Documentation
¶
Overview ¶
Package authz provides login requirement wrappers for HTTP handlers.
The following session variables are used:
"user_id": int. If not set or zero, not logged in. "must_change_password": bool. If set to true, redirect all requests with a path other than ChangePasswordPath to ChangePasswordPath. "user_is_admin": bool. Used for MustAdmin. A user is considered to be an admin if this is set to true.
Index ¶
- Variables
- func MustAdmin(h, notFound http.Handler) http.Handler
- func MustLogin(h http.Handler) http.Handler
- func MustLoginFunc(h func(rw http.ResponseWriter, req *http.Request)) http.Handler
- func MustNotLogin(h http.Handler) http.Handler
- func MustNotLoginFunc(h func(rw http.ResponseWriter, req *http.Request)) http.Handler
- func RedirectWithReturn(req *http.Request, statusCode int, targetURL string)
- func ReturnRedirect(req *http.Request, statusCode int, defaultURL string)
Constants ¶
This section is empty.
Variables ¶
var ( // The only URL path which can be loaded if "must_change_password" is set. // Requests for all other paths redirect to this. ChangePasswordPath = "/auth/chpw" // Relative or absolute URL to redirect to if login is required. LoginURL = "/auth/login" // Relative or absolute URL to redirect to after login if there is no // specific page to return to. AfterLoginURL = "/" )
Functions ¶
func MustLogin ¶
Redirects to LoginURL unless session value "user_id" is a nonzero integer.
If "must_change_password" is set to true, any request for a path other than ChangePasswordPath is redirected to that path.
func MustLoginFunc ¶
Like MustLogin, but takes a function as the wrapped handler.
func MustNotLogin ¶
Ensures that a user is not logged in. Session value "user_id" must be absent or zero. If a user is logged in, redirects to AfterLoginURL.
func MustNotLoginFunc ¶
Like MustNotLogin, but takes a function as the wrapped handler.
func RedirectWithReturn ¶
Redirect to a given URL with the given status code, such that the user agent can eventually be redirected back to the current URL, unless a return URL has already been provided in the current request, in which case that return URL is used.
Types ¶
This section is empty.