sessionauth

package module
v0.0.0-...-3c15d8c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2014 License: MIT Imports: 6 Imported by: 0

README

sessionauth wercker status

Purpose

This package provides a simple way to make routes require a login, and to handle user logins in the session. It should work with any user model that you have in your application, so long as your user model implements the login.User interface.

Please see the example program in the example/ directory.

Program Flow:

Every new request to Martini will generate an Anonymous login.User struct using the function passed to SessionUser. This should default to a zero value user model, and must implement the login.User interface. If a user exists in the request session, this user will be injected into every request handler. Otherwise the zero value object will be injected.

When a user visits any route with the LoginRequired handler, the login.User object will be examined with the IsAuthenticated() function. If the user is not authenticated, they will be redirected to a login page (/login).

To log your users in, you should create a POST route, and verify the user/password that was sent from the client. Due to the vast possibilities of doing this, you must be responsible for validating a user. Once that user is validated, call login.AuthenticateSession() to mark the session as authenticated.

Your user type should meet the login.User interface:

    type User interface {
        // Return whether this user is logged in or not
        IsAuthenticated() bool

        // Set any flags or extra data that should be available
        Login()

        // Clear any sensitive data out of the user
        Logout()

        // Return the unique identifier of this user object
        UniqueId() interface{}

        // Populate this user object with values
        GetById(id interface{}) error
   }

The SessionUser() Martini middleware will inject the login.User interface into your route handlers. These interfaces must be converted to your appropriate type to function correctly.

    func handler(user login.User, db *MyDB) {
        u := user.(*UserModel)
        db.Save(u)
    }

Documentation

Overview

Package login is a middleware for Martini that provides a simple way to track user sessions in on a website. Please see https://github.com/martini-contrib/sessionauth/blob/master/README.md for a more detailed description of the package.

Index

Constants

This section is empty.

Variables

View Source
var (
	// RedirectUrl should be the relative URL for your login route
	RedirectUrl string = "/login"

	// RedirectParam is the query string parameter that will be set
	// with the page the user was trying to visit before they were
	// intercepted.
	RedirectParam string = "next"

	// SessionKey is the key containing the unique ID in your session
	SessionKey string = "AUTHUNIQUEID"
)

These are the default configuration values for this package. They can be set at anytime, probably during the initial setup of Martini.

Functions

func AuthenticateSession

func AuthenticateSession(s sessions.Session, user User) error

AuthenticateSession will mark the session and user object as authenticated. Then the Login() user function will be called. This function should be called after you have validated a user.

func LoginRequired

func LoginRequired(r render.Render, user User, req *http.Request)

LoginRequired verifies that the current user is authenticated. Any routes that require a login should have this handler placed in the flow. If the user is not authenticated, they will be redirected to /login with the "next" get parameter set to the attempted URL.

func Logout

func Logout(s sessions.Session, user User)

Logout will clear out the session and call the Logout() user function.

func SessionUser

func SessionUser(newUser func() User) martini.Handler

SessionUser will try to read a unique user ID out of the session. Then it tries to populate an anonymous user object from the database based on that ID. If this is successful, the valid user is mapped into the context. Otherwise the anonymous user is mapped into the contact. The newUser() function should provide a valid 0value structure for the caller's user type.

func UpdateUser

func UpdateUser(s sessions.Session, user User) error

UpdateUser updates the User object stored in the session. This is useful incase a change is made to the user model that needs to persist across requests.

Types

type User

type User interface {
	// Return whether this user is logged in or not
	IsAuthenticated() bool

	// Set any flags or extra data that should be available
	Login()

	// Clear any sensitive data out of the user
	Logout()

	// Return the unique identifier of this user object
	UniqueId() interface{}

	// Populate this user object with values
	GetById(id interface{}) error
}

User defines all the functions necessary to work with the user's authentication. The caller should implement these functions for whatever system of authentication they choose to use

Directories

Path Synopsis
Auth example is an example application which requires a login to view a private link.
Auth example is an example application which requires a login to view a private link.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL