utils

package

v1.6.1 Latest Latest Go to latest Published: Apr 3, 2026 License: GPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/eugenioenko/autentico

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func DummyRoute(w http.ResponseWriter, r *http.Request)
func ErrorResponse(w http.ResponseWriter, message string, statusCode int, errorCodes ...int)
func ExtractBearerToken(authHeader string) string
func GetClientIP(r *http.Request) string
func HashSHA256(s string) string
func IsValidRedirectURI(uri string) bool
func Ptr[T any](v T) *T
func RandomDelay()
func SuccessResponse[T any](w http.ResponseWriter, data T, statusCodes ...int)
func WriteApiResponse(w http.ResponseWriter, data any, statusCode int)
func WriteBearerUnauthorized(w http.ResponseWriter, realm, errType, errDescription string)
func WriteErrorResponse(w http.ResponseWriter, statusCode int, errorType, errorDescription string)

Constants ¶

View Source

const (
	AntiTimingMinMs = 50
	AntiTimingMaxMs = 200
)

Anti-timing constants used to prevent user enumeration via response time.

Variables ¶

This section is empty.

Functions ¶

func DummyRoute ¶

func DummyRoute(w http.ResponseWriter, r *http.Request)

func ErrorResponse ¶

func ErrorResponse(w http.ResponseWriter, message string, statusCode int, errorCodes ...int)

func ExtractBearerToken ¶

func ExtractBearerToken(authHeader string) string

ExtractBearerToken extracts the token from the Authorization header. RFC 6750 §2.1 / RFC 7235 §2.1: the authentication scheme name ("Bearer") is case-insensitive, so "bearer", "BEARER", and "Bearer" are all valid.

func GetClientIP ¶

func GetClientIP(r *http.Request) string

func HashSHA256 ¶ added in v1.0.0

func HashSHA256(s string) string

func IsValidRedirectURI ¶

func IsValidRedirectURI(uri string) bool

IsValidRedirectURI checks that the given URI is a syntactically valid URL with a scheme and host. Per-client redirect URI allowlist validation is handled separately at the client level.

func Ptr ¶ added in v1.3.2

func Ptr[T any](v T) *T

Ptr returns a pointer to the given value

func RandomDelay ¶ added in v1.6.0

func RandomDelay()

RandomDelay sleeps for a random duration between AntiTimingMinMs and AntiTimingMaxMs milliseconds. Used to prevent timing-based user enumeration.

func SuccessResponse ¶

func SuccessResponse[T any](w http.ResponseWriter, data T, statusCodes ...int)

func WriteApiResponse ¶

func WriteApiResponse(w http.ResponseWriter, data any, statusCode int)

func WriteBearerUnauthorized ¶ added in v1.6.0

func WriteBearerUnauthorized(w http.ResponseWriter, realm, errType, errDescription string)

WriteBearerUnauthorized writes a 401 response with the WWW-Authenticate header required by RFC 6750 §3. When errType is empty only the realm is included (no credentials presented); otherwise error and error_description are added.

func WriteErrorResponse ¶

func WriteErrorResponse(w http.ResponseWriter, statusCode int, errorType, errorDescription string)

WriteErrorResponse writes an OAuth2 error response. RFC 6749 §5.2: error responses MUST include "error" and MAY include "error_description". HTTP status MUST be 400 for all error codes except invalid_client, which MUST use 401.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL