package entities import ( "time" "go.mongodb.org/mongo-driver/v2/bson" ) // User represents a system user type User struct { ID bson.ObjectID `bson:"_id,omitempty"` Email string `bson:"email"` Username string `bson:"username"` PasswordHash string `bson:"password_hash"` FirstName string `bson:"first_name"` LastName string `bson:"last_name"` Avatar string `bson:"avatar,omitempty"` GroupIDs []bson.ObjectID `bson:"group_ids,omitempty"` Permissions []string `bson:"permissions,omitempty"` IsActive bool `bson:"is_active"` EmailVerified bool `bson:"email_verified"` CreatedAt time.Time `bson:"created_at"` UpdatedAt time.Time `bson:"updated_at"` LastLoginAt *time.Time `bson:"last_login_at,omitempty"` } // UserProviderLink links external OAuth/OIDC providers to a user type UserProviderLink struct { ID bson.ObjectID `bson:"_id,omitempty"` UserID bson.ObjectID `bson:"user_id"` ProviderID bson.ObjectID `bson:"provider_id"` ProviderUserID string `bson:"provider_user_id"` Email string `bson:"email"` ProfileData map[string]any `bson:"profile_data,omitempty"` AccessToken string `bson:"access_token"` // Consider encrypting in production RefreshToken string `bson:"refresh_token,omitempty"` AccessTokenExp *time.Time `bson:"access_token_exp,omitempty"` LinkedAt time.Time `bson:"linked_at"` LastUsedAt *time.Time `bson:"last_used_at,omitempty"` } // AccountRecovery represents account recovery tokens type AccountRecovery struct { ID bson.ObjectID `bson:"_id,omitempty"` UserID bson.ObjectID `bson:"user_id"` Token string `bson:"token"` Type string `bson:"type"` // "password_reset", "email_verification" ExpiresAt time.Time `bson:"expires_at"` UsedAt *time.Time `bson:"used_at,omitempty"` CreatedAt time.Time `bson:"created_at"` }