tuersteher

README

Tuersteher

This is an auth library that is inspired by lucia-auth and its developer pilcrowonpaper and his Copenhagen Book where he talks about general guidelines to implementing auth in web applications. My decision on not to add database interactions is also based on his upcoming change to the v4 changes to lucia-auth and I agree with his mentality therefore this library will provide the following:

A detailed guide on how to implement authentication (currently only session based) in Golang that uses this library to add cookies based on the created session to the response and requests and copy/pastable code examples of how to integrate these sessions with your database.

Very important: this library does NOT interact in any way with any database, it is up to you to add this to the DB however there are guides that will show you how you can ca

This library is supposed to be a mix of tutorial and library code, that is relatively simple.

Supported WebServer:

Since the package is based on the net/http package from Go it should work with every web server library that uses the net/http package. Examples are available for:

• Echo
• Gin

Supported Databases:

Every single one! This is totally up to you. Examples are available for:

Postgres:

• sql
• sqlc
• Gorm

MySql:

• sql
• sqlc
• Gorm

Featueres/Tutorials to be added

• 2FA
• OAuth
• Email Verification
• Password reset
• Passkeys

Documentation

Overview

Tuersteher

This is an auth library that is inspired by [lucia-auth](https://lucia-auth.com/) and its developer [pilcrowonpaper](https://pilcrowonpaper.com/) and his [Copenhagen Book](https://thecopenhagenbook.com/) where he talks about general guidelines to implementing auth in web applications. My decision on not to add database interactions is also based on his upcoming change to the [v4 changes to lucia-auth](https://github.com/lucia-auth/lucia/issues/1639) and I agree with his mentality therefore this library will provide the following:

A detailed guide on how to implement authentication (currently only session based) in Golang that uses this library to add cookies based on the created session to the response and requests and copy/pastable code examples of how to integrate these sessions with your database.

> Very important:

this library does NOT interact in any way with any database, it is up to you to add this to the DB
however there are [guides]() that will show you how you can ca

This library is supposed to be a mix of tutorial and library code, that is relatively simple.

## Supported WebServer: Since the package is based on the net/http package from Go it should work with every web server library that uses the net/http package. Examples are available for:

- [x] Echo - [ ] Gin

## Supported Databases: Every single one! This is totally up to you. Examples are available for:

### Postgres: - [x] sql - [ ] sqlc - [ ] Gorm

### MySql: - [ ] sql - [ ] sqlc - [ ] Gorm

## Featueres/Tutorials to be added - [ ] 2FA - [ ] OAuth - [ ] Email Verification - [ ] Password reset - [ ] Passkeys

Index

• Constants
• func AddCookieToResponse(w http.ResponseWriter, c *http.Cookie)
• func ComparePassword(password, storedSalt string, storedHashedPw []byte) error
• func GenerateRandomString(size int) (string, error)
• func GetCookieFromRequest(r *http.Request) (*http.Cookie, error)
• func GetGoogleOauthConfig(options OauthOptions) *oauth2.Config
• func HashPassword(password, salt string) []byte
• func NewCookie() (*http.Cookie, error)
• func RemoveCookie(w http.ResponseWriter)
• func SetMaxAge(c *http.Cookie, maxAge int)
• func ValidatePassword(password, confirmPassword string) error
• type CookieOptions
• type OauthOptions
• type OauthScopes
• type TuersteherOauth
  • func NewGoogleTuersteherOauth(options OauthOptions) (TuersteherOauth, error)
  • func (t *TuersteherOauth) GetAuthUrl() string
  • func (t *TuersteherOauth) GetUserInfo(r *http.Request) (TuersteherUser, error)
• type TuersteherUser

Constants

const (
	ThirtyDays = 60 * 60 * 24 * 30
)

Functions

func AddCookieToResponse

func AddCookieToResponse(w http.ResponseWriter, c *http.Cookie)

AddCookieToResponse: Takes a http.ResponseWriter and adds "Set-Cookie" header to the Response with the values of the Session object that was created previously. Name of the cookie is automatically set to "tuersteher_session" and value of the cookie is the id of the sessionCookie (same as the id that should be saved int the database

func ComparePassword

func ComparePassword(password, storedSalt string, storedHashedPw []byte) error

Password refers to the user entered password (e.g. on signIn) storedSalt refers to the salt that is stored alongside the user and hashed password storedHashedPw refers to the password that is stored belonging to the user

If unequal returns an error

func GenerateRandomString

func GenerateRandomString(size int) (string, error)

Size is the amount of byte 32 = 256 bits

func GetCookieFromRequest

func GetCookieFromRequest(r *http.Request) (*http.Cookie, error)

GetCookieFromRequest take the request as a parameter and searches for the cookie with the name "tuersteher_session" and then returns the value of that session

func GetGoogleOauthConfig

func GetGoogleOauthConfig(options OauthOptions) *oauth2.Config

Example scope: []string{"https://www.googleapis.com/auth/userinfo.email"}

func HashPassword

func HashPassword(password, salt string) []byte

func NewCookie

func NewCookie() (*http.Cookie, error)

This sets the Session.Options to: Path : "/" , Domain: "localhost", MaxAge: 60 * 60 * 24 * 30, Secure: true, HttpOnly: true, SameSite: http.SameSiteDefaultMode, to change one of these just do: session.Options.Domain = "example.com"

func RemoveCookie

func RemoveCookie(w http.ResponseWriter)

Remove the cookie in the Response (set empty value and MaxAge -1 which automatically removes cookie)

func SetMaxAge

func SetMaxAge(c *http.Cookie, maxAge int)

func ValidatePassword

func ValidatePassword(password, confirmPassword string) error

Takes password and password to confirm in, in case the users don't need to confirm their password on register pass the password in for both values

ValidatePassword checks if the password match and if it is between 8 and 127 characters

Types

type CookieOptions

type CookieOptions struct {
	Path    string
	Domain  string
	Expires time.Time
	// MaxAge=0 means no Max-Age attribute specified and the cookie will be
	// deleted after the browser session ends.
	// MaxAge<0 means delete cookie immediately.
	// MaxAge>0 means Max-Age attribute present and given in seconds.
	MaxAge   int
	Secure   bool
	HttpOnly bool
	// Defaults to http.SameSiteDefaultMode
	// e.g. SameSite: http.SameSiteNoneMode
	SameSite http.SameSite
}

Options stores configuration for a session or session store.

type OauthOptions

type OauthOptions struct {
	ClientId     string
	ClientSecret string
	RedirectUrl  string
	Scopes       OauthScopes
}

type OauthScopes

type OauthScopes = []string

type TuersteherOauth

type TuersteherOauth struct {
	Cfg      *oauth2.Config
	State    string
	Userinfo string
}

func NewGoogleTuersteherOauth

func NewGoogleTuersteherOauth(options OauthOptions) (TuersteherOauth, error)

func (*TuersteherOauth) GetAuthUrl

func (t *TuersteherOauth) GetAuthUrl() string

func (*TuersteherOauth) GetUserInfo

func (t *TuersteherOauth) GetUserInfo(r *http.Request) (TuersteherUser, error)

type TuersteherUser

type TuersteherUser struct {
	Email      string `json:"email"`
	ProviderId string `json:"id"`
	Name       string `json:"name"`
}