Categorygithub.com/nguyengg/go-aws-commons/gin-sessions-dynamodb
modulepackage
0.1.9
Repository: https://github.com/nguyengg/go-aws-commons.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
15
Dependents
0
Files
479 SLOC

# README

Very opinionated gin session middleware with DynamoDB backend

Go Reference

There are already several excellent DynamoDB store plugins for github.com/gin-contrib/sessions (well, mostly from github.com/gorilla/sessions). This module (named sessions) does something a bit different: you must bring your own struct that uses dynamodbav struct tags to model the DynamoDB table that contains session data. When handling a request, you can either work directly with a pointer to this struct, or use a type-safe sessions.Session-compatible implementation that can return an error or panic if you attempt to set a field with the wrong type.

I created this module because I love how easy it is to use the middleware to manage sessions, but I already have my own DynamoDB table for session data. If you're starting new, the various DynamoDB store plugins will abstract away the need to define the DynamoDB schema so you don't have to care about it at all. But if you already have your own table, this module is for you.

Usage

Get with:

go get github.com/nguyengg/go-aws-commons/gin-sessions-dynamodb

package main

import (
	"net/http"

	"github.com/gin-gonic/gin"
	sessions "github.com/nguyengg/go-aws-commons/gin-sessions-dynamodb"
	"github.com/nguyengg/go-aws-commons/gin-sessions-dynamodb/groups"
	"github.com/nguyengg/go-aws-commons/opaque-token/hmac"
)

type Session struct {
	Id   string `dynamodbav:"sessionId,hashkey" tableName:"session"`
	User *User  `dynamodbav:"user"`
}

type User struct {
	Sub    string   `dynamodbav:"sub"`
	Groups []string `dynamodbav:"groups,stringset"`
}

func main() {
	r := gin.Default()

	// this example also enables CSRF generation and validation using secret provided by the AWS Secrets Lambda extension.
	hasher := hmac.New(hmac.WithKeyFromLambdaExtensionSecrets("csrf-secret"))
	r.Use(
		// if you don't explicitly provide a client, `config.LoadDefaultConfig` is used similar to this example.
		sessions.Sessions[Session]("sid", sessions.WithCSRF(hasher, sessions.DefaultCSRFCookieName)),
		// the Sessions middleware must act before the CSRF middleware.
		sessions.RequireCSRF(hasher))

	r.GET("/", func(c *gin.Context) {
		// this is type-safe way to interaction with my session struct.
		var mySession *Session = sessions.Get[Session](c)
		mySession.User = &User{Sub: "henry", Groups: []string{"poweruser"}}

		// because I enabled CSRF with WithCSRF, saving the session will write the CSRF cookie as well.
		if err := sessions.Save(c); err != nil {
			_ = c.AbortWithError(http.StatusBadGateway, err)
			return
		}

		// alternatively, I can use the sessions.Session interface "compatible" with gin and gorilla.
		s := sessions.Default(c)
		s.Set("user", "henry")
		if err := s.Save(); err != nil {
			_ = c.AbortWithError(http.StatusBadGateway, err)
			return
		}
	})

	// the module also provides a basic middleware to verify user from the session is authorised based on group
	// membership.
	r.GET("/protected/resource",
		groups.MustHave(func(c *gin.Context) (bool, groups.Groups) {
			user := sessions.Get[Session](c).User
			if user == nil {
				return false, nil
			}

			return true, user.Groups
		}, groups.OneOf("canReadResource", "canWriteResource")))
}

# Packages

No description provided by the author

# Functions

CSRFFromCookie retrieves the CSRF base64-raw-url-encoded token from cookie with the given name.
CSRFFromForm retrieves the CSRF base64-raw-url-encoded token from the POST form parameter with the given name.
CSRFFromHeader retrieves the CSRF base64-raw-url-encoded token from request header with the given name.
Default returns the Session instance attached to the request.
DefaultNewSessionId creates a new UUID and returns its raw-URL-encoded content.
DoubleSubmit validates that all of the given CSRF sources must be available AND identical.
Get returns the pointer to the session struct attached to the request.
GetCSRF returns the CSRF token associated with the given session.
New always create a new session and return the pointer thereto.
RequireCSRF creates a gin middleware for validating CSRF tokens from several potential sources.
Save can be used to save the current session to DynamoDB.
Sessions creates a gin middleware for managing sessions of struct type T.
SetOptions can be used to modify the cookie options for the current session.
WithCSRF attaches to the session middleware the ability to set CSRF cookie as well when a new session is created.

# Constants

No description provided by the author
No description provided by the author
No description provided by the author
DefaultKey is the gin context key for Session instance.

# Variables

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Structs

CSRFOptions customises the CSRF middleware.
Session implements gin sessions.Session in a type-safe way.

# Type aliases

CSRFSource provides a way to retrieve CSRF token from request.
Options stores configuration for a session or session store.