Documentation ¶
Overview ¶
Package session defines a request handler that helps for the instantiation of client/server sessions.
Index ¶
- Variables
- func AddTimeLimit(t time.Time) func(CookieValue) CookieValue
- func ComputeHmac256(message, secret []byte) string
- func Enforcer(sessions ...Handler) xhttp.HandlerLinker
- func FixedUUID(id string) func(Handler) Handler
- func GenerateServerOnly(r *http.Request, id string, h *Handler) error
- func LoadServerOnly(r *http.Request, id string, h *Handler) error
- func ServerOnly() func(Handler) Handler
- func SetCache(c Cache) func(Handler) Handler
- func SetCookie(c Cookie) func(Handler) Handler
- func SetMaxage(maxage int) func(Handler) Handler
- func SetStore(s Store) func(Handler) Handler
- func SetUUIDgenerator(f func() (string, error)) func(Handler) Handler
- func VerifySignature(messageb64, messageMAC, secret string) (bool, error)
- type Cache
- type Cookie
- func (c Cookie) Decode(h http.Cookie) error
- func (c Cookie) Delete(key string)
- func (c Cookie) Encode() (http.Cookie, error)
- func (c Cookie) Erase(w http.ResponseWriter, r *http.Request)
- func (c Cookie) Expire()
- func (c Cookie) Get(key string) (string, bool)
- func (c Cookie) ID() (string, bool)
- func (c Cookie) Set(key string, val string, maxage time.Duration)
- func (c Cookie) SetID(id string)
- func (c Cookie) TimeToExpiry(key string) (time.Duration, error)
- func (c Cookie) Touch()
- type CookieValue
- type Handler
- func (h Handler) Configure(options ...func(Handler) Handler) Handler
- func (h Handler) Delete(ctx context.Context, key string) error
- func (h *Handler) Generate(res http.ResponseWriter, req *http.Request) error
- func (h Handler) Get(ctx context.Context, key string) ([]byte, error)
- func (h Handler) ID() (string, error)
- func (h Handler) Link(hn xhttp.Handler) xhttp.HandlerLinker
- func (h *Handler) Load(res http.ResponseWriter, req *http.Request) error
- func (h Handler) Loaded(ctx context.Context) bool
- func (h Handler) Parent() (Handler, error)
- func (h Handler) Put(ctx context.Context, key string, value []byte, maxage time.Duration) error
- func (h Handler) Revoke(ctx context.Context) error
- func (h *Handler) Save(res http.ResponseWriter, req *http.Request) error
- func (h Handler) ServeHTTP(res http.ResponseWriter, req *http.Request)
- func (h Handler) SetID(id string)
- func (h Handler) Spawn(name string, options ...func(Handler) Handler) Handler
- func (h Handler) Spawned(s Handler) Handler
- func (h Handler) Touch(ctx context.Context) error
- type Interface
- type Metadata
- type Store
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoID is returned when no session ID was found or the value was invalid. ErrNoID = errors.New("No id or Invalid id.").Code(errcode.NoID) // ErrBadSession is returned when the session is in an invalid state. ErrBadSession = errors.New("Session may have been compromised or does not exist.").Code(errcode.BadSession) // ErrBadCookie is returned when the session cookie is invalid. ErrBadCookie = errors.New("Bad session cookie. Retry.").Code(errcode.BadCookie) // ErrNoCookie is returned when the session cookie is absent ErrNoCookie = errors.New("Session cookie absent.").Code(errcode.BadCookie) // ErrBadStorage is returned when session storage is faulty. ErrBadStorage = errors.New("Invalid storage.").Code(errcode.BadStorage) // ErrExpired is returned when the session has expired. ErrExpired = errors.New("Session has expired.").Code(errcode.Expired) // ErrKeyNotFound is returned when getting the value for a given key from the cookie // store failed. ErrKeyNotFound = errors.New("Key missing or expired.").Code(errcode.KeyNotFound) // ErrNoSession is returned when no session has been found for loading ErrNoSession = errors.New("No session.").Code(errcode.NoSession) // ErrParentInvalid is returned when the parent session is not present or invalid ErrParentInvalid = errors.New("Parent session absent or invalid") )
var ContextKey contextKey
ContextKey is used to retrieve a session cookie potentially stored in a context.
var (
KeySID = "@$ID@"
)
Functions ¶
func AddTimeLimit ¶
func AddTimeLimit(t time.Time) func(CookieValue) CookieValue
AddTimeLimit allows to set an additional time limit to a cookie value. An example of such use case is when we want the value to exist only for the remaining duration of a session.
func ComputeHmac256 ¶
ComputeHmac256 returns a base64 Encoded MAC.
func Enforcer ¶
func Enforcer(sessions ...Handler) xhttp.HandlerLinker
Enforce return a handler whose purpose is tom make sure that the sessions are present before continuing with request handling.
func GenerateServerOnly ¶
Generate will create and load in context.Context a new server-only session for a provided id if it does not already exist.
func LoadServerOnly ¶
Load is used to load a session which is only known server-side. (serve-only) In general, those kind of sessions are tied to a regular session (cookie-based).
func ServerOnly ¶
func SetStore ¶
SetStore is a configuration option for the session that adds server-side storage. The presence of a store automatically transforms the session in a server-side one.Only the session id is stored in the session cookie.
func VerifySignature ¶
VerifySignature checks the integrity of the base64 encoded data whose MAC of its base64 decoding was computed.
