auth

package
v0.9.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2026 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotAuthenticated   = errors.New("not authenticated")
	ErrInvalidCredentials = errors.New("invalid credentials")
	ErrUserNotFound       = errors.New("user not found")
	ErrGuardNotFound      = errors.New("guard not found")
	ErrNotInitialized     = errors.New("auth manager not initialized")
	ErrInvalidSession     = errors.New("invalid session")
)

Errors

View Source 
var (
	ErrUnauthorized    = errors.New("unauthorized action")
	ErrPolicyNotFound  = errors.New("policy not found")
	ErrGateNotFound    = errors.New("gate not found")
	ErrNoUserInContext = errors.New("no authenticated user in context")
	ErrInvalidResource = errors.New("invalid resource type")
)

Authorization errors

Functions

func AfterCheck added in v0.8.0 

func AfterCheck(callback AfterCallback)

AfterCheck registers an after callback on the global gate

func Attempt 

func Attempt(w http.ResponseWriter, r *http.Request, credentials map[string]interface{}, remember ...bool) (bool, error)

Attempt attempts login with credentials using default guard.

func AuthMiddleware added in v0.9.5 

func AuthMiddleware(manager *Manager) router.MiddlewareFunc

AuthMiddleware returns a router.MiddlewareFunc that requires authentication using the provided Manager instance.

func Authorize added in v0.8.0 

func Authorize(r *http.Request, ability string, args ...interface{}) error

Authorize checks authorization and returns an error if denied

func AuthorizeMiddleware added in v0.8.0 

func AuthorizeMiddleware(ability string, loader ...ResourceLoader) func(http.Handler) http.Handler

AuthorizeMiddleware creates middleware that checks authorization for an ability

func BeforeCheck added in v0.8.0 

func BeforeCheck(callback BeforeCallback)

BeforeCheck registers a before callback on the global gate

func Can added in v0.8.0 

func Can(r *http.Request, ability string, args ...interface{}) bool

Can checks if the authenticated user can perform an ability

func CanPolicy added in v0.8.0 

func CanPolicy(r *http.Request, resourceType, action string, resource interface{}) bool

CanPolicy checks if the authenticated user can perform an action on a resource via policy

func Cannot added in v0.8.0 

func Cannot(r *http.Request, ability string, args ...interface{}) bool

Cannot checks if the authenticated user cannot perform an ability

func Check 

func Check(r *http.Request) bool

Check checks if user is authenticated using default guard.

func Define added in v0.8.0 

func Define(ability string, callback GateCallback)

Define registers a gate callback on the global gate

func Guest 

func Guest(redirectTo string) func(http.Handler) http.Handler

Guest middleware - redirects authenticated users

func HasAllRoles added in v0.8.0 

func HasAllRoles(r *http.Request, roles ...string) bool

HasAllRoles checks if the authenticated user has all the given roles

func HasAnyRole added in v0.8.0 

func HasAnyRole(r *http.Request, roles ...string) bool

HasAnyRole checks if the authenticated user has any of the given roles

func HasRole added in v0.8.0 

func HasRole(r *http.Request, role string) bool

HasRole checks if the authenticated user has a role

func Hash 

func Hash(password string) (string, error)

Hash hashes a password using the global hasher.

func ID 

func ID(r *http.Request) interface{}

ID returns authenticated user ID using default guard.

func Init 

func Init(config Config) error

Init initializes the global auth manager.

func InitHasher 

func InitHasher(hasher Hasher)

InitHasher initializes the global hasher.

func Login 

func Login(w http.ResponseWriter, r *http.Request, user Authenticatable, remember ...bool) error

Login logs in a user using default guard.

func LoginByID 

func LoginByID(w http.ResponseWriter, r *http.Request, id interface{}, remember ...bool) error

LoginByID logs in a user by ID using default guard.

func Logout 

func Logout(w http.ResponseWriter, r *http.Request) error

Logout logs out user using default guard.

func Middleware 

func Middleware(redirectTo string) func(http.Handler) http.Handler

Middleware that requires authentication

func NeedsRehash 

func NeedsRehash(hash string) bool

NeedsRehash checks if a hash needs rehashing using the global hasher.

func RedirectIfAuthenticated 

func RedirectIfAuthenticated(redirectTo string) func(http.Handler) http.Handler

RedirectIfAuthenticated middleware - same as Guest but with clearer name

func RegisterPolicy added in v0.8.0 

func RegisterPolicy(resourceType string, policy Policy)

