{"id":25865241,"url":"https://github.com/aziis98/go-authsession","last_synced_at":"2025-03-02T01:34:05.757Z","repository":{"id":65230662,"uuid":"481313884","full_name":"aziis98/go-authsession","owner":"aziis98","description":"A library to easily handle cookie sessions and a basic form of permission management with go http frameworks and libraries","archived":false,"fork":false,"pushed_at":"2022-04-13T20:54:20.000Z","size":19,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-06-20T13:28:50.792Z","etag":null,"topics":["auth","go","http","session"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aziis98.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-13T17:35:23.000Z","updated_at":"2024-06-20T13:28:50.793Z","dependencies_parsed_at":"2023-01-16T14:52:41.175Z","dependency_job_id":null,"html_url":"https://github.com/aziis98/go-authsession","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aziis98%2Fgo-authsession","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aziis98%2Fgo-authsession/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aziis98%2Fgo-authsession/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aziis98%2Fgo-authsession/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aziis98","download_url":"https://codeload.github.com/aziis98/go-authsession/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241447530,"owners_count":19964314,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","go","http","session"],"created_at":"2025-03-02T01:34:05.123Z","updated_at":"2025-03-02T01:34:05.733Z","avatar_url":"https://github.com/aziis98.png","language":"Go","readme":"# AuthSession\n\nA library to easily handle cookie sessions and a basic form of permission management with go http frameworks and libraries.\n\nFor now this supports\n\n-   [`net/http`](https://pkg.go.dev/net/http) using the submodule [`httpauth`](./httpauth).\n\n-   [`fiber`](https://github.com/gofiber/fiber) using the submodule [`fiberauth`](./fiberauth).\n\n## Usage\n\nFirst we need something implementing the `authsession.CredentialChecker` interface.\n\n```go\ntype exampleAuth struct{}\n\nfunc (_ *exampleAuth) CheckCredentials(userId string, password string) (bool, error) {\n\tif userId != \"example\" {\n        // return authsession.ErrUserNotFound or nil as you prefer\n\t\treturn false, authsession.ErrUserNotFound\n\t}\n\n\treturn password == \"123\", nil\n}\n```\n\nWe can now use directly `authsession.New(CredentialChecker, ...Option)` to create an instance of `*authsession.Base` that provides the following methods\n\n-   `(*Base).Login(userId string, password string) (string, error)`\n\n    If the provided credentials are correct this returns a new session token for this user.\n\n-   `(*Base).Logout(sessionId string) error`\n\n    If the given session is valid this method deletes the given session.\n\n-   `(*Base).UserForSession(sessionId string) (string, error)`\n\n    Retrieves the user associated with this session.\n\n-   `(*Base).IsLogged(sessionId string) (bool, error)`\n\n    This uses the previous method to check if the user is logged given a session token.\n\n-   `(*Base).HasPermissions(userId string, required []string) (bool, error)`\n\n    This function can only be used if the instance of `CredentialChecker` is also a `PermissionChecker` and panics otherwise.\n\n(A valid user and a valid session token must be a non empty string)\n\nOtherwise instead of using `*authsession.Base` directly you can use one of the following adapters for various libraries.\n\n### Http Auth\n\nThe submodule [`httpauth`](./httpauth) provides an adapter working with the `net/http` module. Let's use the `exampleAuth` struct from before.\n\nThe http adapter can be created using `httpauth.New(CredentialChecker, ...Option)`. The simplest form to initialize it is the following\n\n```go\nauth := httpauth.New(\u0026exampleAuth{})\n```\n\nOtherwise this can take some optional arguments for setting up error handlers used by the _middleware methods_ as shown later.\n\n-   `WithUnauthorizedHandler(unauthorizedHandler http.Handler) Option`\n\n    Special HTTP error handler for unauthorized access.\n\n-   `WithErrorHandler(errorHandler func(error) http.Handler) Option`\n\n    Generic HTTP error handler.\n\nFor example to login a user you can just define an http handler as follows\n\n```go\nhttp.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {\n    if r.Method != http.MethodPost {\n        w.WriteHeader(http.StatusNotFound)\n        return\n    }\n\n    username := r.FormValue(\"username\")\n    password := r.FormValue(\"password\")\n\n    if err := auth.Login(w, username, password); err != nil {\n        w.WriteHeader(http.StatusUnauthorized)\n        return\n    }\n\n    if err := json.NewEncoder(w).Encode(\"ok\"); err != nil {\n        w.WriteHeader(http.StatusInternalServerError)\n        return\n    }\n})\n```\n\nLastly if you are using a `net/http` based router you can use one of the following middlewares\n\n```go\n// by having the route accept only logged in users...\nrouter.Use(auth.LoggedMiddleware())\n\n// ...or by having the route require a list of permissions\nrouter.Use(auth.PermissionsMiddleware([]string{ \"moderator\" }))\n```\n\n(for a complete example see [httpauth/auth_test.go](./httpauth/auth_test.go))\n\n### Fiber Auth\n\nThe submodule [`fiberauth`](./fiberauth) provides an adapter working with the [`fiber`](https://github.com/gofiber/fiber) web framework. Let's use the `exampleAuth` struct from before.\n\nTODO: Add an example\n\n(for now see [fiberauth/auth.go](./fiberauth/auth.go))\n\n## TODOs\n\n-   [ ] Add token \"refresh\"-ability to `session.Store`.\n\n-   [ ] Add some tests to `fiberauth`.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faziis98%2Fgo-authsession","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faziis98%2Fgo-authsession","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faziis98%2Fgo-authsession/lists"}