gosightauth

package

v0.0.0-...-520c4d9 Latest Latest Go to latest Published: May 13, 2025 License: GPL-3.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aaronlmathis/gosight

Links

Open Source Insights

Documentation ¶

Overview ¶

local.go: Handles login, registration, password validation.

mfa.go: Uses TOTP to generate QR codes/secrets and verify codes.

session.go: Handles signed cookies or token generation/validation.

Index ¶

Variables
func AccessLogMiddleware(next http.Handler) http.Handler
func AuthMiddleware(userStore userstore.UserStore) mux.MiddlewareFunc
func CheckPasswordHash(password, hash string) bool
func CheckRememberMFA(r *http.Request, userID string) bool
func ClearCookie(w http.ResponseWriter, name string)
func ClearRememberMFA(w http.ResponseWriter)
func ExtractRoleNames(roles []usermodel.Role) []string
func FlattenPermissions(roles []usermodel.Role) []string
func GenerateTOTPSecret(email string) (string, error)
func GenerateToken(userID string, roles []string, traceID string) (string, error)
func GetSessionToken(r *http.Request) (string, error)
func GetSessionUserID(r *http.Request) (string, error)
func HasAnyPermission(ctx context.Context, required ...string) bool
func HasAnyRole(roles []string, requiredRoles ...string) bool
func HasPermission(ctx context.Context, required string) bool
func HasRole(roles []string, required string) bool
func HashPassword(password string) (string, error)
func InitJWTSecret(encoded string) error
func InitMFAKey(encoded string) error
func InjectSessionContext(ctx context.Context, user *usermodel.User) context.Context
func LoadPendingMFA(r *http.Request) (string, error)
func RequireAnyPermissionWithStore(store userstore.UserStore, required ...string) func(http.Handler) http.Handler
func RequirePermission(required string, next http.Handler, userStore userstore.UserStore) http.Handler
func SavePendingMFA(userID string, w http.ResponseWriter)
func SetRememberMFA(w http.ResponseWriter, userID string, r *http.Request)
func SetSessionCookie(w http.ResponseWriter, token string)
func ValidateTOTP(secret, code string) bool
type AuthProvider
type GoogleAuth
- func (g *GoogleAuth) HandleCallback(w http.ResponseWriter, r *http.Request) (*usermodel.User, error)
- func (g *GoogleAuth) StartLogin(w http.ResponseWriter, r *http.Request)
type LocalAuth
- func (l *LocalAuth) HandleCallback(w http.ResponseWriter, r *http.Request) (*usermodel.User, error)
- func (l *LocalAuth) StartLogin(w http.ResponseWriter, r *http.Request)
type SessionClaims
- func GetSessionClaims(r *http.Request) (*SessionClaims, error)
- func ValidateToken(tokenStr string) (*SessionClaims, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidPassword = errors.New("invalid password")
	ErrInvalidTOTP     = errors.New("invalid TOTP code")
	ErrUserNotFound    = errors.New("user not found")
	ErrUnauthorized    = errors.New("unauthorized")
)

View Source

var ErrNoSession = errors.New("no session token found")

Functions ¶

func AccessLogMiddleware ¶

func AccessLogMiddleware(next http.Handler) http.Handler

func AuthMiddleware ¶

func AuthMiddleware(userStore userstore.UserStore) mux.MiddlewareFunc

func CheckPasswordHash ¶

func CheckPasswordHash(password, hash string) bool

func CheckRememberMFA ¶

func CheckRememberMFA(r *http.Request, userID string) bool

func ClearCookie ¶

func ClearCookie(w http.ResponseWriter, name string)

ClearCookie clears a cookie by setting its MaxAge to -1 and Expiration to the past

func ClearRememberMFA ¶

func ClearRememberMFA(w http.ResponseWriter)

func ExtractRoleNames ¶

func ExtractRoleNames(roles []usermodel.Role) []string

func FlattenPermissions ¶

func FlattenPermissions(roles []usermodel.Role) []string

func GenerateTOTPSecret ¶

func GenerateTOTPSecret(email string) (string, error)

TOTP MFA

func GenerateToken ¶

func GenerateToken(userID string, roles []string, traceID string) (string, error)

func GetSessionToken ¶

func GetSessionToken(r *http.Request) (string, error)

GetSessionToken retrieves the session token from cookie or header

func GetSessionUserID ¶

func GetSessionUserID(r *http.Request) (string, error)

Convenience: get user ID from session token in request

func HasAnyPermission ¶

func HasAnyPermission(ctx context.Context, required ...string) bool

func HasAnyRole ¶

func HasAnyRole(roles []string, requiredRoles ...string) bool

func HasPermission ¶

func HasPermission(ctx context.Context, required string) bool

HasPermission checks if the current context includes the given permission

func HasRole ¶

func HasRole(roles []string, required string) bool

func HashPassword ¶

func HashPassword(password string) (string, error)

Password Utilities

func InitJWTSecret ¶

func InitJWTSecret(encoded string) error

func InitMFAKey ¶

func InitMFAKey(encoded string) error

func InjectSessionContext ¶

func InjectSessionContext(ctx context.Context, user *usermodel.User) context.Context

func LoadPendingMFA ¶

func LoadPendingMFA(r *http.Request) (string, error)

LoadPendingMFA retrieves the pending MFA cookie

func RequireAnyPermissionWithStore ¶

func RequireAnyPermissionWithStore(store userstore.UserStore, required ...string) func(http.Handler) http.Handler

func RequirePermission ¶

func RequirePermission(required string, next http.Handler, userStore userstore.UserStore) http.Handler

func SavePendingMFA ¶

func SavePendingMFA(userID string, w http.ResponseWriter)

SavePendingMFA sets a cookie to remember the pending MFA for 5 minutes

func SetRememberMFA ¶

func SetRememberMFA(w http.ResponseWriter, userID string, r *http.Request)

SetRememberMFA sets a cookie to remember the MFA for 30 days - bind it to device

func SetSessionCookie ¶

func SetSessionCookie(w http.ResponseWriter, token string)

func ValidateTOTP ¶

func ValidateTOTP(secret, code string) bool

Types ¶

type AuthProvider ¶

type AuthProvider interface {
	StartLogin(w http.ResponseWriter, r *http.Request)
	HandleCallback(w http.ResponseWriter, r *http.Request) (*usermodel.User, error)
}

type GoogleAuth ¶

type GoogleAuth struct {
	OAuthConfig *oauth2.Config
	Store       userstore.UserStore
}

func (*GoogleAuth) HandleCallback ¶

func (g *GoogleAuth) HandleCallback(w http.ResponseWriter, r *http.Request) (*usermodel.User, error)

func (*GoogleAuth) StartLogin ¶

func (g *GoogleAuth) StartLogin(w http.ResponseWriter, r *http.Request)

type LocalAuth ¶

type LocalAuth struct {
	Store userstore.UserStore
}

func (*LocalAuth) HandleCallback ¶

func (l *LocalAuth) HandleCallback(w http.ResponseWriter, r *http.Request) (*usermodel.User, error)

func (*LocalAuth) StartLogin ¶

func (l *LocalAuth) StartLogin(w http.ResponseWriter, r *http.Request)

type SessionClaims ¶

type SessionClaims struct {
	UserID           string   `json:"sub"`
	Roles            []string `json:"roles,omitempty"`
	TraceID          string   `json:"trace_id,omitempty"`
	RolesRefreshedAt int64    `json:"roles_refreshed_at"`
	jwt.RegisteredClaims
}

func GetSessionClaims ¶

func GetSessionClaims(r *http.Request) (*SessionClaims, error)

GetSessionClaims retrieves the session claims from the request

func ValidateToken ¶

func ValidateToken(tokenStr string) (*SessionClaims, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
webauthn

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL