sessions

package
v0.15.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package sessions handles the storage, management, and validation of pomerium user sessions.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNoSessionFound is the error for when no session is found.
	ErrNoSessionFound = errors.New("internal/sessions: session is not found")

	// ErrMalformed is the error for when a session is found but is malformed.
	ErrMalformed = errors.New("internal/sessions: session is malformed")

	// ErrNotValidYet indicates that token is used before time indicated in nbf claim.
	ErrNotValidYet = errors.New("internal/sessions: validation failed, token not valid yet (nbf)")

	// ErrExpired indicates that token is used after expiry time indicated in exp claim.
	ErrExpired = errors.New("internal/sessions: validation failed, token is expired (exp)")

	// ErrExpiryRequired indicates that the token does not contain a valid expiry (exp) claim.
	ErrExpiryRequired = errors.New("internal/sessions: validation failed, token expiry (exp) is required")

	// ErrIssuedInTheFuture indicates that the iat field is in the future.
	ErrIssuedInTheFuture = errors.New("internal/sessions: validation field, token issued in the future (iat)")

	// ErrInvalidAudience indicated invalid aud claim.
	ErrInvalidAudience = errors.New("internal/sessions: validation failed, invalid audience claim (aud)")
)
View Source 
var (
	SessionCtxKey = &contextKey{"Session"}
	ErrorCtxKey   = &contextKey{"Error"}
)

Context keys

View Source 
var ErrMissingID = errors.New("invalid session: missing id")

ErrMissingID is the error for a session state that has no ID set.

Functions

func FromContext added in v0.4.0 

func FromContext(ctx context.Context) (string, error)

FromContext retrieves context values for the user session state and error.

func NewContext added in v0.4.0 

func NewContext(ctx context.Context, jwt string, err error) context.Context

NewContext sets context values for the user session state and error.

func RetrieveSession added in v0.4.0 

func RetrieveSession(s ...SessionLoader) func(http.Handler) http.Handler

RetrieveSession takes a slice of session loaders and tries to find a valid session in the order they were supplied and is added to the request's context

Types

type SessionLoader added in v0.4.0 

type SessionLoader interface {
	LoadSession(*http.Request) (string, error)
}

SessionLoader defines an interface for loading a session.

type SessionStore 

type SessionStore interface {
	SessionLoader
	ClearSession(http.ResponseWriter, *http.Request)
	SaveSession(http.ResponseWriter, *http.Request, interface{}) error
}

SessionStore defines an interface for loading, saving, and clearing a session.

type State added in v0.4.0 

type State struct {
	// Public claim values (as specified in RFC 7519).
	Issuer    string           `json:"iss,omitempty"`
	Subject   string           `json:"sub,omitempty"`
	Audience  jwt.Audience     `json:"aud,omitempty"`
	Expiry    *jwt.NumericDate `json:"exp,omitempty"`
	NotBefore *jwt.NumericDate `json:"nbf,omitempty"`
	IssuedAt  *jwt.NumericDate `json:"iat,omitempty"`
	ID        string           `json:"jti,omitempty"`

	// "ver" field is not standard, but is supported by most providers.
	Version Version `json:"ver,omitempty"`

	// Azure returns OID which should be used instead of subject.
	OID string `json:"oid,omitempty"`

	// Programmatic whether this state is used for machine-to-machine
	// programmatic access.
	Programmatic bool `json:"programmatic"`
}

State is our object that keeps track of a user's session state

func NewSession added in v0.9.0 

func NewSession(s *State, issuer string, audience []string) State

NewSession updates issuer, audience, and issuance timestamps but keeps parent expiry.

func (*State) IsExpired added in v0.8.0 

func (s *State) IsExpired() bool

IsExpired returns true if the users's session is expired.

func (*State) UnmarshalJSON added in v0.6.3 

func (s *State) UnmarshalJSON(data []byte) error

UnmarshalJSON returns a State struct from JSON. Additionally munges a user's session by using by setting `user` claim to `sub` if empty.

func (*State) UserID added in v0.10.0 

func (s *State) UserID(provider string) string

UserID returns the corresponding user ID for a session.

type Version added in v0.10.0 

type Version string

Version represents "ver" field in JWT public claims.

The field is not specified by RFC 7519, so providers can return either string or number (like okta).

func (*Version) String added in v0.10.0 

func (v *Version) String() string

String implements fmt.Stringer interface.

func (*Version) UnmarshalJSON added in v0.10.0 

func (v *Version) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface.

Source Files

View all Source files

Directories

Path Synopsis
Package cookie provides a cookie based implementation of session store and loader.
 Package cookie provides a cookie based implementation of session store and loader.
Package header provides a request header based implementation of a session loader.
 Package header provides a request header based implementation of a session loader.
Package mock provides a mock implementation of session store and loader.
 Package mock provides a mock implementation of session store and loader.
Package queryparam provides a query param based implementation of a both as session store and loader.
 Package queryparam provides a query param based implementation of a both as session store and loader.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.