{"id":15394428,"url":"https://github.com/xyproto/pstore","last_synced_at":"2025-11-03T16:03:11.484Z","repository":{"id":57488281,"uuid":"49422641","full_name":"xyproto/pstore","owner":"xyproto","description":":wrench: Middleware for keeping track of users, login states and permissions, using the HSTORE feature in PostgreSQL","archived":false,"fork":false,"pushed_at":"2025-09-16T10:47:37.000Z","size":2462,"stargazers_count":38,"open_issues_count":0,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-09-16T12:51:56.104Z","etag":null,"topics":["auth","hstore","middleware","permissions","postgresql"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xyproto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-01-11T11:47:16.000Z","updated_at":"2025-09-16T10:47:33.000Z","dependencies_parsed_at":"2024-06-19T00:01:38.041Z","dependency_job_id":"dbb47444-85ed-4e72-93eb-e3ccb9007dfa","html_url":"https://github.com/xyproto/pstore","commit_stats":null,"previous_names":["xyproto/permissionhstore"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/xyproto/pstore","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xyproto%2Fpstore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xyproto%2Fpstore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xyproto%2Fpstore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xyproto%2Fpstore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xyproto","download_url":"https://codeload.github.com/xyproto/pstore/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xyproto%2Fpstore/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":282486107,"owners_count":26677118,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-03T02:00:05.676Z","response_time":108,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","hstore","middleware","permissions","postgresql"],"created_at":"2024-10-01T15:23:34.954Z","updated_at":"2025-11-03T16:03:11.477Z","avatar_url":"https://github.com/xyproto.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PostgreSQL Store\n\n[![Build](https://github.com/xyproto/pstore/actions/workflows/test.yml/badge.svg)](https://github.com/xyproto/pstore/actions/workflows/test.yml) [![Go Report Card](https://goreportcard.com/badge/github.com/xyproto/pstore)](https://goreportcard.com/report/github.com/xyproto/pstore) [![License](https://img.shields.io/badge/license-BSD-green.svg?style=flat)](https://raw.githubusercontent.com/xyproto/pstore/main/LICENSE)\n\nMiddleware for keeping track of users, login states and permissions.\n\nUses [PostgreSQL](https://postgresql.org) for the database. For using [Redis](http://redis.io) as a backend instead, look into [permissions2](https://github.com/xyproto/permissions2).\nThere is also a [BoltDB](https://github.com/xyproto/permissionbolt) and [MariaDB/MySQL](https://github.com/xyproto/permissionsql) backend. They are interchangeable.\n\nUses [simplehstore](https://github.com/xyproto/simplehstore).\n\nOnline API Documentation\n------------------------\n\n[godoc.org](https://godoc.org/github.com/xyproto/pstore)\n\nConnecting\n----------\n\nFor connecting to a PostgreSQL host that is running locally, the `New` function can be used. For connecting to a remote server, the `NewWithDSN` function can be used.\n\n\nFeatures and limitations\n------------------------\n\n* Uses secure cookies and stores user information in a PostgreSQL database.\n* Suitable for connecting to a local or remote PostgreSQL server, registering/confirming users and managing public/user/admin pages.\n* Supports registration and confirmation via generated confirmation codes.\n* Tries to keep things simple.\n* Only supports \"public\", \"user\" and \"admin\" permissions out of the box, but offers functionality for implementing more fine grained permissions, if so desired.\n* Supports [Negroni](https://github.com/codegangsta/negroni), [Martini](https://github.com/go-martini/martini), [Gin](https://github.com/gin-gonic/gin), [Goji](https://github.com/zenazn/goji) and plain `net/http`.\n* Should also work with other frameworks, since the standard http.HandlerFunc is used everywhere.\n* The default permissions can be cleared with the Clear() function.\n\n\nExample for [Negroni](https://github.com/codegangsta/negroni)\n--------------------\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n\n \"github.com/codegangsta/negroni\"\n \"github.com/xyproto/pstore\"\n)\n\nfunc main() {\n n := negroni.Classic()\n mux := http.NewServeMux()\n\n // New pstore middleware\n perm, err := pstore.New()\n if err != nil {\n log.Fatalln(err)\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n mux.HandleFunc(\"/\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n fmt.Fprintf(w, \"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n fmt.Fprintf(w, \"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n fmt.Fprintf(w, \"Username stored in cookies (or blank): %v\\n\", userstate.Username(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(req))\n fmt.Fprintf(w, \"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n })\n\n mux.HandleFunc(\"/register\", func(w http.ResponseWriter, req *http.Request) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n fmt.Fprintf(w, \"User bob was created: %v\\n\", userstate.HasUser(\"bob\"))\n })\n\n mux.HandleFunc(\"/confirm\", func(w http.ResponseWriter, req *http.Request) {\n userstate.MarkConfirmed(\"bob\")\n fmt.Fprintf(w, \"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n })\n\n mux.HandleFunc(\"/remove\", func(w http.ResponseWriter, req *http.Request) {\n userstate.RemoveUser(\"bob\")\n fmt.Fprintf(w, \"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\"))\n })\n\n mux.HandleFunc(\"/login\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Login(w, \"bob\")\n fmt.Fprintf(w, \"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n })\n\n mux.HandleFunc(\"/logout\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Logout(\"bob\")\n fmt.Fprintf(w, \"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\"))\n })\n\n mux.HandleFunc(\"/makeadmin\", func(w http.ResponseWriter, req *http.Request) {\n userstate.SetAdminStatus(\"bob\")\n fmt.Fprintf(w, \"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\"))\n })\n\n mux.HandleFunc(\"/clear\", func(w http.ResponseWriter, req *http.Request) {\n userstate.ClearCookie(w)\n fmt.Fprintf(w, \"Clearing cookie\")\n })\n\n mux.HandleFunc(\"/data\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"user page that only logged in users must see!\")\n })\n\n mux.HandleFunc(\"/admin\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n fmt.Fprintf(w, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Custom handler for when permissions are denied\n perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {\n http.Error(w, \"Permission denied!\", http.StatusForbidden)\n })\n\n // Enable the pstore middleware\n n.Use(perm)\n\n // Use mux for routing, this goes last\n n.UseHandler(mux)\n\n // Serve\n n.Run(\":3000\")\n}\n~~~\n\nExample for [Martini](https://github.com/go-martini/martini)\n--------------------\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n\n \"github.com/go-martini/martini\"\n \"github.com/xyproto/pstore\"\n)\n\nfunc main() {\n m := martini.Classic()\n\n // New pstore middleware\n perm, err := pstore.New()\n if err != nil {\n log.Fatalln(err)\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n m.Get(\"/\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n fmt.Fprintf(w, \"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n fmt.Fprintf(w, \"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n fmt.Fprintf(w, \"Username stored in cookies (or blank): %v\\n\", userstate.Username(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(req))\n fmt.Fprintf(w, \"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n })\n\n m.Get(\"/register\", func(w http.ResponseWriter) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n fmt.Fprintf(w, \"User bob was created: %v\\n\", userstate.HasUser(\"bob\"))\n })\n\n m.Get(\"/confirm\", func(w http.ResponseWriter) {\n userstate.MarkConfirmed(\"bob\")\n fmt.Fprintf(w, \"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n })\n\n m.Get(\"/remove\", func(w http.ResponseWriter) {\n userstate.RemoveUser(\"bob\")\n fmt.Fprintf(w, \"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\"))\n })\n\n m.Get(\"/login\", func(w http.ResponseWriter) {\n userstate.Login(w, \"bob\")\n fmt.Fprintf(w, \"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n })\n\n m.Get(\"/logout\", func(w http.ResponseWriter) {\n userstate.Logout(\"bob\")\n fmt.Fprintf(w, \"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\"))\n })\n\n m.Get(\"/makeadmin\", func(w http.ResponseWriter) {\n userstate.SetAdminStatus(\"bob\")\n fmt.Fprintf(w, \"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\"))\n })\n\n m.Get(\"/clear\", func(w http.ResponseWriter) {\n userstate.ClearCookie(w)\n fmt.Fprintf(w, \"Clearing cookie\")\n })\n\n m.Get(\"/data\", func(w http.ResponseWriter) {\n fmt.Fprintf(w, \"user page that only logged in users must see!\")\n })\n\n m.Get(\"/admin\", func(w http.ResponseWriter) {\n fmt.Fprintf(w, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n fmt.Fprintf(w, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Set up a middleware handler for Martini, with a custom \"permission denied\" message.\n permissionHandler := func(w http.ResponseWriter, req *http.Request, c martini.Context) {\n // Check if the user has the right admin/user rights\n if perm.Rejected(w, req) {\n // Deny the request\n http.Error(w, \"Permission denied!\", http.StatusForbidden)\n // Reject the request by not calling the next handler below\n return\n }\n // Call the next middleware handler\n c.Next()\n }\n\n // Enable the pstore middleware\n m.Use(permissionHandler)\n\n // Serve\n m.Run()\n}\n~~~\n\nExample for [Gin](https://github.com/gin-gonic/gin)\n--------------------\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n\n \"github.com/gin-gonic/gin\"\n \"github.com/xyproto/pstore\"\n)\n\nfunc main() {\n g := gin.New()\n\n // New pstore middleware\n perm, err := pstore.New()\n if err != nil {\n log.Fatalln(err)\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Set up a middleware handler for Gin, with a custom \"permission denied\" message.\n permissionHandler := func(c *gin.Context) {\n // Check if the user has the right admin/user rights\n if perm.Rejected(c.Writer, c.Request) {\n // Deny the request, don't call other middleware handlers\n c.AbortWithStatus(http.StatusForbidden)\n fmt.Fprint(c.Writer, \"Permission denied!\")\n return\n }\n // Call the next middleware handler\n c.Next()\n }\n\n // Logging middleware\n g.Use(gin.Logger())\n\n // Enable the pstore middleware, must come before recovery\n g.Use(permissionHandler)\n\n // Recovery middleware\n g.Use(gin.Recovery())\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n g.GET(\"/\", func(c *gin.Context) {\n msg := \"\"\n msg += fmt.Sprintf(\"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n msg += fmt.Sprintf(\"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n msg += fmt.Sprintf(\"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n msg += fmt.Sprintf(\"Username stored in cookies (or blank): %v\\n\", userstate.Username(c.Request))\n msg += fmt.Sprintf(\"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(c.Request))\n msg += fmt.Sprintf(\"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(c.Request))\n msg += fmt.Sprintln(\"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n c.String(http.StatusOK, msg)\n })\n\n g.GET(\"/register\", func(c *gin.Context) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n c.String(http.StatusOK, fmt.Sprintf(\"User bob was created: %v\\n\", userstate.HasUser(\"bob\")))\n })\n\n g.GET(\"/confirm\", func(c *gin.Context) {\n userstate.MarkConfirmed(\"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\")))\n })\n\n g.GET(\"/remove\", func(c *gin.Context) {\n userstate.RemoveUser(\"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\")))\n })\n\n g.GET(\"/login\", func(c *gin.Context) {\n // Headers will be written, for storing a cookie\n userstate.Login(c.Writer, \"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\")))\n })\n\n g.GET(\"/logout\", func(c *gin.Context) {\n userstate.Logout(\"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\")))\n })\n\n g.GET(\"/makeadmin\", func(c *gin.Context) {\n userstate.SetAdminStatus(\"bob\")\n c.String(http.StatusOK, fmt.Sprintf(\"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\")))\n })\n\n g.GET(\"/clear\", func(c *gin.Context) {\n userstate.ClearCookie(c.Writer)\n c.String(http.StatusOK, \"Clearing cookie\")\n })\n\n g.GET(\"/data\", func(c *gin.Context) {\n c.String(http.StatusOK, \"user page that only logged in users must see!\")\n })\n\n g.GET(\"/admin\", func(c *gin.Context) {\n c.String(http.StatusOK, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n c.String(http.StatusOK, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Serve\n g.Run(\":3000\")\n}\n~~~\n\nExample for [Goji](https://github.com/zenazn/goji)\n--------------------\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n\n \"github.com/xyproto/pstore\"\n \"github.com/zenazn/goji\"\n)\n\nfunc main() {\n // New permissions middleware\n perm, err := pstore.New()\n if err != nil {\n log.Fatalln(err)\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n goji.Get(\"/\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n fmt.Fprintf(w, \"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n fmt.Fprintf(w, \"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n fmt.Fprintf(w, \"Username stored in cookies (or blank): %v\\n\", userstate.Username(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(req))\n fmt.Fprintf(w, \"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n })\n\n goji.Get(\"/register\", func(w http.ResponseWriter, req *http.Request) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n fmt.Fprintf(w, \"User bob was created: %v\\n\", userstate.HasUser(\"bob\"))\n })\n\n goji.Get(\"/confirm\", func(w http.ResponseWriter, req *http.Request) {\n userstate.MarkConfirmed(\"bob\")\n fmt.Fprintf(w, \"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n })\n\n goji.Get(\"/remove\", func(w http.ResponseWriter, req *http.Request) {\n userstate.RemoveUser(\"bob\")\n fmt.Fprintf(w, \"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\"))\n })\n\n goji.Get(\"/login\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Login(w, \"bob\")\n fmt.Fprintf(w, \"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n })\n\n goji.Get(\"/logout\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Logout(\"bob\")\n fmt.Fprintf(w, \"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\"))\n })\n\n goji.Get(\"/makeadmin\", func(w http.ResponseWriter, req *http.Request) {\n userstate.SetAdminStatus(\"bob\")\n fmt.Fprintf(w, \"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\"))\n })\n\n goji.Get(\"/clear\", func(w http.ResponseWriter, req *http.Request) {\n userstate.ClearCookie(w)\n fmt.Fprintf(w, \"Clearing cookie\")\n })\n\n goji.Get(\"/data\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"user page that only logged in users must see!\")\n })\n\n goji.Get(\"/admin\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n fmt.Fprintf(w, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Custom \"permissions denied\" message\n perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {\n http.Error(w, \"Permission denied!\", http.StatusForbidden)\n })\n\n // Permissions middleware for Goji\n permissionHandler := func(next http.Handler) http.Handler {\n return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {\n // Check if the user has the right admin/user rights\n if perm.Rejected(w, req) {\n // Deny the request\n perm.DenyFunction()(w, req)\n return\n }\n // Serve the requested page\n next.ServeHTTP(w, req)\n })\n }\n\n // Enable the permissions middleware\n goji.Use(permissionHandler)\n\n // Goji will listen to port 8000 by default\n goji.Serve()\n}\n~~~\n\nExample for just `net/http`\n--------------------\n\n~~~ go\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"net/http\"\n \"strings\"\n \"time\"\n\n \"github.com/xyproto/pstore\"\n \"github.com/xyproto/pinterface\"\n)\n\ntype permissionHandler struct {\n // perm is a Permissions structure that can be used to deny requests\n // and acquire the UserState. By using `pinterface.IPermissions` instead\n // of `*pstore.Permissions`, the code is compatible with not only\n // `pstore`, but also other modules that uses other database\n // backends, like `permissions2` which uses Redis.\n perm pinterface.IPermissions\n\n // The HTTP multiplexer\n mux *http.ServeMux\n}\n\n// Implement the ServeHTTP method to make a permissionHandler a http.Handler\nfunc (ph *permissionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {\n // Check if the user has the right admin/user rights\n if ph.perm.Rejected(w, req) {\n // Let the user know, by calling the custom \"permission denied\" function\n ph.perm.DenyFunction()(w, req)\n // Reject the request by not calling the next handler below\n return\n }\n // Serve the requested page if permissions were granted\n ph.mux.ServeHTTP(w, req)\n}\n\nfunc main() {\n mux := http.NewServeMux()\n\n // New pstore middleware\n perm, err := pstore.New()\n if err != nil {\n log.Fatal(\"Could not open Bolt database\")\n }\n\n // Blank slate, no default permissions\n //perm.Clear()\n\n // Get the userstate, used in the handlers below\n userstate := perm.UserState()\n\n mux.HandleFunc(\"/\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"Has user bob: %v\\n\", userstate.HasUser(\"bob\"))\n fmt.Fprintf(w, \"Logged in on server: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n fmt.Fprintf(w, \"Is confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n fmt.Fprintf(w, \"Username stored in cookies (or blank): %v\\n\", userstate.Username(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *user rights*: %v\\n\", userstate.UserRights(req))\n fmt.Fprintf(w, \"Current user is logged in, has a valid cookie and *admin rights*: %v\\n\", userstate.AdminRights(req))\n fmt.Fprintf(w, \"\\nTry: /register, /confirm, /remove, /login, /logout, /makeadmin, /clear, /data and /admin\")\n })\n\n mux.HandleFunc(\"/register\", func(w http.ResponseWriter, req *http.Request) {\n userstate.AddUser(\"bob\", \"hunter1\", \"bob@zombo.com\")\n fmt.Fprintf(w, \"User bob was created: %v\\n\", userstate.HasUser(\"bob\"))\n })\n\n mux.HandleFunc(\"/confirm\", func(w http.ResponseWriter, req *http.Request) {\n userstate.MarkConfirmed(\"bob\")\n fmt.Fprintf(w, \"User bob was confirmed: %v\\n\", userstate.IsConfirmed(\"bob\"))\n })\n\n mux.HandleFunc(\"/remove\", func(w http.ResponseWriter, req *http.Request) {\n userstate.RemoveUser(\"bob\")\n fmt.Fprintf(w, \"User bob was removed: %v\\n\", !userstate.HasUser(\"bob\"))\n })\n\n mux.HandleFunc(\"/login\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Login(w, \"bob\")\n fmt.Fprintf(w, \"bob is now logged in: %v\\n\", userstate.IsLoggedIn(\"bob\"))\n })\n\n mux.HandleFunc(\"/logout\", func(w http.ResponseWriter, req *http.Request) {\n userstate.Logout(\"bob\")\n fmt.Fprintf(w, \"bob is now logged out: %v\\n\", !userstate.IsLoggedIn(\"bob\"))\n })\n\n mux.HandleFunc(\"/makeadmin\", func(w http.ResponseWriter, req *http.Request) {\n userstate.SetAdminStatus(\"bob\")\n fmt.Fprintf(w, \"bob is now administrator: %v\\n\", userstate.IsAdmin(\"bob\"))\n })\n\n mux.HandleFunc(\"/clear\", func(w http.ResponseWriter, req *http.Request) {\n userstate.ClearCookie(w)\n fmt.Fprintf(w, \"Clearing cookie\")\n })\n\n mux.HandleFunc(\"/data\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"user page that only logged in users must see!\")\n })\n\n mux.HandleFunc(\"/admin\", func(w http.ResponseWriter, req *http.Request) {\n fmt.Fprintf(w, \"super secret information that only logged in administrators must see!\\n\\n\")\n if usernames, err := userstate.AllUsernames(); err == nil {\n fmt.Fprintf(w, \"list of all users: \"+strings.Join(usernames, \", \"))\n }\n })\n\n // Custom handler for when permissions are denied\n perm.SetDenyFunction(func(w http.ResponseWriter, req *http.Request) {\n http.Error(w, \"Permission denied!\", http.StatusForbidden)\n })\n\n // Configure the HTTP server and permissionHandler struct\n s := \u0026http.Server{\n Addr: \":3000\",\n Handler: \u0026permissionHandler{perm, mux},\n ReadTimeout: 10 * time.Second,\n WriteTimeout: 10 * time.Second,\n MaxHeaderBytes: 1 \u003c\u003c 20,\n }\n\n log.Println(\"Listening for requests on port 3000\")\n\n // Start listening\n s.ListenAndServe()\n}\n~~~\n\n\nDefault permissions\n-------------------\n\n* The */admin* path prefix has admin rights by default.\n* These path prefixes has user rights by default: */repo* and */data*\n* These path prefixes are public by default: */*, */login*, */register*, */style*, */img*, */js*, */favicon.ico*, */robots.txt* and */sitemap_index.xml*\n\nThe default permissions can be cleared with the `Clear()` function.\n\nCoding style\n------------\n\n* The code shall always be formatted with `go fmt`.\n\nPassword hashing\n----------------\n\n* bcrypt is used by default for hashing passwords. sha256 is also supported.\n* By default, all new password will be hashed with bcrypt.\n* For backwards compatibility, old password hashes with the length of a sha256 hash will be checked with sha256. To disable this behavior, and only ever use bcrypt, add this line: `userstate.SetPasswordAlgo(\"bcrypt\")`\n\nPassing userstate between functions, files and to other Go packages\n-------------------------------------------------------------------\n\nUsing the `*pinterface.IUserState` type (from the [pinterface](https://github.com/xyproto/pinterface) package) makes it possible to pass UserState structs between functions, also in other packages. By using this interface, it is possible to seamlessly change the database backend from, for instance, Redis ([permissions2](https://github.com/xyproto/permissions2)) to BoltDB ([permissionbolt](https://github.com/xyproto/permissionbolt)).\n\n[pstore](https://github.com/xyproto/pstore), [permissionsql](https://github.com/xyproto/permissionsql), [permissionbolt](https://github.com/xyproto/permissionbolt) and [permissions2](https://github.com/xyproto/permissions2) are interchangeable.\n\n\nRetrieving the underlying PostgreSQL database\n---------------------------------------------\n\nHere is a short example application for retrieving the underlying PostgreSQL database:\n\n```go\npackage main\n\nimport (\n \"fmt\"\n \"github.com/xyproto/pstore\"\n \"github.com/xyproto/simplehstore\"\n)\n\nfunc main() {\n perm, err := pstore.New()\n if err != nil {\n fmt.Println(\"Could not open database\")\n return\n }\n ustate := perm.UserState()\n\n // A bit of checking is needed, since the database backend is interchangeable\n if pustate, ok := ustate.(*pstore.UserState); ok {\n if host, ok := pustate.Host().(*simplehstore.Host); ok {\n db := host.Database()\n fmt.Printf(\"PostgreSQL database: %v (%T)\\n\", db, db)\n }\n } else {\n fmt.Println(\"Not using the PostgreSQL database backend\")\n }\n}\n```\n\n\nGeneral information\n-------------------\n\n* Version: 1.3.4 (API version 3.2)\n* License: BSD-3\n* Alexander F. Rødseth \u0026lt;xyproto@archlinux.org\u0026gt;\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxyproto%2Fpstore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxyproto%2Fpstore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxyproto%2Fpstore/lists"}