AuthenticateUserByToken returns true on successful authentication of the user against the given Authentication Token.

GetUserRole is the single point of logic for mapping role string to UserRole.

NewSession returns a session instance with ID set to a random ID and LastUsed to now.

NewSessionReaper creates a reaper that cleans stale sessions from the store.

NewUser creates a new user by hashing the passed plainPwd with bcrypt.

NewWebAuthnSessionStore returns a new session store.

ValidateAndHashPassword is the single point of logic for user password validations.

ValidateEmail is the single point of logic for user email validations.

https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length.

ErrUserSessionExpired defines the error triggered when the user session has expired.

Changeauth.TokenRequest is sent when updating a User's authentication token.

Session holds the unique id for the authenticated session.

SessionRequest encapsulates the fields needed to generate a new SessionID, including the hashed password.

User holds the credentials for API user.

WebAuthn holds the credentials for API user.

WebAuthnSessionStore is a wrapper around an in memory key value store which provides some helper methods related to webauthn operations.

WebAuthnUser implements the required duo-labs/webauthn/ 'User' interface kept separate from our internal 'User' struct.