Skip to content

cameronmore/go-sessions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
auth
auth
 
 
docs
docs
 
 
env
env
 
 
sessions
sessions
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Go Session Auth

🚧 This repository is still under construction and is pre-v1.0.0

A session-based authentication library for Go.

Background

This library is a relatively simple implementation of session based authentication.

Quickstart

To use this library, create a new authentication context struct by passing your secret key (for signing the session id) and something that implements the sessions.AuthStore interface (so far, there are SQLite and Postgres implementations):

(after importing it)

import "github.com/cameronmore/go-sessions/auth"

Then:

// Define a new SQLite store that implements the interface
sqliteAuthStore, err := auth.NewSQLiteStore(db, secret, 7 * 24 * time.Hour)
if err != nil {
	panic(err)
}
// pass that store to the Authcontext that expects the interface
var authCtx auth.AuthContext
authCtx.Ac = sqliteAuthStore

Then, use those to handle the authentication endpoints:

http.HandleFunc("/register", authCtx.RegisterHandler)
http.HandleFunc("/logout", authCtx.LogoutHandler)
http.HandleFunc("/login", authCtx.LoginHandler)

And protect other endpoints by using the authentication middleware:

func protectedHello(w http.ResponseWriter, r *http.Request) {
    userId := r.Context().Value("userId").(string)
	w.Write(fmt.Appendf(nil, "Hello user %s!", userId))
}

protectedHandler := authCtx.Authmiddleware(http.HandleFunc(protectedHello))

Please see main.go for an up-to-date and working example with Chi.

Documentation

🚧 The main.go file in this repository should always contain a working example, even if the other documentation lags behind.

See the docs/ directory in this repository for the full documentation. The docs/Examples/ directory contains several examples using Gin, Chi, Gorilla/Mux, Echo, and the standard library. The most commented and guided one is the Chi router example.

🚧 Note that the Gin and Echo examples imports a separate middleware library that extends this one. They are also not working at the moment.

Todo

There are a few key things that I need to implement before a v1.0.0 release, specifically:

  • Abstract the session and user store operations to allow for more implementions (with other SQL libraries instead of SQLite as the default)
  • Allowing username configuration and validation to return errors when a username does not match conventions (like having only alphanumeric characters)
  • Looking up usernames to ensure uniqueness and return that error to the client
  • Password validation to make sure users have strong passwords
  • Adjust how I'm comparing stored hashed passwords and incoming passwords (to prevent timing attacks for example)
  • Allow users to modify the default session length
  • Change the way i'm generating user ids and how I'm looking up users by username v. user id (now done with ULIDs)
  • Improve logging across the board

License

This project is licensed under the Apache-2.0 license.

About

Session-based authentication framework for Go web-apps

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages