Documentation ¶
Index ¶
- Constants
- Variables
- func FormLoginMiddleware(scheme *FormLoginScheme, userService oauth2.UserService, ...) goa.Middleware
- func NewStoreOAuth2ParamsMiddleware(sessionStore SessionStore, authorizeURL string) goa.Middleware
- type AuthorizeClientData
- type FormLoginScheme
- type SecureSessionStore
- func (s *SecureSessionStore) Clear(key string, rw http.ResponseWriter, req *http.Request) error
- func (s *SecureSessionStore) Get(key string, req *http.Request) (*string, error)
- func (s *SecureSessionStore) GetAs(key string, v interface{}, req *http.Request) error
- func (s *SecureSessionStore) Set(key, value string, rw http.ResponseWriter, req *http.Request) error
- func (s *SecureSessionStore) SetValue(key string, value interface{}, rw http.ResponseWriter, req *http.Request) error
- type SessionStore
Constants ¶
const SessionRedirectKey = "redirect"
SessionRedirectKey session key for the redirect URL
const SessionUserDataKey = "user"
SessionUserDataKey session key for the user data
Variables ¶
var BadRequest = goa.NewErrorClass("bad_request", 400)
BadRequest is a generic bad request error.
var Forbidden = goa.NewErrorClass("forbidden", 403)
Forbidden is an HTTP error issued when the authorization does not allow for the client to access the resource.
var ServerError = goa.NewErrorClass("server_error", 500)
ServerError is a generic HTTP server error.
Unauthorized is an HTTP error for unauthorized request (an authorization is required).
Functions ¶
func FormLoginMiddleware ¶
func FormLoginMiddleware(scheme *FormLoginScheme, userService oauth2.UserService, sessionStore SessionStore) goa.Middleware
FormLoginMiddleware creates new goa.Middleware for security and form-base authentication.
func NewStoreOAuth2ParamsMiddleware ¶
func NewStoreOAuth2ParamsMiddleware(sessionStore SessionStore, authorizeURL string) goa.Middleware
NewStoreOAuth2ParamsMiddleware creates goa.Middleware that stores the clientID in session.
Types ¶
type AuthorizeClientData ¶
type AuthorizeClientData struct { // The original authorize request URL (Path+Query params) that the client has made. // The client will be redirected here after successful confirmation by the user. AuthorizeRequest string // ClientID is the client identifier. ClientID string // Confirmed whether the user confirmed that the client can access the data and can be issued an access token. Confirmed bool }
AuthorizeClientData holds the data needed for authorization. Usually kept in the session. It is used to propery redirect back to the "authorize" OAuth2 action.
type FormLoginScheme ¶
type FormLoginScheme struct { // PostURL is the URL to which the user credentials are submitted and checked. For example: "/check_credentials". PostURL string // LoginURL is the URL on which the user is redirected to log in. A login form is displayed. Example: "/login". LoginURL string ConfirmURL string // EmailField is the name of the input field (and POST parameter) for the email user credential. EmailField string // PasswordField is the name of the input field (and POST parameter) for the password user credential. PasswordField string // IgnoreURLs is a list of URLs that are to be ignored by this authentication middleware and are considered public. IgnoreURLs []string }
FormLoginScheme holds the configuration for a Form-based user login and authentication. This is used for creating new form-login based authentication Middleware.
type SecureSessionStore ¶
type SecureSessionStore struct { // SessionName is the name of the session store. SessionName string // Store is the actual sessions.Store. Store sessions.Store }
SecureSessionStore holds the values for a secure session implementation using Go's sessions library.
func (*SecureSessionStore) Clear ¶
func (s *SecureSessionStore) Clear(key string, rw http.ResponseWriter, req *http.Request) error
Clear clears the value associated with this key from the session store.
func (*SecureSessionStore) GetAs ¶
func (s *SecureSessionStore) GetAs(key string, v interface{}, req *http.Request) error
GetAs retrieves user-defined typed value from the session. The value is retireved as JSON string, then deserialized.
func (*SecureSessionStore) Set ¶
func (s *SecureSessionStore) Set(key, value string, rw http.ResponseWriter, req *http.Request) error
Set stores a new value associated with the provided key in the session store.
func (*SecureSessionStore) SetValue ¶
func (s *SecureSessionStore) SetValue(key string, value interface{}, rw http.ResponseWriter, req *http.Request) error
SetValue stores a typed value associated with the provided key in the session store. The value is serialized to JSON, then stored as string.
type SessionStore ¶
type SessionStore interface { // Get retrieves a string value from the user session. Get(key string, req *http.Request) (*string, error) // GetAs retrieves a value from the user session and decodes it to a generic type. GetAs(key string, v interface{}, req *http.Request) error // Set stores a string value under the provided key in the user session. Set(key, value string, rw http.ResponseWriter, req *http.Request) error // SetValue stores a user-defined type value in the session. The value is deserialized and then stored. SetValue(key string, value interface{}, rw http.ResponseWriter, req *http.Request) error // Clear removes the value associated with the key from the user session. Clear(key string, rw http.ResponseWriter, req *http.Request) error }
SessionStore defines an interface for interacting with the user session. This is an abstraction to allow transparent use od cookies-based session or session persisted by other mechanisms (database, redis store etc).