Documentation ¶
Overview ¶
Package user provides user data handling functionality.
Index ¶
- Variables
- func CheckEmail(e string) error
- func CheckFilterKey(k, _ string) error
- func CheckPassword(p string) error
- func CheckSortKey(k string) error
- func DefaultDeleteCheck(_ context.Context, _ User) error
- func FromFullToken(t string) (string, xid.ID, error)
- func SetCreator(c Creator) setter
- func SetDeleteCheck(c DeleteCheck) setter
- func SetLoginCheck(c LoginCheck) setter
- func SetParser(p Parser) setter
- func SetRecoveryLifetime(t TokenLifetime) setter
- func SetSessionDuration(sd time.Duration) setter
- func SetVerificationLifetime(t TokenLifetime) setter
- func SetupLinks(r string) map[httpflow.LinkKey]string
- type Core
- func (c *Core) ApplyInput(inp Inputer) (Summary, error)
- func (c *Core) CancelRecovery(t string) error
- func (c *Core) CancelVerification(t string) error
- func (c *Core) ExposeCore() *Core
- func (c *Core) InitRecovery(tl TokenLifetime) (string, error)
- func (c *Core) InitVerification(tl TokenLifetime) (string, error)
- func (c *Core) IsActivated() bool
- func (c *Core) IsPasswordCorrect(p string) bool
- func (c *Core) Recover(t, p string) error
- func (c *Core) SetEmail(e string) (bool, error)
- func (c *Core) SetPassword(p string) (bool, error)
- func (c *Core) SetUnverifiedEmail(e string) (bool, error)
- func (c *Core) UpdatePassword(oldPass, newPass string) (bool, error)
- func (c *Core) Verify(t string) error
- type CoreInput
- type CoreStats
- type CoreSummary
- type Creator
- type DB
- type DeleteCheck
- type EmailSender
- type Handler
- func (h *Handler) BasicRouter(open bool) chi.Router
- func (h *Handler) CancelRecovery(w http.ResponseWriter, r *http.Request)
- func (h *Handler) CancelVerification(w http.ResponseWriter, r *http.Request)
- func (h *Handler) Defaults()
- func (h *Handler) Delete(w http.ResponseWriter, r *http.Request)
- func (h *Handler) Fetch(w http.ResponseWriter, r *http.Request)
- func (h *Handler) FetchByToken(r *http.Request) (User, string, error)
- func (h *Handler) FetchSessions(w http.ResponseWriter, r *http.Request)
- func (h *Handler) InitRecovery(w http.ResponseWriter, r *http.Request)
- func (h *Handler) LogIn(w http.ResponseWriter, r *http.Request)
- func (h *Handler) LogOut(w http.ResponseWriter, r *http.Request)
- func (h *Handler) PingRecovery(w http.ResponseWriter, r *http.Request)
- func (h *Handler) Recover(w http.ResponseWriter, r *http.Request)
- func (h *Handler) Register(w http.ResponseWriter, r *http.Request)
- func (h *Handler) ResendVerification(w http.ResponseWriter, r *http.Request)
- func (h *Handler) RevokeOtherSessions(w http.ResponseWriter, r *http.Request)
- func (h *Handler) RevokeSession(w http.ResponseWriter, r *http.Request)
- func (h *Handler) Router(open bool) chi.Router
- func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)
- func (h *Handler) Update(w http.ResponseWriter, r *http.Request)
- func (h *Handler) Verify(w http.ResponseWriter, r *http.Request)
- type Inputer
- type LoginCheck
- type Parser
- type Stats
- type Summary
- type Token
- type TokenLifetime
- type User
Constants ¶
This section is empty.
