README
¶
PostgreSQL Store
Middleware for keeping track of users, login states and permissions.
Uses PostgreSQL for the database. For using Redis as a backend instead, look into permissions2. There is also a BoltDB and MariaDB/MySQL backend. They are interchangeable.
Online API Documentation
Connecting
For connecting to a PostgreSQL host that is running locally, the New function can be used. For connecting to a remote server, the NewWithDSN function can be used.
Features and limitations
- Uses secure cookies and stores user information in a PostgreSQL database.
- Suitable for running a local PostgreSQL server, registering/confirming users and managing public/user/admin pages.
- Also supports connecting to remote PostgreSQL servers.
- Supports registration and confirmation via generated confirmation codes.
- Tries to keep things simple.
- Only supports "public", "user" and "admin" permissions out of the box, but offers functionality for implementing more fine grained permissions, if so desired.
- Supports Negroni, Martini, Gin, Goji and plain
net/http. - Should also work with other frameworks, since the standard http.HandlerFunc is used everywhere.
- The default permissions can be cleared with the Clear() function.
Example for Negroni
package main
import (
"fmt"
"log"
"net/http"
"strings"
"github.com/codegangsta/negroni"
"github.com/xyproto/pstore"
)
func main() {
n := negroni.Classic()
mux := http.NewServeMux()
// New pstore middleware
perm, err := pstore.New()
if err != nil {
log.Fatalln(err)
}
// Blank slate, no default permissions
//perm.Clear()
// Get the userstate, used in the handlers below
userstate := perm.UserState()
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "Has user bob: %v\n", userstate.HasUser("bob"))
fmt.Fprintf(w, "Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
fmt.Fprintf(w, "Is confirmed: %v\n", userstate.IsConfirmed("bob"))
fmt.Fprintf(w, "Username stored in cookies (or blank): %v\n", userstate.Username(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(req))
fmt.Fprintf(w, "\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
})
mux.HandleFunc("/register", func(w http.ResponseWriter, req *http.Request) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
fmt.Fprintf(w, "User bob was created: %v\n", userstate.HasUser("bob"))
})
mux.HandleFunc("/confirm", func(w http.ResponseWriter, req *http.Request) {
userstate.MarkConfirmed("bob")
fmt.Fprintf(w, "User bob was confirmed: %v\n", userstate.IsConfirmed("bob"))
})
mux.HandleFunc("/remove", func(w http.ResponseWriter, req *http.Request) {
userstate.RemoveUser("bob")
fmt.Fprintf(w, "User bob was removed: %v\n", !userstate.HasUser("bob"))
})
mux.HandleFunc("/login", func(w http.ResponseWriter, req *http.Request) {
userstate.Login(w, "bob")
fmt.Fprintf(w, "bob is now logged in: %v\n", userstate.IsLoggedIn("bob"))
})
mux.HandleFunc("/logout", func(w http.ResponseWriter, req *http.Request) {
userstate.Logout("bob")
fmt.Fprintf(w, "bob is now logged out: %v\n", !userstate.IsLoggedIn("bob"))
})
mux.HandleFunc("/makeadmin", func(w http.ResponseWriter, req *http.Request) {
userstate.SetAdminStatus("bob")
fmt.Fprintf(w, "bob is now administrator: %v\n", userstate.IsAdmin("bob"))
})
mux.HandleFunc("/clear", func(w http.ResponseWriter, req *http.Request) {
userstate.ClearCookie(w)
fmt.Fprintf(w, "Clearing cookie")
})
mux.HandleFunc("/data", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "user page that only logged in users must see!")
