Documentation ¶
Overview ¶
Tuersteher ¶
This is an auth library that is inspired by [lucia-auth](https://lucia-auth.com/) and its developer [pilcrowonpaper](https://pilcrowonpaper.com/) and his [Copenhagen Book](https://thecopenhagenbook.com/) where he talks about general guidelines to implementing auth in web applications. My decision on not to add database interactions is also based on his upcoming change to the [v4 changes to lucia-auth](https://github.com/lucia-auth/lucia/issues/1639) and I agree with his mentality therefore this library will provide the following:
A detailed guide on how to implement authentication (currently only session based) in Golang that uses this library to add cookies based on the created session to the response and requests and copy/pastable code examples of how to integrate these sessions with your database.
> Very important:
this library does NOT interact in any way with any database, it is up to you to add this to the DB however there are [guides]() that will show you how you can ca
This library is supposed to be a mix of tutorial and library code, that is relatively simple.
## Supported WebServer: Since the package is based on the net/http package from Go it should work with every web server library that uses the net/http package. Examples are available for:
- [x] Echo - [ ] Gin
## Supported Databases: Every single one! This is totally up to you. Examples are available for:
### Postgres: - [x] sql - [ ] sqlc - [ ] Gorm
### MySql: - [ ] sql - [ ] sqlc - [ ] Gorm
## Featueres/Tutorials to be added - [ ] 2FA - [ ] OAuth - [ ] Email Verification - [ ] Password reset - [ ] Passkeys
Index ¶
- Constants
- func AddCookieToResponse(w http.ResponseWriter, c *http.Cookie)
- func ComparePassword(password, storedSalt string, storedHashedPw []byte) error
- func GenerateRandomString(size int) (string, error)
- func GetCookieFromRequest(r *http.Request) (*http.Cookie, error)
- func HashPassword(password, salt string) []byte
- func NewCookie() (*http.Cookie, error)
- func RemoveCookie(w http.ResponseWriter)
- func SetMaxAge(c *http.Cookie, maxAge int)
- func ValidatePassword(password, confirmPassword string) error
- type CookieOptions
Constants ¶
const (
ThirtyDays = 60 * 60 * 24 * 30
)
Variables ¶
This section is empty.
Functions ¶
func AddCookieToResponse ¶ added in v0.1.3
func AddCookieToResponse(w http.ResponseWriter, c *http.Cookie)
AddCookieToResponse: Takes a http.ResponseWriter and adds "Set-Cookie" header to the Response with the values of the Session object that was created previously. Name of the cookie is automatically set to "tuersteher_session" and value of the cookie is the id of the sessionCookie (same as the id that should be saved int the database
func ComparePassword ¶
Password refers to the user entered password (e.g. on signIn) storedSalt refers to the salt that is stored alongside the user and hashed password storedHashedPw refers to the password that is stored belonging to the user
If unequal returns an error
func GenerateRandomString ¶
Size is the amount of byte 32 = 256 bits
func GetCookieFromRequest ¶ added in v0.1.3
GetCookieFromRequest take the request as a parameter and searches for the cookie with the name "tuersteher_session" and then returns the value of that session
func HashPassword ¶
func NewCookie ¶
This sets the Session.Options to: Path : "/" , Domain: "localhost", MaxAge: 60 * 60 * 24 * 30, Secure: true, HttpOnly: true, SameSite: http.SameSiteDefaultMode, to change one of these just do: session.Options.Domain = "example.com"
func RemoveCookie ¶ added in v0.1.3
func RemoveCookie(w http.ResponseWriter)
Remove the cookie in the Response (set empty value and MaxAge -1 which automatically removes cookie)
func ValidatePassword ¶
Takes password and password to confirm in, in case the users don't need to confirm their password on register pass the password in for both values
ValidatePassword checks if the password match and if it is between 8 and 127 characters
Types ¶
type CookieOptions ¶
type CookieOptions struct { Path string Domain string Expires time.Time // MaxAge=0 means no Max-Age attribute specified and the cookie will be // deleted after the browser session ends. // MaxAge<0 means delete cookie immediately. // MaxAge>0 means Max-Age attribute present and given in seconds. MaxAge int Secure bool HttpOnly bool // Defaults to http.SameSiteDefaultMode // e.g. SameSite: http.SameSiteNoneMode SameSite http.SameSite }
Options stores configuration for a session or session store.