Documentation ¶
Overview ¶
Package rememberme contains all functionalities regarding the storage and validation of the rememberme tokens.
Basics ¶
A rememberme token is a way for the server side application to "remember" the user logged in.
A user could have an unlimited number of rememberme tokens associated to his or her account, each with a different unique identifier.
The purpose of the unique identifier is to identify different tokens from different client device and/or browser instances and to facilitate token revocation.
If a rememberme token is already available to a client on a particular device or browser, the client should re-use this token instead of attempting to obtain a new one. Reusing valid avoids additional tokens being created unnecessarily and hence the storage burden that is associated to it.
Expiration ¶
A rememberme token itself does not automatically expire. However, it would be good practice for applications to periodically clean up unused tokens as a good security measure.
The Purge method is designed for this purpose. The frequency of calling this function and the cutoff time for what is considered old tokens are entirely determined by the downstream application.
Revocation ¶
A token can also be revoked. Once done so, subsequent ValidateToken calls from any client would fail.
Token revocation is usually done as a security measure, when a user no longer have access to the browser instance and/or the device a particular token was initially issued to.
This action is usually initiated by a user, but applications are strongly recommended to provide the necessary UI to facilitate the token revocation.
Index ¶
- Variables
- type FirestoreTokenManager
- func (m *FirestoreTokenManager) Add(ctx context.Context, token Token) (<-chan *Token, <-chan error)
- func (m *FirestoreTokenManager) Delete(ctx context.Context, token Token) <-chan error
- func (m *FirestoreTokenManager) Purge(ctx context.Context, username string, cutoff time.Time) <-chan error
- func (m *FirestoreTokenManager) Revoke(ctx context.Context, token Token) (<-chan *Token, <-chan error)
- func (m *FirestoreTokenManager) Validate(ctx context.Context, token Token) (<-chan *Token, <-chan error)
- type Token
- type TokenManager
Constants ¶
This section is empty.
Variables ¶
var ( ErrTokenDuplicate = errors.New("token duplicate") ErrTokenNotFound = errors.New("token not found") ErrTokenInvalid = errors.New("token invalid") )
Errors
Functions ¶
This section is empty.
Types ¶
type FirestoreTokenManager ¶
type FirestoreTokenManager struct {
// contains filtered or unexported fields
}
FirestoreTokenManager manages datastore operations regarding rememberme tokens.
func NewFirestoreTokenManager ¶
func NewFirestoreTokenManager(client *firestore.Client, collectionName string) *FirestoreTokenManager
NewFirestoreTokenManager creates a token manager with the given firestore client and collection name to store the rememberme tokens in.
func (*FirestoreTokenManager) Add ¶
Add adds the token to the underlying datastore
This function will return ErrTokenDuplicate if the given Username Identifier combination already exists in the datastore
func (*FirestoreTokenManager) Delete ¶
func (m *FirestoreTokenManager) Delete(ctx context.Context, token Token) <-chan error
Delete deletes the token permanently from the underlying datastore.
Once deleted, a token cannot be recovered
func (*FirestoreTokenManager) Purge ¶
func (m *FirestoreTokenManager) Purge(ctx context.Context, username string, cutoff time.Time) <-chan error
Purge removes tokens belonging to a given user last used before or equal to the cutoff time.
This function DELETES all matching tokens, regardless of whether the token has been revoked.
func (*FirestoreTokenManager) Revoke ¶
func (m *FirestoreTokenManager) Revoke(ctx context.Context, token Token) (<-chan *Token, <-chan error)
Revoke revokes a given token by marking the Revoked field to true.
Although both revoking a token and removing a token will make the ValidateToken call fail, RevokeToken leaves the token stored in the data store.
func (*FirestoreTokenManager) Validate ¶
func (m *FirestoreTokenManager) Validate(ctx context.Context, token Token) (<-chan *Token, <-chan error)
Validate checks if the given token is valid.
A token is considered valid if it meets the following conditions:
- The Username/Identifier combination exists in the datastore
- The token has not been revoked.
This method returns a ErrTokenInvalid if the token cannot be validated. This method also passes through any underlying datastore errors to the caller.
If the token is valid, its LastUsed will be updated to the current time to record the fact that the token has recently been used.
type Token ¶
type Token struct { Username string Identifier string Revoked bool UserAgent string Created int64 LastUsed int64 }
Token represents a rememberme token stored.
type TokenManager ¶
type TokenManager interface { // Add adds the token to the underlying datastore // // This function will return ErrTokenDuplicate if the given Username // Identifier combination already exists in the datastore Add(ctx context.Context, token Token) (<-chan *Token, <-chan error) // Delete deletes the token permanently from the underlying datastore. // // Once deleted, a token cannot be recovered Delete(ctx context.Context, token Token) <-chan error // Purge removes tokens belonging to a given user last used before or equal // to the cutoff time. // // This function DELETES all matching tokens, regardless of whether the // token has been revoked. Purge(ctx context.Context, username string, cutoff time.Time) <-chan error // Revoke revokes a given token by marking the Revoked field to true. // // Although both revoking a token and removing a token will make the // ValidateToken call fail, RevokeToken leaves the token stored in the data // store. Revoke(ctx context.Context, token Token) (<-chan *Token, <-chan error) // Validate checks if the given token is valid. // // A token is considered valid if it meets the following conditions: // // 1. The Username/Identifier combination exists in the datastore // 2. The token has not been revoked. // // This method returns a ErrTokenInvalid if the token cannot be validated. // This method also passes through any underlying datastore errors to the // caller. // // If the token is valid, its LastUsed will be updated to the current time // to record the fact that the token has recently been used. Validate(ctx context.Context, token Token) (<-chan *Token, <-chan error) }
TokenManager manages all rememberme token related operations. This interface defines common operations on rememberme tokens.
Depending on how the tokens are stored and queried, there could be multiple different implementations of a TokenManager.