Documentation ¶
Index ¶
- Variables
- func CompareHashes(h0, h1 []byte) bool
- func EnforcePermission(perm string) negroni.Handler
- func GetAccessChecker(r *http.Request) page.AccessChecker
- func HashPassword(password string, salt []byte) ([]byte, []byte)
- func IsAccountnameBlacklisted(accountname string) bool
- func LogoutPage(m *session.Middleware, middlewares ...negroni.Handler) server.Route
- func NewLoginForm(m *session.Middleware) form.Delegate
- func NormalizeAccountname(accountname string) string
- func Pages(store keyvalue.Store, m *session.Middleware, ...) []server.Route
- func PreloadPermissions() negroni.Handler
- func RespondPermissionDenied(w http.ResponseWriter, r *http.Request, permName string)
- func SavePermissions(conn database.DB, id uuid.UUID, p Permissions) error
- type AccessCheckLoader
- type Account
- type PasswordValidator
- type PasswordValidatorFunc
- type Permission
- type Permissions
- type RegistrationFormDelegate
Constants ¶
This section is empty.
Variables ¶
var AccountnameBlacklist = []string{
"autoconfig",
"autodiscover",
"broadcasthost",
"isatap",
"localdomain",
"localhost",
"wpad",
"ftp",
"imap",
"mail",
"news",
"pop",
"pop3",
"smtp",
"usenet",
"uucp",
"webmail",
"www",
"admin",
"administrator",
"hostmaster",
"info",
"is",
"it",
"mis",
"postmaster",
"root",
"ssladmin",
"ssladministrator",
"sslwebmaster",
"sysadmin",
"webmaster",
"abuse",
"marketing",
"noc",
"sales",
"security",
"support",
"mailer-daemon",
"nobody",
"noreply",
"no-reply",
"clientaccesspolicy.xml",
"crossdomain.xml",
"favicon.ico",
"humans.txt",
"keybase.txt",
"robots.txt",
".htaccess",
".htpasswd",
"account",
"accounts",
"blog",
"buy",
"clients",
"contact",
"contactus",
"contact-us",
"copyright",
"dashboard",
"doc",
"docs",
"download",
"downloads",
"enquiry",
"faq",
"help",
"inquiry",
"license",
"login",
"logout",
"me",
"myaccount",
"payments",
"plans",
"portfolio",
"preferences",
"pricing",
"privacy",
"profile",
"register",
"secure",
"settings",
"signin",
"signup",
"ssl",
"status",
"subscribe",
"terms",
"tos",
"user",
"users",
"weblog",
"work",
".well-known",
}
AccountnameBlacklist is a list of account names that can't be registered.
This list is copied from django-registration.
var Separators = []string{
" ",
" ",
".",
"-",
"_",
}
Separators is a list of common separators in usernames.
Functions ¶
func CompareHashes ¶
CompareHashes safely compares password hashes.
func EnforcePermission ¶
EnforcePermission is a middleware that makes sure the current account has the given permission before proceeding on the middleware chain.
func GetAccessChecker ¶
func GetAccessChecker(r *http.Request) page.AccessChecker
GetAccessChecker returns the access checker saved in the request context.
func HashPassword ¶
HashPassword hashes a string password.
If the salt is nil, it will be generated.
Returns the hash and salt.
func IsAccountnameBlacklisted ¶
IsAccountnameBlacklisted checks if the account name is on the internal blacklist.
Currently uses an O(n) lookup, but it should be fine, given that the blacklist only has around ~100~200 items.
func LogoutPage ¶
LogoutPage is the handler for the logout page.
func NewLoginForm ¶
func NewLoginForm(m *session.Middleware) form.Delegate
NewLoginForm creates the delegate for the login form.
func NormalizeAccountname ¶
NormalizeAccountname creates a normalized version of the account name.
The purpose of this function is to make it harder to create misleading usernames, that look the same but different (because of fancy unicode characters, separators, lower/upper case differences).
func Pages ¶
func Pages(store keyvalue.Store, m *session.Middleware, passwordValidator PasswordValidator, mailer mailer.Mailer, baseurl *server.BaseURL) []server.Route
Pages returns the html pages for the Account entity.
func PreloadPermissions ¶
PreloadPermissions is a middleware that lazy-loads permissions for a given account.
func RespondPermissionDenied ¶
func RespondPermissionDenied(w http.ResponseWriter, r *http.Request, permName string)
RespondPermissionDenied responds with a permission denied page.
func SavePermissions ¶
SavePermissions overwrites the permissions for a given account.
It is strongly recommended that the database connection given to this function is a transaction.
Types ¶
type AccessCheckLoader ¶
type AccessCheckLoader struct{}
AccessCheckLoader adds the default access check loader to a form.
This type is meant to be embedded in a form delegate.
func (AccessCheckLoader) GetAccessCheck ¶
func (l AccessCheckLoader) GetAccessCheck(r *http.Request) page.AccessChecker
GetAccessCheck returns the access checker saved in the request context.
This function helps a form delegate to implement form.Delegate by using the GetAccessChecker().
type Account ¶
type Account struct { ID uuid.UUID `json:"id"` Username string `json:"username"` Email string `json:"email"` Active bool `json:"active"` // contains filtered or unexported fields }
Account represents the main user entity.
func LoadAccount ¶
LoadAccount loads an account from the database by a given id.
func LoadAccountByEmail ¶
LoadAccountByEmail loads an account from the database by a given email.
func LoadAccountByUsername ¶
LoadAccountByUsername loads an account from the database by a given username.
func (*Account) CheckPassword ¶
CheckPassword compares a given password with the saved one.
func (*Account) SetPassword ¶
SetPassword sets a password on the account by correctly hashing it and updating the salt.
type PasswordValidator ¶
PasswordValidator checks if a password is valid (strong enough, not compromised) when users register or change password.
type PasswordValidatorFunc ¶
PasswordValidatorFunc is a single function implementation of PasswordValidator.
type Permission ¶
Permission represents data from the permission table.
func (Permission) SchemaSQL ¶
func (p Permission) SchemaSQL() string
SchemaSQL returns the database schema for the permission table.
type Permissions ¶
type Permissions []string
Permissions represent the set of permissions that an account has.
func LoadPermissions ¶
LoadPermissions loads the list of permissions for a given account.
func (Permissions) Has ¶
func (p Permissions) Has(perm string) bool
Has checks if an account has a permission or not.
While this is using a linear search, it should be fine since an account won't have more than a few dozen permissions.
type RegistrationFormDelegate ¶
type RegistrationFormDelegate interface { form.Delegate Verify(w http.ResponseWriter, r *http.Request) }
RegistrationFormDelegate expands the form.Delegate with a registration verification endpoint.
func NewRegistrationForm ¶
func NewRegistrationForm(passwordValidator PasswordValidator, mailer mailer.Mailer, baseurl *server.BaseURL) RegistrationFormDelegate
NewRegistrationForm creates the delegate for the registration form.