auth

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 13, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package auth holds the Githome web front's authentication handlers: sign-in, sign-up, and sign-out. They live under /login, /join, and /logout and are gated the same way settings is (anonymous sees the form; a signed-in viewer is redirected). They hold no credential logic: password hashing and verification use bcrypt via the auth store interface, and the session cookie is issued by the existing webmw.Sessions. See implementation/06.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Deps 

type Deps struct {
	Store    PasswordStore
	Sessions *webmw.Sessions
	View     *view.Builder
	Render   *render.Set
	Logger   *slog.Logger
}

Deps are the auth handlers' dependencies.

type Handlers 

type Handlers struct {
	// contains filtered or unexported fields
}

Handlers is the auth handler set. One is built at boot and shared.

func New 

func New(d Deps) *Handlers

New wires the handler set from its dependencies.

func (*Handlers) JoinForm 

func (h *Handlers) JoinForm(c *mizu.Ctx) error

JoinForm renders the sign-up form. A signed-in viewer is redirected to the return_to page (or /), the same passthrough the sign-in form does, so a "Create an account" link off a page the viewer was sent to log into lands back where they started once they have an account.

func (*Handlers) JoinSubmit 

func (h *Handlers) JoinSubmit(c *mizu.Ctx) error

JoinSubmit handles the sign-up POST. Validates the form, creates the user, issues a session, and redirects to /.

func (*Handlers) LoginForm 

func (h *Handlers) LoginForm(c *mizu.Ctx) error

LoginForm renders the sign-in form. A signed-in viewer is redirected to / (or the return_to URL). Anonymous viewers see the form.

func (*Handlers) LoginSubmit 

func (h *Handlers) LoginSubmit(c *mizu.Ctx) error

LoginSubmit handles the sign-in POST. Verifies password, issues session cookie, redirects on success. Renders the form with an error on failure.

func (*Handlers) LogoutForm 

func (h *Handlers) LogoutForm(c *mizu.Ctx) error

LogoutForm renders the sign-out confirmation page. An anonymous request is redirected to /.

func (*Handlers) LogoutSubmit 

func (h *Handlers) LogoutSubmit(c *mizu.Ctx) error

LogoutSubmit clears the session cookie and redirects to /.

type OAuthHandlers 

type OAuthHandlers struct {
	// contains filtered or unexported fields
}

OAuthHandlers holds the OAuth authorize-page handlers.

func NewOAuthHandlers 

func NewOAuthHandlers(svc OAuthService, r *render.Set, v *view.Builder) *OAuthHandlers

NewOAuthHandlers creates the OAuth authorize-page handler set.

func (*OAuthHandlers) AuthorizeForm 

func (h *OAuthHandlers) AuthorizeForm(c *mizu.Ctx) error

AuthorizeForm serves GET /login/oauth/authorize. If the viewer is not logged in, it redirects to the sign-in page with a return_to pointing back here.

func (*OAuthHandlers) AuthorizeSubmit 

func (h *OAuthHandlers) AuthorizeSubmit(c *mizu.Ctx) error

AuthorizeSubmit serves POST /login/oauth/authorize. Requires a logged-in viewer. On approval it generates an auth code and redirects to redirect_uri with code and state. On denial it redirects with error=access_denied.

func (*OAuthHandlers) DeviceForm 

func (h *OAuthHandlers) DeviceForm(c *mizu.Ctx) error

DeviceForm serves GET /login/device: the form asking for the user code a device displayed. An anonymous viewer is sent to sign in first, then bounced back here with any user_code prefill preserved.

func (*OAuthHandlers) DeviceSubmit 

func (h *OAuthHandlers) DeviceSubmit(c *mizu.Ctx) error

DeviceSubmit serves POST /login/device: it approves or denies the pending device session behind the submitted user code. Approval binds the session to the signed-in viewer, so the device's next token poll mints a token for that account. An unknown or expired code re-renders the form with an error rather than confirming anything about other sessions.

type OAuthService 

type OAuthService interface {
	GenerateOAuthAuthCode(ctx context.Context, clientID, redirectURI, scope string, userPK int64) (string, error)
	OAuthAppName(ctx context.Context, clientID string) (string, bool)
	ApproveDeviceCode(ctx context.Context, userCode string, userPK int64) error
	DenyDeviceCode(ctx context.Context, userCode string) error
}

OAuthService is the narrow slice of the auth service the OAuth authorize and device-approval handlers call. *auth.Service satisfies this interface directly.

type PasswordStore 

type PasswordStore interface {
	PasswordHashFor(ctx context.Context, login string) (pk int64, hash string, err error)
	InsertUserWithPassword(ctx context.Context, login, email, hash string) (pk int64, err error)
	UserLoginExists(ctx context.Context, login string) (bool, error)
}

PasswordStore is the narrow store interface the auth handlers use to look up and set password hashes. fe/web/auth never imports store directly (doc 01 §6).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.