The highest tagged major version is v2.

rememberme

package

v1.8.3 Latest Latest Go to latest Published: Apr 7, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/qqiao/webapp

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rememberme contains all functionalities regarding the storage and validation of the rememberme tokens.

Basics ¶

A rememberme token is a way for the server side application to "remember" the user logged in.

A user could have an unlimited number of rememberme tokens associated to his or her account, each with a different unique identifier.

The purpose of the unique identifier is to identify different tokens from different client device and/or browser instances and to facilitate token revocation.

If a rememberme token is already available to a client on a particular device or browser, the client should re-use this token instead of attempting to obtain a new one. Reusing valid avoids additional tokens being created unnecessarily and hence the storage burden that is associated to it.

Expiration ¶

A rememberme token itself does not automatically expire. However, it would be good practice for applications to periodically clean up unused tokens as a good security measure.

The Purge method is designed for this purpose. The frequency of calling this function and the cutoff time for what is considered old tokens are entirely determined by the downstream application.

Revocation ¶

A token can also be revoked. Once done so, subsequent ValidateToken calls from any client would fail.

Token revocation is usually done as a security measure, when a user no longer have access to the browser instance and/or the device a particular token was initially issued to.

This action is usually initiated by a user, but applications are strongly recommended to provide the necessary UI to facilitate the token revocation.

Index ¶

Variables
type FirebaseTokenManager
- func NewFirebaseTokenManager(client *firestore.Client, collectionName string) FirebaseTokenManager
type Token
type TokenManager

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrTokenDuplicate = errors.New("token duplicate")
	ErrTokenNotFound  = errors.New("token not found")
	ErrTokenInvalid   = errors.New("token invalid")
)

Errors

Functions ¶

This section is empty.

Types ¶

type FirebaseTokenManager ¶ added in v1.7.0

type FirebaseTokenManager struct {
	// contains filtered or unexported fields
}

FirebaseTokenManager manages datastore operations regarding rememberme tokens.

func NewFirebaseTokenManager ¶ added in v1.7.0

func NewFirebaseTokenManager(client *firestore.Client,
	collectionName string) FirebaseTokenManager

NewFirebaseTokenManager creates a token manager with the given firestore client and collection name to store the rememberme tokens in.

func (FirebaseTokenManager) Add ¶ added in v1.7.0

func (m FirebaseTokenManager) Add(ctx context.Context,
	token Token) (<-chan *Token, <-chan error)

Add adds the token to the underlying datastore

This function will return ErrTokenDuplicate if the given Username Identifier combination already exists in the datastore

func (FirebaseTokenManager) Delete ¶ added in v1.7.0

func (m FirebaseTokenManager) Delete(ctx context.Context,
	token Token) <-chan error

Delete deletes the token permanently from the underlying datastore.

Once deleted, a token cannot be recovered

func (FirebaseTokenManager) Purge ¶ added in v1.7.0

func (m FirebaseTokenManager) Purge(ctx context.Context, username string,
	cutoff time.Time) <-chan error

Purge removes tokens belonging to a given user last used before or equal to the cutoff time.

This function DELETES all matching tokens, regardless of whether the token has been revoked.

func (FirebaseTokenManager) Revoke ¶ added in v1.7.0

func (m FirebaseTokenManager) Revoke(ctx context.Context,
	token Token) (<-chan *Token, <-chan error)

Revoke revokes a given token by marking the Revoked field to true.

Although both revoking a token and removing a token will make the ValidateToken call fail, RevokeToken leaves the token stored in the data store.

func (FirebaseTokenManager) Validate ¶ added in v1.7.0

func (m FirebaseTokenManager) Validate(ctx context.Context,
	token Token) (<-chan *Token, <-chan error)

Validate checks if the given token is valid.

A token is considered valid if it meets the following conditions:

The Username/Identifier combination exists in the datastore
The token has not been revoked.

This method returns a ErrTokenInvalid if the token cannot be validated. This method also passes through any underlying datastore errors to the caller.

If the token is valid, its LastUsed will be updated to the current time to record the fact that the token has recently been used.

type Token ¶

type Token struct {
	Username   string
	Identifier string
	Revoked    bool
	UserAgent  string
	Created    int64
	LastUsed   int64
}

Token represents a rememberme token stored.

type TokenManager ¶

type TokenManager interface {
	// Add adds the token to the underlying datastore
	//
	// This function will return ErrTokenDuplicate if the given Username
	// Identifier combination already exists in the datastore
	Add(ctx context.Context, token Token) (<-chan *Token, <-chan error)

	// Delete deletes the token permanently from the underlying datastore.
	//
	// Once deleted, a token cannot be recovered
	Delete(ctx context.Context, token Token) <-chan error

	// Purge removes tokens belonging to a given user last used before or equal
	// to the cutoff time.
	//
	// This function DELETES all matching tokens, regardless of whether the
	// token has been revoked.
	Purge(ctx context.Context, username string, cutoff time.Time) <-chan error

	// Revoke revokes a given token by marking the Revoked field to true.
	//
	// Although both revoking a token and removing a token will make the
	// ValidateToken call fail, RevokeToken leaves the token stored in the data
	// store.
	Revoke(ctx context.Context, token Token) (<-chan *Token, <-chan error)

	// Validate checks if the given token is valid.
	//
	// A token is considered valid if it meets the following conditions:
	//
	//   1. The Username/Identifier combination exists in the datastore
	//   2. The token has not been revoked.
	//
	// This method returns a ErrTokenInvalid if the token cannot be validated.
	// This method also passes through any underlying datastore errors to the
	// caller.
	//
	// If the token is valid, its LastUsed will be updated to the current time
	// to record the fact that the token has recently been used.
	Validate(ctx context.Context, token Token) (<-chan *Token, <-chan error)
}

TokenManager manages all rememberme token related operations.

Depending on how the tokens are stored and queried, there could be multiple different implementations of a TokenManager.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL