Documentation
¶
Index ¶
- Constants
- Variables
- func CleanupExpiredTokens(db *sql.DB) error
- func CreateRefreshToken(db *sql.DB, username string) (string, error)
- func DeleteFile(db *sql.DB, fileID string, ownerUsername string) error
- func FormatCreditsUSD(cents int64) string
- func GenerateFileID() string
- func GenerateStorageID() string
- func ParseCreditsFromUSD(usdAmount string) (int64, error)
- func RevokeAllUserTokens(db *sql.DB, username string) error
- func RevokeRefreshToken(db *sql.DB, tokenString string) error
- func ValidateRefreshToken(db *sql.DB, tokenString string) (string, error)
- type CreditTransaction
- func AddCredits(db *sql.DB, username string, amountCents int64, transactionType, reason string, ...) (*CreditTransaction, error)
- func DebitCredits(db *sql.DB, username string, amountCents int64, transactionType, reason string, ...) (*CreditTransaction, error)
- func GetUserTransactions(db *sql.DB, username string, limit int, offset int) ([]*CreditTransaction, error)
- func SetCredits(db *sql.DB, username string, newBalanceCents int64, reason string, ...) (*CreditTransaction, error)
- type CreditsSummaryResponse
- type File
- type FileMetadataForClient
- type OPAQUEAccountStatus
- type RefreshToken
- type User
- func (u *User) ApproveUser(db *sql.DB, adminUsername string) error
- func (u *User) AuthenticateFilePassword(db *sql.DB, fileID, password string) ([]byte, error)
- func (u *User) AuthenticateOPAQUE(db *sql.DB, password string) ([]byte, error)
- func (u *User) CheckStorageAvailable(size int64) bool
- func (u *User) Delete(db *sql.DB) error
- func (u *User) DeleteFilePassword(db *sql.DB, fileID, keyLabel string) error
- func (u *User) DeleteOPAQUEAccount(db *sql.DB) error
- func (u *User) GetFilePasswordRecords(db *sql.DB, fileID string) ([]*auth.OPAQUEPasswordRecord, error)
- func (u *User) GetOPAQUEAccountStatus(db *sql.DB) (*OPAQUEAccountStatus, error)
- func (u *User) GetOPAQUEExportKey(db *sql.DB, password string) ([]byte, error)
- func (u *User) GetStorageUsagePercent() float64
- func (u *User) HasAdminPrivileges() bool
- func (u *User) HasOPAQUEAccount(db *sql.DB) (bool, error)
- func (u *User) RegisterFilePassword(db *sql.DB, fileID, password, keyLabel, passwordHint string) error
- func (u *User) RegisterOPAQUEAccount(db *sql.DB, password string) error
- func (u *User) SecureZeroExportKey(exportKey []byte)
- func (u *User) UpdateStorageUsage(tx *sql.Tx, deltaBytes int64) error
- func (u *User) ValidateOPAQUEExportKey(exportKey []byte) error
- type UserCredit
Constants ¶
const ( TransactionTypeCredit = "credit" TransactionTypeDebit = "debit" TransactionTypeAdjustment = "adjustment" TransactionTypeRefund = "refund" )
Transaction types
const (
DefaultStorageLimit int64 = 1181116006 // 1.1GB in bytes
)
Variables ¶
var ( ErrRefreshTokenExpired = errors.New("refresh token has expired") ErrUserNotFound = errors.New("user not found for token") ErrRefreshTokenNotFound = errors.New("refresh token not found") )
Pre-defined errors for token validation
Functions ¶
func CleanupExpiredTokens ¶
CleanupExpiredTokens removes expired tokens from the database
func CreateRefreshToken ¶
CreateRefreshToken generates a new refresh token for a user
func DeleteFile ¶
DeleteFile removes a file record from the database by file_id
func FormatCreditsUSD ¶
FormatCreditsUSD formats credit cents as USD string (e.g., 1234 cents -> "$12.34")
func GenerateFileID ¶
func GenerateFileID() string
GenerateFileID creates a new UUID v4 for file identification
func GenerateStorageID ¶
func GenerateStorageID() string
GenerateStorageID creates a new UUID v4 for storage
func ParseCreditsFromUSD ¶
ParseCreditsFromUSD parses USD string to cents (e.g., "12.34" -> 1234 cents)
func RevokeAllUserTokens ¶
RevokeAllUserTokens revokes all refresh tokens for a user
func RevokeRefreshToken ¶
RevokeRefreshToken marks a token as revoked
Types ¶
type CreditTransaction ¶
type CreditTransaction struct {
ID int64 `json:"id"`
TransactionID *string `json:"transaction_id,omitempty"`
Username string `json:"username"`
AmountUSDCents int64 `json:"amount_usd_cents"`
