rememberme

package
v2.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 24, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package rememberme contains all functionalities regarding the storage and validation of the rememberme tokens.

Basics

A rememberme token is a way for the server side application to "remember" the user logged in.

A user could have an unlimited number of rememberme tokens associated to his or her account, each with a different unique identifier.

The purpose of the unique identifier is to identify different tokens from different client device and/or browser instances and to facilitate token revocation.

If a rememberme token is already available to a client on a particular device or browser, the client should re-use this token instead of attempting to obtain a new one. Reusing valid avoids additional tokens being created unnecessarily and hence the storage burden that is associated to it.

Expiration

A rememberme token itself does not automatically expire. However, it would be good practice for applications to periodically clean up unused tokens as a good security measure.

The Purge method is designed for this purpose. The frequency of calling this function and the cutoff time for what is considered old tokens are entirely determined by the downstream application.

Revocation

A token can also be revoked. Once done so, subsequent ValidateToken calls from any client would fail.

Token revocation is usually done as a security measure, when a user no longer have access to the browser instance and/or the device a particular token was initially issued to.

This action is usually initiated by a user, but applications are strongly recommended to provide the necessary UI to facilitate the token revocation.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrTokenDuplicate = errors.New("token duplicate")
	ErrTokenNotFound  = errors.New("token not found")
	ErrTokenInvalid   = errors.New("token invalid")
)

Errors

Functions

This section is empty.

Types

type FirestoreTokenManager

type FirestoreTokenManager struct {
	// contains filtered or unexported fields
}

FirestoreTokenManager manages datastore operations regarding rememberme tokens.

func NewFirestoreTokenManager

func NewFirestoreTokenManager(client *firestore.Client,
	collectionName string) *FirestoreTokenManager

NewFirestoreTokenManager creates a token manager with the given firestore client and collection name to store the rememberme tokens in.

func (*FirestoreTokenManager) Add

func (m *FirestoreTokenManager) Add(ctx context.Context,
	token Token) (<-chan *Token, <-chan error)

Add adds the token to the underlying datastore

This function will return ErrTokenDuplicate if the given Username Identifier combination already exists in the datastore

func (*FirestoreTokenManager) Delete

func (m *FirestoreTokenManager) Delete(ctx context.Context,
	token Token) <-chan error

Delete deletes the token permanently from the underlying datastore.

Once deleted, a token cannot be recovered

func (*FirestoreTokenManager) Purge

func (m *FirestoreTokenManager) Purge(ctx context.Context, username string,
	cutoff time.Time) <-chan error

Purge removes tokens belonging to a given user last used before or equal to the cutoff time.

This function DELETES all matching tokens, regardless of whether the token has been revoked.

func (*FirestoreTokenManager) Revoke

func (m *FirestoreTokenManager) Revoke(ctx context.Context,
	token Token) (<-chan *Token, <-chan error)

Revoke revokes a given token by marking the Revoked field to true.

Although both revoking a token and removing a token will make the ValidateToken call fail, RevokeToken leaves the token stored in the data store.

func (*FirestoreTokenManager) Validate

func (m *FirestoreTokenManager) Validate(ctx context.Context,
	token Token) (<-chan *Token, <-chan error)

Validate checks if the given token is valid.

A token is considered valid if it meets the following conditions:

  1. The Username/Identifier combination exists in the datastore
  2. The token has not been revoked.

This method returns a ErrTokenInvalid if the token cannot be validated. This method also passes through any underlying datastore errors to the caller.

If the token is valid, its LastUsed will be updated to the current time to record the fact that the token has recently been used.

type Token

type Token struct {
	Username   string
	Identifier string
	Revoked    bool
	UserAgent  string
	Created    int64
	LastUsed   int64
}

Token represents a rememberme token stored.

type TokenManager

type TokenManager interface {
	// Add adds the token to the underlying datastore
	//
	// This function will return ErrTokenDuplicate if the given Username
	// Identifier combination already exists in the datastore
	Add(ctx context.Context, token Token) (<-chan *Token, <-chan error)

	// Delete deletes the token permanently from the underlying datastore.
	//
	// Once deleted, a token cannot be recovered
	Delete(ctx context.Context, token Token) <-chan error

	// Purge removes tokens belonging to a given user last used before or equal
	// to the cutoff time.
	//
	// This function DELETES all matching tokens, regardless of whether the
	// token has been revoked.
	Purge(ctx context.Context, username string, cutoff time.Time) <-chan error

	// Revoke revokes a given token by marking the Revoked field to true.
	//
	// Although both revoking a token and removing a token will make the
	// ValidateToken call fail, RevokeToken leaves the token stored in the data
	// store.
	Revoke(ctx context.Context, token Token) (<-chan *Token, <-chan error)

	// Validate checks if the given token is valid.
	//
	// A token is considered valid if it meets the following conditions:
	//
	//   1. The Username/Identifier combination exists in the datastore
	//   2. The token has not been revoked.
	//
	// This method returns a ErrTokenInvalid if the token cannot be validated.
	// This method also passes through any underlying datastore errors to the
	// caller.
	//
	// If the token is valid, its LastUsed will be updated to the current time
	// to record the fact that the token has recently been used.
	Validate(ctx context.Context, token Token) (<-chan *Token, <-chan error)
}

TokenManager manages all rememberme token related operations. This interface defines common operations on rememberme tokens.

Depending on how the tokens are stored and queried, there could be multiple different implementations of a TokenManager.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL