services

package
v0.0.0-...-c97fb91 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 12, 2020 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PersistentSession maintain the user logged in for up to 365 days of inactivity.
	// The 'remember me' option when signing in uses this.
	PersistentSession = "persistent"

	// EphemeralSession maintain the user logged in for up to 30 days of inactivity.
	// This work as long as the browser isn't closed or browser session isn't restored.
	// It is important to have in mind that cookie expiration might be undetermined at the client-side,
	// but at the server-side, there is always a session expiration (lower in case of an 'ephemeral' session).
	EphemeralSession = "ephemeral"
)
View Source 
const SessionIDCookieName = "__Host-Market-SID"

SessionIDCookieName is the cookie name where the session id is stored on the browser. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Cookie_prefixes

Variables

View Source 
var ErrUserNotFound = errors.New("user not found")

ErrUserNotFound occurs when no user is found.

View Source 
var ErrWrongPassword = errors.New("wrong password")

ErrWrongPassword is used after failing to verify password.

Functions

func CSRFToken 

func CSRFToken(r *http.Request) string

CSRFToken from a request.

func SessionContext 

func SessionContext(ctx context.Context, session *Session) context.Context

SessionContext adds a session to a given context.

func UserContext 

func UserContext(ctx context.Context, u *User) context.Context

UserContext adds an user object to a given context.

Types

type Accounts 

type Accounts struct {
	// contains filtered or unexported fields
}

Accounts services.

func (*Accounts) CheckPassword 

func (a *Accounts) CheckPassword(ctx context.Context, userID, password string) error

CheckPassword for user.

func (*Accounts) GetUserByEmail 

func (a *Accounts) GetUserByEmail(ctx context.Context, email string) (*User, error)

GetUserByEmail and return user object.

func (*Accounts) GetUserByID 

func (a *Accounts) GetUserByID(ctx context.Context, userID string) (*User, error)

GetUserByID and return user object.

func (*Accounts) NewAdmin 

func (a *Accounts) NewAdmin(ctx context.Context, p NewAdminParams) (id string, err error)

NewAdmin creates a new admin user.

func (*Accounts) NewUser 

func (a *Accounts) NewUser(ctx context.Context, p NewUserParams) (id string, err error)

NewUser creates a new user.

func (*Accounts) SetCredentials 

func (a *Accounts) SetCredentials(ctx context.Context, p SetPasswordParams) error

SetCredentials for user.

type Authorization 

type Authorization string

Authorization role levels. 

var (
	// UserAuthorization role.
	UserAuthorization Authorization = "user"

	// AdminAuthorization role.
	AdminAuthorization Authorization = "admin"
)

type CSRFProtection 

type CSRFProtection struct {
	// contains filtered or unexported fields
}

CSRFProtection protects requests against Cross-Site Request Forgery attacks. See https://owasp.org/www-community/attacks/csrf It uses https://github.com/justinas/nosurf behind the scenes.

func NewCSRFProtection 

func NewCSRFProtection(handler http.Handler) *CSRFProtection

NewCSRFProtection middleware.

func (*CSRFProtection) ExemptFunc 

func (c *CSRFProtection) ExemptFunc(fn func(r *http.Request) bool)

ExemptFunc to bypass CSRF protection for a given request. This should only be used when there is already another CSRF protection in place, such as by the use of other types of tokens, and to allow HTTP connections from webhooks or non-browser clients that doesn't require or support CSRF protection. Please remember to always protect endpoints accordingly, and consider the case of browsers accessing them directly without CSRF protection.

func (*CSRFProtection) RegenerateToken 

func (c *CSRFProtection) RegenerateToken(w http.ResponseWriter, r *http.Request) string

RegenerateToken on a given request. Should be called during login/logout operations.

func (*CSRFProtection) ServeHTTP 

func (c *CSRFProtection) ServeHTTP(w http.ResponseWriter, r *http.Request)

func (*CSRFProtection) SetFailureHandler 

func (c *CSRFProtection) SetFailureHandler(handler http.Handler)

SetFailureHandler for when requests fail.