BalanceAfterUSDCents int64 `json:"balance_after_usd_cents"`
TransactionType string `json:"transaction_type"`
Reason *string `json:"reason,omitempty"`
AdminUsername *string `json:"admin_username,omitempty"`
Metadata *string `json:"metadata,omitempty"`
CreatedAt time.Time `json:"created_at"`
}
CreditTransaction represents a credit transaction record
func AddCredits ¶
func AddCredits(db *sql.DB, username string, amountCents int64, transactionType, reason string, transactionID *string, adminUsername *string) (*CreditTransaction, error)
AddCredits adds credits to a user's balance (creates transaction record)
func DebitCredits ¶
func DebitCredits(db *sql.DB, username string, amountCents int64, transactionType, reason string, transactionID *string, adminUsername *string) (*CreditTransaction, error)
DebitCredits removes credits from a user's balance (creates transaction record)
func GetUserTransactions ¶
func GetUserTransactions(db *sql.DB, username string, limit int, offset int) ([]*CreditTransaction, error)
GetUserTransactions retrieves credit transactions for a user
func SetCredits ¶
func SetCredits(db *sql.DB, username string, newBalanceCents int64, reason string, adminUsername string) (*CreditTransaction, error)
SetCredits sets a user's credit balance to a specific amount (admin only)
type CreditsSummaryResponse ¶
type CreditsSummaryResponse struct {
Username string `json:"username"`
Balance *UserCredit `json:"balance"`
RecentTransactions []*CreditTransaction `json:"recent_transactions"`
FormattedBalance string `json:"formatted_balance"`
}
CreditsSummaryResponse represents a summary of user's credit status
func GetUserCreditsSummary ¶
func GetUserCreditsSummary(db *sql.DB, username string) (*CreditsSummaryResponse, error)
GetUserCreditsSummary gets a complete summary of user's credit status
type File ¶
type File struct {
ID int64 `json:"id"`
FileID string `json:"file_id"` // UUID v4 for file identification
StorageID string `json:"storage_id"` // UUID v4 for storage backend
OwnerUsername string `json:"owner_username"`
PasswordHint string `json:"password_hint,omitempty"`
PasswordType string `json:"password_type"`
FilenameNonce []byte `json:"-"` // Hidden from JSON - 12 bytes
EncryptedFilename []byte `json:"-"` // Hidden from JSON - encrypted blob
Sha256sumNonce []byte `json:"-"` // Hidden from JSON - 12 bytes
EncryptedSha256sum []byte `json:"-"` // Hidden from JSON - encrypted blob
SizeBytes int64 `json:"size_bytes"` // Original file size
UploadDate time.Time `json:"upload_date"`
}
func CreateFile ¶
func CreateFile(db *sql.DB, fileID, storageID, ownerUsername, passwordHint, passwordType string, filenameNonce, encryptedFilename, sha256sumNonce, encryptedSha256sum []byte, sizeBytes int64) (*File, error)
CreateFile creates a new file record in the database with encrypted metadata
func GetFileByFileID ¶
GetFileByFileID retrieves a file record by file_id
func GetFileByStorageID ¶
GetFileByStorageID retrieves a file record by storage_id
func GetFilesByOwner ¶
GetFilesByOwner retrieves all files owned by a specific user
func (*File) ToClientMetadata ¶
func (f *File) ToClientMetadata() *FileMetadataForClient
ToClientMetadata converts a File to FileMetadataForClient for sending to the client
type FileMetadataForClient ¶
type FileMetadataForClient struct {
FileID string `json:"file_id"`
StorageID string `json:"storage_id"`
FilenameNonce []byte `json:"filename_nonce"`
EncryptedFilename []byte `json:"encrypted_filename"`
Sha256sumNonce []byte `json:"sha256sum_nonce"`
EncryptedSha256sum []byte `json:"encrypted_sha256sum"`
SizeBytes int64 `json:"size_bytes"`
UploadDate time.Time `json:"upload_date"`
}
FileMetadataForClient represents the encrypted metadata that gets sent to the client The client will decrypt these fields using their OPAQUE export key
type OPAQUEAccountStatus ¶
type OPAQUEAccountStatus struct {
HasAccountPassword bool `json:"has_account_password"`
FilePasswordCount int `json:"file_password_count"`
LastOPAQUEAuth *time.Time `json:"last_opaque_auth"`
OPAQUECreatedAt *time.Time `json:"opaque_created_at"`
}
OPAQUEAccountStatus represents the OPAQUE authentication status for a user
type RefreshToken ¶
type RefreshToken struct {
ID string
Username string
TokenHash string
ExpiresAt time.Time
CreatedAt time.Time
IsRevoked bool
IsUsed bool
}
RefreshToken represents a refresh token in the database
type User ¶
type User struct {
ID int64 `json:"id"`
Username string `json:"username"`
Email *string `json:"email,omitempty"`
CreatedAt time.Time `json:"created_at"`
TotalStorageBytes int64 `json:"total_storage_bytes"`
StorageLimitBytes int64 `json:"storage_limit_bytes"`
IsApproved bool `json:"is_approved"`
ApprovedBy sql.NullString `json:"approved_by,omitempty"`
ApprovedAt sql.NullTime `json:"approved_at,omitempty"`
IsAdmin bool `json:"is_admin"`
}
func CreateUser ¶
CreateUser creates a new user in the database for OPAQUE authentication
func CreateUserWithOPAQUE ¶
CreateUserWithOPAQUE creates user AND registers OPAQUE account in single transaction
func GetPendingUsers ¶
GetPendingUsers retrieves users pending approval (admin only)
func GetUserByUsername ¶
GetUserByUsername retrieves a user by username
func (*User) ApproveUser ¶
ApproveUser approves a user (admin only)
func (*User) AuthenticateFilePassword ¶
AuthenticateFilePassword authenticates a file-specific password and returns the export key
func (*User) AuthenticateOPAQUE ¶
AuthenticateOPAQUE authenticates the user's account password via OPAQUE
func (*User) CheckStorageAvailable ¶
CheckStorageAvailable checks if a file of the given size can be stored
func (*User) DeleteFilePassword ¶
DeleteFilePassword removes a specific file password record
func (*User) DeleteOPAQUEAccount ¶
DeleteOPAQUEAccount deactivates all OPAQUE records for this user
func (*User) GetFilePasswordRecords ¶
func (u *User) GetFilePasswordRecords(db *sql.DB, fileID string) ([]*auth.OPAQUEPasswordRecord, error)
GetFilePasswordRecords gets all password records for a specific file owned by this user
func (*User) GetOPAQUEAccountStatus ¶
func (u *User) GetOPAQUEAccountStatus(db *sql.DB) (*OPAQUEAccountStatus, error)
GetOPAQUEAccountStatus returns comprehensive OPAQUE status for the user
func (*User) GetOPAQUEExportKey ¶
GetOPAQUEExportKey retrieves the export key after successful authentication This method should only be called immediately after successful AuthenticateOPAQUE
func (*User) GetStorageUsagePercent ¶
GetStorageUsagePercent returns the user's storage usage as a percentage
func (*User) HasAdminPrivileges ¶
HasAdminPrivileges checks if a user has admin privileges
func (*User) HasOPAQUEAccount ¶
HasOPAQUEAccount checks if the user has an OPAQUE account registered
func (*User) RegisterFilePassword ¶
func (u *User) RegisterFilePassword(db *sql.DB, fileID, password, keyLabel, passwordHint string) error
RegisterFilePassword registers a custom password for a specific file
func (*User) RegisterOPAQUEAccount ¶
RegisterOPAQUEAccount registers an OPAQUE account for an existing user
func (*User) SecureZeroExportKey ¶
SecureZeroExportKey securely clears export key material from memory
func (*User) UpdateStorageUsage ¶
UpdateStorageUsage updates the user's total storage (should be called in a transaction)
func (*User) ValidateOPAQUEExportKey ¶
ValidateOPAQUEExportKey validates that an export key has the expected properties
type UserCredit ¶
type UserCredit struct {
ID int64 `json:"id"`
Username string `json:"username"`
BalanceUSDCents int64 `json:"balance_usd_cents"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
UserCredit represents a user's credit balance
func CreateUserCredits ¶
func CreateUserCredits(db *sql.DB, username string) (*UserCredit, error)
CreateUserCredits creates a new user credit record with 0 balance
func GetAllUserCredits ¶
func GetAllUserCredits(db *sql.DB) ([]*UserCredit, error)
GetAllUserCredits retrieves all user credit balances (admin only)
func GetOrCreateUserCredits ¶
func GetOrCreateUserCredits(db *sql.DB, username string) (*UserCredit, error)
GetOrCreateUserCredits gets existing credits or creates a new record with 0 balance
func GetUserCredits ¶
func GetUserCredits(db *sql.DB, username string) (*UserCredit, error)
GetUserCredits retrieves a user's credit balance
Source Files