Documentation
¶
Overview ¶
Authentication logic and JWT operations package.
Index ¶
Constants ¶
View Source
const ( ACCESS_TOKEN = "access-token" REFRESH_TOKEN = "refresh-token" )
Variables ¶
View Source
var PathExceptions = []string{
"/api/v1",
"/api/v1/auth",
"/api/v1/auth/logout",
"/api/v1/dump",
"/api/v1/live",
"/api/v1/users/activation",
"/api/v1/users/passphrase/request",
"/api/v1/users/passphrase/reset",
}
These URL paths are to be skipped by the authentication middleware.
Functions ¶
func AuthMiddleware ¶
The very authentication middleware entrypoint.
func NewAuthRouter ¶ added in v0.44.23
func NewAuthRouter(authController *AuthController) chi.Router
func NewAuthService ¶ added in v0.44.23
func NewAuthService( tokenRepository models.TokenRepositoryInterface, userRepository models.UserRepositoryInterface, ) models.AuthServiceInterface
Types ¶
type AuthController ¶ added in v0.44.23
type AuthController struct {
// contains filtered or unexported fields
}
func NewAuthController ¶ added in v0.44.23
func NewAuthController(authService models.AuthServiceInterface) *AuthController
func (*AuthController) Auth ¶ added in v0.44.23
func (c *AuthController) Auth(w http.ResponseWriter, r *http.Request)
Auth handles the nickname-hashed-passphrase common dual input and tries to authenticate the user.
@Summary Auth an user
@Description This function call acts as a procedure to authenticate an user using their credentials (nickname and hashed passphrase). On success, the pair of HTTP cookies are sent with the API response (`refresh-token` and `access-token`).
@Description
@Description The hashed string is a concatenation of user's passphrase and the server pepper/secret, which is then hashed using the SHA-512 algorithm.
@Tags auth
@Accept json
@Produce json
@Param request body auth.AuthUser true "User's credentials to authenticate."
@Success 200 {object} common.APIResponse{data=auth.Auth.responseData} "Authentication process successful, HTTP cookies sent in response."
@Failure 400 {object} common.APIResponse{data=auth.Logout.responseData} "Invalid input data."
@Failure 401 {object} common.APIResponse{data=auth.Logout.responseData} "User not authenticated, wrong passphrase used, or such account does not exist at all."
@Failure 404 {object} common.APIResponse{data=auth.Logout.responseData} "User not found."
@Failure 429 {object} common.APIResponse{data=models.Stub} "Too many requests, try again later."
@Failure 500 {object} common.APIResponse{data=auth.Logout.responseData} "Internal server problem while processing the request."
@Router /auth [post]
func (*AuthController) Logout ¶ added in v0.44.23
func (c *AuthController) Logout(w http.ResponseWriter, r *http.Request)
Logout send a client invalidated cookies to cease the session created before.
@Summary Log-out an user
@Description This function call's purpose is to sent void HTTP cookies to the caller. If the `refresh-token` sent with the request is valid, it is set to be purged from database and therefore cannot be used anymore.
@Tags auth
@Accept json
@Produce json
@Success 200 {object} common.APIResponse{data=auth.Logout.responseData} "Void cookies sent in response."
@Failure 429 {object} common.APIResponse{data=models.Stub} "Too many requests, try again later."
@Router /auth/logout [post]
type AuthService ¶ added in v0.44.23
type AuthService struct {
// contains filtered or unexported fields
}
type AuthUser ¶ added in v0.43.7
type AuthUser struct {
// Nickname is the user's very username.
Nickname string `json:"nickname" example:"alice"`
// Passphrase is a legacy format converted to string from a raw byte stream
// (do not use anymore as this will be removed in future versions).
Passphrase string `json:"passphrase" swaggerignore:"true"`
// PassphraseHex is a hexadecimal representation of a passphrase (a SHA-512 checksum).
// Use 'echo $PASS | sha512sum' for example to get the hex format.
PassphraseHex string `` /* 160-byte string literal not displayed */
}
Source Files
Click to show internal directories.
Click to hide internal directories.