auth

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2026 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const SessionTableDDL = `` /* 308-byte string literal not displayed */

SessionTableDDL is the CREATE TABLE statement for the sessions table. Call PGSessionStore.Migrate to execute it.

Variables

View Source 
var ErrAPIKeyNotFound = errors.New("api key not found")
View Source 
var ErrInvalidHash = errors.New("invalid password hash")
View Source 
var ErrOAuthStateInvalid = errors.New("invalid oauth state")
View Source 
var ErrSessionNotFound = errors.New("session not found")

Functions

func ActorFromContext 

func ActorFromContext(ctx context.Context) (admin.Actor, bool)

func CSRFMiddleware 

func CSRFMiddleware(next http.Handler) http.Handler

func ContextWithActor added in v0.6.0 

func ContextWithActor(ctx context.Context, actor admin.Actor) context.Context

func HashPassword 

func HashPassword(password string, config PasswordConfig) (string, error)

func IssueCSRF 

func IssueCSRF(w http.ResponseWriter, secure bool) (string, error)

func VerifyPassword 

func VerifyPassword(password, encoded string) (bool, error)

Types

type APIKey added in v0.6.0 

type APIKey struct {
	ID         string      `json:"id"`
	Name       string      `json:"name"`
	Prefix     string      `json:"prefix"`
	Scopes     []string    `json:"scopes"`
	Actor      admin.Actor `json:"actor"`
	ExpiresAt  *time.Time  `json:"expires_at,omitempty"`
	LastUsedAt *time.Time  `json:"last_used_at,omitempty"`
	RevokedAt  *time.Time  `json:"revoked_at,omitempty"`
	CreatedAt  time.Time   `json:"created_at"`
}

type APIKeyManager added in v0.6.0 

type APIKeyManager interface {
	Authenticate(ctx context.Context, rawKey string) (admin.Actor, APIKey, bool, error)
	Create(ctx context.Context, input CreateAPIKeyInput) (APIKey, string, error)
	List(ctx context.Context, actor admin.Actor) ([]APIKey, error)
	Revoke(ctx context.Context, id string, actor admin.Actor) error
}

type CacheSessionStore added in v0.4.0 

type CacheSessionStore struct {
	Cache  cache.Cache
	Prefix string
}

CacheSessionStore stores sessions in any cache.Cache implementation. Use it with Redis, Memcached, Dragonfly, KeyDB, or an existing app cache.

func NewCacheSessionStore added in v0.4.0 

func NewCacheSessionStore(c cache.Cache) *CacheSessionStore

func (*CacheSessionStore) Create added in v0.4.0 

func (s *CacheSessionStore) Create(ctx context.Context, actor admin.Actor, ttl time.Duration) (Session, error)

func (*CacheSessionStore) Delete added in v0.4.0 

func (s *CacheSessionStore) Delete(ctx context.Context, id string) error

func (*CacheSessionStore) Get added in v0.4.0 

func (s *CacheSessionStore) Get(ctx context.Context, id string) (Session, error)

type CreateAPIKeyInput added in v0.6.0 

type CreateAPIKeyInput struct {
	Name      string
	Actor     admin.Actor
	Scopes    []string
	ExpiresIn time.Duration
}

type MemorySessionStore 

type MemorySessionStore struct {
	// contains filtered or unexported fields
}

func NewMemorySessionStore 

func NewMemorySessionStore() *MemorySessionStore

func (*MemorySessionStore) Create 

func (s *MemorySessionStore) Create(_ context.Context, actor admin.Actor, ttl time.Duration) (Session, error)

func (*MemorySessionStore) Delete 

func (s *MemorySessionStore) Delete(_ context.Context, id string) error

func (*MemorySessionStore) Get 

func (s *MemorySessionStore) Get(_ context.Context, id string) (Session, error)

type OAuthIdentity added in v0.6.0 

type OAuthIdentity struct {
	Provider    string         `json:"provider"`
	Subject     string         `json:"subject"`
	Email       string         `json:"email"`
	Name        string         `json:"name"`
	AccessToken string         `json:"-"`
	Raw         map[string]any `json:"raw"`
}

type OAuthProvider added in v0.6.0 

type OAuthProvider struct {
	Name           string
	ClientID       string
	ClientSecret   string
	AuthURL        string
	TokenURL       string
	UserInfoURL    string
	Scopes         []string
	UserIDField    string
	UserEmailField string
	UserNameField  string
}

func GoogleOAuthProvider added in v0.6.0 

func GoogleOAuthProvider(clientID, clientSecret string) OAuthProvider

func (OAuthProvider) AuthorizationURL added in v0.6.0 

func (p OAuthProvider) AuthorizationURL(redirectURI, state string) string

func (OAuthProvider) Exchange added in v0.6.0 

func (p OAuthProvider) Exchange(ctx context.Context, code, redirectURI string) (OAuthIdentity, error)