})
mux.HandleFunc("/admin", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
fmt.Fprintf(w, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Custom handler for when permissions are denied
perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {
http.Error(w, "Permission denied!", http.StatusForbidden)
})
// Enable the pstore middleware
n.Use(perm)
// Use mux for routing, this goes last
n.UseHandler(mux)
// Serve
n.Run(":3000")
}
Example for Martini
package main
import (
"fmt"
"log"
"net/http"
"strings"
"github.com/go-martini/martini"
"github.com/xyproto/pstore"
)
func main() {
m := martini.Classic()
// New pstore middleware
perm, err := pstore.New()
if err != nil {
log.Fatalln(err)
}
// Blank slate, no default permissions
//perm.Clear()
// Get the userstate, used in the handlers below
userstate := perm.UserState()
m.Get("/", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "Has user bob: %v\n", userstate.HasUser("bob"))
fmt.Fprintf(w, "Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
fmt.Fprintf(w, "Is confirmed: %v\n", userstate.IsConfirmed("bob"))
fmt.Fprintf(w, "Username stored in cookies (or blank): %v\n", userstate.Username(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(req))
fmt.Fprintf(w, "\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
})
m.Get("/register", func(w http.ResponseWriter) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
fmt.Fprintf(w, "User bob was created: %v\n", userstate.HasUser("bob"))
})
m.Get("/confirm", func(w http.ResponseWriter) {
userstate.MarkConfirmed("bob")
fmt.Fprintf(w, "User bob was confirmed: %v\n", userstate.IsConfirmed("bob"))
})
m.Get("/remove", func(w http.ResponseWriter) {
userstate.RemoveUser("bob")
fmt.Fprintf(w, "User bob was removed: %v\n", !userstate.HasUser("bob"))
})
m.Get("/login", func(w http.ResponseWriter) {
userstate.Login(w, "bob")
fmt.Fprintf(w, "bob is now logged in: %v\n", userstate.IsLoggedIn("bob"))
})
m.Get("/logout", func(w http.ResponseWriter) {
userstate.Logout("bob")
fmt.Fprintf(w, "bob is now logged out: %v\n", !userstate.IsLoggedIn("bob"))
})
m.Get("/makeadmin", func(w http.ResponseWriter) {
userstate.SetAdminStatus("bob")
fmt.Fprintf(w, "bob is now administrator: %v\n", userstate.IsAdmin("bob"))
})
m.Get("/clear", func(w http.ResponseWriter) {
userstate.ClearCookie(w)
fmt.Fprintf(w, "Clearing cookie")
})
m.Get("/data", func(w http.ResponseWriter) {
fmt.Fprintf(w, "user page that only logged in users must see!")
})
m.Get("/admin", func(w http.ResponseWriter) {
fmt.Fprintf(w, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
fmt.Fprintf(w, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Set up a middleware handler for Martini, with a custom "permission denied" message.
permissionHandler := func(w http.ResponseWriter, req *http.Request, c martini.Context) {
// Check if the user has the right admin/user rights
if perm.Rejected(w, req) {
// Deny the request
http.Error(w, "Permission denied!", http.StatusForbidden)
// Reject the request by not calling the next handler below
return
}
// Call the next middleware handler
c.Next()
}
// Enable the pstore middleware
m.Use(permissionHandler)
// Serve
m.Run()
}
Example for Gin
package main
import (
"fmt"
"log"
"net/http"
"strings"
"github.com/gin-gonic/gin"
"github.com/xyproto/pstore"
)
func main() {
g := gin.New()
// New pstore middleware
perm, err := pstore.New()
if err != nil {
log.Fatalln(err)
}
// Blank slate, no default permissions
//perm.Clear()
// Set up a middleware handler for Gin, with a custom "permission denied" message.
permissionHandler := func(c *gin.Context) {
// Check if the user has the right admin/user rights
if perm.Rejected(c.Writer, c.Request) {
// Deny the request, don't call other middleware handlers
c.AbortWithStatus(http.StatusForbidden)
fmt.Fprint(c.Writer, "Permission denied!")
return
}
// Call the next middleware handler
c.Next()
}
// Logging middleware
g.Use(gin.Logger())
// Enable the pstore middleware, must come before recovery
g.Use(permissionHandler)
// Recovery middleware
g.Use(gin.Recovery())
// Get the userstate, used in the handlers below
userstate := perm.UserState()
g.GET("/", func(c *gin.Context) {
msg := ""
msg += fmt.Sprintf("Has user bob: %v\n", userstate.HasUser("bob"))
msg += fmt.Sprintf("Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
msg += fmt.Sprintf("Is confirmed: %v\n", userstate.IsConfirmed("bob"))
msg += fmt.Sprintf("Username stored in cookies (or blank): %v\n", userstate.Username(c.Request))
msg += fmt.Sprintf("Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(c.Request))
msg += fmt.Sprintf("Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(c.Request))
msg += fmt.Sprintln("\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
c.String(http.StatusOK, msg)
})
g.GET("/register", func(c *gin.Context) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
c.String(http.StatusOK, fmt.Sprintf("User bob was created: %v\n", userstate.HasUser("bob")))
})
g.GET("/confirm", func(c *gin.Context) {
userstate.MarkConfirmed("bob")
c.String(http.StatusOK, fmt.Sprintf("User bob was confirmed: %v\n", userstate.IsConfirmed("bob")))
})
g.GET("/remove", func(c *gin.Context) {
userstate.RemoveUser("bob")
c.String(http.StatusOK, fmt.Sprintf("User bob was removed: %v\n", !userstate.HasUser("bob")))
})
g.GET("/login", func(c *gin.Context) {
// Headers will be written, for storing a cookie
userstate.Login(c.Writer, "bob")
c.String(http.StatusOK, fmt.Sprintf("bob is now logged in: %v\n", userstate.IsLoggedIn("bob")))
})
g.GET("/logout", func(c *gin.Context) {
userstate.Logout("bob")
c.String(http.StatusOK, fmt.Sprintf("bob is now logged out: %v\n", !userstate.IsLoggedIn("bob")))
})
g.GET("/makeadmin", func(c *gin.Context) {
userstate.SetAdminStatus("bob")
c.String(http.StatusOK, fmt.Sprintf("bob is now administrator: %v\n", userstate.IsAdmin("bob")))
})
g.GET("/clear", func(c *gin.Context) {
userstate.ClearCookie(c.Writer)
c.String(http.StatusOK, "Clearing cookie")
})
g.GET("/data", func(c *gin.Context) {
c.String(http.StatusOK, "user page that only logged in users must see!")
})
g.GET("/admin", func(c *gin.Context) {
c.String(http.StatusOK, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
c.String(http.StatusOK, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Serve
g.Run(":3000")
}
Example for Goji
package main
import (
"fmt"
"log"
"net/http"
"strings"
"github.com/xyproto/pstore"
"github.com/zenazn/goji"
)
func main() {
// New permissions middleware
perm, err := pstore.New()
if err != nil {
log.Fatalln(err)
}
// Blank slate, no default permissions
//perm.Clear()
// Get the userstate, used in the handlers below
userstate := perm.UserState()
goji.Get("/", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "Has user bob: %v\n", userstate.HasUser("bob"))
fmt.Fprintf(w, "Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
fmt.Fprintf(w, "Is confirmed: %v\n", userstate.IsConfirmed("bob"))
fmt.Fprintf(w, "Username stored in cookies (or blank): %v\n", userstate.Username(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(req))
fmt.Fprintf(w, "\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
})
goji.Get("/register", func(w http.ResponseWriter, req *http.Request) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
fmt.Fprintf(w, "User bob was created: %v\n", userstate.HasUser("bob"))
})
goji.Get("/confirm", func(w http.ResponseWriter, req *http.Request) {
userstate.MarkConfirmed("bob")
fmt.Fprintf(w, "User bob was confirmed: %v\n", userstate.IsConfirmed("bob"))
})
goji.Get("/remove", func(w http.ResponseWriter, req *http.Request) {
userstate.RemoveUser("bob")
fmt.Fprintf(w, "User bob was removed: %v\n", !userstate.HasUser("bob"))
})
goji.Get("/login", func(w http.ResponseWriter, req *http.Request) {
userstate.Login(w, "bob")
fmt.Fprintf(w, "bob is now logged in: %v\n", userstate.IsLoggedIn("bob"))
})
goji.Get("/logout", func(w http.ResponseWriter, req *http.Request) {
userstate.Logout("bob")
fmt.Fprintf(w, "bob is now logged out: %v\n", !userstate.IsLoggedIn("bob"))
})
goji.Get("/makeadmin", func(w http.ResponseWriter, req *http.Request) {
userstate.SetAdminStatus("bob")
fmt.Fprintf(w, "bob is now administrator: %v\n", userstate.IsAdmin("bob"))
})
goji.Get("/clear", func(w http.ResponseWriter, req *http.Request) {
userstate.ClearCookie(w)
fmt.Fprintf(w, "Clearing cookie")
})
goji.Get("/data", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "user page that only logged in users must see!")
})
goji.Get("/admin", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
fmt.Fprintf(w, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Custom "permissions denied" message
perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {
http.Error(w, "Permission denied!", http.StatusForbidden)
})
// Permissions middleware for Goji
permissionHandler := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
// Check if the user has the right admin/user rights
if perm.Rejected(w, req) {
// Deny the request
perm.DenyFunction()(w, req)
return
}
// Serve the requested page
next.ServeHTTP(w, req)
})
}
// Enable the permissions middleware
goji.Use(permissionHandler)
// Goji will listen to port 8000 by default
goji.Serve()
}
Example for just net/http
package main
import (
"fmt"
"log"
"net/http"
"strings"
"time"
"github.com/xyproto/pstore"
"github.com/xyproto/pinterface"
)
type permissionHandler struct {
// perm is a Permissions structure that can be used to deny requests
// and acquire the UserState. By using `pinterface.IPermissions` instead
// of `*pstore.Permissions`, the code is compatible with not only
// `pstore`, but also other modules that uses other database
// backends, like `permissions2` which uses Redis.
perm pinterface.IPermissions
// The HTTP multiplexer
mux *http.ServeMux
}
// Implement the ServeHTTP method to make a permissionHandler a http.Handler
func (ph *permissionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
// Check if the user has the right admin/user rights
if ph.perm.Rejected(w, req) {
// Let the user know, by calling the custom "permission denied" function
ph.perm.DenyFunction()(w, req)
// Reject the request by not calling the next handler below
return
}
// Serve the requested page if permissions were granted
ph.mux.ServeHTTP(w, req)
}
func main() {
mux := http.NewServeMux()
// New pstore middleware
perm, err := pstore.New()
if err != nil {
log.Fatal("Could not open Bolt database")
}
// Blank slate, no default permissions
//perm.Clear()
// Get the userstate, used in the handlers below
userstate := perm.UserState()
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "Has user bob: %v\n", userstate.HasUser("bob"))
fmt.Fprintf(w, "Logged in on server: %v\n", userstate.IsLoggedIn("bob"))
fmt.Fprintf(w, "Is confirmed: %v\n", userstate.IsConfirmed("bob"))
fmt.Fprintf(w, "Username stored in cookies (or blank): %v\n", userstate.Username(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *user rights*: %v\n", userstate.UserRights(req))
fmt.Fprintf(w, "Current user is logged in, has a valid cookie and *admin rights*: %v\n", userstate.AdminRights(req))
fmt.Fprintf(w, "\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin")
})
mux.HandleFunc("/register", func(w http.ResponseWriter, req *http.Request) {
userstate.AddUser("bob", "hunter1", "bob@zombo.com")
fmt.Fprintf(w, "User bob was created: %v\n", userstate.HasUser("bob"))
})
mux.HandleFunc("/confirm", func(w http.ResponseWriter, req *http.Request) {
userstate.MarkConfirmed("bob")
fmt.Fprintf(w, "User bob was confirmed: %v\n", userstate.IsConfirmed("bob"))
})
mux.HandleFunc("/remove", func(w http.ResponseWriter, req *http.Request) {
userstate.RemoveUser("bob")
fmt.Fprintf(w, "User bob was removed: %v\n", !userstate.HasUser("bob"))
})
mux.HandleFunc("/login", func(w http.ResponseWriter, req *http.Request) {
userstate.Login(w, "bob")
fmt.Fprintf(w, "bob is now logged in: %v\n", userstate.IsLoggedIn("bob"))
})
mux.HandleFunc("/logout", func(w http.ResponseWriter, req *http.Request) {
userstate.Logout("bob")
fmt.Fprintf(w, "bob is now logged out: %v\n", !userstate.IsLoggedIn("bob"))
})
mux.HandleFunc("/makeadmin", func(w http.ResponseWriter, req *http.Request) {
userstate.SetAdminStatus("bob")
fmt.Fprintf(w, "bob is now administrator: %v\n", userstate.IsAdmin("bob"))
})
mux.HandleFunc("/clear", func(w http.ResponseWriter, req *http.Request) {
userstate.ClearCookie(w)
fmt.Fprintf(w, "Clearing cookie")
})
mux.HandleFunc("/data", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "user page that only logged in users must see!")
