README
¶
SUK - Single-use Keys
What if, instead of storing user information on the client side in a JWT token, you used a token containing a randomized key that holds client information on the server side? This session ID would be valid only for a specified duration and would expire immediately after use. This approach enhances security and minimizes the risk of unauthorized access.
This was intended to be used for web app authentication with HTTP cookies, but other applications may find it useful as well.
Need authentication? ───────────────────────────────┐
├── Yes │
│ └── Is the user key valid? │
│ ├── Yes │
│ │ └── Generate new one/Invalidate old one │
│ │ └── Continue execution normally ────┘
│ └── No
│ └── Authentication error
└── No
└── Well, ok then.
Getting Started
Getting SUK
go get -u github.com/ed-henrique/suk
Running SUK
package main
import (
"github.com/ed-henrique/suk"
)
func main() {
resource := "important stuff here!"
// Creates new session storage
ss, _ := suk.New(suk.WithAutoClearExpiredKeys())
// Removes session storage
defer suk.Destroy(ss)
// Sets resource to a randomly generated key
key, _ := ss.Set(resource)
// Gets the resource, invalidating the previous key
resource, newKey, _ := ss.Get(key)
// Removes both the key and the resource
ss.Remove(newKey)
}
Examples
Documentation
Please refer to this.
Decisions
- Multiple cookies can connect to a single session, but they are not aware of each other
- If all cookies to a session are used up, the reference to the session is lost
Roadmap
- Extensive testing
- Make implementation concurrent-safe
- Use better algorithm for random and strong keys (refer to this)
Documentation
¶
Overview ¶
Package suk offers easy server-side session management using single-use keys.
You may use an in-memory map (default) or a Redis client to hold your sessions. Do note that, when using an in-memory map, the session data is lost as soon as the program stops.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrNilRedisClient = errors.New("The given Redis client is nil.") ErrRedisClientAlreadySet = errors.New("A Redis client was already registered for this session storage.") ErrZeroKeyLength = errors.New("The given key length must be at least 1.") ErrNonPositiveKeyDuration = errors.New("The given key duration must be positive.") ErrNilRandomKeyGenerator = errors.New("The given random key generator function is nil.") ErrCustomKeyLengthAlreadySet = errors.New("A custom key length was already registered for this session storage.") ErrCustomKeyDurationAlreadySet = errors.New("A custom key duration was already registered for this session storage.") ErrAutoClearExpiredKeysAlreadySet = errors.New("Auto clear for expired keys was already set for this session storage.") )
Functions ¶
Types ¶
type Option ¶
type Option interface {
// contains filtered or unexported methods
}
func WithAutoClearExpiredKeys ¶
func WithAutoClearExpiredKeys() Option
WithAutoClearExpiredKeys automatically clears expired keys at intervals based on the set key expiration time. By default, the clearing process occurs every 10 minutes, but this can be adjusted by setting a different key expiration time using WithTokenDuration.
func WithCustomRandomKeyGenerator ¶
WithCustomRandomKeyGenerator sets a custom function to generate the keys.
func WithKeyDuration ¶
WithKeyDuration sets a custom duration for generated keys. The default is 10 minutes.
func WithKeyLength ¶
WithKeyLength sets a custom key length for generated keys. The default is 32, which gives an entropy of 192 for each key, which should be fine for most applications.
Be aware that low length keys are susceptible to guessing, as the entropy level goes down. To calculate entropy, do keyLength * log2(65).
type SessionStorage ¶
type SessionStorage struct {
// contains filtered or unexported fields
}
func (*SessionStorage) ClearExpired ¶
func (ss *SessionStorage) ClearExpired() error
ClearExpired removes all expired keys. For Redis, this function is a no-op as Redis handles expiration automatically. To enable similar behavior for the default syncMap, start the SessionStorage with the WithAutoClearExpiredKeys option.
func (*SessionStorage) Get ¶
func (ss *SessionStorage) Get(key string) (any, string, error)
Get retrieves the session and generates a new key for it.
func (*SessionStorage) Remove ¶
func (ss *SessionStorage) Remove(key string) error
Remove deletes the specified key and its associated value.
Source Files
Directories