Documentation
¶
Index ¶
- Constants
- Variables
- func AccessCookie(c *echo.Context) (*http.Cookie, error)
- func ComparePassword(hash, password string) error
- func HashPassword(password string) (string, error)
- func RefreshCookie(c *echo.Context) (*http.Cookie, error)
- func RequireAuth(manager *Manager) echo.MiddlewareFunc
- func SetViewer(c *echo.Context, viewer *Viewer)
- type Claims
- type KeyStore
- func (s *KeyStore) ActiveSigningKey(ctx context.Context, tokenType string) (*SigningKey, error)
- func (s *KeyStore) CreateSigningKey(ctx context.Context, tokenType string, verifyOldFor time.Duration) (*SigningKey, *SigningKey, error)
- func (s *KeyStore) DeleteSigningKey(ctx context.Context, keyID uuid.UUID) error
- func (s *KeyStore) EnsureReady(ctx context.Context) error
- func (s *KeyStore) ExpireSigningKey(ctx context.Context, keyID uuid.UUID, verifyFor time.Duration) (*SigningKey, error)
- func (s *KeyStore) VerificationKey(ctx context.Context, keyID uuid.UUID, tokenType string, now time.Time) (*SigningKey, error)
- type Manager
- func (m *Manager) ClearAuthCookies(c *echo.Context)
- func (m *Manager) IssueTokens(ctx context.Context, userID uuid.UUID) (TokenPair, error)
- func (m *Manager) ParseAccessToken(ctx context.Context, token string) (*Claims, error)
- func (m *Manager) ParseRefreshToken(ctx context.Context, token string) (*Claims, error)
- func (m *Manager) SetAuthCookies(c *echo.Context, pair TokenPair)
- type SigningKey
- type TokenPair
- type Viewer
Constants ¶
View Source
const ( TokenTypeAccess = "access" TokenTypeRefresh = "refresh" )
Variables ¶
View Source
var ( ErrInvalidTokenType = errors.New("token type must be access or refresh") ErrNoActiveSigningKey = errors.New("no active signing key configured") ErrSigningKeyNotFound = errors.New("signing key not found") ErrCannotDeleteActiveKey = errors.New("active signing keys must be rotated or expired before deletion") ErrNegativeVerificationGrace = errors.New("verification grace period must be non-negative") )
Functions ¶
func ComparePassword ¶
func HashPassword ¶
func RequireAuth ¶
func RequireAuth(manager *Manager) echo.MiddlewareFunc
Types ¶
type Claims ¶
type Claims struct {
TokenType string `json:"token_type"`
jwt.RegisteredClaims
}
type KeyStore ¶
type KeyStore struct {
// contains filtered or unexported fields
}
func NewKeyStore ¶
func (*KeyStore) ActiveSigningKey ¶
func (*KeyStore) CreateSigningKey ¶
func (s *KeyStore) CreateSigningKey(ctx context.Context, tokenType string, verifyOldFor time.Duration) (*SigningKey, *SigningKey, error)
func (*KeyStore) DeleteSigningKey ¶
func (*KeyStore) ExpireSigningKey ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func (*Manager) ClearAuthCookies ¶
func (*Manager) IssueTokens ¶
func (*Manager) ParseAccessToken ¶
func (*Manager) ParseRefreshToken ¶
type SigningKey ¶
type Viewer ¶
func CurrentViewer ¶
CurrentViewer returns the authenticated viewer for the current request, or a synthetic guest viewer when no session is present. The boolean reports whether an authenticated viewer was found — a false result always pairs with the guest sentinel, so callers can safely call HasRole or read Roles without a nil check.
Source Files
Click to show internal directories.
Click to hide internal directories.