type OAuthState added in v0.6.0 

type OAuthState struct {
	Provider    string    `json:"provider"`
	State       string    `json:"state"`
	SuccessURL  string    `json:"success_url"`
	FailureURL  string    `json:"failure_url"`
	RequestedAt time.Time `json:"requested_at"`
}

type OAuthStateManager added in v0.6.0 

type OAuthStateManager struct {
	SigningSecret string
	CookieName    string
	Secure        bool
}

func (OAuthStateManager) Begin added in v0.6.0 

func (m OAuthStateManager) Begin(w http.ResponseWriter, state OAuthState) (string, error)

func (OAuthStateManager) Clear added in v0.6.0 

func (m OAuthStateManager) Clear(w http.ResponseWriter)

func (OAuthStateManager) Verify added in v0.6.0 

func (m OAuthStateManager) Verify(r *http.Request, state string) (OAuthState, error)

type PGAPIKeys added in v0.6.0 

type PGAPIKeys struct {
	// contains filtered or unexported fields
}

func NewPGAPIKeys added in v0.6.0 

func NewPGAPIKeys(pool *pgxpool.Pool) *PGAPIKeys

func (*PGAPIKeys) Authenticate added in v0.6.0 

func (s *PGAPIKeys) Authenticate(ctx context.Context, rawKey string) (admin.Actor, APIKey, bool, error)

func (*PGAPIKeys) Create added in v0.6.0 

func (s *PGAPIKeys) Create(ctx context.Context, input CreateAPIKeyInput) (APIKey, string, error)

func (*PGAPIKeys) List added in v0.6.0 

func (s *PGAPIKeys) List(ctx context.Context, actor admin.Actor) ([]APIKey, error)

func (*PGAPIKeys) Migrate added in v0.6.0 

func (s *PGAPIKeys) Migrate(ctx context.Context) error

func (*PGAPIKeys) Revoke added in v0.6.0 

func (s *PGAPIKeys) Revoke(ctx context.Context, id string, actor admin.Actor) error

type PGSessionStore 

type PGSessionStore struct {
	// contains filtered or unexported fields
}

PGSessionStore is a PostgreSQL-backed SessionStore. Use NewPGSessionStore to construct it, then call Migrate once at startup.

func NewPGSessionStore 

func NewPGSessionStore(pool *pgxpool.Pool) *PGSessionStore

NewPGSessionStore creates a PGSessionStore backed by the supplied pool.

func (*PGSessionStore) Cleanup 

func (s *PGSessionStore) Cleanup(ctx context.Context) (int64, error)

Cleanup deletes all expired sessions and returns the number of rows removed. Schedule this periodically (e.g. every hour) to keep the table small.

func (*PGSessionStore) Create 

func (s *PGSessionStore) Create(ctx context.Context, actor admin.Actor, ttl time.Duration) (Session, error)

Create inserts a new session for actor with the given TTL and returns it.

func (*PGSessionStore) Delete 

func (s *PGSessionStore) Delete(ctx context.Context, id string) error

Delete removes a session. It is not an error if the session does not exist.

func (*PGSessionStore) Get 

func (s *PGSessionStore) Get(ctx context.Context, id string) (Session, error)

Get retrieves a non-expired session by ID. Returns ErrSessionNotFound when the session does not exist or has expired.

func (*PGSessionStore) Migrate 

func (s *PGSessionStore) Migrate(ctx context.Context) error

Migrate creates the sessions table and index if they do not exist. Call this once at application startup before handling any requests.

type PasswordConfig 

type PasswordConfig struct {
	Memory      uint32
	Iterations  uint32
	Parallelism uint8
	SaltLength  uint32
	KeyLength   uint32
}

func DefaultPasswordConfig 

func DefaultPasswordConfig() PasswordConfig

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

func NewRateLimiter 

func NewRateLimiter(limit int, window time.Duration) *RateLimiter

func (*RateLimiter) Allow 

func (l *RateLimiter) Allow(key string) bool

func (*RateLimiter) Middleware 

func (l *RateLimiter) Middleware(next http.Handler) http.Handler

type Session 

type Session struct {
	ID        string
	Actor     admin.Actor
	ExpiresAt time.Time
	CreatedAt time.Time
}

type SessionManager 

type SessionManager struct {
	Store      SessionStore
	CookieName string
	TTL        time.Duration
	Secure     bool
	SameSite   http.SameSite
}

func NewSessionManager 

func NewSessionManager(store SessionStore) *SessionManager

func (*SessionManager) End 

func (m *SessionManager) End(ctx context.Context, w http.ResponseWriter, r *http.Request) error

func (*SessionManager) Middleware 

func (m *SessionManager) Middleware(next http.Handler) http.Handler

func (*SessionManager) Start 

func (m *SessionManager) Start(ctx context.Context, w http.ResponseWriter, actor admin.Actor) (Session, error)

type SessionStore 

type SessionStore interface {
	Create(ctx context.Context, actor admin.Actor, ttl time.Duration) (Session, error)
	Get(ctx context.Context, id string) (Session, error)
	Delete(ctx context.Context, id string) error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.