ClearCookie clears the auth cookie.

ClearCSRFCookie makes an expired csrf cookie to clear csrf cookie.

FindCSRFCookie extracts the CSRF cookie from the request based on state.

MakeCookie creates an auth cookie.

MakeCSRFCookie makes a csrf cookie (used during login only) Note, CSRF cookies live shorter than auth cookies, a fixed 1h.

MakeState generates a state value.

NewConfig parses and validates provided configuration into a config object.

NewCookieDomain creates a new CookieDomain from the given domain string.

NewDefaultLogger creates a new logger based on the current configuration.

NewGlobalConfig creates a new global config, parsed from command arguments.

NewRule creates a new rule object.

NewServer creates a new server object and builds router.

Nonce generates a random nonce.

ValidateCookie verifies that a cookie matches the expected format of: Cookie = hash(secret, cookie domain, email, expires)|expires|email.

ValidateCSRFCookie validates the csrf cookie against state.

ValidateDomains checks if the email matches a whitelisted domain.

ValidateEmail checks if the given email address matches either a whitelisted email address, as defined by the "whitelist" config parameter.

ValidateRedirect validates that the given redirect is valid and permitted for the given request.

ValidateState checks whether the state is of right length.

ValidateWhitelist checks if the email is in whitelist.

Config holds the runtime application config.

CookieDomain holds cookie domain info.

Rule holds defined rules.

Server contains router and handler methods.

CommaSeparatedList provides legacy support for config values provided as csv.

CookieDomains provides legacy sypport for comma separated list of cookie domains.