Documentation
¶
Overview ¶
Package auth manages authentication for the motki application.
Index ¶
- Constants
- func CSRFTokenFromSession(s *session.Session) (string, bool)
- type Authenticator
- type Authorizer
- type EveAPIAuthorizer
- func (p *EveAPIAuthorizer) AuthorizedContext(s *Session, r model.Role) (context.Context, error)
- func (p *EveAPIAuthorizer) BeginAuthorization(s *Session, r model.Role, w http.ResponseWriter, req *http.Request)
- func (p *EveAPIAuthorizer) FinishAuthorization(s *Session, req *http.Request) error
- func (p *EveAPIAuthorizer) InvalidateAuthorization(s *Session, r model.Role) error
- type FormLoginAuthenticator
- func (p *FormLoginAuthenticator) BeginAuthentication(s *session.Session, w http.ResponseWriter, req *http.Request)
- func (p *FormLoginAuthenticator) FinishAuthentication(s *session.Session, req *http.Request) (*Session, error)
- func (p *FormLoginAuthenticator) VerifyAuthentication(s *session.Session) (*Session, bool)
- type Manager
- type Session
- type User
Constants ¶
const AuthenticatedUserSessionKey = "__motki_user_id"
Once a user is authenticated, this key will be populated in the user's session. It will contain the current user ID.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Authenticator ¶
type Authenticator interface { // BeginAuthentication begins the authentication process. BeginAuthentication(s *session.Session, w http.ResponseWriter, r *http.Request) // FinishAuthentication completes the authentication process, returning an authenticated session. FinishAuthentication(s *session.Session, r *http.Request) (*Session, error) // VerifyAuthentication authenticates the session using stored details. VerifyAuthentication(s *session.Session) (*Session, bool) }
An Authenticator implements an authentication mechanism using a user's session.
Generally, an HTTP handler requiring authentication should be wrapped using the package level auth.Handle or auth.HandleFunc methods. If the handler does not require authorized access to any resources, the role model.RoleAnon can be used to skip any further authorization.
func NewFormLoginAuthenticator ¶
NewFormLoginAuthenticator creates a new authenticator for use with form logins.
type Authorizer ¶
type Authorizer interface { // BeginAuthorization begins the authorization process for the given role. BeginAuthorization(s *Session, r model.Role, w http.ResponseWriter, req *http.Request) // FinishAuthorization completes the authorization process, returning an error if it fails. FinishAuthorization(s *Session, req *http.Request) error // InvalidateAuthorizations removes any associated data for the given role from the session. InvalidateAuthorization(s *Session, r model.Role) error // AuthorizedContext returns a Context with authorization information inside. AuthorizedContext(s *Session, r model.Role) (context.Context, error) }
An Authorizer implements an authorization mechanism using a user's session.
Functionality in the Authorizer requires previously authenticated user Sessions.
The general pattern is to use the package level auth.Handle or auth.HandleFunc to wrap your HTTP handler in a middleware that will ensure the user is authorized for the role specified.
Once authorization is complete, the package level function auth.AuthorizedContext can be used inside HTTP handlers to retrieve a Context with necessary token information to access a given resource.
func NewEveAPIAuthorizer ¶
NewEveAPIAuthorizer creates a new authenticator using the given API client.
type EveAPIAuthorizer ¶
type EveAPIAuthorizer struct {
// contains filtered or unexported fields
}
EveAPIAuthorizer is an authentication authenticator using the EVE SSO.
func (*EveAPIAuthorizer) AuthorizedContext ¶
AuthorizedContext creates a context with the authorized token information stored in an authenticated session.
This method will attempt to load the necessary EVE API token for the given role from the user's authenticated session. If that fails, it will fall-back to loading the token from the database.
Once loaded, the EVE API token is refreshed, updated in the database, and a context containing the token information is returned.
func (*EveAPIAuthorizer) BeginAuthorization ¶
func (p *EveAPIAuthorizer) BeginAuthorization(s *Session, r model.Role, w http.ResponseWriter, req *http.Request)
BeginAuthorization starts the authorization process.
The state is a nonce that is stored on the session and verified in the successful authentication request. This method redirects to the OAuth2 endpoint on the EVE SSO site. Once the user logs in, they will be directed to the configured "return_url" which should call FinishAuth.
func (*EveAPIAuthorizer) FinishAuthorization ¶
func (p *EveAPIAuthorizer) FinishAuthorization(s *Session, req *http.Request) error
FinishAuthorization completes the authorization process.
The state is loaded from the session and checked against the request. Once the user logs into EVE SSO, they should be directed to a handler that calls this method.
The access token and refresh token, along with the character ID and name are stored on the session.
func (*EveAPIAuthorizer) InvalidateAuthorization ¶
func (p *EveAPIAuthorizer) InvalidateAuthorization(s *Session, r model.Role) error
type FormLoginAuthenticator ¶
type FormLoginAuthenticator struct {
// contains filtered or unexported fields
}
FormLoginAuthenticator is an authenticator using database-backed users and form logins.
func (*FormLoginAuthenticator) BeginAuthentication ¶
func (p *FormLoginAuthenticator) BeginAuthentication(s *session.Session, w http.ResponseWriter, req *http.Request)
BeginAuthentication starts the authentication process.
This function generates a CSRF token and redirects the user to the login form.
func (*FormLoginAuthenticator) FinishAuthentication ¶
func (p *FormLoginAuthenticator) FinishAuthentication(s *session.Session, req *http.Request) (*Session, error)
FinishAuthentication completes the authentication process.
This function verifies the submitted information against what is stored in the database. If the verification passes, an authenticated user session is started.
func (*FormLoginAuthenticator) VerifyAuthentication ¶
func (p *FormLoginAuthenticator) VerifyAuthentication(s *session.Session) (*Session, bool)
VerifyAuthentication checks for an existing authentication in the current session.
This function checks the given session for authentication information and a valid user session. If the user session is valid, an authenticated user session is continued.
type Manager ¶
type Manager struct { Authenticator Authorizer Sessions session.Manager }
A Manager is a wrapper around an Authenticator, Authorizer, and session manager.
func NewManager ¶
func NewManager(authenticator Authenticator, authorizer Authorizer, sessions session.Manager) Manager
NewManager creates a new Manager, ready for use.