{"id":15394288,"url":"https://github.com/xyproto/permissionbolt","last_synced_at":"2025-04-14T13:11:12.579Z","repository":{"id":57480896,"uuid":"36075461","full_name":"xyproto/permissionbolt","owner":"xyproto","description":":nut_and_bolt: Middleware for keeping track of users, login states and permissions","archived":false,"fork":false,"pushed_at":"2023-06-25T16:19:22.000Z","size":7312,"stargazers_count":89,"open_issues_count":1,"forks_count":9,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-28T02:13:58.225Z","etag":null,"topics":["auth","bcrypt","bolt-database","boltdb","middleware","permissions","user-auth"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xyproto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-05-22T14:05:44.000Z","updated_at":"2025-02-13T22:47:07.000Z","dependencies_parsed_at":"2024-06-18T18:24:16.038Z","dependency_job_id":"0bbe7a51-7f03-4189-81d1-f7ed0cd929c6","html_url":"https://github.com/xyproto/permissionbolt","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xyproto%2Fpermissionbolt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xyproto%2Fpermissionbolt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xyproto%2Fpermissionbolt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xyproto%2Fpermissionbolt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xyproto","download_url":"https://codeload.github.com/xyproto/permissionbolt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248886327,"owners_count":21177643,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","bcrypt","bolt-database","boltdb","middleware","permissions","user-auth"],"created_at":"2024-10-01T15:23:01.349Z","updated_at":"2025-04-14T13:11:11.695Z","avatar_url":"https://github.com/xyproto.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Permissionbolt [![GoDoc](https://godoc.org/github.com/xyproto/permissionbolt?status.svg)](http://godoc.org/github.com/xyproto/permissionbolt) [![Go Report Card](https://goreportcard.com/badge/github.com/xyproto/permissionbolt)](https://goreportcard.com/report/github.com/xyproto/permissionbolt)\n\nMiddleware for keeping track of users, login states and permissions.\n\nUses [Bolt](https://github.com/boltdb/bolt) for the database. For using [Redis](http://redis.io) as a backend instead, look into [permissions2](https://github.com/xyproto/permissions2).\n\nFeatures and limitations\n------------------------\n\n* Uses secure cookies and stores user information in a Bolt database.\n* Suitable for using Bolt database file (in a similar fashion to SQLite), registering/confirming users and managing public/user/admin pages.\n* Supports registration and confirmation via generated confirmation codes.\n* Tries to keep things simple.\n* Only supports \"public\", \"user\" and \"admin\" permissions out of the box, but offers functionality for implementing more fine grained permissions, if so desired.\n* Supports [Negroni](https://github.com/codegangsta/negroni), [Martini](https://github.com/go-martini/martini), [Gin](https://github.com/gin-gonic/gin), [Goji](https://github.com/zenazn/goji) and plain `net/http`.\n* Should also work with other frameworks, since the standard http.HandlerFunc is used everywhere.\n* The default permissions can be cleared with the Clear() function.\n\n## Requirements\n\n* Go 1.17 or later.\n\nExample for [Negroni](https://github.com/codegangsta/negroni)\n--------------------\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n\n \"github.com/codegangsta/negroni\"\n \"github.com/xyproto/permissionbolt/v2\"\n)\n\nfunc main() {\n n := negroni.Classic()\n mux := http.NewServeMux()\n\n // New permissionbolt middleware\n perm, err := permissionbolt.New()\n if err != nil {\n log.Fatalln(err)\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n mux.HandleFunc(\"/\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n fmt.Fprintf(w, \"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n fmt.Fprintf(w, \"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n fmt.Fprintf(w, \"Username stored in cookies (or blank): %v\\n\", userstate.Username(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(req))\n fmt.Fprintf(w, \"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n })\n\n mux.HandleFunc(\"/register\", func(w http.ResponseWriter, req *http.Request) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n fmt.Fprintf(w, \"User bob was created: %v\\n\", userstate.HasUser(\"bob\"))\n })\n\n mux.HandleFunc(\"/confirm\", func(w http.ResponseWriter, req *http.Request) {\n userstate.MarkConfirmed(\"bob\")\n fmt.Fprintf(w, \"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n })\n\n mux.HandleFunc(\"/remove\", func(w http.ResponseWriter, req *http.Request) {\n userstate.RemoveUser(\"bob\")\n fmt.Fprintf(w, \"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\"))\n })\n\n mux.HandleFunc(\"/login\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Login(w, \"bob\")\n fmt.Fprintf(w, \"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n })\n\n mux.HandleFunc(\"/logout\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Logout(\"bob\")\n fmt.Fprintf(w, \"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\"))\n })\n\n mux.HandleFunc(\"/makeadmin\", func(w http.ResponseWriter, req *http.Request) {\n userstate.SetAdminStatus(\"bob\")\n fmt.Fprintf(w, \"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\"))\n })\n\n mux.HandleFunc(\"/clear\", func(w http.ResponseWriter, req *http.Request) {\n userstate.ClearCookie(w)\n fmt.Fprintf(w, \"Clearing cookie\")\n })\n\n mux.HandleFunc(\"/data\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"user page that only logged in users must see!\")\n })\n\n mux.HandleFunc(\"/admin\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n fmt.Fprintf(w, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Custom handler for when permissions are denied\n perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {\n http.Error(w, \"Permission denied!\", http.StatusForbidden)\n })\n\n // Enable the permissionbolt middleware\n n.Use(perm)\n\n // Use mux for routing, this goes last\n n.UseHandler(mux)\n\n // Serve\n n.Run(\":3000\")\n}\n~~~\n\nExample for [Martini](https://github.com/go-martini/martini)\n--------------------\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n\n \"github.com/go-martini/martini\"\n \"github.com/xyproto/permissionbolt/v2\"\n)\n\nfunc main() {\n m := martini.Classic()\n\n // New permissionbolt middleware\n perm, err := permissionbolt.New()\n if err != nil {\n log.Fatalln(err)\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n m.Get(\"/\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n fmt.Fprintf(w, \"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n fmt.Fprintf(w, \"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n fmt.Fprintf(w, \"Username stored in cookies (or blank): %v\\n\", userstate.Username(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(req))\n fmt.Fprintf(w, \"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n })\n\n m.Get(\"/register\", func(w http.ResponseWriter) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n fmt.Fprintf(w, \"User bob was created: %v\\n\", userstate.HasUser(\"bob\"))\n })\n\n m.Get(\"/confirm\", func(w http.ResponseWriter) {\n userstate.MarkConfirmed(\"bob\")\n fmt.Fprintf(w, \"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n })\n\n m.Get(\"/remove\", func(w http.ResponseWriter) {\n userstate.RemoveUser(\"bob\")\n fmt.Fprintf(w, \"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\"))\n })\n\n m.Get(\"/login\", func(w http.ResponseWriter) {\n userstate.Login(w, \"bob\")\n fmt.Fprintf(w, \"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n })\n\n m.Get(\"/logout\", func(w http.ResponseWriter) {\n userstate.Logout(\"bob\")\n fmt.Fprintf(w, \"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\"))\n })\n\n m.Get(\"/makeadmin\", func(w http.ResponseWriter) {\n userstate.SetAdminStatus(\"bob\")\n fmt.Fprintf(w, \"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\"))\n })\n\n m.Get(\"/clear\", func(w http.ResponseWriter) {\n userstate.ClearCookie(w)\n fmt.Fprintf(w, \"Clearing cookie\")\n })\n\n m.Get(\"/data\", func(w http.ResponseWriter) {\n fmt.Fprintf(w, \"user page that only logged in users must see!\")\n })\n\n m.Get(\"/admin\", func(w http.ResponseWriter) {\n fmt.Fprintf(w, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n fmt.Fprintf(w, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Set up a middleware handler for Martini, with a custom \"permission denied\" message.\n permissionHandler := func(w http.ResponseWriter, req *http.Request, c martini.Context) {\n // Check if the user has the right admin/user rights\n if perm.Rejected(w, req) {\n // Deny the request\n http.Error(w, \"Permission denied!