webauth

package

v3.2.1 Latest Latest Go to latest Published: Aug 2, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rokwire/core-auth-library-go

Links

Open Source Insights

Documentation ¶

Index ¶

func CheckCSRFToken(r *http.Request, newTokenLength int) (http.Cookie, error)
func CheckOrigin(r *http.Request, requiredOrigin string) error
func GetRefreshToken(r *http.Request, newCSRFTokenLength int) (string, http.Cookie, error)
func NewCSRFCookie(tokenLength int) (http.Cookie, error)
func NewRefreshCookie(token string, lifetime time.Duration, delete bool) (*http.Cookie, error)
func SetupCORS(allowedOrigins []string, customHeaders []string, router http.Handler) http.Handler

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckCSRFToken ¶

func CheckCSRFToken(r *http.Request, newTokenLength int) (http.Cookie, error)

CheckCSRFToken compares the value of the CSRF cookie against the value of the CSRF header and returns an error if there is a mismatch. A new CSRF cookie is returned if generation is successful. CSRF tokens must be provided in the "__Host-rokwire-csrf-token" cookie and "Rokwire-Csrf-Token" header.

func CheckOrigin ¶

func CheckOrigin(r *http.Request, requiredOrigin string) error

CheckOrigin verifies that the "Origin" header in r matches requiredOrigin. Used by web applications for CSRF protection.

requiredOrigin should be the full origin of the calling application (i.e., <scheme>://<hostname>:<port>). <port> is optional, but the default port for the requested service is used if not given.

func GetRefreshToken ¶

func GetRefreshToken(r *http.Request, newCSRFTokenLength int) (string, http.Cookie, error)

GetRefreshToken retrieves refresh and CSRF tokens from the request headers and/or cookies. The refresh token is returned if the CSRF tokens match. A new CSRF cookie is returned if generation is successful. Refresh tokens must be provided in the "__Host-rokwire-refresh-token" cookie.

func NewCSRFCookie ¶

func NewCSRFCookie(tokenLength int) (http.Cookie, error)

NewCSRFCookie returns a new "__Host-rokwire-csrf-token" session cookie. This should be used by web applications to send CSRF tokens to a browser.

func NewRefreshCookie ¶

func NewRefreshCookie(token string, lifetime time.Duration, delete bool) (*http.Cookie, error)

NewRefreshCookie returns a new "__Host-rokwire-refresh-token" cookie with the given lifetime and the given token as its value. The cookie is set to be immediately deleted if delete is true. This should be used by web applications to send refresh tokens to a browser.

func SetupCORS ¶

func SetupCORS(allowedOrigins []string, customHeaders []string, router http.Handler) http.Handler

SetupCORS sets up a new CORS handler for router using the given allowedOrigins and customHeaders. Used by building blocks to disallow requests from not allowed origins in web browsers.

"X-Requested-With", "Content-Type", "Authorization", and "Origin" headers are allowed for cross domain requests by default.

Types ¶

This section is empty.

Source Files ¶

View all Source files

web.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL