Documentation
¶
Overview ¶
Package sessions provides session token generation, cookie helpers, session policy, and request URL/host detection. Pure utility code, no DB.
Index ¶
- Constants
- func ClearCookie(w http.ResponseWriter, r *http.Request)
- func ClearTransientCookie(w http.ResponseWriter, name string, secure bool)
- func HashFromB64(tok string) ([]byte, error)
- func HashFromRequest(r *http.Request) ([]byte, error)
- func IsLocalhost(h string) bool
- func NewToken() (token string, hash []byte, err error)
- func NextSessionExpiry(now, createdAt, currentExpiry time.Time, policy SessionPolicy) (time.Time, bool)
- func ParseAllowlistCSV(csv string) map[string]struct{}
- func ReadCookie(r *http.Request) (string, error)
- func RequestBaseURL(r *http.Request) string
- func RequestHost(r *http.Request) string
- func RequestIsHTTPS(r *http.Request) bool
- func SetCookie(w http.ResponseWriter, r *http.Request, token string, exp time.Time)
- func SetTransientCookie(w http.ResponseWriter, name, value string, exp time.Time, secure bool)
- type SessionPolicy
Constants ¶
const ( DefaultSessionTTL = 7 * 24 * time.Hour DefaultSessionRefreshThreshold = 24 * time.Hour DefaultSessionAbsoluteTTL = 30 * 24 * time.Hour )
const ( // TTL is the default session lifetime. TTL = 30 * 24 * time.Hour )
Variables ¶
This section is empty.
Functions ¶
func ClearCookie ¶
func ClearCookie(w http.ResponseWriter, r *http.Request)
ClearCookie deletes the session cookie under both dev and prod names.
func ClearTransientCookie ¶
func ClearTransientCookie(w http.ResponseWriter, name string, secure bool)
ClearTransientCookie deletes a cookie previously set via SetTransientCookie.
func HashFromB64 ¶
HashFromB64 decodes the base64url token and returns the SHA-256 of the raw bytes. Same convention as NewToken — used to look up a stored hash.
func HashFromRequest ¶
HashFromRequest reads the session cookie from r and returns its hash.
func IsLocalhost ¶
IsLocalhost reports whether host (which may include :port) is loopback.
func NewToken ¶
NewToken returns a base64url-encoded random token (32 bytes of entropy) and the SHA-256 hash of the raw bytes. Store the hash; expose the token.
func NextSessionExpiry ¶ added in v0.1.2
func ParseAllowlistCSV ¶ added in v0.1.2
ParseAllowlistCSV parses a comma-separated list of emails into a lowercase set.
func ReadCookie ¶
ReadCookie returns the raw session cookie value, falling back across dev/prod cookie names.
func RequestBaseURL ¶
RequestBaseURL derives the public base URL from an inbound request.
func RequestHost ¶
RequestHost returns the effective host: X-Forwarded-Host (last entry) when the peer is trusted, else r.Host.
func RequestIsHTTPS ¶
RequestIsHTTPS reports whether the request is HTTPS, honouring X-Forwarded-Proto (last entry) when the peer is trusted.
func SetCookie ¶
SetCookie writes a session cookie. The cookie name and Secure flag depend on whether the request is HTTPS and not localhost (__Host- prefix in prod).
func SetTransientCookie ¶
SetTransientCookie writes a short-lived HttpOnly cookie under an arbitrary name. Used for OAuth state and PKCE verifier cookies (and similar one-shot flows). The caller decides Secure based on its own HTTPS detection.
Types ¶
type SessionPolicy ¶ added in v0.1.2
type SessionPolicy struct {
TTL time.Duration
RefreshThreshold time.Duration
AbsoluteTTL time.Duration
}
func NewSessionPolicy ¶ added in v0.1.2
func NewSessionPolicy(sessionTTL, refreshThreshold, absoluteTTL time.Duration) (SessionPolicy, error)
Source Files