Variables ¶
var ( // ErrTooManyTokens is returned when too many requests for new tokens // have been received. ErrTooManyTokens = httpflow.NewError(nil, http.StatusTooManyRequests, "too many requests") // ErrInvalidToken is returned when the provided token is incorrect or // already expired. ErrInvalidToken = httpflow.NewError(nil, http.StatusBadRequest, "invalid token") )
var ( // ErrInvalidEmail is returned when email is determined to be invalid. ErrInvalidEmail = httpflow.NewError(nil, http.StatusBadRequest, "invalid email") // ErrInvalidPassword is returned when password is determined to be // invalid. ErrInvalidPassword = httpflow.NewError(nil, http.StatusBadRequest, "invalid password") // ErrInvalidCredentials is returned when login credentials are // determined to be incorrect. ErrInvalidCredentials = httpflow.NewError(nil, http.StatusUnauthorized, "incorrect credentials") )
var ( // VerifLifetime is the default / recommended verification token // lifetime value. VerifLifetime = TokenLifetime{ Interval: time.Hour * 24 * 7, Cooldown: time.Minute, } // RecovLifetime is the default / recommended recovery token lifetime // value. RecovLifetime = TokenLifetime{ Interval: time.Hour * 3, Cooldown: time.Minute, } )
var ( // ErrNotActivated is returned when an action which is allowed only // by activated users is performed. ErrNotActivated = httpflow.NewError(nil, http.StatusForbidden, "not activated") )
var ( // SessionDuration is the default / recommended session duration // value. SessionDuration = time.Hour * 24 * 30 //nolint:gochecknoglobals // used as a constant )
Functions ¶
func CheckEmail ¶
CheckEmail determines whether the provided email address is of correct format or not.
func CheckFilterKey ¶
CheckFilterKey determines whether the filter key is valid or not.
func CheckPassword ¶
CheckPassword determines whether the provided password is of correct format or not.
func CheckSortKey ¶
CheckSortKey determines whether the sort key is valid or not.
func DefaultDeleteCheck ¶
DefaultDeleteCheck does nothing, just fills the space and contemplates life.
func FromFullToken ¶
FromFullToken extracts token value and user's ID from the combined token form.
func SetCreator ¶
func SetCreator(c Creator) setter
SetCreator sets a function that will be used to construct a new user.
func SetDeleteCheck ¶
func SetDeleteCheck(c DeleteCheck) setter
SetDeleteCheck sets a function that will be called before user deletion.
func SetLoginCheck ¶
func SetLoginCheck(c LoginCheck) setter
SetLoginCheck sets a function that will be called before user auth.
func SetParser ¶
func SetParser(p Parser) setter
SetParser sets a function that will be used to parse user's request input.
func SetRecoveryLifetime ¶
func SetRecoveryLifetime(t TokenLifetime) setter
SetRecoveryLifetime sets token time values for recovery process.
func SetSessionDuration ¶
SetSessionDuration sets the duration of persistent sessions.
func SetVerificationLifetime ¶
func SetVerificationLifetime(t TokenLifetime) setter
SetVerificationLifetime sets token time values for verification process.
func SetupLinks ¶
SetupLinks creates a link string map that should be used for email sending, etc. The parameter specifies the root of the link, example: "http://yoursite.com/user"
Types ¶
type Core ¶
type Core struct { // ID is the primary and unique user identification key. ID xid.ID `json:"id" db:"id"` // CreatedAt specifies the exact time when the user was created. CreatedAt time.Time `json:"created_at" db:"created_at"` // UpdatedAt specifies the exact time when the user was last updated. UpdatedAt time.Time `json:"updated_at" db:"updated_at"` // ActivatedAt specifies the exact time when user's account // was activated. ActivatedAt zero.Time `json:"activated_at" db:"activated_at"` // Email is user's active email address. Email string `json:"email" db:"email"` // UnverifiedEmail is a new email address yet to be verified by its // owner. When verified this field is empty. UnverifiedEmail zero.String `json:"unverified_email" db:"unverified_email"` // PasswordHash is already hashed version of user's password. PasswordHash []byte `json:"-" db:"password_hash"` // Verification holds data needed for account activation or email // update. Verification Token `json:"-" db:"verification"` // Recovery holds data needed for account recovery. Recovery Token `json:"-" db:"recovery"` }
Core holds core fields needed for user data types.
func NewCore ¶
NewCore initializes all the values, user specified and default, needed for user's core to be usable and returns it.
func (*Core) ApplyInput ¶
ApplyInput applies modification to user's core fields and sets new update time.
func (*Core) CancelRecovery ¶
CancelRecovery checks whether the provided Token is valid and clears all active recovery Token data. NOTE: provided Token must in its original / raw form - not combined with user's ID (as InitRecovery method returns).
func (*Core) CancelVerification ¶
CancelVerification checks whether the provided Token is valid and clears the active verification Token data. NOTE: provided Token must be in its original / raw form - not combined with user's ID (as InitVerification method returns).
func (*Core) InitRecovery ¶
func (c *Core) InitRecovery(tl TokenLifetime) (string, error)
InitRecovery initializes account recovery and returns a combination of Token and user ID in a string format to send in recovery emails etc. First parameter determines how long the recovery Token should be active. Second parameter determines how much time has to pass until another Token can be generated.
func (*Core) InitVerification ¶
func (c *Core) InitVerification(tl TokenLifetime) (string, error)
InitVerification initializes account / email verification and returns combination of token and user ID in a string format to send in verification emails etc. First parameter determines how long the verification Token should be active. Second parameter determines how much time has to pass until another Token can be generated.
func (*Core) IsActivated ¶
IsActivated checks whether user's account is activated or not.
func (*Core) IsPasswordCorrect ¶
IsPasswordCorrect checks whether the provided password matches the hash or not.
func (*Core) Recover ¶
Recover checks whether the provided Token is valid and sets the provided password as the new account password. NOTE: provided Token must be in its original / raw form - not combined with user's ID (as InitRecovery method returns).
func (*Core) SetEmail ¶
SetEmail checks and updates user's email address. First return value determines whether the email was set or not.
func (*Core) SetPassword ¶
SetPassword checks and updates user's password. First return value determines whether the password was set or not.
func (*Core) SetUnverifiedEmail ¶
SetUnverifiedEmail checks and updates user's unverified email address. First return value determines whether the email was set or not.
func (*Core) UpdatePassword ¶
UpdatePassword checks and update's users password. NOTE: it will also check the old/current password before setting a new one. First return value determines whether the password was set or not.
func (*Core) Verify ¶
Verify checks whether the provided token is valid and activates the account (if it wasn't already) and/or, if unverified email address exists, confirms it as the main email address. NOTE: provided Token must in its original / raw form - not combined with user's ID (as InitVerification method returns).
type CoreInput ¶
type CoreInput struct { // Email is user's email address submitted for further processing. Email string `json:"email"` // Password is user's plain-text password submitted for // further processing. Password string `json:"password"` // OldPassword is user's plain-text password submitted for // confirmation before password's update. OldPassword string `json:"old_password"` // RememberMe specifies whether a persistent session should be // created on registration / log in or not. RememberMe bool `json:"remember_me"` }
CoreInput holds core fields needed for every user's ApplyInput call.
func (CoreInput) ExposeCore ¶
ExposeCore returns user's core input fields.
type CoreStats ¶
type CoreStats struct { // Total specifies the total number of users in the data store. Total int `json:"total" db:"total"` }
CoreStats holds core user statistics.
func (CoreStats) ExposeCore ¶
ExposeCore returns users' core statistics.
type CoreSummary ¶
type CoreSummary struct { // Email specifies whether the email was modified during // input application or not. Email bool // Password specifies whether the password was modified // during input application or not. Password bool }
CoreSummary holds core fields' information which determines whether they were modified or not.
func (CoreSummary) ExposeCore ¶
func (c CoreSummary) ExposeCore() CoreSummary
ExposeCore returns user's core input fields' modification status.
type Creator ¶
Creator is a function that should be used for custom user creation. Used only during registration.
