package models import ( "fmt" "time" "gorm.io/datatypes" ) type AuthFactorType = int8 const ( PasswordAuthFactor = AuthFactorType(iota) EmailPasswordFactor ) type AuthFactor struct { BaseModel Type int8 `json:"type"` Secret string `json:"-"` Config JSONMap `json:"config"` AccountID uint `json:"account_id"` } type AuthTicket struct { BaseModel Location string `json:"location"` IpAddress string `json:"ip_address"` UserAgent string `json:"user_agent"` RequireMFA bool `json:"require_mfa"` RequireAuthenticate bool `json:"require_authenticate"` Claims datatypes.JSONSlice[string] `json:"claims"` Audiences datatypes.JSONSlice[string] `json:"audiences"` GrantToken *string `json:"grant_token"` AccessToken *string `json:"access_token"` RefreshToken *string `json:"refresh_token"` ExpiredAt *time.Time `json:"expired_at"` AvailableAt *time.Time `json:"available_at"` LastGrantAt *time.Time `json:"last_grant_at"` ClientID *uint `json:"client_id"` AccountID uint `json:"account_id"` } func (v AuthTicket) IsAvailable() error { if v.RequireMFA || v.RequireAuthenticate { return fmt.Errorf("session isn't authenticated yet") } if v.AvailableAt != nil && time.Now().Unix() < v.AvailableAt.Unix() { return fmt.Errorf("session isn't available yet") } if v.ExpiredAt != nil && time.Now().Unix() > v.ExpiredAt.Unix() { return fmt.Errorf("session expired") } return nil } type AuthContext struct { Ticket AuthTicket `json:"session"` Account Account `json:"account"` ExpiredAt time.Time `json:"expired_at"` }