webstuff

package module

v0.0.0-...-7352a53 Latest Latest Go to latest Published: Feb 28, 2021 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/halvfigur/webstuff

Links

Open Source Insights

README ¶

Webstuff

A simple module providing simple things such as user logins, session management and authentication.

Documentation ¶

Index ¶

Constants
Variables
func Authenticate(auth Authenticator) http.HandlerFunc
func Authorize(auth Authorizer) func(http.Handler) http.Handler
type Authenticator
type Authorizer
type PasetoSessionCodec
- func NewPasetoSessionCodec(key []byte) *PasetoSessionCodec
- func (c *PasetoSessionCodec) Decode(token string) ([]byte, error)
- func (c *PasetoSessionCodec) Encode(session []byte) (string, error)
type SessionCodec

Constants ¶

View Source

const ContextAttrSession = 0

ContextAttrSession is the key associated with the current session attached to an authenticated request as a context value.

View Source

const CookieAttrSession = "session"

View Source

const SessionTimeout = 30 * time.Minute

Variables ¶

View Source

var ErrBadRequest = errors.New("bad request")

View Source

var ErrExpired = errors.New("expired")

View Source

var ErrUnauthorized = errors.New("unauthorized")

Functions ¶

func Authenticate ¶

func Authenticate(auth Authenticator) http.HandlerFunc

Authenticate accepts POST requests with a valid login request. Reply codes and conditions as follows.

405 Method not allowed

If the method is not "POST"

400 Bad request

If the request didn't contain a valid credentials model

401 Unauthorized

If the credentials could not be authenticated

200 OK

If the credentials were authenticated

If successful a session cookie named "session" is attached to the reply.

func Authorize ¶

func Authorize(auth Authorizer) func(http.Handler) http.Handler

Authorize attemps to authorize a request and forwards the request to the next handler if successful. If the request could not be authorized an appropriate error code is sent to the client.

Types ¶

type Authenticator ¶

type Authenticator interface {
	// Authenticate a session based on the payload available in r.
	// On success return a session and the session timeout.
	Authenticate(io.ReadCloser) (*http.Cookie, error)
}

type Authorizer ¶

type Authorizer interface {
	Authorize(*http.Request) (interface{}, error)
}

type PasetoSessionCodec ¶

type PasetoSessionCodec struct {
	// contains filtered or unexported fields
}

PasetoSessionCodec provides PASETO security tokens

func NewPasetoSessionCodec ¶

func NewPasetoSessionCodec(key []byte) *PasetoSessionCodec

NewPasetoSessionCodec creates a new PasetoSessionCodec using key

func (*PasetoSessionCodec) Decode ¶

func (c *PasetoSessionCodec) Decode(token string) ([]byte, error)

Decode a session cookie

func (*PasetoSessionCodec) Encode ¶

func (c *PasetoSessionCodec) Encode(session []byte) (string, error)

Encode a session cookie

type SessionCodec ¶

type SessionCodec interface {
	// Encode a session cookie
	Encode(session []byte) (string, error)
	// Decode a session cookie
	Decode(token string) ([]byte, error)
}

SessionCodec encodes and decodes session cookies

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL