sessionauth

package

v0.2.2 Latest Latest Go to latest Published: May 23, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vango-go/vango

Links

Open Source Insights

Documentation ¶

Overview ¶

Package sessionauth provides a session-first auth adapter for Vango.

Provider middleware and Verify are fail-closed: they reject missing or mismatched backing-store records before calling the store validator. Verify also requires a non-empty Principal.SessionID so active checks can re-read the authoritative session record.

Index ¶

type CookiePolicy
type Option
- func WithCookieName(name string) Option
- func WithCookiePolicy(policy CookiePolicy) Option
type Provider
- func New(store SessionStore, opts ...Option) *Provider
type SessionStore
type StoredSession
- func SessionFromContext(ctx context.Context) (*StoredSession, bool)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CookiePolicy ¶

type CookiePolicy interface {
	ApplyCookiePolicy(r *http.Request, cookie *http.Cookie) (*http.Cookie, error)
}

CookiePolicy applies security defaults to cookies set by the provider.

type Option ¶

type Option func(*Provider)

Option configures a Provider.

func WithCookieName ¶

func WithCookieName(name string) Option

WithCookieName sets the cookie name used to load session IDs.

func WithCookiePolicy ¶

func WithCookiePolicy(policy CookiePolicy) Option

WithCookiePolicy applies a cookie policy for provider-managed cookies.

type Provider ¶

type Provider struct {
	// contains filtered or unexported fields
}

Provider adapts a session store to Vango's auth.Provider interface.

func New ¶

func New(store SessionStore, opts ...Option) *Provider

New creates a session-first auth provider. It panics if store is nil (including typed-nil implementations).

func (*Provider) Middleware ¶

func (p *Provider) Middleware() func(http.Handler) http.Handler

Middleware validates the session cookie and injects the stored session into context.

func (*Provider) Principal ¶

func (p *Provider) Principal(ctx context.Context) (auth.Principal, bool)

Principal extracts the auth.Principal from a validated request context.

func (*Provider) SetCookiePolicy ¶

func (p *Provider) SetCookiePolicy(policy CookiePolicy)

SetCookiePolicy updates the cookie policy after provider creation.

func (*Provider) Verify ¶

func (p *Provider) Verify(ctx context.Context, principal auth.Principal) error

Verify checks whether the session is still valid for active revalidation.

type SessionStore ¶

type SessionStore interface {
	// Get returns a stored session for a session ID.
	// Returning (nil, nil) means "not found" and is treated as unauthenticated.
	Get(ctx context.Context, sessionID string) (*StoredSession, error)
	// Validate checks whether a stored session is currently valid.
	// Validate is only called with non-nil session values.
	Validate(ctx context.Context, session *StoredSession) error
}

SessionStore is the backing store for session-first auth.

type StoredSession ¶

type StoredSession struct {
	ID          string
	UserID      string
	Email       string
	Name        string
	Roles       []string
	TenantID    string
	ExpiresAt   time.Time
	AuthVersion int
}

StoredSession represents a validated session from a backing store.

func SessionFromContext ¶

func SessionFromContext(ctx context.Context) (*StoredSession, bool)

SessionFromContext returns the stored session from context.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL