README
¶
Auth
Configuration
Auth requires 2 environment variables are defined, either within the operating system's env variables or with env_variables in the app.yaml file.
env_variables:
CSRF_SECRET: 87q3weirufsdljhf;sdf...o8a7wer
ANON_UUID: p9q874ruwiskadjfkjsdf...iausd
Documentation
¶
Index ¶
- Constants
- Variables
- func AuthCookieName() string
- func NewCSRFToken(r *http.Request) string
- func SetAuthCookieToken(w http.ResponseWriter, uuid string, keepCookie bool)
- func Signout(c context.Context, w http.ResponseWriter, r *http.Request) error
- func SignupByAPI(c context.Context, w http.ResponseWriter, r *http.Request, creds *Credentials) (*datastore.Key, error)
- func SignupByForm(c context.Context, w http.ResponseWriter, r *http.Request, creds *Credentials, ...) (*datastore.Key, error)
- func VerifyCSRFToken(c context.Context, w http.ResponseWriter, r *http.Request) context.Context
- func VerifyReferrer(c context.Context, w http.ResponseWriter, r *http.Request) context.Context
- type Account
- type AccountSvc
- type CredentialStore
- func (s *CredentialStore) Create(c context.Context, creds *Credentials, accountKey *datastore.Key) (*datastore.Key, error)
- func (s *CredentialStore) GetAccountKeyByProvider(c context.Context, creds *Credentials) (*datastore.Key, error)
- func (s *CredentialStore) GetByAccount(c context.Context, accountKey *datastore.Key, dst interface{}) ([]*datastore.Key, error)
- func (s *CredentialStore) GetByUsername(c context.Context, username string, dst interface{}) ([]*datastore.Key, error)
- func (s CredentialStore) SetPassword(c context.Context, password string, tokenUUID string) error
- func (s CredentialStore) UpdatePassword(c context.Context, currentPassword, newPassword string, ...) error
- type Credentials
- type Middleware
- type Session
- type Token
- func AuthenticateForm(c context.Context, w http.ResponseWriter, r *http.Request, creds *Credentials, ...) (*Token, error)
- func AuthenticateHeader(c context.Context, w http.ResponseWriter, r *http.Request, creds *Credentials) (*Token, error)
- func GetToken(c context.Context, r *http.Request) (*Token, error)
- type TokenSvc
Constants ¶
const ( AccountStateUnconfirmed = iota AccountStateConfirmed AccountStateSuspended AccountStateTerminated )
Variables ¶
var ( ErrNoCookie = errors.New("no cookie found") ErrNoAuthToken = errors.New("no header auth token found") )
Errors
var ( ErrMissingToken = errors.New("no auth token found") ErrNoSuchAccount = errors.New("failed to find account") )
Errors
var ErrInvalidToken = errors.New("invalid token")
var ErrMultipleCredentialsFound = errors.New("more than one credential found")
var ErrNoCredentialsFound = errors.New("no credentials found")
var ErrPasswordMismatch = errors.New("invalid password match")
Functions ¶
func SetAuthCookieToken ¶
func SetAuthCookieToken(w http.ResponseWriter, uuid string, keepCookie bool)
func Signout ¶
Signout deletes the token in the response to the client as well as deletes the token in the database to ensure it is no longer usable
func SignupByAPI ¶
func SignupByAPI(c context.Context, w http.ResponseWriter, r *http.Request, creds *Credentials) (*datastore.Key, error)
func SignupByForm ¶
func SignupByForm(c context.Context, w http.ResponseWriter, r *http.Request, creds *Credentials, keepCookie bool) (*datastore.Key, error)
Signup creates a user account and links up the credentials. Based on the request type an auth cookie or header token will be set with an auth token.
