session

package

v0.0.0-...-63fb40d Latest Latest Go to latest Published: May 30, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/akeemphilbert/pericarp

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type FlowData
type GorillaSessionManager
- func NewGorillaSessionManager(sessionName string, store sessions.Store, options SessionOptions) *GorillaSessionManager
type SessionData
type SessionManager
type SessionOptions
- func DefaultSessionOptions() SessionOptions

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrSessionNotFound is returned when no session exists in the request.
	ErrSessionNotFound = errors.New("session: not found")
	// ErrFlowDataNotFound is returned when no flow data exists in the session.
	ErrFlowDataNotFound = errors.New("session: flow data not found")
)

Functions ¶

This section is empty.

Types ¶

type FlowData ¶

type FlowData struct {
	// State is the OAuth CSRF protection parameter.
	State string
	// CodeVerifier is the PKCE code verifier for the current flow.
	CodeVerifier string
	// Nonce is the OpenID Connect nonce for ID token validation.
	Nonce string
	// Provider is the identity provider for this flow.
	Provider string
	// RedirectURI is the callback URI for this flow.
	RedirectURI string
	// CreatedAt is when the flow was initiated.
	CreatedAt time.Time
	// Metadata holds application-specific key-value pairs that survive the
	// OAuth round-trip (e.g., post-login redirect path). Nil-safe.
	Metadata map[string]string
	// InviteToken is an optional signed invite token that threads through
	// the OAuth round-trip for invitation-based signup flows.
	InviteToken string
}

FlowData represents temporary OAuth flow data stored server-side during the authorization code flow. This data is short-lived and cleared after use.

type GorillaSessionManager ¶

type GorillaSessionManager struct {
	// contains filtered or unexported fields
}

GorillaSessionManager implements SessionManager using gorilla/sessions.

func NewGorillaSessionManager ¶

func NewGorillaSessionManager(sessionName string, store sessions.Store, options SessionOptions) *GorillaSessionManager

NewGorillaSessionManager creates a new GorillaSessionManager.

func (*GorillaSessionManager) CreateHTTPSession ¶

func (m *GorillaSessionManager) CreateHTTPSession(w http.ResponseWriter, r *http.Request, sessionInfo SessionData) error

CreateHTTPSession creates a new HTTP session and sets the cookie.

func (*GorillaSessionManager) DestroyHTTPSession ¶

func (m *GorillaSessionManager) DestroyHTTPSession(w http.ResponseWriter, r *http.Request) error

DestroyHTTPSession destroys the HTTP session and clears the cookie.

func (*GorillaSessionManager) GetFlowData ¶

func (m *GorillaSessionManager) GetFlowData(w http.ResponseWriter, r *http.Request) (*FlowData, error)

GetFlowData retrieves and clears OAuth flow data from the session.

func (*GorillaSessionManager) GetHTTPSession ¶

func (m *GorillaSessionManager) GetHTTPSession(r *http.Request) (*SessionData, error)

GetHTTPSession retrieves the session data from the request cookie.

func (*GorillaSessionManager) SetFlowData ¶

func (m *GorillaSessionManager) SetFlowData(w http.ResponseWriter, r *http.Request, data FlowData) error

SetFlowData stores temporary OAuth flow data in a separate short-lived session.

type SessionData ¶

type SessionData struct {
	// SessionID maps to the AuthSession aggregate ID.
	SessionID string
	// AgentID is the authenticated agent's ID.
	AgentID string
	// AccountID is the account the session is scoped to. Empty if not scoped.
	AccountID string
	// CreatedAt is when the session was created.
	CreatedAt time.Time
	// ExpiresAt is when the session expires.
	ExpiresAt time.Time
}

SessionData holds the data associated with an HTTP session. Implementations of SessionManager determine which fields are persisted in the cookie versus looked up from the domain layer.

type SessionManager ¶

type SessionManager interface {
	// CreateHTTPSession creates a new HTTP session and sets the cookie.
	CreateHTTPSession(w http.ResponseWriter, r *http.Request, sessionInfo SessionData) error

	// GetHTTPSession retrieves the session data from the request cookie.
	GetHTTPSession(r *http.Request) (*SessionData, error)

	// DestroyHTTPSession destroys the HTTP session and clears the cookie.
	DestroyHTTPSession(w http.ResponseWriter, r *http.Request) error

	// SetFlowData stores temporary OAuth flow data in the session.
	SetFlowData(w http.ResponseWriter, r *http.Request, data FlowData) error

	// GetFlowData retrieves and clears OAuth flow data from the session.
	GetFlowData(w http.ResponseWriter, r *http.Request) (*FlowData, error)
}

SessionManager defines the interface for HTTP session management. Implementations handle cookie management, session creation/destruction, and temporary OAuth flow data storage.

type SessionOptions ¶

type SessionOptions struct {
	MaxAge   int           // seconds
	Domain   string        // cookie domain
	Path     string        // cookie path
	HttpOnly bool          // default: true
	Secure   bool          // default: true
	SameSite http.SameSite // default: Lax
}

SessionOptions configures HTTP session cookie behavior.

func DefaultSessionOptions ¶

func DefaultSessionOptions() SessionOptions

DefaultSessionOptions returns secure default session options.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL