auth: doc.go annotate

Enable terminating sessions through the API. Add a terminateSession method to the sessionStore that sets the Active property of the Session to false. Create a Context.TerminateSession wrapper for the terminateSession method on the sessionStore. Add a Sessions property to our response type so we can return a []Session in API responses. Use the URL-safe encoding when base64 encoding our session ID and CSRFToken, so the ID can be passed in the URL and so our encodings are consistent. Add a TerminateSessionHandler function that will extract a Session ID from the request URL, authenticate the user, check that the authenticated user owns the session in question, and terminate the session. Add implementations for our new terminateSession method for the memstore and postgres types. Test both the memstore and postgres implementation of our terminateSession helper in session_test.go.

paddy@57	1 /*
paddy@57	2 Package auth provides an authentication service for managing user accounts and an OAuth2 provider.
paddy@57	3
paddy@57	4 The service is an opinionated implementation of authentication using passphrases and the
paddy@57	5 code.secondbit.org/pass package to implement user credentials and accounts. Additionally, users
paddy@158	6 are permitted to login using any email address they have on record. Care is also taken to be able
paddy@158	7 to mitigate attacks that have already happened and plan ahead for the worst case scenarios.
paddy@57	8
paddy@57	9 An OAuth2 provider is also built-in and provided, complete with client registration and management,
paddy@57	10 as well as a specification-based set of handlers for managing the issuing of grants and tokens. Token
paddy@57	11 validiity may be asserted through an API, or a proxy service is provided for stripping auth-specific
paddy@57	12 information from requests and replacing it with a trusted header containing information about the user
paddy@57	13 and client that authorized the request.
paddy@57	14 */
paddy@57	15 package auth

auth

auth/doc.go