Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

bff

package

Go to main page

Versions in this module

v0

v0.2.0

Mar 8, 2026

v0.1.0

Feb 28, 2026

Changes in this version

+ const ContextKeySession

+ const SessionIDLength

+ var ErrInvalidSession = errors.New("invalid session")

+ var ErrNoDPoPKeyPair = errors.New("session has no DPoP key pair")

+ var ErrRefreshFailed = errors.New("token refresh failed")

+ var ErrRefreshTokenExpired = errors.New("refresh token expired")

+ var ErrSessionExpired = errors.New("session expired")

+ var ErrSessionNotFound = errors.New("session not found")

+ var ErrTokenEndpointRequired = errors.New("token endpoint required")

+ func APIProxyMiddleware(targetURL string) (func(http.Handler) http.Handler, error)

+ func AutoRefreshMiddleware(config RefreshConfig) (func(http.Handler) http.Handler, error)

+ func GenerateSessionID() (string, error)

+ func OptionalSessionMiddleware(store Store, cookieManager *CookieManager) func(http.Handler) http.Handler

+ func OriginMiddleware(allowedOrigins ...string) func(http.Handler) http.Handler

+ func RefreshHandler(config RefreshConfig) http.Handler

+ func RequireSessionMiddleware(store Store, cookieManager *CookieManager) func(http.Handler) http.Handler

+ func SessionMiddleware(config MiddlewareConfig) func(http.Handler) http.Handler

+ func SimpleProxy(targetURL string) (http.Handler, error)

+ type CookieConfig struct

+ Domain string

+ HTTPOnly bool

+ MaxAge int

+ Name string

+ Path string

+ SameSite http.SameSite

+ Secure bool

+ func DefaultCookieConfig() CookieConfig

+ type CookieManager struct

+ func NewCookieManager(config CookieConfig) *CookieManager

+ func (m *CookieManager) ClearSessionCookie(w http.ResponseWriter)

+ func (m *CookieManager) Config() CookieConfig

+ func (m *CookieManager) GetSessionID(r *http.Request) string

+ func (m *CookieManager) SetSessionCookie(w http.ResponseWriter, sessionID string, expiry time.Time)

+ type MemoryStore struct

+ func NewMemoryStore(config StoreConfig) *MemoryStore

+ func (s *MemoryStore) Cleanup(ctx context.Context) (int, error)

+ func (s *MemoryStore) Close() error

+ func (s *MemoryStore) Count() int

+ func (s *MemoryStore) Create(ctx context.Context, session *Session) error

+ func (s *MemoryStore) Delete(ctx context.Context, id string) error

+ func (s *MemoryStore) DeleteByUserID(ctx context.Context, userID string) (int, error)

+ func (s *MemoryStore) Get(ctx context.Context, id string) (*Session, error)

+ func (s *MemoryStore) Touch(ctx context.Context, id string) error

+ func (s *MemoryStore) Update(ctx context.Context, session *Session) error

+ type MiddlewareConfig struct

+ CookieManager *CookieManager

+ OnNoSession func(w http.ResponseWriter, r *http.Request)

+ OnSessionExpired func(w http.ResponseWriter, r *http.Request)

+ OnSessionInvalid func(w http.ResponseWriter, r *http.Request)

+ OnSessionLoad func(ctx context.Context, session *Session) error

+ RefreshThreshold time.Duration

+ RequireSession bool

+ Store Store

+ TouchOnAccess bool

+ type OriginConfig struct

+ AllowMissingOrigin bool

+ AllowedHosts []string

+ AllowedOrigins []string

+ CheckReferer bool

+ OnError func(w http.ResponseWriter, r *http.Request)

+ SkipMethods []string

+ func DefaultOriginConfig() OriginConfig

+ type OriginValidator struct

+ func NewOriginValidator(config OriginConfig) *OriginValidator

+ func (v *OriginValidator) Middleware() func(http.Handler) http.Handler

+ func (v *OriginValidator) ValidateRequest(r *http.Request) bool

+ type Proxy struct

+ func NewProxy(config ProxyConfig) (*Proxy, error)

+ func (p *Proxy) Handler() http.Handler

+ func (p *Proxy) ProxyRequest(ctx context.Context, method, path string, body io.Reader) (*http.Response, error)

+ type ProxyConfig struct

+ Client *http.Client

+ HeadersToForward []string

+ HeadersToRemove []string

+ OnError func(w http.ResponseWriter, r *http.Request, err error)

+ OnRequestRewrite func(r *http.Request, session *Session)

+ PathRewrite func(path string) string

+ ResponseHeadersToRemove []string

+ StripPrefix string

+ TargetURL string

+ Timeout time.Duration

+ UseDPoP bool

+ func DefaultProxyConfig() ProxyConfig

+ type RefreshConfig struct

+ Client *http.Client

+ ClientID string

+ ClientSecret string

+ CookieManager *CookieManager

+ OnRefreshError func(w http.ResponseWriter, r *http.Request, err error)

+ OnRefreshSuccess func(ctx context.Context, session *Session)

+ ParseTokenResponse func(body []byte) (*TokenResponse, error)

+ RefreshThreshold time.Duration

+ Store Store

+ Timeout time.Duration

+ TokenEndpoint string

+ UseDPoP bool

+ func DefaultRefreshConfig() RefreshConfig

+ type Refresher struct

+ func NewRefresher(config RefreshConfig) (*Refresher, error)

+ func (r *Refresher) Middleware() func(http.Handler) http.Handler

+ func (r *Refresher) RefreshSession(ctx context.Context, session *Session) error

+ type Session struct

+ AccessToken string

+ AccessTokenExpiresAt time.Time

+ CreatedAt time.Time

+ DPoPKeyPairJSON []byte

+ DPoPThumbprint string

+ ExpiresAt time.Time

+ ID string

+ IPAddress string

+ LastAccessedAt time.Time

+ Metadata map[string]string

+ OrganizationID *uuid.UUID

+ RefreshToken string

+ RefreshTokenExpiresAt time.Time

+ UpdatedAt time.Time

+ UserAgent string

+ UserID uuid.UUID

+ func GetSession(ctx context.Context) *Session

+ func NewSession(userID uuid.UUID, accessToken, refreshToken string, ...) (*Session, error)

+ func (s *Session) GetDPoPKeyPair() (*dpop.KeyPair, error)

+ func (s *Session) HasDPoP() bool

+ func (s *Session) IsAccessTokenExpired() bool

+ func (s *Session) IsExpired() bool

+ func (s *Session) IsRefreshTokenExpired() bool

+ func (s *Session) NeedsRefresh(threshold time.Duration) bool

+ func (s *Session) SetDPoPKeyPair(kp *dpop.KeyPair) error

+ type Store interface

+ Cleanup func(ctx context.Context) (int, error)

+ Close func() error

+ Create func(ctx context.Context, session *Session) error

+ Delete func(ctx context.Context, id string) error

+ DeleteByUserID func(ctx context.Context, userID string) (int, error)

+ Get func(ctx context.Context, id string) (*Session, error)

+ Touch func(ctx context.Context, id string) error

+ Update func(ctx context.Context, session *Session) error

+ type StoreConfig struct

+ CleanupInterval int

+ EncryptionKey []byte

+ MaxSessions int

+ func DefaultStoreConfig() StoreConfig

+ type TokenErrorResponse struct

+ Error string

+ ErrorDescription string

+ type TokenResponse struct

+ AccessToken string

+ ExpiresIn int

+ RefreshToken string

+ Scope string

+ TokenType string