auth
159:cf6c1f05eb21
Go to Latest
auth/doc.go
Enable terminating sessions through the API.
Add a terminateSession method to the sessionStore that sets the Active property
of the Session to false.
Create a Context.TerminateSession wrapper for the terminateSession method on the
sessionStore.
Add a Sessions property to our response type so we can return a []Session in API
responses.
Use the URL-safe encoding when base64 encoding our session ID and CSRFToken, so
the ID can be passed in the URL and so our encodings are consistent.
Add a TerminateSessionHandler function that will extract a Session ID from the
request URL, authenticate the user, check that the authenticated user owns the
session in question, and terminate the session.
Add implementations for our new terminateSession method for the memstore and
postgres types.
Test both the memstore and postgres implementation of our terminateSession
helper in session_test.go.
2 Package auth provides an authentication service for managing user accounts and an OAuth2 provider.
4 The service is an opinionated implementation of authentication using passphrases and the
5 code.secondbit.org/pass package to implement user credentials and accounts. Additionally, users
6 are permitted to login using any email address they have on record. Care is also taken to be able
7 to mitigate attacks that have already happened and plan ahead for the worst case scenarios.
9 An OAuth2 provider is also built-in and provided, complete with client registration and management,
10 as well as a specification-based set of handlers for managing the issuing of grants and tokens. Token
11 validiity may be asserted through an API, or a proxy service is provided for stripping auth-specific
12 information from requests and replacing it with a trusted header containing information about the user
13 and client that authorized the request.