Here, I'm making secure authentication with golang from scratch (Not using plugin and copying other repositories), there are a lot of complexity in there such as encrypting password and digit code, sending email verification code with SMTP, and managing the cookie for storing the token.
- user_id: A unique identifier for each user (primary key).
- username: The user's username.
- email: The user's email address.
- phonenumber: The user's phonenumber.
- lastlogin: When the user login to account.
- isemailverified: A boolean indicating whether the email address has been verified.
- isphonenumberverified: A boolean for phone verification (not directly related to email verification here).
- emailverify_id: A unique identifier for each email verification record (primary key).
- user_id: A foreign key referencing the user_id in the public.users table, linking the verification attempt to a specific user.
- expires_at: A timestamp specifying when the verification code will expire.
- verif_code: The email verification code (e.g., a 6-digit code).
- attempts: A counter for tracking how many times the user has attempted verification (e.g., max 3 attempts).
- used_for: Specifies the purpose of verification (e.g., "Verify Email" or "Forget Password").
- is_verified: A boolean indicating whether the verification was successful.
- product_id: A unique identifier for each product (primary key). This value is generated dynamically (e.g., using concat('PR-', ...)).
- user_id: A foreign key referencing the user_id field in the public.users table. This links the product to the user who created it.
- product_name: The name of the product.
- product_photo: A field that stores the path or identifier for the product's image.
- price: The price of the product, stored as an integer (e.g., in cents or the smallest currency unit).
- visibility: A boolean indicating whether the product is visible to other users or is hidden.
Inputs: Username, Password, and Email. Output: Triggers an Email Verification Code generation, which is sent to the user's email for verification.
- Verifies the email using the Email Verification Code.
- If verified:
- Transitions to Verified Email status.
- Generates an Authorization Token for secure access.
- If not verified within a certain time or expired::
- Option to Resend Code is provided.
Inputs: Username and Password. Condition: Requires the email to be verified before allowing login.
Triggers the generation of a new Email Verification Code for password recovery. Follows a similar flow as email verification: Code can be Resent if expired. Once verified, transitions to Change Password.
Enables the user to update their password after successfully verifying the Email Verification Code for password recovery.
Supports email-related actions such as verification and password recovery by creating secure, time-bound tokens.