auth

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2025 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const UserContextKey contextKey = "user"

Variables

This section is empty.

Functions

func GetSecureClientIP 

func GetSecureClientIP(c *gin.Context) string

GetSecureClientIP returns the client's real IP address with validation to prevent IP spoofing attacks. This function: 1. On App Engine: Uses X-Appengine-User-Ip (trusted by Google) 2. On local: Uses RemoteAddr directly (no trust of X-Forwarded-For)

This prevents attackers from spoofing their IP to bypass rate limiting or obscure their identity in audit logs.

func GetUserFromContext 

func GetUserFromContext(c *gin.Context) (*database.User, bool)

GetUserFromContext extracts the user from the Gin context

func GetUserFromStdContext 

func GetUserFromStdContext(ctx context.Context) (*database.User, bool)

GetUserFromStdContext extracts the user from a standard context

func RateLimitMiddleware 

func RateLimitMiddleware(limiter *RateLimiter) gin.HandlerFunc

RateLimitMiddleware creates a Gin middleware for rate limiting

func SanitizeIPForLogging 

func SanitizeIPForLogging(ip string) string

SanitizeIPForLogging sanitizes an IP address for safe logging Returns the IP with the last octet replaced with 'xxx' for privacy

func ValidateClientIP 

func ValidateClientIP(ip string) bool

ValidateClientIP validates that an IP address is not from a private/internal range This is used as an additional security measure for sensitive operations

Types

type AuthService 

type AuthService struct {
	// contains filtered or unexported fields
}

func NewAuthService 

func NewAuthService(db database.Database) *AuthService

func (*AuthService) GetAuthURL 

func (a *AuthService) GetAuthURL(state string) string

func (*AuthService) HandleCallback 

func (a *AuthService) HandleCallback(code string) (*database.User, error)

func (*AuthService) InitializeAdminUsers 

func (a *AuthService) InitializeAdminUsers() error

InitializeAdminUsers grants admin privileges to users specified in INITIAL_ADMIN_EMAILS This should be called on application startup to ensure initial admin access

func (*AuthService) ValidateConfig 

func (a *AuthService) ValidateConfig() error

type CSRFManager 

type CSRFManager struct {
	// contains filtered or unexported fields
}

CSRFManager manages CSRF tokens using stateless HMAC-based generation Tokens are derived from session IDs using HMAC-SHA256, eliminating the need for server-side storage and ensuring tokens survive application restarts

func NewCSRFManager 

func NewCSRFManager() *CSRFManager

NewCSRFManager creates a new CSRF manager with HMAC-based token generation

func (*CSRFManager) DeleteToken 

func (cm *CSRFManager) DeleteToken(sessionID string)

DeleteToken is a no-op in the stateless implementation CSRF tokens are tied to session lifetime, so deleting the session invalidates the token

func (*CSRFManager) GenerateToken 

func (cm *CSRFManager) GenerateToken(sessionID string) (string, error)

GenerateToken generates a CSRF token for a session using HMAC-SHA256 The token is deterministically derived from the session ID, making it stateless

func (*CSRFManager) ValidateToken 

func (cm *CSRFManager) ValidateToken(sessionID, token string) bool

ValidateToken validates a CSRF token for a session by recomputing the HMAC This is stateless - no database or memory lookup required

type CachedSession 

type CachedSession struct {
	Session      *Session
	CachedAt     time.Time
	CacheExpires time.Time
}

CachedSession represents a session stored in the in-memory cache

type GoogleUserInfo 

type GoogleUserInfo struct {
	ID      string `json:"id"`
	Email   string `json:"email"`
	Name    string `json:"name"`
	Picture string `json:"picture"`
}

type Middleware 

type Middleware struct {
	// contains filtered or unexported fields
}

func NewMiddleware 

func NewMiddleware(sessionManager *SessionManager) *Middleware

func (*Middleware) CSRFMiddleware 

func (m *Middleware) CSRFMiddleware(csrfManager *CSRFManager) gin.HandlerFunc

CSRFMiddleware returns a Gin middleware that validates CSRF tokens

func (*Middleware) OptionalAuth 

func (m *Middleware) OptionalAuth() gin.HandlerFunc

OptionalAuth is a middleware that adds user to context if authenticated

func (*Middleware) RequireAdmin 

func (m *Middleware) RequireAdmin() gin.HandlerFunc

RequireAdmin is a middleware that requires admin privileges

func (*Middleware) RequireAuth 

func (m *Middleware) RequireAuth() gin.HandlerFunc

RequireAuth is a middleware that requires authentication

func (*Middleware) RequireAuthPage 

func (m *Middleware) RequireAuthPage() gin.HandlerFunc

RequireAuthPage is a middleware that requires authentication for HTML pages Redirects to login instead of returning JSON error

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter stores rate limiters for each IP address

func NewRateLimiter 

func NewRateLimiter(r rate.Limit, b int) *RateLimiter

NewRateLimiter creates a new rate limiter r is the rate (requests per second) b is the burst size (max requests at once)

func (*RateLimiter) AddIP 

func (rl *RateLimiter) AddIP(ip string) *rate.Limiter

AddIP creates a new rate limiter for an IP address if it doesn't exist

func (*RateLimiter) GetLimiter 

func (rl *RateLimiter) GetLimiter(ip string) *rate.Limiter

GetLimiter returns the rate limiter for an IP address

type Session 

type Session struct {
	ID        string
	UserID    int
	User      *database.User
	CreatedAt time.Time
	ExpiresAt time.Time
}

type SessionManager 

type SessionManager struct {
	// contains filtered or unexported fields
}

func NewSessionManager 

func NewSessionManager(db database.Database) *SessionManager

func (*SessionManager) ClearSessionCookie 

func (sm *SessionManager) ClearSessionCookie(w http.ResponseWriter)

func (*SessionManager) CreateSession 

func (sm *SessionManager) CreateSession(user *database.User) (*Session, error)

func (*SessionManager) DeleteSession 

func (sm *SessionManager) DeleteSession(sessionID string)

func (*SessionManager) GetCacheStats 

func (sm *SessionManager) GetCacheStats() map[string]int

GetCacheStats returns statistics about the session cache Useful for monitoring cache hit rates and memory usage

func (*SessionManager) GetSession 

func (sm *SessionManager) GetSession(sessionID string) (*Session, bool)

func (*SessionManager) GetSessionFromRequest 

func (sm *SessionManager) GetSessionFromRequest(r *http.Request) (*Session, bool)

func (*SessionManager) InvalidateCache 

func (sm *SessionManager) InvalidateCache()

InvalidateCache clears all cached sessions Useful for testing or when user data changes that require cache invalidation

func (*SessionManager) SetSessionCookie 

func (sm *SessionManager) SetSessionCookie(w http.ResponseWriter, session *Session)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.