-
Notifications
You must be signed in to change notification settings - Fork 27
/
kind_verification.go
115 lines (100 loc) · 4.08 KB
/
kind_verification.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package otp
import (
"time"
"github.com/authgear/authgear-server/pkg/api/model"
"github.com/authgear/authgear-server/pkg/lib/config"
"github.com/authgear/authgear-server/pkg/lib/ratelimit"
)
const PurposeVerification Purpose = "verification"
const (
VerificationTriggerEmailPerIP ratelimit.BucketName = "VerificationTriggerEmailPerIP"
VerificationTriggerSMSPerIP ratelimit.BucketName = "VerificationTriggerSMSPerIP"
VerificationTriggerWhatsappPerIP ratelimit.BucketName = "VerificationTriggerWhatsappPerIP"
VerificationTriggerEmailPerUser ratelimit.BucketName = "VerificationTriggerEmailPerUser"
VerificationTriggerSMSPerUser ratelimit.BucketName = "VerificationTriggerSMSPerUser"
VerificationTriggerWhatsappPerUser ratelimit.BucketName = "VerificationTriggerWhatsappPerUser"
VerificationCooldownEmail ratelimit.BucketName = "VerificationCooldownEmail"
VerificationCooldownSMS ratelimit.BucketName = "VerificationCooldownSMS"
VerificationCooldownWhatsapp ratelimit.BucketName = "VerificationCooldownWhatsapp"
VerificationValidateEmailPerIP ratelimit.BucketName = "VerificationValidateEmailPerIP"
VerificationValidateSMSPerIP ratelimit.BucketName = "VerificationValidateSMSPerIP"
VerificationValidateWhatsappPerIP ratelimit.BucketName = "VerificationValidateWhatsappPerIP"
)
type kindVerification struct {
config *config.AppConfig
channel model.AuthenticatorOOBChannel
}
func KindVerification(config *config.AppConfig, channel model.AuthenticatorOOBChannel) Kind {
return kindVerification{config: config, channel: channel}
}
var _ KindFactory = KindVerification
func (k kindVerification) Purpose() Purpose {
return PurposeVerification
}
func (k kindVerification) ValidPeriod() time.Duration {
return k.config.Verification.CodeValidPeriod.Duration()
}
func (k kindVerification) RateLimitTriggerPerIP(ip string) ratelimit.BucketSpec {
return ratelimit.NewBucketSpec(
selectByChannel(k.channel,
k.config.Verification.RateLimits.Email.TriggerPerIP,
k.config.Verification.RateLimits.SMS.TriggerPerIP,
k.config.Verification.RateLimits.SMS.TriggerPerIP,
),
selectByChannel(k.channel,
VerificationTriggerEmailPerIP,
VerificationTriggerSMSPerIP,
VerificationTriggerWhatsappPerIP,
), ip)
}
func (k kindVerification) RateLimitTriggerPerUser(userID string) ratelimit.BucketSpec {
return ratelimit.NewBucketSpec(
selectByChannel(k.channel,
k.config.Verification.RateLimits.Email.TriggerPerUser,
k.config.Verification.RateLimits.SMS.TriggerPerUser,
k.config.Verification.RateLimits.SMS.TriggerPerUser,
),
selectByChannel(k.channel,
VerificationTriggerEmailPerUser,
VerificationTriggerSMSPerUser,
VerificationTriggerWhatsappPerUser,
), userID)
}
func (k kindVerification) RateLimitTriggerCooldown(target string) ratelimit.BucketSpec {
return ratelimit.NewCooldownSpec(
selectByChannel(k.channel,
VerificationCooldownEmail,
VerificationCooldownSMS,
VerificationCooldownWhatsapp,
),
selectByChannel(k.channel,
k.config.Verification.RateLimits.Email.TriggerCooldown,
k.config.Verification.RateLimits.SMS.TriggerCooldown,
k.config.Verification.RateLimits.SMS.TriggerCooldown,
).Duration(),
target,
)
}
func (k kindVerification) RateLimitValidatePerIP(ip string) ratelimit.BucketSpec {
return ratelimit.NewBucketSpec(
selectByChannel(k.channel,
k.config.Verification.RateLimits.Email.ValidatePerIP,
k.config.Verification.RateLimits.SMS.ValidatePerIP,
k.config.Verification.RateLimits.SMS.ValidatePerIP,
),
selectByChannel(k.channel,
VerificationValidateEmailPerIP,
VerificationValidateSMSPerIP,
VerificationValidateWhatsappPerIP,
), ip)
}
func (k kindVerification) RateLimitValidatePerUserPerIP(userID string, ip string) ratelimit.BucketSpec {
return ratelimit.BucketSpecDisabled
}
func (k kindVerification) RevocationMaxFailedAttempts() int {
return selectByChannel(k.channel,
k.config.Verification.RateLimits.Email.MaxFailedAttemptsRevokeOTP,
k.config.Verification.RateLimits.SMS.MaxFailedAttemptsRevokeOTP,
k.config.Verification.RateLimits.SMS.MaxFailedAttemptsRevokeOTP,
)
}