ezsesh

package module
v0.0.0-...-7976b14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

README

EZSesh - The Simple Session Store

I created EZSesh to handle internal application session management. When using other FOSS session management tools, I found their implementation to hide away too much functionality with abstraction and their generic methods to be too invasive in their implementations. The development of this package is to avoid all of that. Writing your own stores should be easy, you should be able to dictate everything down to the hashing and storing of cookies.

I want to ultimately leave every step of cookie generation up to the developer, while maintaining Go's concurrency & following industry standard session management practices.

FYI

Currently, this package is a WIP, primarily the development now is focused on handling my internal usecases, however, the direction during development is to create tons of genericism so that DX can be tailored to any project and developer. But right now, the lib does not include any documentation in the code. This will change over the coming weeks for anyone that manages to find this repo :)

As of now, I recommend against using this package, as there are multiple cybersec items that need to be tested and cleared, like session fixation, hijacking, timeouts & other basic stuff. As of now, this is used to maintain progress on this repository.

Current plans for development:

  • Create SQLX oriented store
  • Utilize fixed time hashing methods
  • Generic methods for every step of cookie generation
  • Write base stores with an emphasis on concurrency

This list will continue to grow with both finished and unfinished future tasks.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CompareVerifier 

func CompareVerifier(cookie string, stored string) (compare bool, err error)

Uses crypto/subtle

func GenerateCookieVerifier 

func GenerateCookieVerifier() (string, string, error)

func RebuildUUID 

func RebuildUUID(uuidStr string) (string, error)

func StripUUID 

func StripUUID(uuidStr string) string

func UnwrapCookie 

func UnwrapCookie(cookie string) (identifier string, verifier string, err error)

Types

type EZCookie 

type EZCookie struct {
	Cookie *http.Cookie
	ID     string
}

func GenerateCookie 

func GenerateCookie(options *EzOptions, assoc string) (*EZCookie, string)

If you plan to store a UUID as the assoc value, make sure to run StripUUID for assoc string

On recovery, you can run RebuildUUID on the identifier in UnwrapCookie.

type EzOptions 

type EzOptions struct {
	Table       string
	Association string
	CookieName  string
	Lifetime    int64

	HttpOnly bool
	Secure   bool
	SameSite http.SameSite
	Path     string

	SingleToken bool
}

type EzSesh 

type EzSesh struct {
	Store EzStoreMethods
}

func New 

func New() *EzSesh

type EzStore 

type EzStore struct {
	EzStoreMethods
	Options *EzOptions
}

type EzStoreMethods 

type EzStoreMethods interface {
	Create(w http.ResponseWriter, assocValue string) error

	GetByAssociation(assocValue string) (session interface{}, err error)
	GetSessionByID(sessionId string, destination interface{}) error

	DeleteSession(sessionId string) error
	DeleteSessionByAssoc(assoc string) error
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.