alexei.dolgolyov
32de5b26a8
Blue-green zero-downtime deploys, promote flow validation. Dual auth: local (bcrypt + JWT) and OAuth2/OIDC (any provider). Auth middleware, login page, auth settings UI. Structured logging (slog JSON), config export to YAML. Graceful shutdown with deploy draining. Multi-stage Dockerfile and production docker-compose.yml. Swap phase order: Volumes & Env before UI Polish.
43 lines
1.2 KiB
Go
43 lines
1.2 KiB
Go
package auth
|
|
|
|
import "time"
|
|
|
|
// User represents an authenticated user stored in the database.
|
|
type User struct {
|
|
ID string `json:"id"`
|
|
Username string `json:"username"`
|
|
PasswordHash string `json:"-"`
|
|
Email string `json:"email"`
|
|
Role string `json:"role"` // admin, viewer
|
|
CreatedAt string `json:"created_at"`
|
|
UpdatedAt string `json:"updated_at"`
|
|
}
|
|
|
|
// AuthSettings holds the authentication configuration (single-row pattern).
|
|
type AuthSettings struct {
|
|
AuthMode string `json:"auth_mode"` // local, oidc
|
|
OIDCClientID string `json:"oidc_client_id"`
|
|
OIDCClientSecret string `json:"-"`
|
|
OIDCIssuerURL string `json:"oidc_issuer_url"`
|
|
OIDCRedirectURL string `json:"oidc_redirect_url"`
|
|
}
|
|
|
|
// Claims represents the JWT token claims.
|
|
type Claims struct {
|
|
UserID string `json:"user_id"`
|
|
Username string `json:"username"`
|
|
Role string `json:"role"`
|
|
}
|
|
|
|
// SessionToken is the response sent to the client after successful authentication.
|
|
type SessionToken struct {
|
|
Token string `json:"token"`
|
|
ExpiresAt time.Time `json:"expires_at"`
|
|
}
|
|
|
|
// LoginRequest is the expected JSON body for the login endpoint.
|
|
type LoginRequest struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
}
|