README
¶
Auther
Auther is a Go library to handle user authentication, i.e. registration, login, and logout.
Usage
Interface
type Authenticator interface {
Signup(fullname, username, password string) (string, error)
Signin(username, password string) (string, error)
Signout(token string) error
Authenticate(token string) (User, error)
}
type User struct {
ID UserID `json:"id"`
Username string `json:"username"`
FullName string `json:"fullname"`
}
Example
import auther "github.com/tfdavids/auther"
func main() {
// db := ...
a, err := auther.NewPSQLAuthenticator(db)
if err != nil {
// handle error
}
_, err = a.Signup("John Smith", "jsmith", "supersecretpassword")
if err != nil {
// handle error
}
// we could have kept the token above, but let's sign in here
token, err := a.Signin("jsmith", "supersecretpassword")
if err != nil {
// handle error
}
user, err := a.Authenticate(token)
if err != nil {
// handle error
}
err = a.Signout(token)
if err != nil {
// handle error
}
// the following will throw an error, since we've signed out
user, err = a.Authenticate(token)
// ...
}
Security
Passwords are hashed using the PBKDF2 algorithm, with 4096 iterations and a keyLen of 32, and the SHA1 hash function. Each password is salted with a unique 48-byte salt, which is stored in the database along with the hashed password. Plaintext passwords are never stored in the database.
Session tokens are 48-byte random strings and can be stored in local storage for persistent login.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthDatabase ¶
type AuthDatabase interface {
AddUser(username, fullName, passwordHash, passwordSalt string, isDisabled bool) (userRow, error)
GetUser(username string) (userRow, error)
GetUserByID(userID UserID) (userRow, error)
CreateUserSession(token string, userID UserID, loginTime time.Time, lastSeenTime time.Time) error
GetUserSession(token string) (UserSession, error)
UpdateUserSessionLastSeenTime(token string, lastSeenTime time.Time) error
RemoveUserSession(token string) error
}
func NewInMemoryAuthDatabase ¶
func NewInMemoryAuthDatabase() AuthDatabase
func NewPSQLAuthDatabase ¶
func NewPSQLAuthDatabase(db *sql.DB) (AuthDatabase, error)
type Authenticator ¶
type Authenticator interface {
Signup(fullname, username, password string) (string, error)
Signin(username, password string) (string, error)
Signout(token string) error
Authenticate(token string) (User, error)
}
Authenticator is an interface for authentication functions.
Authenticator is an interface to be used for critical authentication functionality; registering, logging in and out, and authenticating a user's token. Under the hood, it uses a database dependency to store user data and session information.
func NewInMemoryAuthenticator ¶
func NewInMemoryAuthenticator() (Authenticator, error)
func NewPSQLAuthenticator ¶
func NewPSQLAuthenticator(sqldb *sql.DB) (Authenticator, error)
NewAuthenticator returns an implementation of Authenticator.
This function takes a `sql.DB` and returns an Authenticator using that instance.
type User ¶
type User struct {
ID UserID `json:"id"`
Username string `json:"username"`
FullName string `json:"fullname"`
}
User is the basic user information returned to the caller on authentication.
Source Files