auth: Index | Files | Directories

package auth

import ""

Package auth provides helpers for encryption, hashing and encoding.


Package Files

auth.go deprecated.go encode.go encrypt.go random.go session.go


const HashCost = 10

HashCost sets the cost of bcrypt hashes - if this changes hashed passwords would need to be recalculated.

const TokenLength = 32

TokenLength sets the length of random tokens used for authenticity tokens.


var HMACKey []byte

HMACKey is a 32 byte key for generating HMAC distinct from SecretKey.

var MaxAge = 86400 * 60

MaxAge is the age in seconds of a cookie before it expires, default 60 days.

var MaxCookieSize = 4096

MaxCookieSize is the maximum length of a cookie in bytes, defaults to 4096.

var SecretKey []byte

SecretKey is a 32 byte key for encrypting content with AES-GCM.

var SecureCookies = false

SecureCookies is true if we use secure https cookies.

var SessionName = "fragmenta_session"

SessionName is the name of the ssions.

var SessionTokenKey = "authenticity_token"

SessionTokenKey is the session token key.

var SessionUserKey = "user_id"

SessionUserKey is the session user key.

func AuthenticityToken Uses

func AuthenticityToken(writer http.ResponseWriter, request *http.Request) (string, error)

AuthenticityToken returns a new token for a request, and if necessary sets the cookie with our secret.

func AuthenticityTokenWithSecret Uses

func AuthenticityTokenWithSecret(secret []byte) []byte

AuthenticityTokenWithSecret generates a new authenticity token from the secret by xoring a new random token with it and prepending the random bytes See or gorilla/csrf for justification.

func Base64ToBytes Uses

func Base64ToBytes(h string) []byte

Base64ToBytes converts from a b64 string to bytes

func BytesToBase64 Uses

func BytesToBase64(b []byte) string

BytesToBase64 converts bytes to a base64 string representation

func BytesToHex Uses

func BytesToHex(b []byte) string

BytesToHex converts bytes to a hex string representation of bytes

func CSRFToken Uses

func CSRFToken(token string) (string, error)

CSRFToken DEPRECATED this function will be removed in 2.0

func CheckAuthenticityToken Uses

func CheckAuthenticityToken(token string, request *http.Request) error

CheckAuthenticityToken checks the token against that stored in a session cookie, and returns an error if the check fails.

func CheckAuthenticityTokenWithSecret Uses

func CheckAuthenticityTokenWithSecret(token, secret []byte) error

CheckAuthenticityTokenWithSecret checks an auth token against a secret.

func CheckCSRFToken Uses

func CheckCSRFToken(token, b64 string) error

CheckCSRFToken DEPRECATED this function will be removed in 2.0

func CheckPassword Uses

func CheckPassword(pass, hash string) error

CheckPassword compares a password hashed with bcrypt.

func CheckRandomToken Uses

func CheckRandomToken(a, b []byte) bool

CheckRandomToken performs a comparison of two tokens resistant to timing attacks.

func ClearSession Uses

func ClearSession(w http.ResponseWriter)

ClearSession clears the current session cookie

func CreateMAC Uses

func CreateMAC(h hash.Hash, value []byte) []byte

CreateMAC creates a MAC.

func Decrypt Uses

func Decrypt(ciphertext []byte, key []byte) (plaintext []byte, err error)

Decrypt decrypts data using 256-bit AES-GCM. This both hides the content of the data and provides a check that it hasn't been altered. Expects input form nonce|ciphertext|tag where '|' indicates concatenation.

func Encrypt Uses

func Encrypt(plaintext []byte, key []byte) (ciphertext []byte, err error)

Encrypt encrypts data using 256-bit AES-GCM. This both hides the content of the data and provides a check that it hasn't been altered. Output takes the form nonce|ciphertext|tag where '|' indicates concatenation.

func EncryptPassword Uses

func EncryptPassword(pass string) (string, error)

EncryptPassword renamed and DEPRECATED this function will be removed in 2.0

func HashPassword Uses

func HashPassword(pass string) (string, error)

HashPassword hashes a password with a random salt using bcrypt.

func HexToBytes Uses

func HexToBytes(h string) []byte

HexToBytes converts a hex string representation of bytes to a byte representation

func RandomToken Uses

func RandomToken(args []byte

RandomToken generates a random token 32 bytes long, or at a specified length if arguments are provided.

func VerifyMAC Uses

func VerifyMAC(h hash.Hash, value []byte, mac []byte) error

VerifyMAC verifies the MAC is valid with ConstantTimeCompare.

type CookieSessionStore Uses

type CookieSessionStore struct {
    // contains filtered or unexported fields

CookieSessionStore is a concrete version of SessionStore, which stores the information encrypted in cookies.

func (*CookieSessionStore) Clear Uses

func (s *CookieSessionStore) Clear(writer http.ResponseWriter)

Clear the session values from the cookie.

func (*CookieSessionStore) Decode Uses

func (s *CookieSessionStore) Decode(name string, hashKey []byte, secretKey []byte, value string, dst interface{}) error

Decode the value in the session cookie.

func (*CookieSessionStore) Encode Uses

func (s *CookieSessionStore) Encode(name string, value interface{}, hashKey []byte, secretKey []byte) (string, error)

Encode a given value in the session cookie.

func (*CookieSessionStore) Get Uses

func (s *CookieSessionStore) Get(key string) string

Get a value from the session.

func (*CookieSessionStore) Load Uses

func (s *CookieSessionStore) Load(request *http.Request) error

Load the session from cookie.

func (*CookieSessionStore) Save Uses

func (s *CookieSessionStore) Save(writer http.ResponseWriter) error

Save the session to a cookie.

func (*CookieSessionStore) Set Uses

func (s *CookieSessionStore) Set(key string, value string)

Set a value in the session, this does not save to the cookie.

type SessionStore Uses

type SessionStore interface {
    Get(string) string
    Set(string, string)
    Load(request *http.Request) error
    Save(http.ResponseWriter) error

SessionStore is the interface for a session store.

func Session Uses

func Session(writer http.ResponseWriter, request *http.Request) (SessionStore, error)

Session loads the current sesions or returns a new blank session.

func SessionGet Uses

func SessionGet(request *http.Request) (SessionStore, error)

SessionGet loads the current session (if any)


canPackage can implements basic role-based permissions for golang - controlling who can.Do certain actions for a given database table.

Package auth imports 18 packages (graph) and is imported by 16 packages. Updated 2018-04-20. Refresh now. Tools for package owners.