Categorygithub.com/mbivert/auth
modulepackage
0.0.0-20240904031441-ef98ce0cc43c
Repository: https://github.com/mbivert/auth.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
19
Dependents
0
Files
833 SLOC

# README

WIP (go(1) RPC HTTPs authentication module)

Overview

This package contains a RPC module to handle authentication related tasks. We restrict ourself to a subset of HTTP to describe our RPCs:

  • POST-only;
  • function name is represented by the static URL path;
  • authentication token is sent/read from a HTTPOnly cookie;
  • all parameters are JSON-encoded (e.g. none are located in cookies, or in the URL path);
  • all returned values are JSON-encoded (e.g. nothing is sent as special headers, cookies);

This makes the implementation rather straightforward. If a route format needs update, a new route can be added, e.g. /path/to/foo/v1.2. If the naming scheme is well-thought, it should be possible for clients to predictibly try different versions of the same route, starting with the most recent.

Note: I would have preferred for the authentication token to be managed as a regular parameter, but it's more kosher from a security perspective not to have the JS code handling those manually.

Typically, you would reserve a prefix for those RPCs:

import (
	"github.com/mbivert/auth"
	...
)

...

func main() {

	...

	db, err := auth.NewSQLite("db.sqlite")
	if err != nil {
		log.Fatal(err)
	}

	// Mind the slashes
	http.Handle("/auth/", http.StripPrefix("/auth", auth.New(db)))

	...

}

# Functions

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
For quick tests: curl -X POST -d '{"Name": "user" }' localhost:7070/signin XXX: Why is the loaded conf shared (module-wise) but not the DB?.
No description provided by the author
No description provided by the author
No description provided by the author
Reset the cookie token.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
NOTE: "t" can be used as a context, a db connection, an aggregate of both, etc.

# Constants

No description provided by the author

# Variables

No description provided by the author

# Structs

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
For edition to be successful: - the password field *must* be correct; - name, if present/updated, must be available; - if newpasswd is empty, password isn't considered to be changed; - email, if present/updated, must be available, and will trigger an email-verification sequence.
No description provided by the author
this is just so we can have a specific JSON unmarshaller.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Endpoints input/output types.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
NOTE/XXX: This is a "special" token, not the usual JWT token.
Now this is a genuine token: upon success, we're also logging-in the user.

# Interfaces

implemented by sqlite/main.go; used at least for tests.

# Type aliases

The UserId is assumed to be immutable for any user (not like e.g.