feat: authsession service
This commit is contained in:
Ilia Denisov
@@ -0,0 +1,26 @@
|
||||
package challenge
|
||||
|
||||
import "time"
|
||||
|
||||
const (
|
||||
// InitialTTL is the v1 lifetime of a newly created challenge before it
|
||||
// becomes expired.
|
||||
InitialTTL = 5 * time.Minute
|
||||
|
||||
// ResendThrottleCooldown is the fixed Stage-17 cooldown applied to repeated
|
||||
// public send-email-code requests for the same normalized e-mail address.
|
||||
ResendThrottleCooldown = time.Minute
|
||||
|
||||
// ConfirmedRetention is the v1 idempotency window kept after a successful
|
||||
// challenge confirmation.
|
||||
ConfirmedRetention = 5 * time.Minute
|
||||
|
||||
// MaxInvalidConfirmAttempts is the v1 threshold after which repeated invalid
|
||||
// confirmation codes move a challenge into the failed state.
|
||||
MaxInvalidConfirmAttempts = 5
|
||||
)
|
||||
|
||||
// V1 resend policy keeps every public send-email-code request independent:
|
||||
// each call creates a fresh challenge, existing challenges are not reused or
|
||||
// deduplicated, and Stage 17 adds a fixed auth-side resend cooldown that may
|
||||
// record the fresh challenge as delivery_throttled.
|
||||
Reference in New Issue
Block a user