46 lines
1.7 KiB
Go
46 lines
1.7 KiB
Go
// Package auth is responsible for everything authentication
|
|
//
|
|
// Be that checking login data and handing out an access token on sucess,
|
|
// checking if a given access token can do the requested action
|
|
// or adding or updating the authentication information of an account.
|
|
// And I probably forgot something
|
|
package auth
|
|
|
|
import (
|
|
"time"
|
|
|
|
"git.mstar.dev/mstar/goutils/other"
|
|
"github.com/go-webauthn/webauthn/webauthn"
|
|
)
|
|
|
|
// An Authenticator is used for authenticating user requests against the server
|
|
type Authenticator struct {
|
|
webauthn *webauthn.WebAuthn
|
|
recentlyUsedTotpTokens map[string]time.Time
|
|
}
|
|
|
|
// The next state of a login process
|
|
type LoginNextState uint8
|
|
|
|
const (
|
|
LoginNextFailure LoginNextState = 0 // Login failed (default state)
|
|
LoginNextSucess LoginNextState = 1 << iota // Login suceeded
|
|
LoginUnknown // Unknown login method type, should result in failure
|
|
LoginNext2FaTotp // Login requires a totp token next as 2fa response
|
|
LoginNext2FaPasskey // Login requires a passkey token next as 2fa response
|
|
LoginNext2FaMail // Login requires an email token next as 2fa response
|
|
LoginStartPassword // Login starts with a password
|
|
LoginStartPasskey // Login starts with a passkey
|
|
)
|
|
|
|
// Create a new authenticator
|
|
func New(webauthnConfig *webauthn.Config) (*Authenticator, error) {
|
|
webauthn, err := webauthn.New(webauthnConfig)
|
|
if err != nil {
|
|
return nil, other.Error("auth", "failed to create webauthn handler", err)
|
|
}
|
|
return &Authenticator{
|
|
webauthn: webauthn,
|
|
recentlyUsedTotpTokens: make(map[string]time.Time),
|
|
}, nil
|
|
}
|