first commit

backend/internal/domain/entities/auth.go

@@ -0,0 +1,51 @@
+package entities
+
+import (
+	"time"
+
+	"go.mongodb.org/mongo-driver/v2/bson"
+)
+
+// AuthProvider represents a configured OAuth/OIDC provider
+type AuthProvider struct {
+	ID               bson.ObjectID `bson:"_id,omitempty"`
+	Name             string        `bson:"name"`
+	Type             string        `bson:"type"` // "oidc", "oauth2"
+	ClientID         string        `bson:"client_id"`
+	ClientSecret     string        `bson:"client_secret"` // Encrypted in DB
+	AuthorizationURL string        `bson:"authorization_url"`
+	TokenURL         string        `bson:"token_url"`
+	UserInfoURL      string        `bson:"userinfo_url"`
+	Scopes           []string      `bson:"scopes"`
+	IDTokenClaim     string        `bson:"id_token_claim,omitempty"`
+	IsActive         bool          `bson:"is_active"`
+	CreatedAt        time.Time     `bson:"created_at"`
+	UpdatedAt        time.Time     `bson:"updated_at"`
+}
+
+// LoginAttempt tracks login attempts for brute-force protection
+type LoginAttempt struct {
+	ID        bson.ObjectID `bson:"_id,omitempty"`
+	Email     string        `bson:"email"`
+	IPAddress string        `bson:"ip_address"`
+	Success   bool          `bson:"success"`
+	Reason    string        `bson:"reason,omitempty"`
+	CreatedAt time.Time     `bson:"created_at"`
+	ExpiresAt time.Time     `bson:"expires_at"`
+}
+
+// FeatureFlags controls app-wide behavior toggles.
+type FeatureFlags struct {
+	RegistrationEnabled  bool `bson:"registration_enabled"`
+	ProviderLoginEnabled bool `bson:"provider_login_enabled"`
+	PublicSharingEnabled bool `bson:"public_sharing_enabled"`
+}
+
+// NewDefaultFeatureFlags returns safe defaults for a new deployment.
+func NewDefaultFeatureFlags() *FeatureFlags {
+	return &FeatureFlags{
+		RegistrationEnabled:  true,
+		ProviderLoginEnabled: true,
+		PublicSharingEnabled: true,
+	}
+}