (*RefreshToken) ExpiresAt 

func (rt *RefreshToken) ExpiresAt() time.Time

ExpiresAt returns when the token expires.

func (*RefreshToken) Family 

func (rt *RefreshToken) Family() shared.ID

Family returns the token family ID.

func (*RefreshToken) ID 

func (rt *RefreshToken) ID() shared.ID

ID returns the refresh token ID.

func (*RefreshToken) IsExpired 

func (rt *RefreshToken) IsExpired() bool

IsExpired returns true if the token has expired.

func (*RefreshToken) IsRevoked 

func (rt *RefreshToken) IsRevoked() bool

IsRevoked returns true if the token has been revoked.

func (*RefreshToken) IsUsed 

func (rt *RefreshToken) IsUsed() bool

IsUsed returns true if the token has been used.

func (*RefreshToken) IsValid 

func (rt *RefreshToken) IsValid() bool

IsValid returns true if the token is valid (not expired, used, or revoked).

func (*RefreshToken) MarkUsed 

func (rt *RefreshToken) MarkUsed() error

MarkUsed marks the token as used.

func (*RefreshToken) Revoke 

func (rt *RefreshToken) Revoke() error

Revoke marks the token as revoked.

func (*RefreshToken) RevokedAt 

func (rt *RefreshToken) RevokedAt() *time.Time

RevokedAt returns when the token was revoked.

func (*RefreshToken) SessionID 

func (rt *RefreshToken) SessionID() shared.ID

SessionID returns the associated session ID.

func (*RefreshToken) TokenHash 

func (rt *RefreshToken) TokenHash() string

TokenHash returns the hash of the token.

func (*RefreshToken) UsedAt 

func (rt *RefreshToken) UsedAt() *time.Time

UsedAt returns when the token was used.

func (*RefreshToken) UserID 

func (rt *RefreshToken) UserID() shared.ID

UserID returns the user ID.

func (*RefreshToken) VerifyToken 

func (rt *RefreshToken) VerifyToken(token string) bool

VerifyToken verifies if the provided token matches this refresh token.

type RefreshTokenRepository 

type RefreshTokenRepository interface {
	// Create creates a new refresh token.
	Create(ctx context.Context, token *RefreshToken) error

	// GetByID retrieves a refresh token by its ID.
	GetByID(ctx context.Context, id shared.ID) (*RefreshToken, error)

	// GetByTokenHash retrieves a refresh token by its hash.
	GetByTokenHash(ctx context.Context, hash string) (*RefreshToken, error)

	// GetByFamily retrieves all refresh tokens in a family.
	GetByFamily(ctx context.Context, family shared.ID) ([]*RefreshToken, error)

	// Update updates a refresh token.
	Update(ctx context.Context, token *RefreshToken) error

	// Delete deletes a refresh token.
	Delete(ctx context.Context, id shared.ID) error

	// RevokeByFamily revokes all tokens in a family (for replay attack detection).
	RevokeByFamily(ctx context.Context, family shared.ID) error

	// RevokeBySessionID revokes all tokens for a session.
	RevokeBySessionID(ctx context.Context, sessionID shared.ID) error

	// RevokeByUserID revokes all tokens for a user.
	RevokeByUserID(ctx context.Context, userID shared.ID) error

	// DeleteExpired deletes all expired tokens (for cleanup job).
	DeleteExpired(ctx context.Context) (int64, error)
}

RefreshTokenRepository defines the interface for refresh token persistence.

type Repository 

type Repository interface {
	// Create creates a new session.
	Create(ctx context.Context, session *Session) error

	// GetByID retrieves a session by its ID.
	GetByID(ctx context.Context, id shared.ID) (*Session, error)

	// GetByAccessTokenHash retrieves a session by access token hash.
	GetByAccessTokenHash(ctx context.Context, hash string) (*Session, error)

	// GetActiveByUserID retrieves all active sessions for a user.
	GetActiveByUserID(ctx context.Context, userID shared.ID) ([]*Session, error)

	// Update updates an existing session.
	Update(ctx context.Context, session *Session) error

	// Delete deletes a session.
	Delete(ctx context.Context, id shared.ID) error

	// RevokeAllByUserID revokes all sessions for a user.
	RevokeAllByUserID(ctx context.Context, userID shared.ID) error

	// RevokeAllByUserIDExcept revokes all sessions for a user except the specified session.
	RevokeAllByUserIDExcept(ctx context.Context, userID shared.ID, exceptSessionID shared.ID) error