})
mux.HandleFunc("/admin", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "super secret information that only logged in administrators must see!\n\n")
if usernames, err := userstate.AllUsernames(); err == nil {
fmt.Fprintf(w, "list of all users: "+strings.Join(usernames, ", "))
}
})
// Custom handler for when permissions are denied
perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {
http.Error(w, "Permission denied!", http.StatusForbidden)
})
// Configure the HTTP server and permissionHandler struct
s := &http.Server{
Addr: ":3000",
Handler: &permissionHandler{perm, mux},
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
}
log.Println("Listening for requests on port 3000")
// Start listening
s.ListenAndServe()
}
Default permissions
- The /admin path prefix has admin rights by default.
- These path prefixes has user rights by default: /repo and /data
- These path prefixes are public by default: /, /login, /register, /style, /img, /js, /favicon.ico, /robots.txt and /sitemap_index.xml
The default permissions can be cleared with the Clear() function.
Coding style
- The code shall always be formatted with
go fmt.
Password hashing
- bcrypt is used by default for hashing passwords. sha256 is also supported.
- By default, all new password will be hashed with bcrypt.
- For backwards compatibility, old password hashes with the length of a sha256 hash will be checked with sha256. To disable this behavior, and only ever use bcrypt, add this line:
userstate.SetPasswordAlgo("bcrypt")
Passing userstate between functions, files and to other Go packages
Using the *pinterface.IUserState type (from the pinterface package) makes it possible to pass UserState structs between functions, also in other packages. By using this interface, it is possible to seamlessly change the database backend from, for instance, Redis (permissions2) to BoltDB (permissionbolt).
pstore, permissionsql, permissionbolt and permissions2 are interchangeable.
Retrieving the underlying PostgreSQL database
Here is a short example application for retrieving the underlying PostgreSQL database:
package main
import (
"fmt"
"github.com/xyproto/pstore"
"github.com/xyproto/simplehstore"
)
func main() {
perm, err := pstore.New()
if err != nil {
fmt.Println("Could not open database")
return
}
ustate := perm.UserState()
// A bit of checking is needed, since the database backend is interchangeable
if pustate, ok := ustate.(*pstore.UserState); ok {
if host, ok := pustate.Host().(*simplehstore.Host); ok {
db := host.Database()
fmt.Printf("PostgreSQL database: %v (%T)\n", db, db)
}
} else {
fmt.Println("Not using the PostgreSQL database backend")
}
}
General information
- Version: 1.3.2 (API version 3.2)
- License: BSD-3
- Alexander F. Rødseth <xyproto@archlinux.org>
Documentation
¶
Overview ¶
Package pstore provides a way to keep track of users, login states and permissions.
Index ¶
- Constants
- Variables
- func PermissionDenied(w http.ResponseWriter, req *http.Request)
- func ValidUsernamePassword(username, password string) error
- type Permissions
- func (perm *Permissions) AddAdminPath(prefix string)
- func (perm *Permissions) AddPublicPath(prefix string)
- func (perm *Permissions) AddUserPath(prefix string)
- func (perm *Permissions) Clear()
- func (perm *Permissions) DenyFunction() http.HandlerFunc
- func (perm *Permissions) Rejected(w http.ResponseWriter, req *http.Request) bool
- func (perm *Permissions) ServeHTTP(w http.ResponseWriter, req *http.Request, next http.HandlerFunc)
- func (perm *Permissions) SetAdminPath(pathPrefixes []string)
- func (perm *Permissions) SetDenyFunction(f http.HandlerFunc)
- func (perm *Permissions) SetPublicPath(pathPrefixes []string)
- func (perm *Permissions) SetUserPath(pathPrefixes []string)
- func (perm *Permissions) UserState() pinterface.IUserState
- type UserState
- func (state *UserState) AddUnconfirmed(username, confirmationCode string)
- func (state *UserState) AddUser(username, password, email string)
- func (state *UserState) AdminRights(req *http.Request) bool
- func (state *UserState) AllUnconfirmedUsernames() ([]string, error)
- func (state *UserState) AllUsernames() ([]string, error)
- func (state *UserState) AlreadyHasConfirmationCode(confirmationCode string) bool
- func (state *UserState) BooleanField(username, fieldname string) bool
- func (state *UserState) ClearCookie(w http.ResponseWriter)
- func (state *UserState) Close()
- func (state *UserState) Confirm(username string)
- func (state *UserState) ConfirmUserByConfirmationCode(confirmationcode string) error
- func (state *UserState) ConfirmationCode(username string) (string, error)
- func (state *UserState) CookieSecret() string
- func (state *UserState) CookieTimeout(username string) int64
- func (state *UserState) CorrectPassword(username, password string) bool
- func (state *UserState) Creator() pinterface.ICreator
- func (state *UserState) Email(username string) (string, error)
- func (state *UserState) FindUserByConfirmationCode(confirmationcode string) (string, error)
- func (state *UserState) GenerateUniqueConfirmationCode() (string, error)
- func (state *UserState) HasEmail(email string) (string, error)
- func (state *UserState) HasUser(username string) bool
- func (state *UserState) HashPassword(username, password string) string
- func (state *UserState) Host() pinterface.IHost
- func (state *UserState) IsAdmin(username string) bool
- func (state *UserState) IsConfirmed(username string) bool
- func (state *UserState) IsLoggedIn(username string) bool
- func (state *UserState) Login(w http.ResponseWriter, username string) error
- func (state *UserState) Logout(username string)
- func (state *UserState) MarkConfirmed(username string)
- func (state *UserState) PasswordAlgo() string
- func (state *UserState) PasswordHash(username string) (string, error)
- func (state *UserState) RemoveAdminStatus(username string)
- func (state *UserState) RemoveUnconfirmed(username string)
- func (state *UserState) RemoveUser(username string)
- func (state *UserState) SetAdminStatus(username string)
- func (state *UserState) SetBooleanField(username, fieldname string, val bool)
- func (state *UserState) SetCookieSecret(cookieSecret string)
- func (state *UserState) SetCookieTimeout(cookieTime int64)
- func (state *UserState) SetLoggedIn(username string)
- func (state *UserState) SetLoggedOut(username string)
- func (state *UserState) SetMinimumConfirmationCodeLength(length int)
- func (state *UserState) SetPassword(username, password string)
- func (state *UserState) SetPasswordAlgo(algorithm string) error
- func (state *UserState) SetTablePrefix(prefix string)
- func (state *UserState) SetUsernameCookie(w http.ResponseWriter, username string) error
- func (state *UserState) UserRights(req *http.Request) bool
- func (state *UserState) Username(req *http.Request) string
- func (state *UserState) UsernameCookie(req *http.Request) (string, error)
- func (state *UserState) Users() pinterface.IHashMap
Constants ¶
const (
// Version number. Stable API within major version numbers.
Version = 3.2
)
Variables ¶
var ( // ErrNotFound is returned if HasEmail does not find the given e-mail address ErrNotFound = errors.New("Not found") )
Functions ¶
func PermissionDenied ¶
func PermissionDenied(w http.ResponseWriter, req *http.Request)
PermissionDenied is the default "permission denied" http handler.
func ValidUsernamePassword ¶
ValidUsernamePassword only checks if the given username and password are different and if they only contain letters, numbers and/or underscore. For checking if a given password is correct, use the `CorrectPassword` function instead.
Types ¶
type Permissions ¶
type Permissions struct {
// contains filtered or unexported fields
}
Permissions keeps track of the permissions for various path prefixes
func New ¶
func New() (*Permissions, error)
New will initialize a Permissions struct with all the default settings. This will also connect to the database host at port 3306.
func NewPermissions ¶
func NewPermissions(state *UserState) *Permissions
NewPermissions will initialize a Permissions struct with the given UserState and a few default paths for admin/user/public path prefixes.
func NewWithConf ¶
func NewWithConf(connectionString string) (*Permissions, error)
NewWithConf will initialize a Permissions struct with a database connection string.
func NewWithDSN ¶
func NewWithDSN(connectionString string, databaseName string) (*Permissions, error)
NewWithDSN will initialize a Permissions struct with a DSN
func (*Permissions) AddAdminPath ¶
func (perm *Permissions) AddAdminPath(prefix string)
AddAdminPath will add an URL prefix that will enforce that URLs starting with that prefix will only be for logged in administrators
func (*Permissions) AddPublicPath ¶
func (perm *Permissions) AddPublicPath(prefix string)
AddPublicPath will add an URL prefix that will enforce that URLs starting with that prefix will be public. This overrides the other prefixes.
