Documentation
¶
Index ¶
- Constants
- Variables
- func CheckPassword(hash, password string) bool
- func HashPassword(password string) (string, error)
- func NewSessionToken() (string, error)
- func NewTOTPSecret(email string) (secret string, otpauthURL string, err error)
- func NormalizeTOTPCode(code string) string
- func ProvisioningLabel(email string) string
- func QRCodeDataURI(otpauthURL string) (string, error)
- func RequireAdmin(next http.Handler) http.Handler
- func RequireAuth(svc *Service) func(http.Handler) http.Handler
- func TOTPURL(email, secret string) string
- func TrimPassword(pw string) string
- func UserFromContext(ctx context.Context) (*store.User, bool)
- func ValidEmail(email string) bool
- func ValidPassword(pw string) bool
- func ValidTOTPCode(secret, code string) bool
- func WithUser(ctx context.Context, u *store.User) context.Context
- type Service
- func (s *Service) Authenticate(ctx context.Context, email, password string) (*store.User, bool, error)
- func (s *Service) ClearPendingCookie(w http.ResponseWriter)
- func (s *Service) ClearSessionCookie(w http.ResponseWriter)
- func (s *Service) CompletePendingLogin(ctx context.Context, pendingID string) (string, *store.User, error)
- func (s *Service) CookieName() string
- func (s *Service) CreateSession(ctx context.Context, userID int64, remember bool) (string, error)
- func (s *Service) Login(ctx context.Context, email, password string, remember bool) (string, *store.User, error)
- func (s *Service) Logout(ctx context.Context, token string) error
- func (s *Service) PendingIDFromRequest(r *http.Request) (string, error)
- func (s *Service) SetPendingCookie(w http.ResponseWriter, pendingID string)
- func (s *Service) SetSessionCookie(w http.ResponseWriter, token string, remember bool)
- func (s *Service) StartPendingLogin(ctx context.Context, userID int64, remember bool) (string, error)
- func (s *Service) UserFromRequest(ctx context.Context, r *http.Request) (*store.User, error)
- func (s *Service) VerifyUserTOTP(ctx context.Context, userID int64, code string) (bool, error)
Constants ¶
View Source
const PasswordPolicy = "at least 8 characters with letters and numbers"
PasswordPolicy describes password rules for UI copy.
Variables ¶
View Source
var ErrTOTPRequired = errors.New("totp required")
Functions ¶
func CheckPassword ¶
func HashPassword ¶
func NewSessionToken ¶
func NewTOTPSecret ¶
NewTOTPSecret generates a base32 secret for the given account email.
func NormalizeTOTPCode ¶
NormalizeTOTPCode strips spaces from user input.
func ProvisioningLabel ¶
ProvisioningLabel formats the manual-entry label shown during setup.
func QRCodeDataURI ¶
QRCodeDataURI returns a PNG data URI for an otpauth URL.
func TrimPassword ¶
TrimPassword treats whitespace-only passwords as empty.
func ValidEmail ¶
ValidEmail checks local@domain.tld (domain must include a dot before the TLD).
func ValidPassword ¶
ValidPassword requires length, letter+digit mix, and rejects trivial repeats.
func ValidTOTPCode ¶
ValidTOTPCode checks a 6-digit authenticator code against the stored secret.
Types ¶
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewService ¶
func NewService(st *store.Store, cfg config.SessionCfg) *Service
func (*Service) Authenticate ¶
func (s *Service) Authenticate(ctx context.Context, email, password string) (*store.User, bool, error)
Authenticate verifies email/password. The bool is true when 2FA is enabled.
func (*Service) ClearPendingCookie ¶
func (s *Service) ClearPendingCookie(w http.ResponseWriter)
func (*Service) ClearSessionCookie ¶
func (s *Service) ClearSessionCookie(w http.ResponseWriter)
func (*Service) CompletePendingLogin ¶
func (*Service) CookieName ¶
func (*Service) CreateSession ¶
func (*Service) PendingIDFromRequest ¶
func (*Service) SetPendingCookie ¶
func (s *Service) SetPendingCookie(w http.ResponseWriter, pendingID string)
func (*Service) SetSessionCookie ¶
func (s *Service) SetSessionCookie(w http.ResponseWriter, token string, remember bool)
func (*Service) StartPendingLogin ¶
func (*Service) UserFromRequest ¶
Click to show internal directories.
Click to hide internal directories.