codanna 0.9.19

Code Intelligence for Large Language Models
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308

//! Authentication service implementation
//!
//! This package demonstrates:
//! - Service implementation with dependencies
//! - Cross-package type usage and imports
//! - Interface definitions and implementations
//! - Error handling patterns
//! - Context usage for cancellation/timeouts

package services

import (
	"context"
	"crypto/sha256"
	"errors"
	"fmt"
	"strings"
	"sync"
	"time"

	// Import from other packages in this module
	"app/models"
)

// Package-level constants
const (
	TokenExpiry       = 24 * time.Hour
	MaxSessions       = 1000
	MinPasswordLength = 6
)

// AuthToken represents an authentication token
type AuthToken string

// Session represents a user session
type Session struct {
	Token     AuthToken
	UserID    uint64
	CreatedAt time.Time
	ExpiresAt time.Time
}

// IsExpired checks if the session has expired
func (s *Session) IsExpired() bool {
	return time.Now().After(s.ExpiresAt)
}

// AuthService handles user authentication and session management
type AuthService struct {
	db           *DatabaseConnection
	sessions     map[AuthToken]*Session
	users        map[string]*models.User // email -> user
	mutex        sync.RWMutex
	tokenCounter uint64
}

// NewAuthService creates a new authentication service
func NewAuthService(db *DatabaseConnection) *AuthService {
	return &AuthService{
		db:       db,
		sessions: make(map[AuthToken]*Session),
		users:    make(map[string]*models.User),
		mutex:    sync.RWMutex{},
	}
}

// RegisterUser registers a new user in the system
func (a *AuthService) RegisterUser(user *models.User) error {
	a.mutex.Lock()
	defer a.mutex.Unlock()

	// Validate user data
	if err := user.Validate(); err != nil {
		return fmt.Errorf("user validation failed: %w", err)
	}

	// Check for duplicate email
	if _, exists := a.users[user.Email()]; exists {
		return NewAuthError(ErrDuplicateEmail, "email already registered")
	}

	// Store user (in real implementation, would use database)
	a.users[user.Email()] = user

	// Mock database operation
	if err := a.db.Execute("INSERT INTO users (name, email, role) VALUES (?, ?, ?)",
		[]interface{}{user.Name(), user.Email(), user.Role().String()}); err != nil {
		return fmt.Errorf("database error: %w", err)
	}

	return nil
}

// Authenticate authenticates a user and creates a session
func (a *AuthService) Authenticate(ctx context.Context, email, password string) (AuthToken, error) {
	// Check context cancellation
	select {
	case <-ctx.Done():
		return "", ctx.Err()
	default:
	}

	a.mutex.RLock()
	user, exists := a.users[email]
	a.mutex.RUnlock()

	if !exists {
		return "", NewAuthError(ErrUserNotFound, "user not found")
	}

	// Mock password validation
	if len(password) < MinPasswordLength {
		return "", NewAuthError(ErrInvalidCredentials, "invalid credentials")
	}

	// Generate session token
	token := a.generateToken(user)

	// Create session
	session := &Session{
		Token:     token,
		UserID:    user.ID,
		CreatedAt: time.Now(),
		ExpiresAt: time.Now().Add(TokenExpiry),
	}

	a.mutex.Lock()
	a.sessions[token] = session
	a.mutex.Unlock()

	// Update user's last login
	user.UpdateLastLogin()

	return token, nil
}

// ValidateSession validates a session token and returns the user
func (a *AuthService) ValidateSession(token AuthToken) (*models.User, error) {
	a.mutex.RLock()
	session, exists := a.sessions[token]
	a.mutex.RUnlock()

	if !exists {
		return nil, NewAuthError(ErrInvalidToken, "invalid token")
	}

	if session.IsExpired() {
		// Remove expired session
		a.mutex.Lock()
		delete(a.sessions, token)
		a.mutex.Unlock()
		return nil, NewAuthError(ErrExpiredToken, "token expired")
	}

