Documentation
¶
Index ¶
- Constants
- Variables
- func CreateSession(ctx context.Context, w http.ResponseWriter, r *http.Request, sesh UserSession)
- func GetTemplates(ctx context.Context) *template.Template
- func InitGroup(g, csvMembers string)
- func InitSessionStore(key, prevkey string)
- func InitTemplates(templateDir string)
- func IsInGroup(group, email string) bool
- func IsTrustedRequest(r *http.Request) bool
- func OverwriteSessionToNil(ctx context.Context, w http.ResponseWriter, r *http.Request)
- func ParseRecursive(t *template.Template, dir string) *template.Template
- type BaseHandler
- type ContextHandler
- type CrumbTrail
- type CtxMaker
- type UserSession
Constants ¶
const (
// AdminGroup is the group name for an important group that grants admin privs.
AdminGroup = "admin"
)
Variables ¶
var ( // CtxMakerCallback creates a context.Context as the app would like (i.e. with timeouts etc.) // The user can override this via their init() block, but the default isn't terrible. CtxMakerCallback = func(r *http.Request) context.Context { return r.Context() } )
var ( // RequireTls will redirect non-https URLs to the https equiv. Enabled by default. RequireTls = true )
var (
Templates *template.Template
)
Functions ¶
func CreateSession ¶
func CreateSession(ctx context.Context, w http.ResponseWriter, r *http.Request, sesh UserSession)
func GetTemplates ¶
GetFoo: given a context, extracts the object (or panics; should not be optional). May return nil.
func InitGroup ¶
func InitGroup(g, csvMembers string)
InitGroup will populate a particular group, given a CSV string of emails. The group `admin` is particularly important.
func InitSessionStore ¶
func InitSessionStore(key, prevkey string)
InitSessionStore *must* be called in the caller's init() block.
func InitTemplates ¶ added in v0.1.12
func InitTemplates(templateDir string)
InitTemplates *must* be invoked by the caller. The single arg should contain a dir structure of template. It must be relative to the appengine module root, which is the git repo root. Setting this to a bad value, or where templates fail to parse, will cause a panic.
func IsTrustedRequest ¶ added in v0.1.17
IsTrustedRequest checks whether the request came from a trusted source - i.e. some other appengine component or service. (see https://cloud.google.com/appengine/docs/flexible/nodejs/scheduling-jobs-with-cron-yaml#validating_cron_requests, https://cloud.google.com/tasks/docs/creating-appengine-handlers#reading_app_engine_task_request_headers)
func OverwriteSessionToNil ¶
Types ¶
type BaseHandler ¶
type BaseHandler func(http.ResponseWriter, *http.Request)
func WithAdmin ¶
func WithAdmin(ch ContextHandler) BaseHandler
WithAdmin ensures that the caller has admin privs - either by being a user in the AdminGroup, or by having a HTTP header that indicates the request came from a trusted part of our appengine world.
func WithCtx ¶
func WithCtx(ch ContextHandler) BaseHandler
WithCtx is the outermost wrapper, which returns a BaseHandler suitable for http.HandleFunc; the rest of the handlerware works on ContextHandlers, and can be chained. This handler will enforce TLS if needed, create the context.Context, and inject the templates into that context, before calling whatever is next in the chain.
func WithGroup ¶
func WithGroup(g string, ch ContextHandler) BaseHandler
WithGroup builds on WithSession; it also asserts that the user is a member of a particular group
func WithSession ¶
func WithSession(ch ContextHandler) BaseHandler
WithSession is the primary piece of handlerware. It ensures a user is logged in, redirecting to a fallback handler if they're not. A usersession is built, and injected into the context.
type ContextHandler ¶
var ( // CookieName is what the calling app wants its session token to be kept in. CookieName = "choc_chip" // NoSessionHandler is executed when the user doesn't have a session. NoSessionHandler ContextHandler )
func EnsureAdmin ¶
func EnsureAdmin(ch ContextHandler) ContextHandler
EnsureAdmin validates that the request has admin privileges, and runs the handler (or returns 401). Privileges are either that the user is logged in, and is an admin; or that the request came from an appengine cron job or a cloud tasks queue.
func EnsureGroup ¶
func EnsureGroup(g string, ch ContextHandler) ContextHandler
EnsureGroup asserts that the user is logged in, and is a member of the specified group; if not, then 401.
func EnsureSession ¶
func EnsureSession(ch ContextHandler) ContextHandler
EnsureSession checks that there is a user session, and if so runs the specified handler; else it runs the `NoSessionHandler` (which presumably starts a login flow). Adds some debug logging into a cookie, to try and illuminate how users end up without sessions.
func EnsureSessionOrFallback ¶
func EnsureSessionOrFallback(ch, fallback ContextHandler) ContextHandler
EnsureSessionOrFallback lets the caller specify which contexthandler to run when the session is not found.
func WithoutCtx ¶
func WithoutCtx(bh BaseHandler) ContextHandler
WithoutCtx lets us strip out the context, so we can wrap regular BaseHandlers. This is mostly just so internal cron URLs can be wrapped inside WithAdmin().
type CrumbTrail ¶
type CrumbTrail struct {
// contains filtered or unexported fields
}
func (*CrumbTrail) Add ¶
func (ct *CrumbTrail) Add(c string)
func (CrumbTrail) String ¶
func (ct CrumbTrail) String() string
type UserSession ¶
type UserSession struct {
Email string // case sensitive, sadly
CreatedAt time.Time // when the user last went through the OAuth2 dance
}
Pretty much all handlers should expect to be able to pluck this object out of their Context; see handlerware.go
func GetUserSession ¶
func GetUserSession(ctx context.Context) (UserSession, bool)
func (UserSession) IsAdmin ¶
func (us UserSession) IsAdmin() bool
func (UserSession) IsEmpty ¶
func (us UserSession) IsEmpty() bool
func (UserSession) IsInGroup ¶
func (us UserSession) IsInGroup(g string) bool
Source Files