session

package

v0.1.0 Latest Latest Go to latest Published: Mar 26, 2026 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/shortontech/pickle

Links

Open Source Insights

Documentation ¶

Index ¶

func CSRF(ctx *pickle.Context, next func() pickle.Response) pickle.Response
func Destroy(ctx *pickle.Context) (pickle.Response, error)
func Get(ctx *pickle.Context, key string) (string, error)
func Put(ctx *pickle.Context, key string, value any) error
type Driver
- func NewDriver(env func(string, string) string, db *sql.DB) *Driver
type SessionCookies
- func Create(ctx *pickle.Context, userID, role string) (*SessionCookies, error)
- func (sc *SessionCookies) Apply(resp pickle.Response) pickle.Response

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CSRF ¶

func CSRF(ctx *pickle.Context, next func() pickle.Response) pickle.Response

CSRF is middleware that protects against cross-site request forgery.

It uses the HMAC double-submit cookie pattern: a token is generated from a random nonce HMAC-signed with the session ID, set as a JS-readable cookie, and must be echoed back in the X-CSRF-TOKEN header on state-changing requests.

Safe methods (GET, HEAD, OPTIONS) pass through with a token cookie set. Requests with an Authorization: Bearer header are skipped (API clients).

func Destroy ¶

func Destroy(ctx *pickle.Context) (pickle.Response, error)

Destroy deletes the current session from the database and returns expired cookies that clear the session and CSRF cookies in the browser.

func Get ¶

func Get(ctx *pickle.Context, key string) (string, error)

Get reads a value from the session's payload JSONB by key. Returns empty string if the key doesn't exist.

func Put ¶

func Put(ctx *pickle.Context, key string, value any) error

Put writes a key-value pair into the session's payload JSONB. Creates the payload object if it doesn't exist yet.

Types ¶

type Driver ¶

type Driver struct {
	// contains filtered or unexported fields
}

Driver implements session-based authentication using database-backed sessions. Sessions are identified by a cookie. The session record is looked up in the sessions table and validated for expiry.

func NewDriver ¶

func NewDriver(env func(string, string) string, db *sql.DB) *Driver

NewDriver creates a session auth driver. Config is read from environment:

SESSION_COOKIE: cookie name (default: "session_id")
SESSION_TTL: session lifetime in seconds (default: 86400)

func (*Driver) Authenticate ¶

func (d *Driver) Authenticate(r *http.Request) (*pickle.AuthInfo, error)

Authenticate reads the session cookie, looks up the session in the database, and returns AuthInfo on success.

func (*Driver) CookieName ¶

func (d *Driver) CookieName() string

CookieName returns the configured session cookie name.

func (*Driver) TTL ¶

func (d *Driver) TTL() int

TTL returns the configured session lifetime in seconds.

type SessionCookies ¶

type SessionCookies struct {
	Session *http.Cookie
	CSRF    *http.Cookie
}

SessionCookies holds the cookies that should be set after session creation.

func Create ¶

func Create(ctx *pickle.Context, userID, role string) (*SessionCookies, error)

Create inserts a new session into the database and returns a Response with session and CSRF cookies set. The caller should chain this onto their response:

resp, err := session.Create(ctx, userID, role)
if err != nil { return ctx.Error(err) }
return ctx.JSON(200, data).WithCookie(resp.Session).WithCookie(resp.CSRF)

func (*SessionCookies) Apply ¶

func (sc *SessionCookies) Apply(resp pickle.Response) pickle.Response

Apply adds session cookies to a response, returning the modified response.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL