sessionauth

package

v0.2.1 Latest Latest Go to latest Published: Dec 17, 2024 License: LGPL-3.0 Imports: 10 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go-bumbu/userauth

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CtxSetUserData(r *http.Request, data SessionData)
func NewCookieStore(HashKey, BlockKey []byte) (*sessions.CookieStore, error)
func NewFsStore(path string, HashKey, BlockKey []byte) (*sessions.FilesystemStore, error)
type Cfg
type Manager
- func New(cfg Cfg) (*Manager, error)
type SessionData
- func (d *SessionData) Verify()
type UserData
- func CtxGetUserData(r *http.Request) (UserData, error)

Constants ¶

View Source

const SessUserDataCtxKey ctxKey = "sessionUserData"

View Source

const SessionMngrName = "sessionAuth"

View Source

const (
	SessionName = "_c_auth"
)

Variables ¶

This section is empty.

Functions ¶

func CtxSetUserData ¶

func CtxSetUserData(r *http.Request, data SessionData)

CtxSetUserData will store a copy of relevant user data in the request context

func NewCookieStore ¶

func NewCookieStore(HashKey, BlockKey []byte) (*sessions.CookieStore, error)

func NewFsStore ¶

func NewFsStore(path string, HashKey, BlockKey []byte) (*sessions.FilesystemStore, error)

NewFsStore is a convenience function to generate a new File system store is uses a secure cookie to keep the session id

Types ¶

type Cfg ¶

type Cfg struct {
	// concrete store to handle the sessions at the backend, needs to implement the gorilla session store interface
	Store sessions.Store
	// rolling window session duration, will be renewed on subsequent requests,
	// e.g. if set to 24h, and you log in once a day, it will only expire at max MaxSessionDur
	// default is set to 1h
	SessionDur time.Duration
	AllowRenew bool
	// force a new login after this period, e.g. every 30 days, default is 24h
	MaxSessionDur time.Duration

	// time between the last session update, used to not overload the session store
	MinWriteSpace time.Duration
}

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

func New ¶

func New(cfg Cfg) (*Manager, error)

func (*Manager) FormAuthHandler ¶

func (sMngr *Manager) FormAuthHandler(auth userauth.LoginHandler, redirect string) http.Handler

FormAuthHandler is a simple session auth handler that will respond to a form POST request and login a user this can be used as simple implementations or as inspiration to customize an authentication middleware

func (*Manager) Get ¶

func (sMngr *Manager) Get(r *http.Request, name string) (*sessions.Session, error)

Get is a wrapper around session get that will ignore cookie error and return a new session

func (*Manager) GetSessData ¶

func (sMngr *Manager) GetSessData(r *http.Request) (SessionData, error)

GetSessData gets the user information out of the session store

func (*Manager) HandleAuth ¶

func (sMngr *Manager) HandleAuth(w http.ResponseWriter, r *http.Request) (allowAccess, stopEvaluation bool)

HandleAuth implements the authenticator.AuthHandler interface to allow to use session based in the authenticator

func (*Manager) JsonAuthHandler ¶

func (sMngr *Manager) JsonAuthHandler(auth userauth.LoginHandler) http.Handler

JsonAuthHandler is a simple session auth handler that will respond to a Json POST request and login a user this can be used as simple implementations or as inspiration to customize an authentication middleware

func (*Manager) LoginUser ¶

func (sMngr *Manager) LoginUser(r *http.Request, w http.ResponseWriter, userId string, sessionRenew bool) error

LoginUser will store the user as logged-in in the session store it is not explicitly needed to verify the authentication, but used in handlers that log in a user and initiate a session, e.g. see JsonAuthHandler

func (*Manager) LogoutHandler ¶

func (sMngr *Manager) LogoutHandler(redirect string) http.Handler

func (*Manager) LogoutUser ¶

func (sMngr *Manager) LogoutUser(r *http.Request, w http.ResponseWriter) error

LogoutUser is a convenience function to log out the current user based on the session information note that if the same user has multiple sessions this will not log out the other sessions

func (*Manager) Middleware ¶

func (sMngr *Manager) Middleware(next http.Handler) http.Handler

Middleware is a simple session auth middleware that will only allow access if the user is logged in this can be used as simple implementations or as inspiration to customize an authentication middleware

func (*Manager) Name ¶

func (sMngr *Manager) Name() string

type SessionData ¶

type SessionData struct {
	UserData

	// expiration of the session, e.g. 2 days, after a login is required, this value can be updated by "keep me logged in"
	Expiration      time.Time
	RenewExpiration bool
	// force re-auth, max time a session is valid, even if keep logged in is in place.
	ForceReAuth time.Time
	LastUpdate  time.Time
}

func (*SessionData) Verify ¶

func (d *SessionData) Verify()

type UserData ¶

type UserData struct {
	UserId          string // Key or username
	DeviceID        string // hold information about the device
	IsAuthenticated bool
}

func CtxGetUserData ¶

func CtxGetUserData(r *http.Request) (UserData, error)

CtxGetUserData extracts and verifies the user information from a request context the returned struct contains user information about the logged-in user

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL