README
¶
Permissions 
Middleware for keeping track of users, login states and permissions.
Online API Documentation
Features and limitations
- Uses secure cookies and stores user information in a Redis database.
- Suitable for running a local Redis server, registering/confirming users and managing public/user/admin pages.
- Also supports connecting to remote Redis servers.
- Does not support SQL databases. For MariaDB/MySQL support, look into permissionsql.
- For Bolt database support (no database host needed, uses a file), look into permissionbolt.
- For PostgreSQL database support (using the HSTORE feature), look into pstore.
- Supports registration and confirmation via generated confirmation codes.
- Tries to keep things simple.
- Only supports public, user and admin permissions out of the box, but offers functionality for implementing more fine grained permissions, if so desired.
- The default permissions can be cleared with the
Clear()function. - Supports Negroni, Martini, Gin, Goji and plain
net/http. - Should also work with other frameworks, since the standard
http.HandlerFuncis used everywhere.
Requirements
- Redis >= 2.6.12
- Go >= 1.5
Example for Negroni
package main
import (
"fmt"
"net/http"
"strings"
"log"
"github.com/urfave/negroni"
"github.com/xyproto/permissions2"
)
func main() {
n := negroni.Classic()
mux := http.NewServeMux()
// New permissions middleware
perm, err := permissions.New2()
if err != nil {
log.Fatalln(err)
}
// Blank slate, no default permissions
//perm.Clear()
// Get the userstate, used in the handlers below
userstate := perm.UserState()
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "Has user bob: %v\n", userstate.HasUser("bob"))
fmt.Fprintf(w, "Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
fmt.Fprintf(w, "Is confirmed: %v\n", userstate.IsConfirmed("bob"))
fmt.Fprintf(w, "Username stored in cookies (or blank): %v\n", userstate.Username(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(req))
fmt.Fprintf(w, "\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
})
mux.HandleFunc("/register", func(w http.ResponseWriter, req *http.Request) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
fmt.Fprintf(w, "User bob was created: %v\n", userstate.HasUser("bob"))
})
mux.HandleFunc("/confirm", func(w http.ResponseWriter, req *http.Request) {
userstate.MarkConfirmed("bob")
fmt.Fprintf(w, "User bob was confirmed: %v\n", userstate.IsConfirmed("bob"))
})
mux.HandleFunc("/remove", func(w http.ResponseWriter, req *http.Request) {
userstate.RemoveUser("bob")
fmt.Fprintf(w, "User bob was removed: %v\n", !userstate.HasUser("bob"))
})
mux.HandleFunc("/login", func(w http.ResponseWriter, req *http.Request) {
userstate.Login(w, "bob")
fmt.Fprintf(w, "bob is now logged in: %v\n", userstate.IsLoggedIn("bob"))
})
mux.HandleFunc("/logout", func(w http.ResponseWriter, req *http.Request) {
userstate.Logout("bob")
fmt.Fprintf(w, "bob is now logged out: %v\n", !userstate.IsLoggedIn("bob"))
})
mux.HandleFunc("/makeadmin", func(w http.ResponseWriter, req *http.Request) {
userstate.SetAdminStatus("bob")
fmt.Fprintf(w, "bob is now administrator: %v\n", userstate.IsAdmin("bob"))
})
mux.HandleFunc("/clear", func(w http.ResponseWriter, req *http.Request) {
userstate.ClearCookie(w)
fmt.Fprintf(w, "Clearing cookie")
})
mux.HandleFunc("/data", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "user page that only logged in users must see!")
})
mux.HandleFunc("/admin", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
fmt.Fprintf(w, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Custom handler for when permissions are denied
perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {
http.Error(w, "Permission denied!", http.StatusForbidden)
})
// Enable the permissions middleware
n.Use(perm)
// Use mux for routing, this goes last
n.UseHandler(mux)
// Serve
n.Run(":3000")
}
Example for Martini
package main
import (
"fmt"
"net/http"
"strings"
"log"
"github.com/go-martini/martini"
"github.com/xyproto/permissions2"
)
func main() {
m := martini.Classic()
// New permissions middleware
perm, err := permissions.New2()
if err != nil {
log.Fatalln(err)
}
// Blank slate, no default permissions
//perm.Clear()
// Get the userstate, used in the handlers below
userstate := perm.UserState()
m.Get("/", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "Has user bob: %v\n", userstate.HasUser("bob"))
fmt.Fprintf(w, "Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
fmt.Fprintf(w, "Is confirmed: %v\n", userstate.IsConfirmed("bob"))
fmt.Fprintf(w, "Username stored in cookies (or blank): %v\n", userstate.Username(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(req))
fmt.Fprintf(w, "\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
})
m.Get("/register", func(w http.ResponseWriter) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
fmt.Fprintf(w, "User bob was created: %v\n", userstate.HasUser("bob"))
})
m.Get("/confirm", func(w http.ResponseWriter) {
userstate.MarkConfirmed("bob")
fmt.Fprintf(w, "User bob was confirmed: %v\n", userstate.IsConfirmed("bob"))
})
m.Get("/remove", func(w http.ResponseWriter) {
userstate.RemoveUser("bob")
fmt.Fprintf(w, "User bob was removed: %v\n", !userstate.HasUser("bob"))
})
m.Get("/login", func(w http.ResponseWriter) {
userstate.Login(w, "bob")
fmt.Fprintf(w, "bob is now logged in: %v\n", userstate.IsLoggedIn("bob"))
})
m.Get("/logout", func(w http.ResponseWriter) {
userstate.Logout("bob")
fmt.Fprintf(w, "bob is now logged out: %v\n", !userstate.IsLoggedIn("bob"))
})
m.Get("/makeadmin", func(w http.ResponseWriter) {
userstate.SetAdminStatus("bob")
fmt.Fprintf(w, "bob is now administrator: %v\n", userstate.IsAdmin("bob"))
})
m.Get("/clear", func(w http.ResponseWriter) {
userstate.ClearCookie(w)
fmt.Fprintf(w, "Clearing cookie")
})
m.Get("/data", func(w http.ResponseWriter) {
fmt.Fprintf(w, "user page that only logged in users must see!")
})
m.Get("/admin", func(w http.ResponseWriter) {
fmt.Fprintf(w, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
fmt.Fprintf(w, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Set up a middleware handler for Martini, with a custom "permission denied" message.
permissionHandler := func(w http.ResponseWriter, req *http.Request, c martini.Context) {
// Check if the user has the right admin/user rights
if perm.Rejected(w, req) {
// Deny the request
http.Error(w, "Permission denied!", http.StatusForbidden)
// Reject the request by not calling the next handler below
return
}
// Call the next middleware handler
c.Next()
}
// Enable the permissions middleware
m.Use(permissionHandler)
// Serve
m.Run()
}
Example for Gin
package main
import (
"fmt"
"net/http"
"strings"
"log"
"github.com/gin-gonic/gin"
"github.com/xyproto/permissions2"
)
func main() {
g := gin.New()
// New permissions middleware
perm, err := permissions.New2()
if err != nil {
log.Fatalln(err)
}
// Blank slate, no default permissions
//perm.Clear()
// Set up a middleware handler for Gin, with a custom "permission denied" message.
permissionHandler := func(c *gin.Context) {
// Check if the user has the right admin/user rights
if perm.Rejected(c.Writer, c.Request) {
// Deny the request, don't call other middleware handlers
c.AbortWithStatus(http.StatusForbidden)
fmt.Fprint(c.Writer, "Permission denied!")
return
}
// Call the next middleware handler
c.Next()
}
// Logging middleware
g.Use(gin.Logger())
// Enable the permissions middleware, must come before recovery
g.Use(permissionHandler)
// Recovery middleware
g.Use(gin.Recovery())
// Get the userstate, used in the handlers below
userstate := perm.UserState()
g.GET("/", func(c *gin.Context) {
msg := ""
msg += fmt.Sprintf("Has user bob: %v\n", userstate.HasUser("bob"))
msg += fmt.Sprintf("Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
msg += fmt.Sprintf("Is confirmed: %v\n", userstate.IsConfirmed("bob"))
msg += fmt.Sprintf("Username stored in cookies (or blank): %v\n", userstate.Username(c.Request))
msg += fmt.Sprintf("Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(c.Request))
msg += fmt.Sprintf("Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(c.Request))
msg += fmt.Sprintln("\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
c.String(http.StatusOK, msg)
})
g.GET("/register", func(c *gin.Context) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
c.String(http.StatusOK, fmt.Sprintf("User bob was created: %v\n", userstate.HasUser("bob")))
})
g.GET("/confirm", func(c *gin.Context) {
userstate.MarkConfirmed("bob")
c.String(http.StatusOK, fmt.Sprintf("User bob was confirmed: %v\n", userstate.IsConfirmed("bob")))
})
g.GET("/remove", func(c *gin.Context) {
userstate.RemoveUser("bob")
c.String(http.StatusOK, fmt.Sprintf("User bob was removed: %v\n", !userstate.HasUser("bob")))
})
g.GET("/login", func(c *gin.Context) {
// Headers will be written, for storing a cookie
userstate.Login(c.Writer, "bob")
c.String(http.StatusOK, fmt.Sprintf("bob is now logged in: %v\n", userstate.IsLoggedIn("bob")))
})
g.GET("/logout", func(c *gin.Context) {
userstate.Logout("bob")
c.String(http.StatusOK, fmt.Sprintf("bob is now logged out: %v\n", !userstate.IsLoggedIn("bob")))
})
g.GET("/makeadmin", func(c *gin.Context) {
userstate.SetAdminStatus("bob")
c.String(http.StatusOK, fmt.Sprintf("bob is now administrator: %v\n", userstate.IsAdmin("bob")))
})
g.GET("/clear", func(c *gin.Context) {
userstate.ClearCookie(c.Writer)
c.String(http.StatusOK, "Clearing cookie")
})
g.GET("/data", func(c *gin.Context) {
c.String(http.StatusOK, "user page that only logged in users must see!")
})
g.GET("/admin", func(c *gin.Context) {
c.String(http.StatusOK, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
c.String(http.StatusOK, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Serve
g.Run(":3000")
}
Example for Goji
package main
import (
"fmt"
"net/http"
"strings"
"log"
"github.com/xyproto/permissions2"
"github.com/zenazn/goji"
)
func main() {
// New permissions middleware
perm, err := permissions.New2()
if err != nil {
log.Fatalln(err)
}
// Blank slate, no default permissions
//perm.Clear()
// Get the userstate, used in the handlers below
userstate := perm.UserState()
goji.Get("/", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "Has user bob: %v\n", userstate.HasUser("bob"))
fmt.Fprintf(w, "Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
fmt.Fprintf(w, "Is confirmed: %v\n", userstate.IsConfirmed("bob"))
fmt.Fprintf(w, "Username stored in cookies (or blank): %v\n", userstate.Username(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(req))
fmt.Fprintf(w, "\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
})
goji.Get("/register", func(w http.ResponseWriter, req *http.Request) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
fmt.Fprintf(w, "User bob was created: %v\n", userstate.HasUser("bob"))
})
goji.Get("/confirm", func(w http.ResponseWriter, req *http.Request) {
userstate.MarkConfirmed("bob")
fmt.Fprintf(w, "User bob was confirmed: %v\n", userstate.IsConfirmed("bob"))
})
goji.Get("/remove", func(w http.ResponseWriter, req *http.Request) {
userstate.RemoveUser("bob")
fmt.Fprintf(w, "User bob was removed: %v\n", !userstate.HasUser("bob"))
})
goji.Get("/login", func(w http.ResponseWriter, req *http.Request) {
userstate.Login(w, "bob")
fmt.Fprintf(w, "bob is now logged in: %v\n", userstate.IsLoggedIn("bob"))
})
goji.Get("/logout", func(w http.ResponseWriter, req *http.Request) {
userstate.Logout("bob")
fmt.Fprintf(w, "bob is now logged out: %v\n", !userstate.IsLoggedIn("bob"))
})
goji.Get("/makeadmin", func(w http.ResponseWriter, req *http.Request) {
userstate.SetAdminStatus("bob")
fmt.Fprintf(w, "bob is now administrator: %v\n", userstate.IsAdmin("bob"))
})
goji.Get("/clear", func(w http.ResponseWriter, req *http.Request) {
userstate.ClearCookie(w)
fmt.Fprintf(w, "Clearing cookie")
})
goji.Get("/data", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "user page that only logged in users must see!")
})
goji.Get("/admin", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
fmt.Fprintf(w, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Custom "permissions denied" message
perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {
http.Error(w, "Permission denied!", http.StatusForbidden)
})
// Permissions middleware for Goji
permissionHandler := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
// Check if the user has the right admin/user rights
if perm.Rejected(w, req) {
// Deny the request
perm.DenyFunction()(w, req)
return
}
// Serve the requested page
next.ServeHTTP(w, req)
})
}
// Enable the permissions middleware
goji.Use(permissionHandler)
// Goji will listen to port 8000 by default
goji.Serve()
}
Example for just net/http
package main
import (
"fmt"
"log"
"net/http"
"strings"
"time"
"github.com/xyproto/permissions2"
"github.com/xyproto/pinterface"
)
type permissionHandler struct {
// perm is a Permissions structure that can be used to deny requests
// and acquire the UserState. By using `pinterface.IPermissions` instead
// of `*permissions.Permissions`, the code is compatible with not only
// `permissions2`, but also other modules that uses other database
// backends, like `permissionbolt` which uses Bolt.
perm pinterface.IPermissions
// The HTTP multiplexer
mux *http.ServeMux
}
// Implement the ServeHTTP method to make a permissionHandler a http.Handler
func (ph *permissionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
// Check if the user has the right admin/user rights
if ph.perm.Rejected(w, req) {
// Let the user know, by calling the custom "permission denied" function
ph.perm.DenyFunction()(w, req)
// Reject the request
return
}
// Serve the requested page if permissions were granted
ph.mux.ServeHTTP(w, req)
}
func main() {
mux := http.NewServeMux()
// New permissions middleware
perm, err := permissions.New2()
if err != nil {
log.Fatalln(err)
}
// Blank slate, no default permissions
//perm.Clear()
// Get the userstate, used in the handlers below
userstate := perm.UserState()
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "Has user bob: %v\n", userstate.HasUser("bob"))
fmt.Fprintf(w, "Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
fmt.Fprintf(w, "Is confirmed: %v\n", userstate.IsConfirmed("bob"))
fmt.Fprintf(w, "Username stored in cookies (or blank): %v\n", userstate.Username(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(req))
fmt.Fprintf(w, "\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
})
mux.HandleFunc("/register", func(w http.ResponseWriter, req *http.Request) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
fmt.Fprintf(w, "User bob was created: %v\n", userstate.HasUser("bob"))
})
mux.HandleFunc("/confirm", func(w http.ResponseWriter, req *http.Request) {
userstate.MarkConfirmed("bob")
fmt.Fprintf(w, "User bob was confirmed: %v\n", userstate.IsConfirmed("bob"))
})
mux.HandleFunc("/remove", func(w http.ResponseWriter, req *http.Request) {
userstate.RemoveUser("bob")
fmt.Fprintf(w, "User bob was removed: %v\n", !userstate.HasUser("bob"))
})
mux.HandleFunc("/login", func(w http.ResponseWriter, req *http.Request) {
userstate.Login(w, "bob")
fmt.Fprintf(w, "bob is now logged in: %v\n", userstate.IsLoggedIn("bob"))
})
mux.HandleFunc("/logout", func(w http.ResponseWriter, req *http.Request) {
userstate.Logout("bob")
fmt.Fprintf(w, "bob is now logged out: %v\n", !userstate.IsLoggedIn("bob"))
})
mux.HandleFunc("/makeadmin", func(w http.ResponseWriter, req *http.Request) {
userstate.SetAdminStatus("bob")
fmt.Fprintf(w, "bob is now administrator: %v\n", userstate.IsAdmin("bob"))
})
mux.HandleFunc("/clear", func(w http.ResponseWriter, req *http.Request) {
userstate.ClearCookie(w)
fmt.Fprintf(w, "Clearing cookie")
})
mux.HandleFunc("/data", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "user page that only logged in users must see!")
})
mux.HandleFunc("/admin", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
fmt.Fprintf(w, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Custom handler for when permissions are denied
perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {
http.Error(w, "Permission denied!", http.StatusForbidden)
})
// Configure the HTTP server and permissionHandler struct
s := &http.Server{
Addr: ":3000",
Handler: &permissionHandler{perm, mux},
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
}
log.Println("Listening for requests on port 3000")
// Start listening
log.Fatal(s.ListenAndServe())
}
Default permissions
- The /admin path prefix has admin rights by default.
- These path prefixes have user rights by default: /repo and /data
- These path prefixes are public by default: /, /login, /register, /style, /img, /js, /favicon.ico, /robots.txt and /sitemap_index.xml
The default permissions can be cleared with the Clear() function.
Password hashing
- bcrypt is used by default for hashing passwords. sha256 is also supported.
- By default, all new password will be hashed with bcrypt.
- For backwards compatibility, old password hashes with the length of a sha256 hash will be checked with sha256. To disable this behavior, and only ever use bcrypt, add this line:
userstate.SetPasswordAlgo("bcrypt")
Coding style
- The code shall always be formatted with
go fmt.
Setting and getting properties for users
- Setting a property:
username := "bob"
propertyName := "clever"
propertyValue := "yes"
userstate.Users().Set(username, propertyName, propertyValue)
- Getting a property:
username := "bob"
propertyName := "clever"
propertyValue, err := userstate.Users().Get(username, propertyName)
if err != nil {
log.Print(err)
return err
}
fmt.Printf("%s is %s: %s\n", username, propertyName, propertyValue)
Passing userstate between functions, files and to other Go packages
Using the *pinterface.IUserState type (from the pinterface package) makes it possible to pass UserState structs between functions, also in other packages. By using this interface, it is possible to seamlessly change the database backend from, for instance, Redis (permissions2) to BoltDB (permissionbolt). pstore, permissionsql, permissionbolt and permissions2 are interchangeable.
General information
- Version: 2.5
- License: MIT
- Alexander F Rødseth <xyproto@archlinux.org>
Documentation
¶
Overview ¶
Package permissions provides a way to keep track of users, login states and permissions.
Index ¶
- Constants
- func PermissionDenied(w http.ResponseWriter, req *http.Request)
- func ValidUsernamePassword(username, password string) error
- type Permissions
- func (perm *Permissions) AddAdminPath(prefix string)
- func (perm *Permissions) AddPublicPath(prefix string)
- func (perm *Permissions) AddUserPath(prefix string)
- func (perm *Permissions) Clear()
- func (perm *Permissions) DenyFunction() http.HandlerFunc
- func (perm *Permissions) Rejected(w http.ResponseWriter, req *http.Request) bool
- func (perm *Permissions) ServeHTTP(w http.ResponseWriter, req *http.Request, next http.HandlerFunc)
- func (perm *Permissions) SetAdminPath(pathPrefixes []string)
- func (perm *Permissions) SetDenyFunction(f http.HandlerFunc)
- func (perm *Permissions) SetPublicPath(pathPrefixes []string)
- func (perm *Permissions) SetUserPath(pathPrefixes []string)
- func (perm *Permissions) UserState() pinterface.IUserState
- type UserState
- func NewUserState(dbindex int, randomseed bool, redisHostPort string) *UserState
- func NewUserState2(dbindex int, randomseed bool, redisHostPort string) (*UserState, error)
- func NewUserStateSimple() *UserState
- func NewUserStateSimple2() (*UserState, error)
- func NewUserStateWithPassword(hostname, password string) *UserState
- func NewUserStateWithPassword2(hostname, password string) (*UserState, error)
- func (state *UserState) AddUnconfirmed(username, confirmationCode string)
- func (state *UserState) AddUser(username, password, email string)
- func (state *UserState) AdminRights(req *http.Request) bool
- func (state *UserState) AllUnconfirmedUsernames() ([]string, error)
- func (state *UserState) AllUsernames() ([]string, error)
- func (state *UserState) AlreadyHasConfirmationCode(confirmationCode string) bool
- func (state *UserState) BooleanField(username, fieldname string) bool
- func (state *UserState) ClearCookie(w http.ResponseWriter)
- func (state *UserState) Close()
- func (state *UserState) Confirm(username string)
- func (state *UserState) ConfirmUserByConfirmationCode(confirmationCode string) error
- func (state *UserState) ConfirmationCode(username string) (string, error)
- func (state *UserState) CookieSecret() string
- func (state *UserState) CookieTimeout(username string) int64
- func (state *UserState) CorrectPassword(username, password string) bool
- func (state *UserState) Creator() pinterface.ICreator
- func (state *UserState) DatabaseIndex() int
- func (state *UserState) Email(username string) (string, error)
- func (state *UserState) FindUserByConfirmationCode(confirmationCode string) (string, error)
- func (state *UserState) GenerateUniqueConfirmationCode() (string, error)
- func (state *UserState) GetToken(username string) (string, error)
- func (state *UserState) HasUser(username string) bool
- func (state *UserState) HasUser2(username string) (bool, error)
- func (state *UserState) HashPassword(username, password string) string
