session

package
v0.0.0-...-73eb7b8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2025 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RefreshMinInterval = 1 * time.Minute
	RefreshLeeway      = 5 * time.Minute
)
View Source 
const (
	KeyTemplate = "%s.lock"
)

Variables

View Source 
var (
	ErrInactive        = errors.New("is inactive")
	ErrInvalid         = errors.New("session is invalid")
	ErrInvalidExternal = errors.New("session has invalid state at identity provider")
	ErrNotFound        = errors.New("not found")
)
View Source 
var ErrAcquireLock = errors.New("could not acquire lock")

Functions

func ExternalID 

func ExternalID(r *http.Request, cfg openidconfig.Provider, idToken *openid.IDToken) (string, error)

ExternalID returns the external session ID, derived from the given request or id_token; e.g. `sid` or `session_state`. If none are present, a generated ID is returned.

Types

type Data 

type Data struct {
	ExternalSessionID string   `json:"external_session_id"`
	AccessToken       string   `json:"access_token"`
	IDToken           string   `json:"id_token"`
	RefreshToken      string   `json:"refresh_token"`
	Acr               string   `json:"acr"`
	Metadata          Metadata `json:"metadata"`
}

func NewData 

func NewData(externalSessionID string, tokens *openid.Tokens, metadata *Metadata) *Data

func (*Data) Encrypt 

func (in *Data) Encrypt(crypter crypto.Crypter) (*EncryptedData, error)

func (*Data) HasAccessToken 

func (in *Data) HasAccessToken() bool

func (*Data) HasActiveAccessToken 

func (in *Data) HasActiveAccessToken() bool

func (*Data) HasRefreshToken 

func (in *Data) HasRefreshToken() bool

func (*Data) Validate 

func (in *Data) Validate() error

type EncryptedData 

type EncryptedData struct {
	Ciphertext []byte
}

func (*EncryptedData) Decrypt 

func (in *EncryptedData) Decrypt(crypter crypto.Crypter) (*Data, error)

func (*EncryptedData) MarshalBinary 

func (in *EncryptedData) MarshalBinary() ([]byte, error)

func (*EncryptedData) UnmarshalBinary 

func (in *EncryptedData) UnmarshalBinary(bytes []byte) error

type Lock 

type Lock interface {
	Acquire(ctx context.Context, duration time.Duration) error
	Release(ctx context.Context) error
}

type Manager 

type Manager interface {
	Reader
	Writer

	// GetOrRefresh returns the session for a given http.Request. If the tokens within the session are expired and the
	// session is still valid, it will automatically attempt to refresh and update the session.
	GetOrRefresh(r *http.Request) (*Session, error)
}

Manager is both a Reader and a Writer.

func NewManager 

func NewManager(cfg *config.Config, openidCfg openidconfig.Config, crypter crypto.Crypter, openidClient *openidclient.Client) (Manager, error)

type Metadata 

type Metadata struct {
	Session MetadataSession `json:"session"`
	Tokens  MetadataTokens  `json:"tokens"`
}

func NewMetadata 

func NewMetadata(expiresIn, endsIn time.Duration) *Metadata

func (*Metadata) IsEnded 

func (in *Metadata) IsEnded() bool

func (*Metadata) IsExpired 

func (in *Metadata) IsExpired() bool

func (*Metadata) IsRefreshOnCooldown 

func (in *Metadata) IsRefreshOnCooldown() bool

func (*Metadata) IsTimedOut 

func (in *Metadata) IsTimedOut() bool

func (*Metadata) NextRefresh 

func (in *Metadata) NextRefresh() time.Time

func (*Metadata) Refresh 

func (in *Metadata) Refresh(nextExpirySeconds int64)

func (*Metadata) RefreshCooldown 

func (in *Metadata) RefreshCooldown() time.Time

func (*Metadata) ShouldRefresh 

func (in *Metadata) ShouldRefresh() bool

func (*Metadata) TokenLifetime 

func (in *Metadata) TokenLifetime() time.Duration

func (*Metadata) Verbose 

func (in *Metadata) Verbose() MetadataVerbose

func (*Metadata) WithTimeout 

func (in *Metadata) WithTimeout(timeoutIn time.Duration)

type MetadataSession 

type MetadataSession struct {
	// CreatedAt is the time when the session was created.
	CreatedAt time.Time `json:"created_at"`
	// EndsAt is the time when the session will end, i.e. the absolute lifetime/time-to-live for the session.
	EndsAt time.Time `json:"ends_at"`
	// TimeoutAt is the time when the session will be marked as inactive. A zero value means no timeout. The timeout is extended whenever the tokens are refreshed.
	TimeoutAt time.Time `json:"timeout_at"`
}

type MetadataSessionVerbose 

type MetadataSessionVerbose struct {
	MetadataSession
	EndsInSeconds    int64 `json:"ends_in_seconds"`
	Active           bool  `json:"active"`
	TimeoutInSeconds int64 `json:"timeout_in_seconds"`
}

