middleware

package
v0.0.0-...-f27dfd7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2026 License: BSD-2-Clause Imports: 16 Imported by: 0

Documentation

Overview

Package middleware provides HTTP authentication and session management.

Index

Constants

View Source 
const (
	// SessionMaxAge is the maximum age of a session in seconds (8 hours)
	SessionMaxAge = 8 * 60 * 60
	// IVSize is the size of random bytes to generate (24 bytes = 32 base64 chars)
	IVSize = 24
)

Variables

View Source 
var (
	ErrUserNotFound    = errors.New("user not found")
	ErrInvalidPassword = errors.New("invalid password")
	ErrSessionExpired  = errors.New("session expired")
	ErrUserNoCompany   = errors.New("user has no company assigned")
	ErrInvalidAPIKey   = errors.New("invalid API key")
)

Sentinel errors for authentication failures.

Functions

func ClearSessionCookie 

func ClearSessionCookie(w http.ResponseWriter)

ClearSessionCookie sends an expired cookie to clear the session.

func Companies 

func Companies(sessCipher string) (map[string]Entity, error)

Companies returns the companies a user has access to (session-based).

func CompaniesByEmail 

func CompaniesByEmail(email string) map[string]Entity

CompaniesByEmail returns the companies a user has access to by email.

func CompanyAllowed 

func CompanyAllowed(company, email string) (bool, error)

CompanyAllowed checks if a user has access to a company.

func GitCredentials 

func GitCredentials() (string, string)

GitCredentials returns configured git user and token

func HTTPAuth 

func HTTPAuth(next http.Handler) http.Handler

HTTPAuth is middleware that validates session or API key authentication.

func HTTPLog 

func HTTPLog(next http.Handler) http.Handler

HTTPLog is middleware that logs HTTP requests with timing.

func Init 

func Init() error

Init loads the entities configuration.

func LocalOnly 

func LocalOnly(next http.Handler) http.Handler

LocalOnly is middleware that restricts access to localhost.

func Login 

func Login(email, pass string) (string, error)

Login authenticates a user and returns a session cookie if valid.

Types

type Entities 

type Entities struct {
	IV      string `json:"-"`
	Version int

	GitUser  string `json:"-"`
	GitToken string `json:"-"`

	Company map[string]Entity
	User    []User
}

Entities contains all company and user configuration.

type Entity 

type Entity struct {
	Years       []string
	YearRevenue map[string]string // Revenue per year (EUR)

	Name string
	COC  string
	VAT  string
	IBAN string
	BIC  string
	Salt string `json:"-"`
}

Entity represents a company configuration.

func CompanyByName 

func CompanyByName(name string) *Entity

CompanyByName finds a company by name.

type Sess 

type Sess struct {
	Email   string
	Created int64
	Version int
}

Sess represents an authenticated user session.

type User 

type User struct {
	Email    string
	Hash     string `json:"-"`
	Company  []string
	Name     string
	Address1 string
	Address2 string
	APIKey   string `json:"-"` // Optional API key for programmatic access
}

User represents a user with access to companies.

func UserByEmail 

func UserByEmail(email string) *User

UserByEmail finds a user by their email address.

func ValidateAPIKey 

func ValidateAPIKey(key string) (*User, error)

ValidateAPIKey validates an API key and returns the associated user. Uses constant-time comparison to prevent timing attacks.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.