	// CountActiveByUserID counts active sessions for a user.
	CountActiveByUserID(ctx context.Context, userID shared.ID) (int, error)

	// GetOldestActiveByUserID retrieves the oldest active session for a user.
	// Returns nil if no active sessions exist.
	GetOldestActiveByUserID(ctx context.Context, userID shared.ID) (*Session, error)

	// DeleteExpired deletes all expired sessions (for cleanup job).
	DeleteExpired(ctx context.Context) (int64, error)
}

Repository defines the interface for session persistence.

type Session 

type Session struct {
	// contains filtered or unexported fields
}

Session represents an authentication session.

func New 

func New(
	userID shared.ID,
	accessToken string,
	ipAddress string,
	userAgent string,
	sessionDuration time.Duration,
) (*Session, error)

New creates a new session.

func NewWithID 

func NewWithID(
	id shared.ID,
	userID shared.ID,
	accessToken string,
	ipAddress string,
	userAgent string,
	sessionDuration time.Duration,
) (*Session, error)

NewWithID creates a new session entity with a pre-generated ID. Use this when you need the session ID before creating the session (e.g., for JWT).

func Reconstitute 

func Reconstitute(
	id shared.ID,
	userID shared.ID,
	accessTokenHash string,
	ipAddress string,
	userAgent string,
	deviceFingerprint string,
	expiresAt time.Time,
	lastActivityAt time.Time,
	status Status,
	createdAt time.Time,
	updatedAt time.Time,
) *Session

Reconstitute creates a session from persisted data.

func (*Session) AccessTokenHash 

func (s *Session) AccessTokenHash() string

AccessTokenHash returns the hash of the access token.

func (*Session) CreatedAt 

func (s *Session) CreatedAt() time.Time

CreatedAt returns when the session was created.

func (*Session) DeviceFingerprint 

func (s *Session) DeviceFingerprint() string

DeviceFingerprint returns the device fingerprint.

func (*Session) Expire 

func (s *Session) Expire() error

Expire marks the session as expired.

func (*Session) ExpiresAt 

func (s *Session) ExpiresAt() time.Time

ExpiresAt returns when the session expires.

func (*Session) ID 

func (s *Session) ID() shared.ID

ID returns the session ID.

func (*Session) IPAddress 

func (s *Session) IPAddress() string

IPAddress returns the IP address from which the session was created.

func (*Session) IsActive 

func (s *Session) IsActive() bool

IsActive returns true if the session is active and not expired.

func (*Session) IsExpired 

func (s *Session) IsExpired() bool

IsExpired returns true if the session has expired.

func (*Session) LastActivityAt 

func (s *Session) LastActivityAt() time.Time

LastActivityAt returns the last activity time.

func (*Session) Revoke 

func (s *Session) Revoke() error

Revoke marks the session as revoked.

func (*Session) SetDeviceFingerprint 

func (s *Session) SetDeviceFingerprint(fingerprint string)

SetDeviceFingerprint sets the device fingerprint.

func (*Session) Status 

func (s *Session) Status() Status

Status returns the session status.

func (*Session) UpdateActivity 

func (s *Session) UpdateActivity()

UpdateActivity updates the last activity time.

func (*Session) UpdatedAt 

func (s *Session) UpdatedAt() time.Time

UpdatedAt returns when the session was last updated.

func (*Session) UserAgent 

func (s *Session) UserAgent() string

UserAgent returns the user agent string.

func (*Session) UserID 

func (s *Session) UserID() shared.ID

UserID returns the user ID associated with this session.

func (*Session) VerifyToken 

func (s *Session) VerifyToken(token string) bool

VerifyToken verifies if the provided token matches this session.

type Status 

type Status string

Status represents the status of a session. 

const (
	// StatusActive indicates an active session.
	StatusActive Status = "active"
	// StatusExpired indicates an expired session.
	StatusExpired Status = "expired"
	// StatusRevoked indicates a revoked session.
	StatusRevoked Status = "revoked"
)

func StatusFromString 

func StatusFromString(s string) Status

StatusFromString converts a string to Status.

func (Status) IsActive 

func (s Status) IsActive() bool

IsActive returns true if the session is active.

func (Status) IsValid 

func (s Status) IsValid() bool

IsValid checks if the status is valid.

func (Status) String 

func (s Status) String() string

String returns the string representation of the status.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.