Categorygithub.com/johnsto/go-passwordless/v2
modulepackage
2.0.0
Repository: https://github.com/johnsto/go-passwordless.git
Documentation: pkg.go.dev
Overview
Versions
2
Dependencies
21
Dependents
2
Files
806 SLOC

# README

go-passwordless

go-passwordless is an implementation of backend services allowing users to sign in to websites without a password, inspired by the Node package of the same name.

Overview

The passwordless flow is very similar to the one-time-password (OTP) flow used for verification on many services. It works on the principle that if someone can prove ownership of an account such as an email address, then that is sufficient to prove they are that user. So, rather than storing passwords, the user is simply required to enter a secure code that is sent to their account when they want to log in (be it email, SMS, a Twitter DM, or some other means.)

This implementation concerns itself with generating codes, sending them to the user, storing them securely, and offering a means to verify the provided token.

Transports

A Transport provides a means to transmit a token (e.g. a PIN) to the user. There is one production implementation and one development implementation provided with this library:

  • SMTPTransport - emails tokens via an SMTP server.
  • LogTransport - prints tokens to stdout, for testing purposes only.

Custom transports must adhere to the Transport interface, which consists of just one function, making it easy to hook into third-party services (for example, your SMS provider.)

Token Stores

A Token Store provides a mean to securely store and verify a token against user input. There are three implementations provided with this library:

  • MemStore - stores encrypted tokens in ephemeral memory.
  • CookieStore - stores tokens in encrypted session cookies. Mandates that the user signs in on the same device that they generated the sign in request from.
  • RedisStore - stores encrypted tokens in a Redis instance.

Custom stores need to adhere to the TokenStore interface, which consists of 4 functions. This interface is intentionally simple to allow for easy integration with whatever database and structure you prefer.

Differences to Node's Passwordless

While heavily inspired by Passwordless, this implementation is unique and cannot be used interchangeably. The token generation, storage and verification procedures are all different.

This library does not provide a frontend/UI implementation - to integrate it, you'll need to create your own signin/verification pages and handlers. An example website is provided as reference, however.

# Packages

No description provided by the author
No description provided by the author

# Functions

New returns a new Passwordless instance with the specified token store.
NewByteGenerator creates and returns a ByteGenerator.
NewCookieStore creates a new signed and encrypted CookieStore.
NewCrockfordGenerator returns a new Crockford token generator that creates tokens of the specified length.
NewMemStore creates and returns a new `MemStore`.
NewRedisStore creates and returns a new `RedisStore`.
NewSMTPTransport returns a new transport capable of sending emails via SMTP.
RequestToken generates, saves and delivers a token to the specified recipient.
SetContext returns a Context containing the specified `ResponseWriter` and `Request`.
VerifyToken checks the given token against the provided token store.

# Variables

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Structs

ByteGenerator generates random sequences of bytes from the specified set of the specified length.
CookieStore stores tokens in a encrypted cookie on the user's browser.
CrockfordGenerator generates random tokens using Douglas Crockford's base 32 alphabet which limits characters of similar appearances.
Email is a helper for creating multipart (text and html) emails.
LogTransport is intended for testing/debugging purposes that simply logs the token to the console.
MemStore is a Store that keeps tokens in memory, expiring them periodically when they expire.
Passwordless holds a set of named strategies and an associated token store.
PINGenerator generates numerical PINs of the specifeid length.
RedisStore is a Store that keeps tokens in Redis.
SimpleStrategy is a convenience wrapper combining a Transport, TokenGenerator, and TTL.
SMTPTransport delivers a user token via e-mail.

# Interfaces

Strategy defines how to send and what tokens to send to users.
TokenGenerator defines an interface for generating and sanitising cryptographically-secure tokens.
TokenStore is a storage mechanism for tokens.
Transport represents a mechanism that sends a named recipient a token.

# Type aliases

ComposerFunc is called when writing the contents of an email, including preamble headers.