type DB ¶
type DB interface { // UserStats should return users' data statistics from the // underlying data store. UserStats(ctx context.Context) (Stats, error) // CreateUser should insert a freshly created user into the // underlying data store. CreateUser(ctx context.Context, usr User) error // FetchManyUsers should retrieve multiple users from the // underlying data store by the provided query. // Int return value specifies the total page count. FetchManyUsers(ctx context.Context, qr httpflow.Query) ([]User, int, error) // FetchUserByID should retrieve a user from the underlying // data store by their ID. FetchUserByID(ctx context.Context, id xid.ID) (User, error) // FetchUserByEmail should retrieve a user from the // underlying data store by their email address. FetchUserByEmail(ctx context.Context, eml string) (User, error) // UpdateUser should update user's data in the underlying // data store. UpdateUser(ctx context.Context, usr User) error // DeleteUserByID should delete a user from the underlying // data store by their ID. DeleteUserByID(ctx context.Context, id xid.ID) error }
DB is an interface which should be implemented by the user data store layer.
type DeleteCheck ¶
DeleteCheck is function that should be used for custom account checks before user deletion (e.g. check whether at least one admin user exists or not).
type EmailSender ¶
type EmailSender interface { // SendAccountActivation should send an email regarding account // activation with the token, embedded into a full URL, to the // specified email address. SendAccountActivation(ctx context.Context, eml, tok string) // SendEmailVerification should send an email regarding new email // verification with the token, embedded into a full URL, to the // specified email address. SendEmailVerification(ctx context.Context, eml, tok string) // SendEmailChanged should send an email to the old email // address (first parameter) about a new email address // being set (second parameter). SendEmailChanged(ctx context.Context, oEml, nEml string) // SendAccountRecovery should send an email regarding account // recovery with the token, embedded into a full URL, to the // specified email address. SendAccountRecovery(ctx context.Context, eml, tok string) // SendAccountDeleted should send an email regarding // successful account deletion to the specified email address. SendAccountDeleted(ctx context.Context, eml string) // SendPasswordChanged should send an email notifying about // a successful password change to the specified email address. // Last parameter specifies whether the password was changed during // the recovery process or not. SendPasswordChanged(ctx context.Context, eml string, recov bool) }
EmailSender is an interface which should be implemented by email sending service.
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler holds dependencies required for user management.
func NewHandler ¶
func NewHandler(log zerolog.Logger, db DB, es EmailSender, sm *sessionup.Manager, ss ...setter) *Handler
NewHandler creates a new handler instance with the options provided.
func (*Handler) BasicRouter ¶
BasicRouter returns a chi router instance with basic user routes. Bool parameter determines whether registration is allowed or not (useful for applications where users are invited rather than allowed to register themselves).
func (*Handler) CancelRecovery ¶
func (h *Handler) CancelRecovery(w http.ResponseWriter, r *http.Request)
CancelRecovery checks whether the token in the URL is valid and stops active verification token from further processing.
func (*Handler) CancelVerification ¶
func (h *Handler) CancelVerification(w http.ResponseWriter, r *http.Request)
CancelVerification checks whether the token in the URL is valid and stops active verification token from further processing.
func (*Handler) Defaults ¶
func (h *Handler) Defaults()
Defaults sets all optional handler's values to sane defaults.
func (*Handler) Delete ¶
func (h *Handler) Delete(w http.ResponseWriter, r *http.Request)
Delete handles user's data removal from the data store. On successful deletion, an email will be sent.
func (*Handler) Fetch ¶
func (h *Handler) Fetch(w http.ResponseWriter, r *http.Request)
Fetch handles user's data retrieval.
func (*Handler) FetchByToken ¶
FetchByToken extracts the token from request's URL, retrieves a user by ID embedded in the token and returns user's account instance, raw token and optionally an error.
func (*Handler) FetchSessions ¶
func (h *Handler) FetchSessions(w http.ResponseWriter, r *http.Request)
FetchSessions retrieves all sessions of the same user.
func (*Handler) InitRecovery ¶
func (h *Handler) InitRecovery(w http.ResponseWriter, r *http.Request)
InitRecovery initializes recovery token for the user associated with the provided email address and sends to the same address. On successful execution, a recovery email will be sent to the email provided.
func (*Handler) LogIn ¶
func (h *Handler) LogIn(w http.ResponseWriter, r *http.Request)
LogIn handles user's credentials checking and new session creation. On successful execution, a session will be created.
func (*Handler) LogOut ¶
func (h *Handler) LogOut(w http.ResponseWriter, r *http.Request)
LogOut handles user's active session revokation.
