authguardexample

package
v0.12.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 27, 2026 License: MPL-2.0 Imports: 4 Imported by: 0

README

Auth Guard Example

This example shows the experimental 0.x auth addon around generated guards and CSRF-protected actions.

Run from this directory:

make check
make routes
make build
GOWDK_AUTH_SESSION_SECRET=development-auth-session-secret-32bytes GOWDK_CSRF_SECRET=development-auth-csrf-secret-32bytes GOWDK_ADDR=127.0.0.1:8094 bin/auth-guard

Open http://127.0.0.1:8094/.

The example sets auth.Options.Insecure so localhost HTTP works. Real apps should leave that option false when serving behind HTTPS.

Use:

email: demo@example.com
password: demo-password

Files

  • gowdk.config.go: enables auth.Addon(auth.Options{...}) and ssr.Addon(), declares the required session and CSRF secrets, and builds one generated binary.
  • src/authguard/auth.go: owns demo credentials, password verification, login/logout handlers, and SSR load data in normal Go. Generated auth startup owns the default session manager and auth.required guard.
  • src/authguard/login.page.gwdk: public login route and CSRF-protected login action.
  • src/authguard/dashboard.page.gwdk: protected SSR dashboard with guard auth.required, role:user and a CSRF-protected logout action.

Ownership

GOWDK owns generated route dispatch, guard execution order, CSRF token injection/validation, signed session cookie helpers, default auth.required, and native RBAC guard checks. The app owns users, credential policy, durable storage, custom guard decisions, and backend resource authorization.

Runtime secrets are separate: GOWDK_AUTH_SESSION_SECRET signs sessions and GOWDK_CSRF_SECRET signs generated action tokens. Both must be stable environment values of at least 32 bytes. Secret values are not stored in config.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Config = gowdk.Config{
	AppName: "GOWDK Auth Guard",
	Source: gowdk.SourceConfig{
		Include: []string{"src/**/*.gwdk"},
	},
	Env: gowdk.EnvConfig{
		Secrets: []gowdk.SecretEnv{
			{Name: "GOWDK_AUTH_SESSION_SECRET", Required: true, MinBytes: 32},
			{Name: "GOWDK_CSRF_SECRET", Required: true, MinBytes: 32},
		},
	},
	Build: gowdk.BuildConfig{
		Output: "examples/auth-guard/dist",
		CSRF: gowdk.CSRFConfig{
			Insecure: true,
		},
		Targets: []gowdk.BuildTargetConfig{
			{
				Name:   "auth-guard",
				Output: "examples/auth-guard/dist",
				App:    "examples/auth-guard/.gowdk/app",
				Binary: "examples/auth-guard/bin/auth-guard",
			},
		},
	},
	CSS: gowdk.CSSConfig{
		Include: []string{"examples/auth-guard/styles/**/*.css"},
		Output: gowdk.CSSOutputConfig{
			Dir:        "assets/gowdk",
			HrefPrefix: "/assets/gowdk",
		},
	},
	Addons: []gowdk.Addon{
		authaddon.Addon(authaddon.Options{
			SecretEnv:  "GOWDK_AUTH_SESSION_SECRET",
			CookieName: "gowdk_auth_guard_session",
			TTL:        12 * time.Hour,
			Insecure:   true,
		}),
		ssr.Addon(),
	},
}

Functions

This section is empty.

Types

This section is empty.

Directories

Path Synopsis
src

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL