README
¶
GOSH
GOSH (Golang, OAuth2, SQLite, HTMX)
Getting started
- Installation
go get github.com/gregckrausellc/gosh
- Generate TLS certificate and key
The cookies used by GOSH are all set in secure mode, which requires HTTPS.
openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out server.crt -keyout server.key
- Example usage
package main
import (
// Standard library
"database/sql"
"log"
"net/http"
"os"
// Third party
"github.com/gregckrausellc/gosh"
_ "github.com/mattn/go-sqlite3"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
func main() {
db, err := sql.Open("sqlite3", "./gosh.db")
if err != nil {
log.Fatal(err)
}
defer db.Close()
gosh.InitializeUserTable(db)
googleConfig := &oauth2.Config{
ClientID: os.Getenv("GOOGLE_OAUTH_CLIENT_ID"),
ClientSecret: os.Getenv("GOOGLE_OAUTH_CLIENT_SECRET"),
Scopes: []string{"openid"},
Endpoint: google.Endpoint,
RedirectURL: "https://localhost:443/auth/google/redirect",
}
mux := http.NewServeMux()
mux.HandleFunc("/auth/login", func(w http.ResponseWriter, r *http.Request) {
w.Write(gosh.LoginPage)
})
mux.HandleFunc("/auth/google/login", func(w http.ResponseWriter, r *http.Request) {
gosh.LoginHandler(w, r, googleConfig, gosh.GOOGLE)
})
mux.HandleFunc("/auth/google/redirect", func(w http.ResponseWriter, r *http.Request) {
gosh.RedirectHandler(w, r, gosh.GOOGLE)
})
mux.HandleFunc("/auth/google/exchange", func(w http.ResponseWriter, r *http.Request) {
gosh.ExchangeHandler(w, r, googleConfig, db)
})
mux.HandleFunc("/protected", func(w http.ResponseWriter, r *http.Request) {
w.Write(
[]byte("<html><body><h1>This route requires authentication</h1></body></html>"),
)
})
protectedMux := gosh.AuthMiddleware(mux, db)
log.Fatal(http.ListenAndServeTLS(":443", "server.crt", "server.key", protectedMux))
}
Documentation
¶
Index ¶
- Constants
- Variables
- func AuthMiddleware(next http.Handler, db *sql.DB) http.Handler
- func ExchangeHandler(w http.ResponseWriter, r *http.Request, c *oauth2.Config, d *sql.DB)
- func InitializeUserTable(db *sql.DB)
- func LoginHandler(w http.ResponseWriter, r *http.Request, c *oauth2.Config, p Provider)
- func RedirectHandler(w http.ResponseWriter, r *http.Request, p Provider)
- type Provider
Constants ¶
View Source
const OAUTH_STATE_LENGTH = 64
View Source
const SESSION_COOKIE_TTL = 60 // minutes
View Source
const SESSION_TOKEN_LENGTH = 256
Variables ¶
View Source
var LoginPage []byte
Functions ¶
func ExchangeHandler ¶
func InitializeUserTable ¶
func LoginHandler ¶
func RedirectHandler ¶
func RedirectHandler(w http.ResponseWriter, r *http.Request, p Provider)
Browsers may not include cookies on HTTP redirects. To address this, we can return an HTML redirect first. https://stackoverflow.com/questions/57026956/on-safari-cookies-are-not-saved-when-sent-with-redirect https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections#html_redirections
Types ¶
Source Files
Click to show internal directories.
Click to hide internal directories.