func (*Handler) PingRecovery ¶
func (h *Handler) PingRecovery(w http.ResponseWriter, r *http.Request)
PingRecovery only checks whether the token in the URL is valid or not; no writable modifications are being done.
func (*Handler) Recover ¶
func (h *Handler) Recover(w http.ResponseWriter, r *http.Request)
Recover checks the token in the URL and applies the provided password to the user account data structure. On successful execution, an email will be sent notifying about password change.
func (*Handler) Register ¶
func (h *Handler) Register(w http.ResponseWriter, r *http.Request)
Register handles new user's creation and insertion into the data store. On successful execution, a session will be created and account activation email will sent.
func (*Handler) ResendVerification ¶
func (h *Handler) ResendVerification(w http.ResponseWriter, r *http.Request)
ResendVerification attempts to send and generate the verification token once more. On successful execution, either account activation or new email verification will be sent.
func (*Handler) RevokeOtherSessions ¶
func (h *Handler) RevokeOtherSessions(w http.ResponseWriter, r *http.Request)
RevokeOtherSessions revokes all sessions of the same user besides the current one.
func (*Handler) RevokeSession ¶
func (h *Handler) RevokeSession(w http.ResponseWriter, r *http.Request)
RevokeSession revokes one specific session of the user with the active session in the request's context.
func (*Handler) Router ¶
Router returns a chi router instance with all core user routes. Bool parameter determines whether registration is allowed or not (useful for applications where users are invited rather than allowed to register themselves).
func (*Handler) ServeHTTP ¶
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP handles all core user routes. Registration is allowed (use Router method to override this).
func (*Handler) Update ¶
func (h *Handler) Update(w http.ResponseWriter, r *http.Request)
Update handles user's data update in the data store. On email address change, a verification email will be sent to the new address. On password change, all other sessions will be destroyed and email sent.
func (*Handler) Verify ¶
func (h *Handler) Verify(w http.ResponseWriter, r *http.Request)
Verify checks whether the token in the URL is valid and activates either user's account or their new email address. If new email was changed and verified, an email will be sent to the old address about the change.
type Inputer ¶
type Inputer interface { // ExposeCore should return user's core input fields. ExposeCore() CoreInput }
Inputer is an interface which should be implemented by every user input data type.
type LoginCheck ¶
LoginCheck is a function that should be used for custom user data checks before authentication. Used before non-registration type authentication (e.g. login).
func DefaultLoginCheck ¶
func DefaultLoginCheck(open bool) LoginCheck
DefaultLoginCheck checks whether the user has to be activated before authentication or not.
type Parser ¶
Parser is a function that should be used for custom input parsing. Used only during user update process and registration.
type Stats ¶
type Stats interface { // ExposeCore should return users' core statistics. ExposeCore() CoreStats }
Stats is an interface which should be implemented by every user statistics data type.
type Summary ¶
type Summary interface { // ExposeCore should return user's core fields' modification status. ExposeCore() CoreSummary }
Summary is an interface which should be implemented by every user data type describing modifications during updates.
type Token ¶
type Token struct { // ExpiresAt specifies the exact time when the token becomes invalid. ExpiresAt null.Time `json:"-" db:"expires_at"` // NextAt specifies the exact time when the next token will be allowed // to be generated. NextAt null.Time `json:"-" db:"next_at"` // Hash is the hashed token value version. Treat it as a temporary // password. Hash []byte `json:"-" db:"hash"` }
Token is a temporary password-type data structure used for account verification and recovery.
type TokenLifetime ¶
type TokenLifetime struct { // Interval is used for token expiration time calculation. Interval time.Duration // Cooldown is used for token next allowed generation time calculation. Cooldown time.Duration }
TokenLifetime holds data related to token expiration and next generation times.
type User ¶
type User interface { // ApplyInput should set values from provided data structure. // If certain input fields are empty, their destination fields // in the underlying user's structure should not be modified. ApplyInput(i Inputer) (Summary, error) // ExposeCore should return user's core fields. ExposeCore() *Core }
User is an interface every user data type should implement.