auth

package

v1.29.0 Latest Latest Go to latest Published: Dec 31, 2025 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/patdeg/common

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth implements a minimal Google OAuth workflow used by the other packages in this repository. Users are redirected to Google for authentication and, on success, returned to /goog_callback where their email address is stored in a secure cookie. The optional "redirect" parameter is preserved as the OAuth state value so that users can be returned to the page they originally attempted to visit.

To avoid open redirect vulnerabilities the state value is validated to ensure it is a relative path on the current site.

Package auth handles Google OAuth login, sets user cookies and records login events. It relies on helpers from the common and track packages.

Index ¶

func GoogleCallbackHandler(w http.ResponseWriter, r *http.Request)
func GoogleLoginHandler(w http.ResponseWriter, r *http.Request)
func RedirectIfNotLoggedIn(w http.ResponseWriter, r *http.Request) bool
func RedirectIfNotLoggedInAPI(w http.ResponseWriter, r *http.Request) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GoogleCallbackHandler ¶

func GoogleCallbackHandler(w http.ResponseWriter, r *http.Request)

GoogleCallbackHandler handles the OAuth callback from Google. It exchanges the authorization code for a token, records the user email in a secure cookie and redirects the user back to the sanitized state value. If the state is empty or invalid a default dashboard or admin page is used.

func GoogleLoginHandler ¶

func GoogleLoginHandler(w http.ResponseWriter, r *http.Request)

GoogleLoginHandler starts the OAuth login process. The optional "redirect" parameter is validated and stored as the OAuth state to protect against open redirects. A login event is also recorded for analytics.

func RedirectIfNotLoggedIn ¶

func RedirectIfNotLoggedIn(w http.ResponseWriter, r *http.Request) bool

RedirectIfNotLoggedIn checks for the login cookie and, if missing, initiates the OAuth login flow. The current path is used as the state value so users return to their original destination after logging in.

func RedirectIfNotLoggedInAPI ¶

func RedirectIfNotLoggedInAPI(w http.ResponseWriter, r *http.Request) bool

RedirectIfNotLoggedInAPI behaves like RedirectIfNotLoggedIn but returns a 401 status instead of redirecting. It is intended for API endpoints that require authentication.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL