Documentation ¶
Index ¶
- Constants
- Variables
- func CSRFToken(r *http.Request) string
- func SessionContext(ctx context.Context, session *Session) context.Context
- func UserContext(ctx context.Context, u *User) context.Context
- type Accounts
- func (a *Accounts) CheckPassword(ctx context.Context, userID, password string) error
- func (a *Accounts) GetUserByEmail(ctx context.Context, email string) (*User, error)
- func (a *Accounts) GetUserByID(ctx context.Context, userID string) (*User, error)
- func (a *Accounts) NewAdmin(ctx context.Context, p NewAdminParams) (id string, err error)
- func (a *Accounts) NewUser(ctx context.Context, p NewUserParams) (id string, err error)
- func (a *Accounts) SetCredentials(ctx context.Context, p SetPasswordParams) error
- type Authorization
- type CSRFProtection
- type Core
- type Images
- type LoginParams
- type Modules
- type NewAdminParams
- type NewUserParams
- type Security
- type Session
- type Sessions
- func (s *Sessions) Close(ctx context.Context, stickyID string) error
- func (s *Sessions) CloseExpired(ctx context.Context) (int, error)
- func (s *Sessions) Login(w http.ResponseWriter, r *http.Request, userID string, p LoginParams) (*Session, error)
- func (s *Sessions) Read(w http.ResponseWriter, r *http.Request) (*Session, error)
- type SetPasswordParams
- type ThumbnailParams
- type User
Constants ¶
const ( // PersistentSession maintain the user logged in for up to 365 days of inactivity. // The 'remember me' option when signing in uses this. PersistentSession = "persistent" // EphemeralSession maintain the user logged in for up to 30 days of inactivity. // This work as long as the browser isn't closed or browser session isn't restored. // It is important to have in mind that cookie expiration might be undetermined at the client-side, // but at the server-side, there is always a session expiration (lower in case of an 'ephemeral' session). EphemeralSession = "ephemeral" )
const SessionIDCookieName = "__Host-Market-SID"
SessionIDCookieName is the cookie name where the session id is stored on the browser. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Cookie_prefixes
Variables ¶
var ErrUserNotFound = errors.New("user not found")
ErrUserNotFound occurs when no user is found.
var ErrWrongPassword = errors.New("wrong password")
ErrWrongPassword is used after failing to verify password.
Functions ¶
func SessionContext ¶
SessionContext adds a session to a given context.
Types ¶
type Accounts ¶
type Accounts struct {
// contains filtered or unexported fields
}
Accounts services.
func (*Accounts) CheckPassword ¶
CheckPassword for user.
func (*Accounts) GetUserByEmail ¶
GetUserByEmail and return user object.
func (*Accounts) GetUserByID ¶
GetUserByID and return user object.
func (*Accounts) SetCredentials ¶
func (a *Accounts) SetCredentials(ctx context.Context, p SetPasswordParams) error
SetCredentials for user.
type Authorization ¶
type Authorization string
Authorization role levels.
var ( // UserAuthorization role. UserAuthorization Authorization = "user" // AdminAuthorization role. AdminAuthorization Authorization = "admin" )
type CSRFProtection ¶
type CSRFProtection struct {
// contains filtered or unexported fields
}
CSRFProtection protects requests against Cross-Site Request Forgery attacks. See https://owasp.org/www-community/attacks/csrf It uses https://github.com/justinas/nosurf behind the scenes.
func NewCSRFProtection ¶
func NewCSRFProtection(handler http.Handler) *CSRFProtection
NewCSRFProtection middleware.
func (*CSRFProtection) ExemptFunc ¶
func (c *CSRFProtection) ExemptFunc(fn func(r *http.Request) bool)
ExemptFunc to bypass CSRF protection for a given request. This should only be used when there is already another CSRF protection in place, such as by the use of other types of tokens, and to allow HTTP connections from webhooks or non-browser clients that doesn't require or support CSRF protection. Please remember to always protect endpoints accordingly, and consider the case of browsers accessing them directly without CSRF protection.
func (*CSRFProtection) RegenerateToken ¶
func (c *CSRFProtection) RegenerateToken(w http.ResponseWriter, r *http.Request) string
RegenerateToken on a given request. Should be called during login/logout operations.
func (*CSRFProtection) ServeHTTP ¶
func (c *CSRFProtection) ServeHTTP(w http.ResponseWriter, r *http.Request)
func (*CSRFProtection) SetFailureHandler ¶
func (c *CSRFProtection) SetFailureHandler(handler http.Handler)
SetFailureHandler for when requests fail.
type Core ¶
type Core struct { // Settings of the application. Settings config.Settings // PostgreSQL relational database. Postgres *pgxpool.Pool // Redis cache layer. Redis *redis.Client // Elasticsearch client. Elasticsearch *elasticsearch.Client // CSRFProtection middleware. CSRFProtection *CSRFProtection }
Core services include settings of the application, external services, and dependencies.
type Images ¶
type Images struct {
// contains filtered or unexported fields
}
Images service.
type LoginParams ¶
type LoginParams struct { // RememberMe defines whether to set a persistent cookie that survives closing the browser or not. RememberMe bool }
LoginParams to control cookie persistence, and etc.
type Modules ¶
type Modules struct { Settings config.Settings Accounts Accounts Sessions Sessions Security Security Images Images }
Modules exposes internal services to the HTTP handlers without giving direct unchecked access to the core services.
func NewModules ¶
NewModules creates an instance of each service in this package and returns a Module object that can be injected elsewhere.
type NewAdminParams ¶
type NewAdminParams struct { NewUserParams Password string }
NewAdminParams required to create a new admin user.
type NewUserParams ¶
type NewUserParams struct { Name string Email string Phone string Access Authorization }
NewUserParams to create a new user.
func (*NewUserParams) ValidateAndNormalize ¶
func (p *NewUserParams) ValidateAndNormalize() error
ValidateAndNormalize user params.
type Security ¶
type Security struct {
// contains filtered or unexported fields
}
Security module.
func (*Security) RegenerateCSRFToken ¶
RegenerateCSRFToken on a given request. Should be called during login/logout operations.
type Session ¶
type Session struct { ID string StickyID string CreatedAt time.Time Expire time.Time State string UserID string RememberMe bool }
Session data.
func SessionFromRequest ¶
SessionFromRequest extracts the session data from a request.
type Sessions ¶
type Sessions struct {
// contains filtered or unexported fields
}
Sessions services.
See https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html
func (*Sessions) Close ¶
Close session. Revokes its sticky session id to make any existing cookie associated to it invalid.
func (*Sessions) CloseExpired ¶
CloseExpired sessions changes the state of expired sessions to mark them as expired. It should be called on a schedule.
type SetPasswordParams ¶
SetPasswordParams for a given user.
type ThumbnailParams ¶
type ThumbnailParams struct { // Type of the output format (i.e., jpeg, png, webp; default: auto) Type string // Quality of the image (default, 90). Quality int // Width of the thumbnail. Width int // Height of the thumbnail. Height int // Method to call in imaginary for image transformation. // By default fit is used. See https://github.com/h2non/imaginary. Method string }
ThumbnailParams to generate links and HTML tags for images.