func (*Permissions) AddUserPath ¶
func (perm *Permissions) AddUserPath(prefix string)
AddUserPath will add an URL prefix that will enforce that URLs starting with that prefix will only be for logged in users
func (*Permissions) DenyFunction ¶
func (perm *Permissions) DenyFunction() http.HandlerFunc
DenyFunction can be used to retrieve the currently configured http.HandlerFunc for when permissions are denied
func (*Permissions) Rejected ¶
func (perm *Permissions) Rejected(w http.ResponseWriter, req *http.Request) bool
Rejected will check if a given request should be rejected.
func (*Permissions) ServeHTTP ¶
func (perm *Permissions) ServeHTTP(w http.ResponseWriter, req *http.Request, next http.HandlerFunc)
ServeHTTP is the middleware handler (compatible with Negroni)
func (*Permissions) SetAdminPath ¶
func (perm *Permissions) SetAdminPath(pathPrefixes []string)
SetAdminPath will add URL prefixes that will enforce that URLs starting with those prefixes will only be for logged in administrators
func (*Permissions) SetDenyFunction ¶
func (perm *Permissions) SetDenyFunction(f http.HandlerFunc)
SetDenyFunction can be used to specify a http.HandlerFunc for when the permissions are denied
func (*Permissions) SetPublicPath ¶
func (perm *Permissions) SetPublicPath(pathPrefixes []string)
SetPublicPath will add URL prefixes that will enforce that URLs starting with those prefixes will be public. This overrides the other prefixes.
func (*Permissions) SetUserPath ¶
func (perm *Permissions) SetUserPath(pathPrefixes []string)
SetUserPath will add URL prefixes that will enforce that URLs starting with those prefixes will only be for logged in users
func (*Permissions) UserState ¶
func (perm *Permissions) UserState() pinterface.IUserState
UserState will return the UserState struct
type UserState ¶
type UserState struct {
// contains filtered or unexported fields
}
UserState keeps track of all usernames, passwords and information about users
func NewUserState ¶
Create a new *UserState that can be used for managing users. connectionString may be on the form "username:password@host:port/database". If randomSeed is true, the random number generator will be seeded after generating the cookie secret (true is a good default value).
func NewUserStateSimple ¶
Create a new *UserState that can be used for managing users. The random number generator will be seeded after generating the cookie secret.
func NewUserStateWithDSN ¶
func NewUserStateWithDSN(connectionString string, databaseName string, randomSeed bool) (*UserState, error)
Create a new *UserState that can be used for managing users. connectionString may be on the form "username:password@host:port/database". If randomSeed is true, the random number generator will be seeded after generating the cookie secret (true is a good default value).
func (*UserState) AddUnconfirmed ¶
AddUnconfirmed adds a user to a list of users that are registered, but not confirmed.
func (*UserState) AddUser ¶
AddUser creates a user and hashes the password, does not check for rights. The given data must be valid.
func (*UserState) AdminRights ¶
AdminRights checks if the current user is logged in and has administrator rights.
func (*UserState) AllUnconfirmedUsernames ¶
AllUnconfirmedUsernames returns a list of all registered users that are not yet confirmed.
func (*UserState) AllUsernames ¶
AllUsernames returns a list of all usernames.
func (*UserState) AlreadyHasConfirmationCode ¶
AlreadyHasConfirmationCode goes through all the confirmationCodes of all the unconfirmed users and checks if this confirmationCode already is in use.
func (*UserState) BooleanField ¶
BooleanField returns a boolean value for the given username and fieldname. If the user or field is missing, false will be returned. Useful for states where it makes sense that the returned value is not true unless everything is in order.
func (*UserState) ClearCookie ¶
func (state *UserState) ClearCookie(w http.ResponseWriter)
ClearCookie tries to clear the user cookie by setting it to be expired. Some browsers *may* be configured to keep cookies even after this.
func (*UserState) Confirm ¶
Confirm marks a user as confirmed, and removes the username from the list of unconfirmed users.
func (*UserState) ConfirmUserByConfirmationCode ¶
ConfirmUserByConfirmationCode takes a unique confirmation code and marks the corresponding unconfirmed user as confirmed.
func (*UserState) ConfirmationCode ¶
ConfirmationCode returns the stored confirmation code for a specific user.
func (*UserState) CookieSecret ¶
CookieSecret returns the current cookie secret
func (*UserState) CookieTimeout ¶
CookieTimeout returns the current login cookie timeout, in seconds.
