Documentation
¶
Overview ¶
Package cookie implements all cookie handling for the session package
Index ¶
- Constants
- Variables
- func ValidSessionID(sessionID string) (ccc.UUID, bool)
- type Client
- func (c *Client) Cookie() *cookie.Client
- func (c *Client) CreateXSRFTokenCookie(w http.ResponseWriter, sessionID ccc.UUID)
- func (c *Client) DeleteOidcCookie(w http.ResponseWriter)
- func (c *Client) HasValidXSRFToken(r *http.Request) (bool, error)
- func (c *Client) NewAuthCookie(w http.ResponseWriter, sameSiteStrict bool, sessionID ccc.UUID) *cookie.Values
- func (c *Client) ReadAuthCookie(r *http.Request) (values *cookie.Values, found bool, err error)
- func (c *Client) ReadOidcCookie(r *http.Request) (values *cookie.Values, found bool, err error)
- func (c *Client) RefreshXSRFTokenCookie(w http.ResponseWriter, r *http.Request, sessionID ccc.UUID) (set bool, err error)
- func (c *Client) WriteAuthCookie(w http.ResponseWriter, sameSiteStrict bool, values *cookie.Values)
- func (c *Client) WriteOidcCookie(w http.ResponseWriter, values *cookie.Values)
- type Handler
- type Option
Constants ¶
const ( // SessionID is the key used to store the SessionID in a Secure Cookie SessionID cookie.Key = "sessionID" // SameSiteStrict is the key used to store the sameSiteStrict cookie setting SameSiteStrict cookie.Key = "sameSiteStrict" // OIDCState is the key used to store the state OIDCState cookie.Key = "state" // OIDCPkceVerifier is the key used to store the PKCE verifier OIDCPkceVerifier cookie.Key = "pkceVerifier" // ReturnURL is the key used to store the return URL ReturnURL cookie.Key = "returnURL" )
const ( // AuthCookieName is the cookie name of the Secure Cookie AuthCookieName = "auth" // XSRFCookieName is the cookie name of the XSRF Token Cookie XSRFCookieName = "XSRF-TOKEN" // OIDCCookieName is the cookie name of the OIDC Cookie OIDCCookieName = "OIDC" // XSRFHeaderName is the header name of the XSRF Token Cookie XSRFHeaderName = "X-XSRF-TOKEN" // OIDCCookieExpiration is the default expiration for the OIDC Cookie OIDCCookieExpiration = 10 * time.Minute )
Variables ¶
var SafeMethods = methods([]string{"GET", "HEAD", "OPTIONS", "TRACE"})
SafeMethods are Idempotent methods as defined by RFC7231 section 4.2.2.
Functions ¶
Types ¶
type Client ¶ added in v0.7.0
type Client struct {
// contains filtered or unexported fields
}
Client implements all cookie management for session package
func NewCookieClient ¶
NewCookieClient returns a new CookieClient
func (*Client) CreateXSRFTokenCookie ¶ added in v0.7.0
func (c *Client) CreateXSRFTokenCookie(w http.ResponseWriter, sessionID ccc.UUID)
CreateXSRFTokenCookie sets a new cookie
func (*Client) DeleteOidcCookie ¶ added in v0.7.0
func (c *Client) DeleteOidcCookie(w http.ResponseWriter)
DeleteOidcCookie deletes the OIDC cookie from the response
func (*Client) HasValidXSRFToken ¶ added in v0.7.0
HasValidXSRFToken checks if the XSRF token is valid
func (*Client) NewAuthCookie ¶ added in v0.7.0
func (c *Client) NewAuthCookie(w http.ResponseWriter, sameSiteStrict bool, sessionID ccc.UUID) *cookie.Values
NewAuthCookie writes a new Auth Cookie for given sessionID
func (*Client) ReadAuthCookie ¶ added in v0.7.0
ReadAuthCookie reads the Auth cookie from the request
func (*Client) ReadOidcCookie ¶ added in v0.7.0
ReadOidcCookie reads the OIDC cookie from the request
func (*Client) RefreshXSRFTokenCookie ¶ added in v0.7.0
func (c *Client) RefreshXSRFTokenCookie(w http.ResponseWriter, r *http.Request, sessionID ccc.UUID) (set bool, err error)
RefreshXSRFTokenCookie updates the cookie when it is close to expiration, or sets it if it does not exist.
func (*Client) WriteAuthCookie ¶ added in v0.7.0
WriteAuthCookie writes the Auth cookie to the response
func (*Client) WriteOidcCookie ¶ added in v0.7.0
func (c *Client) WriteOidcCookie(w http.ResponseWriter, values *cookie.Values)
WriteOidcCookie writes the OIDC cookie to the response
type Handler ¶ added in v0.7.0
type Handler interface {
NewAuthCookie(w http.ResponseWriter, sameSiteStrict bool, sessionID ccc.UUID) *cookie.Values
ReadAuthCookie(r *http.Request) (values *cookie.Values, found bool, err error)
WriteAuthCookie(w http.ResponseWriter, sameSiteStrict bool, values *cookie.Values)
RefreshXSRFTokenCookie(w http.ResponseWriter, r *http.Request, sessionID ccc.UUID) (set bool, err error)
CreateXSRFTokenCookie(w http.ResponseWriter, sessionID ccc.UUID)
HasValidXSRFToken(r *http.Request) (bool, error)
Cookie() *cookie.Client
}
Handler Interface included for testability
type Option ¶ added in v0.7.0
type Option func(*cookieOptions)
Option defines a function signature for setting cookie client options.
func WithCookieDomain ¶ added in v0.7.0
WithCookieDomain sets the domain for the session cookie.
func WithCookieName ¶ added in v0.7.0
WithCookieName sets the cookie name for the session cookie.
func WithXSRFCookieName ¶ added in v0.7.0
WithXSRFCookieName sets the cookie name for the XSRF cookie.
func WithXSRFHeaderName ¶ added in v0.7.0
WithXSRFHeaderName sets the header name for the XSRF header.
Source Files