\", http.StatusForbidden)\n // Reject the request by not calling the next handler below\n return\n }\n // Call the next middleware handler\n c.Next()\n }\n\n // Enable the permissionbolt middleware\n m.Use(permissionHandler)\n\n // Serve\n m.Run()\n}\n~~~\n\nExample for [Gin](https://github.com/gin-gonic/gin)\n--------------------\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n\n \"github.com/gin-gonic/gin\"\n \"github.com/xyproto/permissionbolt/v2\"\n)\n\nfunc main() {\n g := gin.New()\n\n // New permissionbolt middleware\n perm, err := permissionbolt.New()\n if err != nil {\n log.Fatalln(err)\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Set up a middleware handler for Gin, with a custom \"permission denied\" message.\n permissionHandler := func(c *gin.Context) {\n // Check if the user has the right admin/user rights\n if perm.Rejected(c.Writer, c.Request) {\n // Deny the request, don't call other middleware handlers\n c.AbortWithStatus(http.StatusForbidden)\n fmt.Fprint(c.Writer, \"Permission denied!\")\n return\n }\n // Call the next middleware handler\n c.Next()\n }\n\n // Logging middleware\n g.Use(gin.Logger())\n\n // Enable the permissionbolt middleware, must come before recovery\n g.Use(permissionHandler)\n\n // Recovery middleware\n g.Use(gin.Recovery())\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n g.GET(\"/\", func(c *gin.Context) {\n msg := \"\"\n msg += fmt.Sprintf(\"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n msg += fmt.Sprintf(\"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n msg += fmt.Sprintf(\"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n msg += fmt.Sprintf(\"Username stored in cookies (or blank): %v\\n\", userstate.Username(c.Request))\n msg += fmt.Sprintf(\"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(c.Request))\n msg += fmt.Sprintf(\"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(c.Request))\n msg += fmt.Sprintln(\"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n c.String(http.StatusOK, msg)\n })\n\n g.GET(\"/register\", func(c *gin.Context) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n c.String(http.StatusOK, fmt.Sprintf(\"User bob was created: %v\\n\", userstate.HasUser(\"bob\")))\n })\n\n g.GET(\"/confirm\", func(c *gin.Context) {\n userstate.MarkConfirmed(\"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\")))\n })\n\n g.GET(\"/remove\", func(c *gin.Context) {\n userstate.RemoveUser(\"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\")))\n })\n\n g.GET(\"/login\", func(c *gin.Context) {\n // Headers will be written, for storing a cookie\n userstate.Login(c.Writer, \"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\")))\n })\n\n g.GET(\"/logout\", func(c *gin.Context) {\n userstate.Logout(\"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\")))\n })\n\n g.GET(\"/makeadmin\", func(c *gin.Context) {\n userstate.SetAdminStatus(\"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\")))\n })\n\n g.GET(\"/clear\", func(c *gin.Context) {\n userstate.ClearCookie(c.Writer)\n c.String(http.StatusOK, \"Clearing cookie\")\n })\n\n g.GET(\"/data\", func(c *gin.Context) {\n c.String(http.StatusOK, \"user page that only logged in users must see!\")\n })\n\n g.GET(\"/admin\", func(c *gin.Context) {\n c.String(http.StatusOK, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n c.String(http.StatusOK, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Serve\n g.Run(\":3000\")\n}\n~~~\n\nExample for [Goji](https://github.com/zenazn/goji)\n--------------------\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n\n \"github.com/xyproto/permissionbolt/v2\"\n \"github.com/zenazn/goji\"\n)\n\nfunc main() {\n // New permissions middleware\n perm, err := permissionbolt.New()\n if err != nil {\n log.Fatalln(err)\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n goji.Get(\"/\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n fmt.Fprintf(w, \"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n fmt.Fprintf(w, \"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n fmt.Fprintf(w, \"Username stored in cookies (or blank): %v\\n\", userstate.Username(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(req))\n fmt.Fprintf(w, \"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n })\n\n goji.Get(\"/register\", func(w http.ResponseWriter, req *http.Request) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n fmt.Fprintf(w, \"User bob was created: %v\\n\", userstate.HasUser(\"bob\"))\n })\n\n goji.Get(\"/confirm\", func(w http.ResponseWriter, req *http.Request) {\n userstate.MarkConfirmed(\"bob\")\n fmt.Fprintf(w, \"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n })\n\n goji.Get(\"/remove\", func(w http.ResponseWriter, req *http.Request) {\n userstate.RemoveUser(\"bob\")\n fmt.Fprintf(w, \"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\"))\n })\n\n goji.Get(\"/login\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Login(w, \"bob\")\n fmt.Fprintf(w, \"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n })\n\n goji.Get(\"/logout\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Logout(\"bob\")\n fmt.Fprintf(w, \"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\"))\n })\n\n goji.Get(\"/makeadmin\", func(w http.ResponseWriter, req *http.Request) {\n userstate.SetAdminStatus(\"bob\")\n fmt.Fprintf(w, \"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\"))\n })\n\n goji.Get(\"/clear\", func(w http.ResponseWriter, req *http.Request) {\n userstate.ClearCookie(w)\n fmt.Fprintf(w, \"Clearing cookie\")\n })\n\n goji.Get(\"/data\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"user page that only logged in users must see!\")\n })\n\n goji.Get(\"/admin\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n fmt.Fprintf(w, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Custom \"permissions denied\" message\n perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {\n http.Error(w, \"Permission denied!\", http.StatusForbidden)\n })\n\n // Permissions middleware for Goji\n permissionHandler := func(next http.Handler) http.Handler {\n return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {\n // Check if the user has the right admin/user rights\n if perm.Rejected(w, req) {\n // Deny the request\n perm.DenyFunction()(w, req)\n return\n }\n // Serve the requested page\n next.ServeHTTP(w, req)\n })\n }\n\n // Enable the permissions middleware\n goji.Use(permissionHandler)\n\n // Goji will listen to port 8000 by default\n goji.Serve()\n}\n~~~\n\nExample for just `net/http`\n--------------------\n\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n \"time\"\n\n \"github.com/xyproto/permissionbolt/v2\"\n \"github.com/xyproto/pinterface\"\n)\n\ntype permissionHandler struct {\n // perm is a Permissions structure that can be used to deny requests\n // and acquire the UserState. By using `pinterface.IPermissions` instead\n // of `*permissionbolt.Permissions`, the code is compatible with not only\n // `permissionbolt`, but also other modules that uses other database\n // backends, like `permissions2` which uses Redis.\n perm pinterface.IPermissions\n\n // The HTTP multiplexer\n mux *http.ServeMux\n}\n\n// Implement the ServeHTTP method to make a permissionHandler a http.Handler\nfunc (ph *permissionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {\n // Check if the user has the right admin/user rights\n if ph.perm.Rejected(w, req) {\n // Let the user know, by calling the custom \"permission denied\" function\n ph.perm.DenyFunction()(w, req)\n // Reject the request by not calling the next handler below\n return\n }\n // Serve the requested page if permissions were granted\n ph.mux.ServeHTTP(w, req)\n}\n\nfunc main() {\n mux := http.NewServeMux()\n\n // New permissionbolt middleware\n perm, err := permissionbolt.New()\n if err != nil {\n log.Fatal(\"Could not open Bolt database\")\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n mux.HandleFunc(\"/\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n fmt.Fprintf(w, \"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n fmt.Fprintf(w, \"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n fmt.Fprintf(w, \"Username stored in cookies (or blank): %v\\n\", userstate.Username(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(req))\n fmt.Fprintf(w, \"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n })\n\n mux.HandleFunc(\"/register\", func(w http.ResponseWriter, req *http.Request) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n fmt.Fprintf(w, \"User bob was created: %v\\n\", userstate.HasUser(\"bob\"))\n })\n\n mux.HandleFunc(\"/confirm\", func(w http.ResponseWriter, req *http.Request) {\n userstate.MarkConfirmed(\"bob\")\n fmt.Fprintf(w, \"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n })\n\n mux.HandleFunc(\"/remove\", func(w http.ResponseWriter, req *http.Request) {\n userstate.RemoveUser(\"bob\")\n fmt.Fprintf(w, \"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\"))\n })\n\n mux.HandleFunc(\"/login\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Login(w, \"bob\")\n fmt.Fprintf(w, \"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n })\n\n mux.HandleFunc(\"/logout\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Logout(\"bob\")\n fmt.Fprintf(w, \"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\"))\n })\n\n mux.HandleFunc(\"/makeadmin\", func(w http.ResponseWriter, req *http.Request) {\n userstate.SetAdminStatus(\"bob\")\n fmt.Fprintf(w, \"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\"))\n })\n\n mux.HandleFunc(\"/clear\", func(w http.ResponseWriter, req *http.Request) {\n userstate.ClearCookie(w)\n fmt.Fprintf(w, \"Clearing cookie\")\n })\n\n mux.HandleFunc(\"/data\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"user page that only logged in users must see!\")\n })\n\n mux.HandleFunc(\"/admin\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n fmt.Fprintf(w, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Custom handler for when permissions are denied\n perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {\n http.Error(w, \"Permission denied!\", http.StatusForbidden)\n })\n\n // Configure the HTTP server and permissionHandler struct\n s := \u0026http.Server{\n Addr: \":3000\",\n Handler: \u0026permissionHandler{perm, mux},\n ReadTimeout: 10 * time.Second,\n WriteTimeout: 10 * time.Second,\n MaxHeaderBytes: 1 \u003c\u003c 20,\n }\n\n log.Println(\"Listening for requests on port 3000\")\n\n // Start listening\n s.ListenAndServe()\n}\n~~~\n\nDefault permissions\n-------------------\n\n* The */admin* path prefix has admin rights by default.\n* These path prefixes have user rights by default: */repo* and */data*\n* These path prefixes are public by default: */*, */login*, */register*, */style*, */img*, */js*, */favicon.ico*, */robots.txt* and */sitemap_index.xml*\n\nThe default permissions can be cleared with the `Clear()` function.\n\nPassword hashing\n----------------\n\n* bcrypt is used by default for hashing passwords. sha256 is also supported.\n* By default, all new password will be hashed with bcrypt.\n* For backwards compatibility, old password hashes with the length of a sha256 hash will be checked with sha256. To disable this behavior, and only ever use bcrypt, add this line: `userstate.SetPasswordAlgo(\"bcrypt\")`\n\nCoding style\n------------\n\n* log.Fatal or panic shall only be used for problems that may occur when starting the application, like not being able to connect to the database. The rest of the functions should return errors instead, so that they can be handled.\n* The code shall always be formatted with `go fmt`.\n\nOnline API Documentation\n------------------------\n\n[godoc.org](http://godoc.org/github.com/xyproto/permissionbolt)\n\nRetrieving the underlying Bolt database\n---------------------------------------\n\nHere is a short example application for retrieving the underlying Bolt database:\n\n```go\npackage main\n\nimport (\n \"fmt\"\n \"github.com/coreos/bbolt\"\n \"github.com/xyproto/permissionbolt/v2\"\n \"os\"\n)\n\nfunc main() {\n perm, err := permissionbolt.NewWithConf(\"/tmp/_tmp_bolt.db\")\n if err != nil {\n fmt.Fprintf(os.Stderr, \"Could not open Bolt database: %s\\n\", err)\n os.Exit(1)\n }\n ustate := perm.UserState()\n\n // A bit of checking is needed, since the database backend is interchangeable\n pustate, ok := ustate.(*permissionbolt.UserState)\n if !ok {\n fmt.Fprintln(os.Stderr, \"Not using the BoltDB database backend!\")\n os.Exit(1)\n }\n\n // Retrieve the Bolt Database from the permissionbolt.UserState\n db := (*bolt.DB)(pustate.Database())\n\n fmt.Printf(\"%v (%T)\\n\", db, db)\n}\n```\n\nGeneral information\n-------------------\n\n* Version: 2.6.3\n* License: BSD-3\n* Alexander F. Rødseth \u0026lt;xyproto@archlinux.org\u0026gt;\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxyproto%2Fpermissionbolt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxyproto%2Fpermissionbolt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxyproto%2Fpermissionbolt/lists"}