Documentation
¶
Index ¶
- Variables
- func CheckKeyHash(key Key, hash string) bool
- func CheckPasswordHash(password, hash string) bool
- func GetBearerToken(r *http.Request) (string, error)
- func HashKey(key Key) string
- func HashPassword(password string) (string, error)
- type Key
- type Session
- type SessionID
- type SessionManager
- func (sm *SessionManager) CreateSession(account model.Account) (Session, error)
- func (sm *SessionManager) DeleteSession(sid SessionID) bool
- func (sm *SessionManager) FromContext(ctx context.Context) (Session, error)
- func (sm *SessionManager) UpdateSession(session Session)
- func (sm *SessionManager) WithSessionAuth(next http.Handler) http.Handler
Constants ¶
This section is empty.
Variables ¶
var ( // ErrSessionTimeout is returned when a caller attempts to access a session that's expired ErrSessionTimeout = errors.New("the session timed out") // ErrSessionDNE is returned when a caller attempts to access a session that doesn't exist ErrSessionDNE = errors.New("the session does not exist") )
Functions ¶
func CheckKeyHash ¶
CheckKeyHash checks whether a plaintext Key is represented by a hash
func CheckPasswordHash ¶
CheckPasswordHash checks whether a plaintext password is represented by hash
func GetBearerToken ¶
GetBearerToken is a helper function to retreive a token sent in standard "Bearer" format from a request (https://tools.ietf.org/html/rfc6750#page-5). If the request doesn't contain an Authorization header or the Authorization header is improperly formatted, getBearerToken returns "". Handlers generally shouldn't call this function, and should instead call getSessionID or getApiKey (TODO) to specify which type of token they are expecting.
func HashKey ¶
HashKey returns a stringified (64 bytes) sha256 checksum of a Key. This is sufficient for securely storing Key's in the database, see reputable StackExchange answer: https://security.stackexchange.com/a/180364
func HashPassword ¶
HashPassword returns a stringified password hash
Types ¶
type SessionID ¶
type SessionID string
SessionID is a 32 byte, base64 encoded, cryptographically secure random string
type SessionManager ¶
type SessionManager struct {
// contains filtered or unexported fields
}
SessionManager is an in-memory session store. The app should only ever create one of these and pass it around as a pointer
func NewSessionManager ¶
func NewSessionManager(timeout time.Duration) *SessionManager
NewSessionManager creates a new *SessionManager
func (*SessionManager) CreateSession ¶
func (sm *SessionManager) CreateSession(account model.Account) (Session, error)
CreateSession creates a new session in the SessionManager's store, indexed by a new randomly generated SessionID, and expiring sm.timeout from the time it's created. It will return an error if the system's secure random number generator fails to function correctly.
func (*SessionManager) DeleteSession ¶
func (sm *SessionManager) DeleteSession(sid SessionID) bool
DeleteSession deletes a session from the session manager. Returns true if the session was found and deleted, or false if the session wasn't found
func (*SessionManager) FromContext ¶
func (sm *SessionManager) FromContext(ctx context.Context) (Session, error)
FromContext gets a Session from a request context. WithSessionAuth-wrapped handlers should use this to access Session data from within the handler
func (*SessionManager) UpdateSession ¶
func (sm *SessionManager) UpdateSession(session Session)
UpdateSession updates a session in the session manager with the new session passed in to it.
func (*SessionManager) WithSessionAuth ¶
func (sm *SessionManager) WithSessionAuth(next http.Handler) http.Handler
WithSessionAuth is a middlewear function for protecting handlers for routes that require the user to be authenticated. If the user has an
Source Files