Documentation ¶
Index ¶
- func CookieName(n string) func(*Jeff)
- func Domain(d string) func(*Jeff)
- func Expires(dur time.Duration) func(*Jeff)
- func Insecure(j *Jeff)
- func Path(p string) func(*Jeff)
- func Redirect(h http.Handler) func(*Jeff)
- func Samesite(s http.SameSite) func(*Jeff)
- type Jeff
- func (j *Jeff) Clear(ctx context.Context, w http.ResponseWriter) error
- func (j *Jeff) Delete(ctx context.Context, key []byte, tokens ...[]byte) error
- func (j *Jeff) Public(wrap http.Handler) http.Handler
- func (j *Jeff) PublicFunc(wrap http.HandlerFunc) http.HandlerFunc
- func (j *Jeff) SessionsForKey(ctx context.Context, key []byte) (SessionList, error)
- func (j *Jeff) Set(ctx context.Context, w http.ResponseWriter, key []byte, meta ...[]byte) error
- func (j *Jeff) Wrap(wrap http.Handler) http.Handler
- func (j *Jeff) WrapFunc(wrap http.HandlerFunc) http.HandlerFunc
- type Session
- type SessionList
- type Storage
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CookieName ¶
CookieName sets the name of the cookie in the browser. If you want to avoid fingerprinting, override it here. defaults to "_gosession"
func Domain ¶
Domain sets the domain the cookie belongs to. If unset, cookie becomes a host-only domain, meaning subdomains won't receive the cookie.
func Expires ¶
Expires sets the cookie lifetime. After logging in, the session will last as long as defined here and then expire. If set to 0, then Expiration is not set and the cookie will expire when the client closes their user agent. Defaults to 30 days.
func Insecure ¶
func Insecure(j *Jeff)
Insecure unsets the Secure flag for the cookie. This is for development only. Doing this in production is an error.
func Path ¶
Path sets the path attribute of the cookie. Defaults to '/'. You probably don't need to change this. See the RFC for details: https://tools.ietf.org/html/rfc6265
func Redirect ¶
Redirect sets the handler which gets called when authentication fails. By default, this redirects to '/'. It's recommended that you replace this with your own.
sessions := jeff.New(store, jeff.Redirect( http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { http.Redirect(w, r, "/login", http.StatusFound) })))
Setting this is particularly useful if you want to stop a redirect on an authenticated route to render a page despite the user not being authenticated. For example, say you want to display user information on the home page if they're logged in, but otherwise want to ignore the redirect and render the page for an anonymous user. You'd define that behavior using a custom handler here.
Types ¶
type Jeff ¶
type Jeff struct {
// contains filtered or unexported fields
}
Jeff holds the metadata needed to handle session management.
func (*Jeff) Public ¶
Public wraps the given handler, adding the Session object (if there's an active session) to the request context before passing control to the next handler.
func (*Jeff) PublicFunc ¶
func (j *Jeff) PublicFunc(wrap http.HandlerFunc) http.HandlerFunc
PublicFunc wraps the given handler, adding the Session object (if there's an active session) to the request context before passing control to the next handler.
func (*Jeff) SessionsForKey ¶
SessionsForKey returns the list of active sessions that exist in the backend for the given key. The result may have stale (expired) sessions.
func (*Jeff) Set ¶
Set the session cookie on the response. Call after successful authentication / login. meta optional parameter sets metadata in the session storage.
func (*Jeff) Wrap ¶
Wrap wraps the given handler, authenticating this route and calling the redirect handler if session is invalid.
func (*Jeff) WrapFunc ¶
func (j *Jeff) WrapFunc(wrap http.HandlerFunc) http.HandlerFunc
WrapFunc wraps the given handler, authenticating this route and calling the redirect handler if session is invalid.
type Session ¶
type Session struct { Key []byte `msg:"key"` Token []byte `msg:"token"` Meta []byte `msg:"meta"` Exp time.Time `msg:"exp"` }
Session represents the Session as it's stored in serialized form. It's the object that gets returned to the caller when checking a session.
func ActiveSession ¶
ActiveSession returns the currently active session on the context. If there is no active session on the context, it returns an empty session object.
func (*Session) MarshalMsg ¶
MarshalMsg implements msgp.Marshaler
type SessionList ¶
type SessionList []Session
SessionList is a list of active sessions for a given key
func (*SessionList) DecodeMsg ¶
func (z *SessionList) DecodeMsg(dc *msgp.Reader) (err error)
DecodeMsg implements msgp.Decodable
func (SessionList) EncodeMsg ¶
func (z SessionList) EncodeMsg(en *msgp.Writer) (err error)
EncodeMsg implements msgp.Encodable
func (SessionList) MarshalMsg ¶
func (z SessionList) MarshalMsg(b []byte) (o []byte, err error)
MarshalMsg implements msgp.Marshaler
func (SessionList) Msgsize ¶
func (z SessionList) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*SessionList) UnmarshalMsg ¶
func (z *SessionList) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type Storage ¶
type Storage interface { // Store persists the session in the backend with the given expiration // Implementation must return value exactly as it is received. // Value will be given as... Store(ctx context.Context, key, value []byte, exp time.Time) error // Fetch retrieves the session from the backend. If err != nil or // value == nil, then it's assumed that the session is invalid and Jeff // will redirect. Expired sessions must return nil error and nil value. // Unknown (not found) sessions must return nil error and nil value. Fetch(ctx context.Context, key []byte) (value []byte, err error) // Delete removes the session given by key from the store. Errors are // bubbled up to the caller. Delete should not return an error on expired // or missing keys. Delete(ctx context.Context, key []byte) error }
Storage provides the base level abstraction for implementing session storage. Typically this would be memcache, redis or a database.