sessionauth

package module
v0.0.0-...-896c370 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 18, 2016 License: MIT Imports: 6 Imported by: 0

README

sessionauth wercker status

Purpose

This package provides a simple way to make routes require a login, and to handle user logins in the session. It should work with any user model that you have in your application, so long as your user model implements the login.User interface.

Please see the example program in the example/ directory.

Program Flow:

Every new request to Martini will generate an Anonymous login.User struct using the function passed to SessionUser. This should default to a zero value user model, and must implement the login.User interface. If a user exists in the request session, this user will be injected into every request handler. Otherwise the zero value object will be injected.

When a user visits any route with the LoginRequired handler, the login.User object will be examined with the IsAuthenticated() function. If the user is not authenticated, they will be redirected to a login page (/login).

To log your users in, you should create a POST route, and verify the user/password that was sent from the client. Due to the vast possibilities of doing this, you must be responsible for validating a user. Once that user is validated, call login.AuthenticateSession() to mark the session as authenticated.

Your user type should meet the login.User interface:

    type User interface {
        // Return whether this user is logged in or not
        IsAuthenticated() bool

        // Set any flags or extra data that should be available
        Login()

        // Clear any sensitive data out of the user
        Logout()

        // Return the unique identifier of this user object
        UniqueId() interface{}

        // Populate this user object with values
        GetById(id interface{}) error
   }

The SessionUser() Martini middleware will inject the login.User interface into your route handlers. These interfaces must be converted to your appropriate type to function correctly.

    func handler(user login.User, db *MyDB) {
        u := user.(*UserModel)
        db.Save(u)
    }

Documentation

Overview

Package login is a middleware for Martini that provides a simple way to track account sessions in on a website. Please see https://github.com/martini-contrib/sessionauth/blob/master/README.md for a more detailed description of the package.

Index

Constants

View Source 
const AUTH_UNIQUE_ID string = "AUTH_UNIQUE_ID"

Variables

View Source 
var (
	// RedirectUrl should be the relative URL for your login route
	RedirectUrl string = "/account/login"

	AdminRedirectUrl string = "/admin/account/login"

	// RedirectParam is the query string parameter that will be set
	// with the page the account was trying to visit before they were
	// intercepted.
	RedirectParam string = "next"
)

These are the default configuration values for this package. They can be set at anytime, probably during the initial setup of Martini.

Functions

func AdminRequired 

func AdminRequired(r render.Render, account Account, req *http.Request)

func AuthenticateSession 

func AuthenticateSession(s session.Store, account Account) error

AuthenticateSession will mark the session and account object as authenticated. Then the Login() account function will be called. This function should be called after you have validated a account.

func LoginRequired 

func LoginRequired(r render.Render, account Account, req *http.Request)

LoginRequired verifies that the current account is authenticated. Any routes that require a login should have this handler placed in the flow. If the account is not authenticated, they will be redirected to /login with the "next" get parameter set to the attempted URL.

func Logout 

func Logout(s session.Store, account Account)

Logout will clear out the session and call the Logout() account function.

func SessionAccount 

func SessionAccount(newAccount func() Account) martini.Handler

SessionAccount will try to read a unique account ID out of the session. Then it tries to populate an anonymous account object from the database based on that ID. If this is successful, the valid account is mapped into the context. Otherwise the anonymous account is mapped into the contact. The newUser() function should provide a valid 0value structure for the caller's account type.

func Update 

func Update(s session.Store, account Account) error

UpdateUser updates the Account object stored in the session. This is useful incase a change is made to the account model that needs to persist across requests.

Types

type Account 

type Account interface {
	// Return whether this account is logged in or not
	IsAuthenticated() bool

	IsAdmin() bool

	// Set any flags or extra data that should be available
	Login()

	// Clear any sensitive data out of the account
	Logout()

	// Return the unique identifier of this account object
	UniqueId() interface{}

	// Populate this account object with values
	GetById(id interface{}) (Account, error)
}

Account defines all the functions necessary to work with the account's authentication. The caller should implement these functions for whatever system of authentication they choose to use

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.