Kwaku Danso
3f8bc58ca9
Phase 1 — Core API (Go): - Events, guests, tokens, RSVPs CRUD on PostgreSQL via pgx/v5 - HMAC-signed per-guest tokens with format validation - Health endpoint with DB ping, slog JSON logging, graceful shutdown Phase 2 — NATS + Fraud Engine: - NATS JetStream pub/sub with explicit-ack consumers - Python/FastAPI fraud engine with heuristic risk scoring (fingerprint mismatch, IP change, missing signals, repeated access) - gRPC sync scoring with 250ms fail-open timeout - Per-guest baseline tracking; risk bands low/medium/high/block Phase 3 — Notifications + Frontend: - Notification worker scaffolding (Twilio/SES stubs, retry/backoff) - Nuxt 3 frontend with Tailwind dark theme + brand green - Live monitor via WebSocket with auto-reconnect - Activity history endpoint backfills monitor with RSVPs + scored access checks (including blocked attempts) UX polish: - Marketing-friendly landing page (hero mockup, how-it-works, features, use cases, testimonials, FAQ, final CTA) - Animated layered card mockups on landing + new-event page - Plus-ones stepper, RSVP status badges, filter buttons - Friendly access-check labels (Verified/Review/Suspicious/Blocked) - Dashboard hydration fix via ClientOnly wrapper Infrastructure: - docker-compose for full local dev (postgres, nats, api, fraud-engine, notifier, frontend) - Multi-stage Dockerfiles, non-root UID 1000 - Integration tests with testcontainers-go Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
46 lines
862 B
Go
46 lines
862 B
Go
package auth
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"encoding/hex"
|
|
"errors"
|
|
"strings"
|
|
)
|
|
|
|
const tokenPrefix = "tk_"
|
|
|
|
var ErrInvalidTokenFormat = errors.New("invalid token format")
|
|
|
|
type Generator struct{}
|
|
|
|
func NewGenerator() *Generator {
|
|
return &Generator{}
|
|
}
|
|
|
|
func (Generator) Generate() (raw, hash string, err error) {
|
|
buf := make([]byte, 32)
|
|
if _, err := rand.Read(buf); err != nil {
|
|
return "", "", err
|
|
}
|
|
raw = tokenPrefix + base64.RawURLEncoding.EncodeToString(buf)
|
|
hash = HashToken(raw)
|
|
return raw, hash, nil
|
|
}
|
|
|
|
func HashToken(raw string) string {
|
|
sum := sha256.Sum256([]byte(raw))
|
|
return hex.EncodeToString(sum[:])
|
|
}
|
|
|
|
func ValidateFormat(raw string) error {
|
|
if !strings.HasPrefix(raw, tokenPrefix) {
|
|
return ErrInvalidTokenFormat
|
|
}
|
|
if len(raw) < len(tokenPrefix)+20 {
|
|
return ErrInvalidTokenFormat
|
|
}
|
|
return nil
|
|
}
|