Documentation
¶
Overview ¶
Copyright (c) 2024 Eli Janssen Use of this source code is governed by an MIT-style license that can be found in the LICENSE file.
Copyright (c) 2024 Eli Janssen Use of this source code is governed by an MIT-style license that can be found in the LICENSE file.
Copyright (c) 2024 Eli Janssen Use of this source code is governed by an MIT-style license that can be found in the LICENSE file.
Index ¶
- type SessionManager
- type SessionMgr
- func (sm *SessionMgr) Close()
- func (sm *SessionMgr) FlashAppend(ctx context.Context, key string, val ...string)
- func (sm *SessionMgr) FlashPopAll(ctx context.Context) map[string][]string
- func (sm *SessionMgr) FlashPopKey(ctx context.Context, key string) []string
- func (sm *SessionMgr) GetMap(ctx context.Context, key string) map[string][]string
- func (sm *SessionMgr) PopMap(ctx context.Context, key string) map[string][]string
- func (sm *SessionMgr) PutMap(ctx context.Context, key string, value map[string][]string)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SessionManager ¶
type SessionManager interface {
// Load retrieves the session data for the given token from the session store,
// and returns a new context.Context containing the session data. If no matching
// token is found then this will create a new session.
//
// Most applications will use the LoadAndSave() middleware and will not need to
// use this method.
Load(ctx context.Context, token string) (context.Context, error)
// Commit saves the session data to the session store and returns the session
// token and expiry time.
//
// Most applications will use the LoadAndSave() middleware and will not need to
// use this method.
Commit(ctx context.Context) (string, time.Time, error)
// Destroy deletes the session data from the session store and sets the session
// status to Destroyed. Any further operations in the same request cycle will
// result in a new session being created.
Destroy(ctx context.Context) error
// Put adds a key and corresponding value to the session data. Any existing
// value for the key will be replaced. The session data status will be set to
// Modified.
Put(ctx context.Context, key string, val interface{})
// Get returns the value for a given key from the session data. The return
// value has the type interface{} so will usually need to be type asserted
// before you can use it. For example:
//
// foo, ok := session.Get(r, "foo").(string)
// if !ok {
// return errors.New("type assertion to string failed")
// }
//
// Also see the GetString(), GetInt(), GetBytes() and other helper methods which
// wrap the type conversion for common types.
Get(ctx context.Context, key string) interface{}
// Pop acts like a one-time Get. It returns the value for a given key from the
// session data and deletes the key and value from the session data. The
// session data status will be set to Modified. The return value has the type
// interface{} so will usually need to be type asserted before you can use it.
Pop(ctx context.Context, key string) interface{}
// Remove deletes the given key and corresponding value from the session data.
// The session data status will be set to Modified. If the key is not present
// this operation is a no-op.
Remove(ctx context.Context, key string)
// Clear removes all data for the current session. The session token and
// lifetime are unaffected. If there is no data in the current session this is
// a no-op.
Clear(ctx context.Context) error
// Exists returns true if the given key is present in the session data.
Exists(ctx context.Context, key string) bool
// Keys returns a slice of all key names present in the session data, sorted
// alphabetically. If the data contains no data then an empty slice will be
// returned.
Keys(ctx context.Context) []string
// RenewToken updates the session data to have a new session token while
// retaining the current session data. The session lifetime is also reset and
// the session data status will be set to Modified.
//
// The old session token and accompanying data are deleted from the session store.
//
// To mitigate the risk of session fixation attacks, it's important that you call
// RenewToken before making any changes to privilege levels (e.g. login and
// logout operations). See https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Session_Management_Cheat_Sheet.md#renew-the-session-id-after-any-privilege-level-change
// for additional information.
RenewToken(ctx context.Context) error
// MergeSession is used to merge in data from a different session in case strict
// session tokens are lost across an oauth or similar redirect flows. Use Clear()
// if no values of the new session are to be used.
MergeSession(ctx context.Context, token string) error
// Status returns the current status of the session data.
Status(ctx context.Context) scs.Status
// GetString returns the string value for a given key from the session data.
// The zero value for a string ("") is returned if the key does not exist or the
// value could not be type asserted to a string.
GetString(ctx context.Context, key string) string
// GetBool returns the bool value for a given key from the session data. The
// zero value for a bool (false) is returned if the key does not exist or the
// value could not be type asserted to a bool.
GetBool(ctx context.Context, key string) bool
// GetInt returns the int value for a given key from the session data. The
// zero value for an int (0) is returned if the key does not exist or the
// value could not be type asserted to an int.
GetInt(ctx context.Context, key string) int
// GetInt64 returns the int64 value for a given key from the session data. The
// zero value for an int64 (0) is returned if the key does not exist or the
// value could not be type asserted to an int64.
GetInt64(ctx context.Context, key string) int64
// GetInt32 returns the int value for a given key from the session data. The
// zero value for an int32 (0) is returned if the key does not exist or the
// value could not be type asserted to an int32.
GetInt32(ctx context.Context, key string) int32
// GetFloat returns the float64 value for a given key from the session data. The
// zero value for an float64 (0) is returned if the key does not exist or the
// value could not be type asserted to a float64.
GetFloat(ctx context.Context, key string) float64
// GetBytes returns the byte slice ([]byte) value for a given key from the session
// data. The zero value for a slice (nil) is returned if the key does not exist
// or could not be type asserted to []byte.