type MetadataTokens 

type MetadataTokens struct {
	// ExpireAt is the time when the tokens will expire.
	ExpireAt time.Time `json:"expire_at"`
	// RefreshedAt is the time when the tokens were last refreshed.
	RefreshedAt time.Time `json:"refreshed_at"`
}

type MetadataTokensVerbose 

type MetadataTokensVerbose struct {
	MetadataTokens
	ExpireInSeconds          int64 `json:"expire_in_seconds"`
	NextAutoRefreshInSeconds int64 `json:"next_auto_refresh_in_seconds"`
	RefreshCooldown          bool  `json:"refresh_cooldown"`
	RefreshCooldownSeconds   int64 `json:"refresh_cooldown_seconds"`
}

type MetadataVerbose 

type MetadataVerbose struct {
	Session MetadataSessionVerbose `json:"session"`
	Tokens  MetadataTokensVerbose  `json:"tokens"`
}

type NoOpLock 

type NoOpLock struct{}

func NewNoOpLock 

func NewNoOpLock() *NoOpLock

func (*NoOpLock) Acquire 

func (n *NoOpLock) Acquire(_ context.Context, _ time.Duration) error

func (*NoOpLock) Release 

func (n *NoOpLock) Release(_ context.Context) error

type Reader 

type Reader interface {
	// Get returns the session for a given http.Request, or an error if the session is invalid or not found.
	Get(r *http.Request) (*Session, error)
}

Reader knows how to read a session.

func NewReader 

func NewReader(cfg *config.Config, cookieCrypter crypto.Crypter) (Reader, error)

type RedisLock 

type RedisLock struct {
	// contains filtered or unexported fields
}

func NewRedisLock 

func NewRedisLock(client redis.Cmdable, key string) *RedisLock

func (*RedisLock) Acquire 

func (r *RedisLock) Acquire(ctx context.Context, duration time.Duration) error

func (*RedisLock) Release 

func (r *RedisLock) Release(ctx context.Context) error

type Session 

type Session struct {
	// contains filtered or unexported fields
}

func NewSession 

func NewSession(data *Data, ticket *Ticket) *Session

func (*Session) AccessToken 

func (in *Session) AccessToken() (string, error)

func (*Session) Acr 

func (in *Session) Acr() string

func (*Session) ExternalSessionID 

func (in *Session) ExternalSessionID() string

func (*Session) IDToken 

func (in *Session) IDToken() string

func (*Session) MetadataVerbose 

func (in *Session) MetadataVerbose() MetadataVerbose

func (*Session) SetCookie 

func (in *Session) SetCookie(w http.ResponseWriter, opts cookie.Options, crypter crypto.Crypter) error

type Store 

type Store interface {
	Write(ctx context.Context, key string, value *EncryptedData, expiration time.Duration) error
	Read(ctx context.Context, key string) (*EncryptedData, error)
	Delete(ctx context.Context, keys ...string) error
	Update(ctx context.Context, key string, value *EncryptedData) error

	MakeLock(key string) Lock
}

func NewMemory 

func NewMemory() Store

func NewRedis 

func NewRedis(client redis.Cmdable) Store

func NewStore 

func NewStore(cfg *config.Config) (Store, error)

type Ticket 

type Ticket struct {
	// SessionKey identifies the session.
	SessionKey string `json:"id"`
	// EncryptionKey is the data encryption key (DEK) used to encrypt the session's data.
	// Its size is equal to the expected key size for the used AEAD, defined in crypto.KeySize.
	EncryptionKey []byte `json:"dek"`
	// contains filtered or unexported fields
}

Ticket contains the user agent's data required to access their associated session.

func NewTicket 

func NewTicket(sessionKey string) (*Ticket, error)

func (*Ticket) Crypter 

func (c *Ticket) Crypter() crypto.Crypter

Crypter returns a crypto.Crypter initialized with the session's data encryption key.

func (*Ticket) Key 

func (c *Ticket) Key() string

Key returns the key that identifies the session.

func (*Ticket) SetCookie 

func (c *Ticket) SetCookie(w http.ResponseWriter, opts cookie.Options, crypter crypto.Crypter) error

SetCookie marshals the Ticket, encrypts the value with the given crypto.Crypter, and writes the resulting cookie to the given http.ResponseWriter, applying any cookie.Options to the cookie itself.

type Writer 

type Writer interface {
	// Create creates and stores a session in the Store.
	Create(r *http.Request, tokens *openid.Tokens, sessionLifetime time.Duration) (*Session, error)
	// Delete deletes a session for a given Session.
	Delete(ctx context.Context, session *Session) error
	// DeleteForExternalID deletes a session for a given external session ID (e.g. front-channel logout).
	DeleteForExternalID(ctx context.Context, id string) error
	// Refresh refreshes the user's tokens and returns the updated session. If the session should not be
	// refreshed, it will return the existing session without modifications.
	Refresh(r *http.Request, sess *Session) (*Session, error)
}

Writer knows how to create, update and delete a session.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.