jim800121/visionA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
visionA/visionA-backend/internal/usersession/errors.go
jim800121chen 22f0837ba8 feat(visionA-backend): Phase 0 → 0.7 雲端後端(雙 binary + OIDC BFF + stage 部署) 
從 edge-ai-platform POC 轉為正式產品的雲端後端,含以下整合階段:

- Phase 0:雛形骨架 — `cmd/api-server` (REST :3721) + `cmd/remote-proxy`
  (tunnel :3800 / internal :3801) 雙 binary 共用 internal/,沿用 POC 的
  WebSocket+yamux tunnel 協定但解耦 relay 與 API
- Phase 0.6:OIDC BFF 接 Innovedus Member Center
  - internal/oidc package(coreos/go-oidc + PKCE S256 + state + nonce)
  - internal/usersession package(HMAC-SHA256 cookie + RotateSessionID
    防 session fixation, OWASP ASVS V3.2.1)
  - 4 個 OIDC handler(/api/auth/login|callback|me|logout)+ AuthMiddleware
  - 完全拔除 StaticAuthProvider,OIDC 是唯一認證路徑
  - 9 個 ADR(含 ADR-010 BFF / ADR-011 取代 static auth /
    ADR-012 pending session shared cookie / ADR-013 PKCE-only public client)
- Phase 0.7:A1 改造 + security audit 修復
  - OIDC ClientSecret 變選填,支援 stage MC 的 public PKCE-only client
    (AuthStyleInParams 強制 token endpoint 不送 client_secret)
  - 預留 ServiceClient* 欄位給未來 client_credentials grant
  - 移除 13+ 處 resolveUserID(uc, StaticUserID) fallback 改 strict mode
    (Audit C1:multi-tenant 隔離破口)
  - Pairing exchange MarkUsed 失敗 abort + revoke session token(Audit M3)
  - 新增 all_endpoints_require_auth_test 整合測試(51 endpoint × 401)

驗證:go test -race -count=3 ./... 17 packages 全綠 / go vet 0 warning

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 11:21:20 +08:00

28 lines
1.4 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package usersession
import "errors"
// 公開 sentinel errors便於 caller 用 errors.Is 比對。
var (
// ErrNoSession 表示指定 ID 對應的 session 不存在(從未 Create、已 Delete、或已被 CleanupExpired 清掉)。
ErrNoSession = errors.New("usersession: not found")
// ErrSessionExpired 表示 session 雖存在但已逾時idle 或 absolute
// 大多情境下 CleanupExpired 會先行移除Get 直接回 ErrNoSession
// 少數時序下 Manager.GetSession 可能在比對 timeout 後主動回此 error便於 caller 區分。
ErrSessionExpired = errors.New("usersession: expired")
// ErrInvalidCookie 表示 cookie value 格式錯誤(缺 separator、欄位空、編碼失敗
ErrInvalidCookie = errors.New("usersession: invalid cookie")
// ErrSignatureMismatch 表示 cookie HMAC 簽章驗證失敗,可能被竄改或使用錯的 SigningKey。
ErrSignatureMismatch = errors.New("usersession: signature mismatch")
// ErrInvalidConfig 表示 CookieConfig 必填欄位缺漏(例如 SigningKey 為空)。
ErrInvalidConfig = errors.New("usersession: invalid config")
// ErrSigningKeyTooShort 表示 SigningKey 長度不足 MinSigningKeyBytes32 bytes
// HMAC-SHA256 安全建議 key 長度至少等於 hash output32 bytes / 256 bits
ErrSigningKeyTooShort = errors.New("usersession: signing key must be at least 32 bytes")
)
Reference in New Issue View Git Blame Copy Permalink