func (*UserState) CorrectPassword ¶
CorrectPassword checks if a password is correct. "username" is needed because it may be part of the hash for some password hashing algorithms.
func (*UserState) Creator ¶
func (state *UserState) Creator() pinterface.ICreator
Creator returns a struct for creating data structures.
func (*UserState) FindUserByConfirmationCode ¶
FindUserByConfirmationCode tries to find the corresponding username, given a unique confirmation code.
func (*UserState) GenerateUniqueConfirmationCode ¶
GenerateUniqueConfirmationCode generates a unique confirmation code that can be used for confirming users.
func (*UserState) HasEmail ¶
HasEmail finds the user that has a given e-mail address. Returns the username and nil if found or a blank string and ErrNotFound if not.
func (*UserState) HashPassword ¶
HashPassword takes a password and creates a password hash. It also takes a username, since some algorithms may use it for salt.
func (*UserState) Host ¶
func (state *UserState) Host() pinterface.IHost
Host retrieves the underlying database. It helps fulfill the IHost interface.
func (*UserState) IsConfirmed ¶
IsConfirmed checks if a user is confirmed (can be used for "e-mail confirmation").
func (*UserState) IsLoggedIn ¶
IsLoggedIn checks if a user is logged in.
func (*UserState) Login ¶
func (state *UserState) Login(w http.ResponseWriter, username string) error
Login is a convenience function for logging a user in and storing the username in a cookie. Returns an error if the cookie could not be set.
func (*UserState) MarkConfirmed ¶
MarkConfirmed marks a user as being confirmed.
func (*UserState) PasswordAlgo ¶
PasswordAlgo returns the current password hashing algorithm.
func (*UserState) PasswordHash ¶
PasswordHash returns the password hash for the given username.
func (*UserState) RemoveAdminStatus ¶
RemoveAdminStatus removes the administrator status from a user.
func (*UserState) RemoveUnconfirmed ¶
RemoveUnconfirmed removes a user from a list of users that are registered, but not confirmed.
func (*UserState) RemoveUser ¶
RemoveUser removes a user and the login status for this user.
func (*UserState) SetAdminStatus ¶
SetAdminStatus marks a user as an administrator.
func (*UserState) SetBooleanField ¶
SetBooleanField stores a boolean value given a username and a custom fieldname.
func (*UserState) SetCookieSecret ¶
SetCookieSecret sets the current cookie secret
func (*UserState) SetCookieTimeout ¶
SetCookieTimeout sets how long a login cookie should last, in seconds.
func (*UserState) SetLoggedIn ¶
SetLoggedIn marks a user as logged in. Use the Login function instead, unless cookies are not involved.
func (*UserState) SetLoggedOut ¶
SetLoggedOut marks a user as logged out.
func (*UserState) SetMinimumConfirmationCodeLength ¶
SetMinimumConfirmationCodeLength sets the minimum length of the user confirmation code. The default is 20.
func (*UserState) SetPassword ¶
SetPassword sets/changes the password for a user. Does not take a password hash, will hash the password string.
func (*UserState) SetPasswordAlgo ¶
SetPasswordAlgo determines which password hashing algorithm should be used.
* * The default value is "bcrypt+". * * Possible values are: * bcrypt -> Store and check passwords with the bcrypt hash. * sha256 -> Store and check passwords with the sha256 hash. * bcrypt+ -> Store passwords with bcrypt, but check with both * bcrypt and sha256, for backwards compatibility * with old passwords that has been stored as sha256.
func (*UserState) SetTablePrefix ¶
Set a custom PostgreSQL database table prefix
func (*UserState) SetUsernameCookie ¶
func (state *UserState) SetUsernameCookie(w http.ResponseWriter, username string) error
SetUsernameCookie stores the given username in a cookie in the browser, if possible. Will return an error if the username is empty or the user does not exist.
func (*UserState) UserRights ¶
UserRights checks if the current user is logged in and has user rights.
func (*UserState) Username ¶
Username is a convenience function for returning the current username (from the browser cookie), or an empty string.
func (*UserState) UsernameCookie ¶
UsernameCookie retrieves the username that is stored in a cookie in the browser, if available.
func (*UserState) Users ¶
func (state *UserState) Users() pinterface.IHashMap
Users returns a hash map of all the users.
Source Files
Directories