	// Find user by ID
	a.mutex.RLock()
	defer a.mutex.RUnlock()

	for _, user := range a.users {
		if user.ID == session.UserID {
			return user, nil
		}
	}

	return nil, NewAuthError(ErrUserNotFound, "user not found for session")
}

// Logout invalidates a session token
func (a *AuthService) Logout(token AuthToken) error {
	a.mutex.Lock()
	defer a.mutex.Unlock()

	if _, exists := a.sessions[token]; !exists {
		return NewAuthError(ErrInvalidToken, "invalid token")
	}

	delete(a.sessions, token)
	return nil
}

// GetSessionCount returns the number of active sessions
func (a *AuthService) GetSessionCount() int {
	a.mutex.RLock()
	defer a.mutex.RUnlock()

	count := 0
	for _, session := range a.sessions {
		if !session.IsExpired() {
			count++
		}
	}
	return count
}

// CleanupExpiredSessions removes expired sessions
func (a *AuthService) CleanupExpiredSessions() int {
	a.mutex.Lock()
	defer a.mutex.Unlock()

	removed := 0
	for token, session := range a.sessions {
		if session.IsExpired() {
			delete(a.sessions, token)
			removed++
		}
	}
	return removed
}

// GetUserByEmail retrieves a user by email (package-private for testing)
func (a *AuthService) getUserByEmail(email string) *models.User {
	a.mutex.RLock()
	defer a.mutex.RUnlock()
	return a.users[email]
}

// Private helper methods

// generateToken generates a unique session token
func (a *AuthService) generateToken(user *models.User) AuthToken {
	a.tokenCounter++
	data := fmt.Sprintf("%d-%d-%d", user.ID, a.tokenCounter, time.Now().UnixNano())
	hash := sha256.Sum256([]byte(data))
	return AuthToken(fmt.Sprintf("%x", hash[:16])) // Use first 16 bytes
}

// Package-level utility functions

// HashPassword creates a hash of the password (mock implementation)
func HashPassword(password string) string {
	hash := sha256.Sum256([]byte(password + "salt"))
	return fmt.Sprintf("%x", hash)
}

// VerifyPassword verifies a password against its hash
func VerifyPassword(password, hash string) bool {
	return HashPassword(password) == hash
}

// ParseAuthError attempts to parse an error string into an AuthError
func ParseAuthError(errorMsg string) (*AuthError, error) {
	errorMsg = strings.ToLower(errorMsg)

	switch {
	case strings.Contains(errorMsg, "not found"):
		return NewAuthError(ErrUserNotFound, errorMsg), nil
	case strings.Contains(errorMsg, "duplicate"):
		return NewAuthError(ErrDuplicateEmail, errorMsg), nil
	case strings.Contains(errorMsg, "invalid"):
		return NewAuthError(ErrInvalidCredentials, errorMsg), nil
	default:
		return nil, errors.New("cannot parse error message")
	}
}

// Error types and constants
type AuthErrorCode int

const (
	ErrUserNotFound AuthErrorCode = iota
	ErrDuplicateEmail
	ErrInvalidCredentials
	ErrInvalidToken
	ErrExpiredToken
	ErrTooManySessions
)

// AuthError represents authentication-related errors
type AuthError struct {
	Code    AuthErrorCode
	Message string
}

func NewAuthError(code AuthErrorCode, message string) *AuthError {
	return &AuthError{
		Code:    code,
		Message: message,
	}
}

func (e *AuthError) Error() string {
	return fmt.Sprintf("auth error [%d]: %s", int(e.Code), e.Message)
}

// Is implements error comparison
func (e *AuthError) Is(target error) bool {
	if other, ok := target.(*AuthError); ok {
		return e.Code == other.Code
	}
	return false
}

// Convert from models.UserError
func (e *AuthError) FromUserError(userErr *models.UserError) *AuthError {
	switch userErr.Code {
	case 3: // models.ErrUserNotFound
		return NewAuthError(ErrUserNotFound, userErr.Message)
	case 4: // models.ErrDuplicateEmail
		return NewAuthError(ErrDuplicateEmail, userErr.Message)
	default:
		return NewAuthError(ErrInvalidCredentials, userErr.Message)
	}
}

// Package initialization
func init() {
	fmt.Println("[INIT] Auth service package initialized")
}