GetBytes(ctx context.Context, key string) []byte
// GetTime returns the time.Time value for a given key from the session data. The
// zero value for a time.Time object is returned if the key does not exist or the
// value could not be type asserted to a time.Time. This can be tested with the
// time.IsZero() method.
GetTime(ctx context.Context, key string) time.Time
// PopString returns the string value for a given key and then deletes it from the
// session data. The session data status will be set to Modified. The zero
// value for a string ("") is returned if the key does not exist or the value
// could not be type asserted to a string.
PopString(ctx context.Context, key string) string
// PopBool returns the bool value for a given key and then deletes it from the
// session data. The session data status will be set to Modified. The zero
// value for a bool (false) is returned if the key does not exist or the value
// could not be type asserted to a bool.
PopBool(ctx context.Context, key string) bool
// PopInt returns the int value for a given key and then deletes it from the
// session data. The session data status will be set to Modified. The zero
// value for an int (0) is returned if the key does not exist or the value could
// not be type asserted to an int.
PopInt(ctx context.Context, key string) int
// PopFloat returns the float64 value for a given key and then deletes it from the
// session data. The session data status will be set to Modified. The zero
// value for an float64 (0) is returned if the key does not exist or the value
// could not be type asserted to a float64.
PopFloat(ctx context.Context, key string) float64
// PopBytes returns the byte slice ([]byte) value for a given key and then
// deletes it from the from the session data. The session data status will be
// set to Modified. The zero value for a slice (nil) is returned if the key does
// not exist or could not be type asserted to []byte.
PopBytes(ctx context.Context, key string) []byte
// PopTime returns the time.Time value for a given key and then deletes it from
// the session data. The session data status will be set to Modified. The zero
// value for a time.Time object is returned if the key does not exist or the
// value could not be type asserted to a time.Time.
PopTime(ctx context.Context, key string) time.Time
// RememberMe controls whether the session cookie is persistent (i.e whether it
// is retained after a user closes their browser). RememberMe only has an effect
// if you have set SessionManager.Cookie.Persist = false (the default is true) and
// you are using the standard LoadAndSave() middleware.
RememberMe(ctx context.Context, val bool)
// Iterate retrieves all active (i.e. not expired) sessions from the store and
// executes the provided function fn for each session. If the session store
// being used does not support iteration then Iterate will panic.
Iterate(ctx context.Context, fn func(context.Context) error) error
// Deadline returns the 'absolute' expiry time for the session. Please note
// that if you are using an idle timeout, it is possible that a session will
// expire due to non-use before the returned deadline.
Deadline(ctx context.Context) time.Time
// SetDeadline updates the 'absolute' expiry time for the session. Please note
// that if you are using an idle timeout, it is possible that a session will
// expire due to non-use before the set deadline.
SetDeadline(ctx context.Context, expire time.Time)
// Token returns the session token. Please note that this will return the
// empty string "" if it is called before the session has been committed to
// the store.
Token(ctx context.Context) string
// LoadAndSave provides middleware which automatically loads and saves session
// data for the current request, and communicates the session token to and from
// the client in a cookie.
LoadAndSave(next http.Handler) http.Handler
// WriteSessionCookie writes a cookie to the HTTP response with the provided
// token as the cookie value and expiry as the cookie expiry time. The expiry
// time will be included in the cookie only if the session is set to persist
// or has had RememberMe(true) called on it. If expiry is an empty time.Time
// struct (so that it's IsZero() method returns true) the cookie will be
// marked with a historical expiry time and negative max-age (so the browser
// deletes it).
//
// Most applications will use the LoadAndSave() middleware and will not need to
// use this method.
WriteSessionCookie(ctx context.Context, w http.ResponseWriter, token string, expiry time.Time)
// wrapper methods not present in original
GetMap(ctx context.Context, key string) map[string][]string
PutMap(ctx context.Context, key string, value map[string][]string)
PopMap(ctx context.Context, key string) map[string][]string
FlashAppend(ctx context.Context, key string, val ...string)
FlashPopAll(ctx context.Context) map[string][]string
FlashPopKey(ctx context.Context, key string) []string
Close()
}
SessionManager works with sessions generated from "github.com/alexedwards/scs/v2"
type SessionMgr ¶
type SessionMgr struct {
*scs.SessionManager
}
func NewDBSessionManager ¶
func NewDBSessionManager(pool *pgxpool.Pool, secure bool) *SessionMgr
func NewRedisSessionManager ¶
func NewRedisSessionManager(rdb *redis.Client, secure bool) *SessionMgr
func NewTestSessionManager ¶
func NewTestSessionManager() *SessionMgr
func (*SessionMgr) Close ¶
func (sm *SessionMgr) Close()
func (*SessionMgr) FlashAppend ¶
func (sm *SessionMgr) FlashAppend(ctx context.Context, key string, val ...string)
func (*SessionMgr) FlashPopAll ¶
func (sm *SessionMgr) FlashPopAll(ctx context.Context) map[string][]string
func (*SessionMgr) FlashPopKey ¶
func (sm *SessionMgr) FlashPopKey(ctx context.Context, key string) []string
Source Files
Click to show internal directories.
Click to hide internal directories.