- func (state *UserState) Host() pinterface.IHost
- func (state *UserState) IsAdmin(username string) bool
- func (state *UserState) IsConfirmed(username string) bool
- func (state *UserState) IsLoggedIn(username string) bool
- func (state *UserState) Login(w http.ResponseWriter, username string) error
- func (state *UserState) Logout(username string)
- func (state *UserState) MarkConfirmed(username string)
- func (state *UserState) PasswordAlgo() string
- func (state *UserState) PasswordHash(username string) (string, error)
- func (state *UserState) Pool() *simpleredis.ConnectionPool
- func (state *UserState) RemoveAdminStatus(username string)
- func (state *UserState) RemoveToken(username string)
- func (state *UserState) RemoveUnconfirmed(username string)
- func (state *UserState) RemoveUser(username string)
- func (state *UserState) SetAdminStatus(username string)
- func (state *UserState) SetBooleanField(username, fieldname string, val bool)
- func (state *UserState) SetCookieSecret(cookieSecret string)
- func (state *UserState) SetCookieTimeout(cookieTime int64)
- func (state *UserState) SetLoggedIn(username string)
- func (state *UserState) SetLoggedOut(username string)
- func (state *UserState) SetMinimumConfirmationCodeLength(length int)
- func (state *UserState) SetPassword(username, password string)
- func (state *UserState) SetPasswordAlgo(algorithm string) error
- func (state *UserState) SetToken(username, token string, expire time.Duration)
- func (state *UserState) SetUsernameCookie(w http.ResponseWriter, username string) error
- func (state *UserState) SetUsernameCookieOnlyHTTPS(w http.ResponseWriter, username string) error
- func (state *UserState) UserRights(req *http.Request) bool
- func (state *UserState) Username(req *http.Request) string
- func (state *UserState) UsernameCookie(req *http.Request) (string, error)
- func (state *UserState) Users() pinterface.IHashMap
Constants ¶
View Source
const (
// Version number. Stable API within major version numbers.
Version = 2.5
)
Variables ¶
This section is empty.
Functions ¶
func PermissionDenied ¶
func PermissionDenied(w http.ResponseWriter, req *http.Request)
The default "permission denied" http handler.
func ValidUsernamePassword ¶
Check that the given username and password are different. Also check if the chosen username only contains letters, numbers and/or underscore. Use the "CorrectPassword" function for checking if the password is correct.
Types ¶
type Permissions ¶
type Permissions struct {
// contains filtered or unexported fields
}
The structure that keeps track of the permissions for various path prefixes
func New ¶
func New() *Permissions
Initialize a Permissions struct with all the default settings. This will also connect to the redis host at localhost:6379.
func New2 ¶
func New2() (*Permissions, error)
Initialize a Permissions struct with all the default settings. This will also connect to the redis host at localhost:6379.
func NewPermissions ¶
func NewPermissions(state *UserState) *Permissions
Initialize a Permissions struct with the given UserState and a few default paths for admin/user/public path prefixes.
func NewWithRedisConf ¶
func NewWithRedisConf(dbindex int, hostPort string) *Permissions
Initialize a Permissions struct with Redis DB index and host:port Calls log.Fatal if something goes wrong.
func NewWithRedisConf2 ¶
func NewWithRedisConf2(dbindex int, hostPort string) (*Permissions, error)
Initialize a Permissions struct with Redis DB index and host:port Returns an error if something goes wrong.
func (*Permissions) AddAdminPath ¶
func (perm *Permissions) AddAdminPath(prefix string)
AddAdminPath registers a path prefix for URLs that shall only be reached by logged in administrators
func (*Permissions) AddPublicPath ¶
func (perm *Permissions) AddPublicPath(prefix string)
AddPublicPath registers a path prefix for URLs that can be reached by anyone
func (*Permissions) AddUserPath ¶
func (perm *Permissions) AddUserPath(prefix string)
AddUserPath registers a path prefix for URLs that shall only be reached by logged in users
func (*Permissions) DenyFunction ¶
func (perm *Permissions) DenyFunction() http.HandlerFunc
Get the current http.HandlerFunc for when permissions are denied
func (*Permissions) Rejected ¶
func (perm *Permissions) Rejected(w http.ResponseWriter, req *http.Request) bool
Check if a given request should be rejected.
