gin_paseto_session

package module
v0.0.0-...-6864f2d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 13, 2022 License: MIT Imports: 12 Imported by: 0

README

gin-paseto-session

golang gin middleware & auth library to paseto tokens

This library implements session support on paseto token base. Works on gin web server. Methods

  • session.Login - create new session:
    • structs - payload и footprint, serialize to json and embed into access & refresh tokens
    • in the gin.Context writes access & refresh tokens
    • write refresh token to DB via callback (library user provides callback handler)
    • if you want leave only one session, do LogoutAll before Login
  • session.Logout - gin.Handler, invalidates refresh token via callback call
  • session.LogoutAll - gin.Handler, invalidates all refresh tokens (via callback calls)
  • session.Refresh - gin.Handler, do refresh of the reftesh token
    • in case of invalid refresh token will return http 401 code
  • session.Access - gin middleware,
    • extract from request access token, check for validity and, in case of invalid do redirect to refresh (configurable, may do autorefresh & etc)
    • extract from token payload & footprint and calls callback to check RBAC (i dont use it in real cases, but it may be helpful for you)
    • extracted payload writes to gin.Context

links:

use sample

type SessionData struct{
    User string
}

cfg := Config{
	RefreshURL:        "/auth/refresh",
	PrivateKey:        privateKey,
	PublicKey:         publicKey,
	ExpirationRefresh: expirationRefresh,
	ExpirationAccess:  expirationAccess,
	ErrorLogger: func(c *gin.Context, err error) {},
	StoreRefreshAtStorage: func(token string, footprint interface{}) error {},
	RemoveRefreshAtStorage: func(token string, payload interface{}) error {},
	PayloadType: reflect.TypeOf(SessionData{}),
	LoginURL:    "/auth/login",
	ReplaceRefreshAtStorage: func(oldToken, newToken string, payload interface{}) error {
		return nil
	},
	RBAC: func(c *gin.Context, payload interface{}) error {
		return nil
	},
}

eng := gin.New()
mw, err := New(cfg)
authGroup := eng.Group("/auth")
protGroup := eng.Group("/")
protGroup.Use(mw.Access)

authGroup.GET("/refresh", mw.Refresh)
authGroup.GET("/logout", mw.Logout)
authGroup.POST("/login", func(c *gin.Context) {
    mw.NewSession(c, testPayload)
})

protGroup.GET("/", func(c *gin.Context) {
    iFace, rbacPayloadExist := c.Get(PayloadKey)
    if rbacPayloadExist {
        rbacPayload = iFace.(testPayloadType)
    }
})

Documentation

Index

Constants

View Source 
const (
	AccessTokenCookiesName  = "access_token"
	RefreshTokenCookiesName = "refresh_token"
)
View Source 
const PayloadKey = "payload"

Variables

View Source 
var (
	ErrTokenAbscent            = errors.New("token abscent")
	ErrTokenExpired            = errors.New("token expired")
	ErrTokenInvalid            = errors.New("token invalid")
	ErrPayloadMismatch         = errors.New("payload mismatch")
	ErrNeedPayloadType         = errors.New("need payload type to construct it on decode time")
	ErrNeedRefreshTokenStorage = errors.New("must have persistent refresh token storage. without it security level will be to low")
	ErrNeedRBAC                = errors.New("must have RBAC checker function")
	ErrDoAutoRefresh           = errors.New("successfully do autorefresh access token") // there is no success logging, so do error
)

Functions

This section is empty.

Types

type AccessToken 

type AccessToken struct {
	// contains filtered or unexported fields
}

type Config 

type Config struct {
	RefreshURL         string
	LoginURL           string
	ReturnToRef        bool // will refresh produce 307 redirect in case of noon empty referer
	DisableAutoRefresh bool // will automatically refresh access token in case of expire or do 401 or redirect

	PrivateKey ed25519.PrivateKey // is necessary only for NewSession & Refresh to generate new access & refresh tockens
	PublicKey  ed25519.PublicKey

	ExpirationAccess  time.Duration
	ExpirationRefresh time.Duration

	ErrorLogger             ErrorLogger
	StoreRefreshAtStorage   StoreRefreshAtStorage
	RemoveRefreshAtStorage  RemoveRefreshAtStorage
	ReplaceRefreshAtStorage ReplaceRefreshAtStorage
	PayloadType             reflect.Type // necessary to convert from token to struct
	RBAC                    RBAC
}

type ErrorLogger 

type ErrorLogger func(c *gin.Context, err error)

type Middleware 

type Middleware struct {
	// contains filtered or unexported fields
}

func New 

func New(cfg Config) (*Middleware, error)

func (Middleware) Access 

func (m Middleware) Access(c *gin.Context)

func (Middleware) ExtractPayload 

func (m Middleware) ExtractPayload(c context.Context) interface{}

func (Middleware) Logout 

func (m Middleware) Logout(c *gin.Context)

func (Middleware) NewSession 

func (m Middleware) NewSession(c *gin.Context, payload interface{}) error

func (Middleware) Refresh 

func (m Middleware) Refresh(c *gin.Context)

type RBAC 

type RBAC func(c *gin.Context, payload interface{}) error

type RefreshToken 

type RefreshToken struct {
	Generation uint64
	// contains filtered or unexported fields
}

type RemoveRefreshAtStorage 

type RemoveRefreshAtStorage func(c *gin.Context, token string, payload interface{}) error

type ReplaceRefreshAtStorage 

type ReplaceRefreshAtStorage func(c *gin.Context, oldToken, newToken string, payload interface{}) error

type StoreRefreshAtStorage 

type StoreRefreshAtStorage func(c *gin.Context, token string, payload interface{}) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.