Types ¶
type Cache ¶
type Cache interface { Get(ctx context.Context, id string, hkey string) (res []byte, err error) Put(ctx context.Context, id string, hkey string, content []byte, maxage time.Duration) error Delete(ctx context.Context, id string, hkey string) error Clear() error ClearAfter(t time.Duration) error }
Cache defines the interface that a session cache should implement. It should be made safe for concurrent use by multiple goroutines as every session will most often share only one cache.
type Cookie ¶
type Cookie struct { HttpCookie *http.Cookie Data map[string]CookieValue ApplyMods *flag.Flag Secret string // the delimiter should be sendable via cookie. // It can't belong to the base64 list of accepted sigils. // It is used to separate the session cookie secret from the payload. Delimiter string }
Cookie defines the structure of a cookie based session object that can be used to persist session data between a client and the server.
func DefaultCookieConfig ¶
DefaultCookieConfig is used to configure a session Cookie underlying http.Cookie with sane default values. The cookie parameters are set to ; * HttpOnly: true * Path:"/" * Secure: true
func (Cookie) Decode ¶
Decode is used to deserialize the session cookie in order to make the stored session data accessible. If we detect that the client has tampered with the session cookie somehow, an error is returned.
func (Cookie) Delete ¶
Delete will remove the value stored in the cookie session for the given key if it exsts.
func (Cookie) Encode ¶
Encode will return a session cookie holding the json serialized session data.
func (Cookie) Erase ¶
func (c Cookie) Erase(w http.ResponseWriter, r *http.Request)
Erase deletes the session cookies sharing the session name
func (Cookie) Expire ¶
func (c Cookie) Expire()
Expire will allow to send a signal to the client browser to delete the session cookie as the session is now expired. At the next request, the client may be issued a new session id.
func (Cookie) Get ¶
Get retrieves the value stored in the cookie session corresponding to the given key, if it exists/has not expired.
func (Cookie) Set ¶
Set inserts a value in the cookie session for a given key. Do not use "id" as a key. It has been reserved by the library.
type CookieValue ¶
CookieValue defines the structure of the data stored in cookie based sessions.
func NewCookieValue ¶
func NewCookieValue(val string, maxage time.Duration, options ...func(CookieValue) CookieValue) CookieValue
NewCookieValue formats a new value ready for storage in the session cookie.
func (CookieValue) Expired ¶
func (c CookieValue) Expired() bool
Expired returns the expiration status of a given value.
type Handler ¶
type Handler struct { Name string Secret string // Cookie is the field that holds client side stored user session data // via a session cookie sent with every requests. Cookie Cookie ServerOnly bool // Handler specific context key under which the session cookie is saved ContextKey *contextKey // Store is the interface implemented by server-side session stores. Store Store Cache Cache Log *log.Logger // contains filtered or unexported fields }
Handler defines a type for request handling objects in charge of session instantiation and validation.
The duration of a session server-side is not necessarily the same as the duration of the session credentials stored by the client. The latter is controlled by the MaxAge field of the session cookie.
func (Handler) Get ¶
Get will retrieve the value corresponding to a given store key from the session.
func (Handler) ID ¶
ID will return the client session ID if it has not expired. Otherwise it return an error.
func (Handler) Link ¶
func (h Handler) Link(hn xhttp.Handler) xhttp.HandlerLinker
Link enables the linking of a xhttp.Handler to the session Handler.
func (Handler) Parent ¶
Parent returns an unitialized copy of the handler of a Parent session if the aforementionned exists. To use a Parent session,the Load method should be called first.
func (Handler) Put ¶
Put will save a key/value pair in the session store (preferentially). If no store is present, cookie storage will be used. if maxage < 0, the key/session should expire immediately. if maxage = 0, the key/session has no set expiry.
func (*Handler) Save ¶
Save will modify and keep the session data in the per-request context store. It needs to be called to apply session data changes. These changes entail a modification in the value of the session cookie. The session cookie is stored in the context.Context non-encoded. Not safe for concurrent use by multiple goroutines.
func (Handler) ServeHTTP ¶
func (h Handler) ServeHTTP(res http.ResponseWriter, req *http.Request)
ServeHTTP effectively makes the session a xhttp request handler.
type Interface ¶
type Interface interface { ID() (string, error) SetID(string) Get(context.Context, string) ([]byte, error) Put(ctx context.Context, key string, value []byte, maxage time.Duration) error Delete(ctx context.Context, key string) error Load(res http.ResponseWriter, req *http.Request) error Save(res http.ResponseWriter, req *http.Request) error Generate(res http.ResponseWriter, req *http.Request) error }
Interface defines a common interface for objects that are used for session management.
type Metadata ¶
type Store ¶
type Store interface { Get(ctx context.Context, id string, hkey string) (res []byte, err error) Put(ctx context.Context, id string, hkey string, content []byte, maxage time.Duration) error Delete(ctx context.Context, id string, hkey string) error TimeToExpiry(ctx context.Context, id string, hkey string) (time.Duration, error) }
Store defines the interface that a session store should implement. It should be made safe for concurrent use by multiple goroutines as the server-side session store is very likely to be shared across sessions.
N.B. When maxage is set for the validity of a key or the whole session: if t < 0, the key/session should expire immediately. if t = 0, the key/session has no set expiry.