type Core 

type Core struct {
	// Settings of the application.
	Settings config.Settings

	// PostgreSQL relational database.
	Postgres *pgxpool.Pool

	// Redis cache layer.
	Redis *redis.Client

	// Elasticsearch client.
	Elasticsearch *elasticsearch.Client

	// CSRFProtection middleware.
	CSRFProtection *CSRFProtection
}

Core services include settings of the application, external services, and dependencies.

type Images 

type Images struct {
	// contains filtered or unexported fields
}

Images service.

func (*Images) HTML 

func (i *Images) HTML(path string, alt string, p ThumbnailParams) (template.HTML, error)

HTML returns a img tag with src and srcset for regular and Retina display formats. 

func (i *Images) Link(path string, p ThumbnailParams) (string, error)

Link of the image thumbnail.

type LoginParams 

type LoginParams struct {
	// RememberMe defines whether to set a persistent cookie that survives closing the browser or not.
	RememberMe bool
}

LoginParams to control cookie persistence, and etc.

type Modules 

type Modules struct {
	Settings config.Settings
	Accounts Accounts
	Sessions Sessions
	Security Security
	Images   Images
}

Modules exposes internal services to the HTTP handlers without giving direct unchecked access to the core services.

func NewModules 

func NewModules(core *Core) (*Modules, error)

NewModules creates an instance of each service in this package and returns a Module object that can be injected elsewhere.

type NewAdminParams 

type NewAdminParams struct {
	NewUserParams
	Password string
}

NewAdminParams required to create a new admin user.

type NewUserParams 

type NewUserParams struct {
	Name   string
	Email  string
	Phone  string
	Access Authorization
}

NewUserParams to create a new user.

func (*NewUserParams) ValidateAndNormalize 

func (p *NewUserParams) ValidateAndNormalize() error

ValidateAndNormalize user params.

type Security 

type Security struct {
	// contains filtered or unexported fields
}

Security module.

func (*Security) RegenerateCSRFToken 

func (s *Security) RegenerateCSRFToken(w http.ResponseWriter, r *http.Request) string

RegenerateCSRFToken on a given request. Should be called during login/logout operations.

type Session 

type Session struct {
	ID         string
	StickyID   string
	CreatedAt  time.Time
	Expire     time.Time
	State      string
	UserID     string
	RememberMe bool
}

Session data.

func SessionFromRequest 

func SessionFromRequest(r *http.Request) *Session

SessionFromRequest extracts the session data from a request.

type Sessions 

type Sessions struct {
	// contains filtered or unexported fields
}

Sessions services.

See https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html

func (*Sessions) Close 

func (s *Sessions) Close(ctx context.Context, stickyID string) error

Close session. Revokes its sticky session id to make any existing cookie associated to it invalid.

func (*Sessions) CloseExpired 

func (s *Sessions) CloseExpired(ctx context.Context) (int, error)

CloseExpired sessions changes the state of expired sessions to mark them as expired. It should be called on a schedule.

func (*Sessions) Login 

func (s *Sessions) Login(w http.ResponseWriter, r *http.Request, userID string, p LoginParams) (*Session, error)

Login logs out of any existing session and logs in again.

func (*Sessions) Read 

func (s *Sessions) Read(w http.ResponseWriter, r *http.Request) (*Session, error)

Read session cookie from request or create a new one.

type SetPasswordParams 

type SetPasswordParams struct {
	UserID   string
	Password string
}

SetPasswordParams for a given user.

type ThumbnailParams 

type ThumbnailParams struct {
	// Type of the output format (i.e., jpeg, png, webp; default: auto)
	Type string

	// Quality of the image (default, 90).
	Quality int

	// Width of the thumbnail.
	Width int

	// Height of the thumbnail.
	Height int

	// Method to call in imaginary for image transformation.
	// By default fit is used. See https://github.com/h2non/imaginary.
	Method string
}

ThumbnailParams to generate links and HTML tags for images.

type User 

type User struct {
	UserID    string
	Name      string
	Email     string
	Phone     string
	CreatedAt time.Time
	UpdatedAt time.Time
	Access    Authorization
}

User structure

func UserFromRequest 

func UserFromRequest(r *http.Request) *User

UserFromRequest extracts the session data from a request.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.