func (*Permissions) ServeHTTP ¶
func (perm *Permissions) ServeHTTP(w http.ResponseWriter, req *http.Request, next http.HandlerFunc)
Middleware handler (compatible with Negroni)
func (*Permissions) SetAdminPath ¶
func (perm *Permissions) SetAdminPath(pathPrefixes []string)
Set all url path prefixes that are for the logged in administrator pages
func (*Permissions) SetDenyFunction ¶
func (perm *Permissions) SetDenyFunction(f http.HandlerFunc)
Specify the http.HandlerFunc for when the permissions are denied
func (*Permissions) SetPublicPath ¶
func (perm *Permissions) SetPublicPath(pathPrefixes []string)
Set all url path prefixes that are for the public pages
func (*Permissions) SetUserPath ¶
func (perm *Permissions) SetUserPath(pathPrefixes []string)
Set all url path prefixes that are for the logged in user pages
func (*Permissions) UserState ¶
func (perm *Permissions) UserState() pinterface.IUserState
Retrieve the UserState struct
type UserState ¶
type UserState struct {
// contains filtered or unexported fields
}
Used for dealing with the user state, users and passwords. Can also be used for retrieving the underlying Redis connection pool.
func NewUserState ¶
Create a new *UserState that can be used for managing users. dbindex is the Redis database index (0 is a good default value). If randomseed is true, the random number generator will be seeded after generating the cookie secret (true is a good default value). redisHostPort is host:port for the desired Redis server (can be blank for localhost) Also creates a new ConnectionPool. Calls log.Fatal if things go wrong.
func NewUserState2 ¶
Create a new *UserState that can be used for managing users. dbindex is the Redis database index (0 is a good default value). If randomseed is true, the random number generator will be seeded after generating the cookie secret (true is a good default value). redisHostPort is host:port for the desired Redis server (can be blank for localhost) Also creates a new ConnectionPool. Returns an error if things go wrong.
func NewUserStateSimple ¶
func NewUserStateSimple() *UserState
Create a new *UserState that can be used for managing users. The random number generator will be seeded after generating the cookie secret. A connection pool for the local Redis server (dbindex 0) will be created. Calls log.Fatal if things go wrong.
func NewUserStateSimple2 ¶
Create a new *UserState that can be used for managing users. The random number generator will be seeded after generating the cookie secret. A connection pool for the local Redis server (dbindex 0) will be created. Returns an error if things go wrong.
func NewUserStateWithPassword ¶
Same as NewUserStateSimple, but takes a hostname and a password. Use NewUserState for control over the database index and port number. Calls log.Fatal if things go wrong.
func NewUserStateWithPassword2 ¶
Same as NewUserStateSimple, but takes a hostname and a password. Use NewUserState for control over the database index and port number. Returns an error if things go wrong.
func (*UserState) AddUnconfirmed ¶
Add a user that is registered but not confirmed.
func (*UserState) AddUser ¶
Creates a user and hashes the password, does not check for rights. The given data must be valid.
func (*UserState) AdminRights ¶
Check if the current user is logged in and has administrator rights.
func (*UserState) AllUnconfirmedUsernames ¶
AllUnconfirmedUsernames returns a list of all registered users that are not yet confirmed.
func (*UserState) AllUsernames ¶
AllUsernames retrieves a list of all usernames.
func (*UserState) AlreadyHasConfirmationCode ¶
AlreadyHasConfirmationCode runs through all confirmation codes of all unconfirmed users and checks if this confirmationCode is already in use.
func (*UserState) BooleanField ¶
Return the boolean value for a given username and field name. If the user or field is missing, false will be returned. Useful for states where it makes sense that the returned value is not true unless everything is in order.
func (*UserState) ClearCookie ¶
func (state *UserState) ClearCookie(w http.ResponseWriter)
Try to clear the user cookie by setting it to expired. Some browsers *may* be configured to keep cookies even after this.
func (*UserState) Confirm ¶
Remove the username from the list of unconfirmed users and mark the user as confirmed.
func (*UserState) ConfirmUserByConfirmationCode ¶
Take a confirmation code and mark the corresponding unconfirmed user as confirmed.
func (*UserState) ConfirmationCode ¶
Get the confirmation code for a specific user.
func (*UserState) CookieTimeout ¶
Get how long a login cookie should last, in seconds.
func (*UserState) CorrectPassword ¶
Check if a password is correct. username is needed because it is part of the hash.
func (*UserState) Creator ¶
func (state *UserState) Creator() pinterface.ICreator
Return a struct for creating data structures with
func (*UserState) DatabaseIndex ¶
Get the Redis database index.
func (*UserState) FindUserByConfirmationCode ¶
Given a unique confirmation code, find the corresponding username.
func (*UserState) GenerateUniqueConfirmationCode ¶
Generate a unique confirmation code that can be used for confirming users.
func (*UserState) HashPassword ¶
Hash the password (takes a username as well, it can be used for salting).
func (*UserState) Host ¶
func (state *UserState) Host() pinterface.IHost
Get the Host (for qualifying for the IUserState interface)
func (*UserState) IsConfirmed ¶
Check if the given username is confirmed.
func (*UserState) IsLoggedIn ¶
Checks if the given username is logged in.
func (*UserState) Login ¶
func (state *UserState) Login(w http.ResponseWriter, username string) error
Convenience function for logging a user in and storing the username in a cookie. Returns an error if the cookie could not be set.
func (*UserState) MarkConfirmed ¶
Mark a user as confirmed.
func (*UserState) PasswordAlgo ¶
Get the current password hashing algorithm.
func (*UserState) PasswordHash ¶
PasswordHash returns the password hash for the given username.
func (*UserState) Pool ¶
func (state *UserState) Pool() *simpleredis.ConnectionPool
Get the Redis connection pool.
func (*UserState) RemoveAdminStatus ¶
Mark user as a regular user.
func (*UserState) RemoveToken ¶
RemoveToken takes a username and removes the associated token
func (*UserState) RemoveUnconfirmed ¶
Remove a user that is registered but not confirmed.
func (*UserState) RemoveUser ¶
Remove user and login status.
func (*UserState) SetAdminStatus ¶
Mark user as an administrator.
func (*UserState) SetBooleanField ¶
Store a boolean value for the given username and custom fieldname.
func (*UserState) SetCookieSecret ¶
Set cookie secret
func (*UserState) SetCookieTimeout ¶
Set how long a login cookie should last, in seconds.
func (*UserState) SetLoggedIn ¶
Mark the user as logged in. Use the Login function instead, unless cookies are not involved.
func (*UserState) SetLoggedOut ¶
Mark the user as logged out.
func (*UserState) SetMinimumConfirmationCodeLength ¶
Set the minimum length of the user confirmation code. The default is 20.
func (*UserState) SetPassword ¶
SetPassword sets the password for a user. The given password string will be hashed. No validation or check of the given password is performed.
func (*UserState) SetPasswordAlgo ¶
Set the password hashing algorithm that should be used. The default is "bcrypt+". Possible values are:
bcrypt -> Store and check passwords with the bcrypt hash.
sha256 -> Store and check passwords with the sha256 hash.
bcrypt+ -> Store passwords with bcrypt, but check with both
bcrypt and sha256, for backwards compatibility
with old passwords that has been stored as sha256.
func (*UserState) SetUsernameCookie ¶
func (state *UserState) SetUsernameCookie(w http.ResponseWriter, username string) error
SetUsernameCookie tries to store the given username in a cookie in the browser.
* * The user must exist. Returns an error if the username is empty or does not exist. * Returns nil if the cookie has been attempted to be set. * To check if the cookie has actually been set, one must try to read it.
func (*UserState) SetUsernameCookieOnlyHTTPS ¶
func (state *UserState) SetUsernameCookieOnlyHTTPS(w http.ResponseWriter, username string) error
SetUsernameCookieOnlyHTTPS tries to store the given username in a cookie in the browser.
- This function will not set the cookie if over plain HTTP. *
- The user must exist. Returns an error if the username is empty or does not exist.
- Returns nil if the cookie has been attempted to be set.
- To check if the cookie has actually been set, one must try to read it.
func (*UserState) UserRights ¶
Check if the current user is logged in and has user rights.
func (*UserState) Username ¶
Convenience function that will return a username (from the browser cookie) or an empty string.
func (*UserState) UsernameCookie ¶
Retrieve the username that is stored in a cookie in the browser, if available.
func (*UserState) Users ¶
func (state *UserState) Users() pinterface.IHashMap
Get the users HashMap.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.