abclientstate

package module
v0.0.0-...-0b930a6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 13, 2023 License: MIT Imports: 8 Imported by: 15

README

Authboss Client State

Session and Cookie ClientStateRW implementations using Gorilla.

Assuming you're using Gorilla in your web application you can easily use this package to augment Gorilla to be used with authboss or use this package's wrappers directly.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CookieState 

type CookieState map[string]string

CookieState is an authboss.ClientState implementation to hold cookie state for the duration of the request

func (CookieState) Get 

func (c CookieState) Get(key string) (string, bool)

Get a cookie's value

type CookieStorer 

type CookieStorer struct {
	Cookies []string
	*securecookie.SecureCookie

	// Defaults empty
	Domain string
	// Defaults to /
	Path string
	// Defaults to 1 month
	MaxAge int
	// Defaults to true
	HTTPOnly bool
	// Defaults to true
	Secure bool
	// Samesite defaults to 0 or "off"
	SameSite http.SameSite
}

CookieStorer writes and reads cookies to an underlying gorilla secure cookie storage.

Because it embeds the SecureCookie piece this can be used as the cookie storage for your entire application (rather than only as a stub for authboss).

func NewCookieStorer 

func NewCookieStorer(hashKey, blockKey []byte) CookieStorer

NewCookieStorer constructor simply wraps the constructor for securecookie.New. The parameters are the hash key and the block key.

The hash key is required to authenticate the cookie with HMAC (32 or 64 bytes)

The block key is optional to encrypt the cookie value (set to nil to disable encryption) For AES (the default encryption algorithm) 16, 24, or 32 byte keys select AES-128, AES-192, AES-256 respectively.

Ensure you verify the security options for the cookie on the CookieStorer.

This documentation was copied from securecookie.New and is prone to doc-rot. Please consult the documentation there too.

func NewCookieStorerFromExisting 

func NewCookieStorerFromExisting(storage *securecookie.SecureCookie) CookieStorer

NewCookieStorerFromExisting takes a preconfigured secure cookie instance and simply uses it.

Ensure you verify the additional security options for the cookie on the CookieStorer. This method creates a cookie storer with the options tuned for high security by default.

func (CookieStorer) ReadState 

func (c CookieStorer) ReadState(r *http.Request) (authboss.ClientState, error)

ReadState from the request

func (CookieStorer) WriteState 

func (c CookieStorer) WriteState(w http.ResponseWriter, state authboss.ClientState, ev []authboss.ClientStateEvent) error

WriteState to the responsewriter

type SessionState 

type SessionState struct {
	// contains filtered or unexported fields
}

SessionState is an authboss.ClientState implementation that holds the request's session values for the duration of the request.

func (SessionState) Get 

func (s SessionState) Get(key string) (string, bool)

Get a key from the session

type SessionStorer 

type SessionStorer struct {
	Name string

	sessions.Store
}

SessionStorer stores sessions in a gorilla session store. By default it's backed by cookies, but this can be overridden by changing the underlying store manually or using the appropriate constructor.

func NewSessionStorer 

func NewSessionStorer(sessionName string, keypairs ...[]byte) SessionStorer

NewSessionStorer creates a new gorilla sessions.CookieStore and uses that for underlying storage.

The sessionName is the name that will be used for the session cookie on the client (one session has many values).

Also it takes pairs of keys (hmac auth, encryption), and if doing key rotation multiple of these pairs. The second key of the pair should be set to nil if encryption isn't desired.

Authentication keys should be 32 or 64 bytes. Encryption keys should be 16, 24, or 32 bytes for AES-128, AES-192, and AES-256 respectively.

This creates the session storer with the most secure options: MaxAge=0, Secure=true, HttpOnly=true. You can change them after it's created by converting the Store or simply create your own sessions.NewCookieStore and set its options manually.

These docs are prone to doc-rot since they're copied from the gorilla session store documentation.

func NewSessionStorerFromExisting 

func NewSessionStorerFromExisting(sessionName string, store sessions.Store) SessionStorer

NewSessionStorerFromExisting takes a store object that's already configured and uses it directly. This can be anything that satisfies the interface.

sessionName is the name of the cookie/file/whatever on the client or on the filesystem etc.

func (SessionStorer) ReadState 

func (s SessionStorer) ReadState(r *http.Request) (authboss.ClientState, error)

ReadState loads the session from the request context

func (SessionStorer) WriteState 

func (s SessionStorer) WriteState(w http.ResponseWriter, state authboss.ClientState, ev []authboss.ClientStateEvent) error

WriteState to the responsewriter

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.