func VerifyCSRFToken ¶
VerifyCSRFToken middleware method to check token
func VerifyReferrer ¶
VerifyReferrer middlware validates the referer header matches the request url's host
Types ¶
type AccountSvc ¶
type AccountSvc struct {
// contains filtered or unexported fields
}
func NewAccountSvc ¶
func NewAccountSvc() AccountSvc
func (AccountSvc) Create ¶
func (s AccountSvc) Create(c context.Context, creds *Credentials) (*datastore.Key, error)
Create creates a new account
func (AccountSvc) GetAccountKeyByCredentials ¶
func (s AccountSvc) GetAccountKeyByCredentials(c context.Context, creds *Credentials) (*datastore.Key, error)
GetAccountKeyByCredentials fetches the account matching the auth provider credentials
type CredentialStore ¶
CredentialStore .
func (*CredentialStore) Create ¶
func (s *CredentialStore) Create(c context.Context, creds *Credentials, accountKey *datastore.Key) (*datastore.Key, error)
Create .
func (*CredentialStore) GetAccountKeyByProvider ¶
func (s *CredentialStore) GetAccountKeyByProvider(c context.Context, creds *Credentials) (*datastore.Key, error)
GetAccountKeyByProvider .
func (*CredentialStore) GetByAccount ¶
func (s *CredentialStore) GetByAccount(c context.Context, accountKey *datastore.Key, dst interface{}) ([]*datastore.Key, error)
GetByAccount .
func (*CredentialStore) GetByUsername ¶
func (s *CredentialStore) GetByUsername(c context.Context, username string, dst interface{}) ([]*datastore.Key, error)
GetByUsername .
func (CredentialStore) SetPassword ¶
SetPassword allows the user to set their password to a new value when providing a token linked to the account
func (CredentialStore) UpdatePassword ¶
func (s CredentialStore) UpdatePassword(c context.Context, currentPassword, newPassword string, accountKey *datastore.Key) error
UpdatePassword allows the user to set their password to a new value when providing their current password
type Credentials ¶
type Credentials struct {
ae.Model
// passed in on initial signup since looking up credentials by non-key cols
// may result in an empty dataset
AccountKey *datastore.Key `json:"accountKey" datastore:"-"`
// oauth
ProviderID string `json:"providerId"`
ProviderName string `json:"providerName"`
// token is not saved
ProviderToken string `json:"providerToken" datastore:"-"`
// username / password
Username string `json:"username"`
Password string `json:"password"`
}
Credentials contain authentication details for various providers / methods
func (*Credentials) Valid ¶
func (c *Credentials) Valid() error
Valid indicates if the credentials are valid for one of the two credential types
type Middleware ¶
type Middleware struct {
// Reference to the session that is used to set/get account data
Session Session
// Whether the request should be allowed to continue if the token has expired, or no token exists.
// This is useful for pages or endpoints that render/return differently based on whethe the user
// is authenticated or not
ContinueWithBadToken bool
// The signin URL of the web app that the middleware will redirect to on failed cookie auth
SignInURL string
}
Middleware .
func (*Middleware) AuthenticateCookie ¶
func (m *Middleware) AuthenticateCookie(c context.Context, w http.ResponseWriter, r *http.Request) context.Context
AuthenticateCookie authenticates the token with a request cookie
func (*Middleware) AuthenticateToken ¶
func (m *Middleware) AuthenticateToken(c context.Context, w http.ResponseWriter, r *http.Request) context.Context
AuthenticateToken authenticates the Authorization request header token
type Session ¶
type Session struct{}
Session provides helper methods to get and set the account key within the request context
func (*Session) AccountKey ¶
AccountKey return the *datastore.Key value for the account
func (*Session) SetAccountKey ¶
SetAccountKey sets the key in the request context to allow for later access
type Token ¶
type Token struct {
ae.Model
UUID string `json:"uuid"`
Expiry time.Time `json:"expiry" datastore:",noindex"`
}
Token is a child to Account
func AuthenticateForm ¶
func AuthenticateForm(c context.Context, w http.ResponseWriter, r *http.Request, creds *Credentials, keepCookie bool) (*Token, error)
func AuthenticateHeader ¶
func AuthenticateHeader(c context.Context, w http.ResponseWriter, r *http.Request, creds *Credentials) (*Token, error)
Authenticate .
func GetToken ¶
GetToken returns the *Token value for the raw token value contained within the auth cookie or auth header
Source Files