RegisterPolicy registers a policy on the global gate

func RequireAllRoles added in v0.8.0 

func RequireAllRoles(roles ...string) func(http.Handler) http.Handler

RequireAllRoles creates middleware that requires all of the given roles

func RequireAnyRole added in v0.8.0 

func RequireAnyRole(roles ...string) func(http.Handler) http.Handler

RequireAnyRole creates middleware that requires any of the given roles

func RequireAuth 

func RequireAuth(redirectTo string) func(http.Handler) http.Handler

RequireAuth is an alias for Middleware

func RequireRole added in v0.8.0 

func RequireRole(role string) func(http.Handler) http.Handler

RequireRole creates middleware that requires a specific role

func SetGate added in v0.8.0 

func SetGate(g *Gate)

SetGate sets the global gate instance (useful for testing)

func SetGlobalManager added in v0.9.5 

func SetGlobalManager(m *Manager)

SetGlobalManager sets the global auth manager instance. Used by velocity.Default() to wire the App's auth manager into the global.

func SetGlobalRoleChecker added in v0.8.0 

func SetGlobalRoleChecker(checker RoleChecker)

SetGlobalRoleChecker sets the role checker on the global gate

func Verify 

func Verify(password string, hash string) bool

Verify verifies a password against a hash using the global hasher.

Types

type AfterCallback added in v0.8.0 

type AfterCallback func(user Authenticatable, ability string, result bool, args ...interface{}) bool

AfterCallback is called after any gate/policy check

type AuthUser added in v0.2.4 

type AuthUser struct {
	ID            interface{}
	Name          string
	Email         string
	Password      string
	RememberToken string
}

AuthUser represents an authenticated user

func (*AuthUser) GetAuthIdentifier added in v0.2.4 

func (u *AuthUser) GetAuthIdentifier() interface{}

GetAuthIdentifier returns user ID

func (*AuthUser) GetAuthPassword added in v0.2.4 

func (u *AuthUser) GetAuthPassword() string

GetAuthPassword returns user password hash

func (*AuthUser) GetRememberToken added in v0.2.4 

func (u *AuthUser) GetRememberToken() string

GetRememberToken returns remember token

func (*AuthUser) SetRememberToken added in v0.2.4 

func (u *AuthUser) SetRememberToken(token string)

SetRememberToken sets remember token

func (*AuthUser) String added in v0.2.4 

func (u *AuthUser) String() string

String returns string representation

type Authenticatable 

type Authenticatable interface {
	GetAuthIdentifier() interface{}
	GetAuthPassword() string
	GetRememberToken() string
	SetRememberToken(token string)
}

Authenticatable represents a user that can be authenticated

func User 

func User(r *http.Request) Authenticatable

User returns authenticated user using default guard.

type BaseSession 

type BaseSession struct {
	// contains filtered or unexported fields
}

BaseSession provides common session functionality

func NewSession 

func NewSession(id string) *BaseSession

NewSession creates a new session

func (*BaseSession) Clear 

func (s *BaseSession) Clear()

Clear clears all session data

func (*BaseSession) Flash 

func (s *BaseSession) Flash(key string, value interface{})

Flash sets flash message

func (*BaseSession) Get 

func (s *BaseSession) Get(key string) interface{}

Get gets value from session

func (*BaseSession) GetData 

func (s *BaseSession) GetData() map[string]interface{}

GetData returns session data (for serialization)

func (*BaseSession) GetFlash 

func (s *BaseSession) GetFlash(key string) interface{}

GetFlash gets and removes flash message

func (*BaseSession) GetFlashData 

func (s *BaseSession) GetFlashData() map[string]interface{}

GetFlashData returns flash data (for serialization)

func (*BaseSession) Has 

func (s *BaseSession) Has(key string) bool

Has checks if key exists

func (*BaseSession) ID 

func (s *BaseSession) ID() string

ID returns session ID

func (*BaseSession) Invalidate 

func (s *BaseSession) Invalidate() error

Invalidate invalidates session

func (*BaseSession) IsDestroyed 

func (s *BaseSession) IsDestroyed() bool

IsDestroyed checks if session was destroyed

func (*BaseSession) IsModified 

func (s *BaseSession) IsModified() bool

IsModified checks if session was modified

func (*BaseSession) Put 

func (s *BaseSession) Put(key string, value interface{})

Put puts value in session

func (*BaseSession) Regenerate 

func (s *BaseSession) Regenerate() error

Regenerate regenerates session ID

func (*BaseSession) Remove 

func (s *BaseSession) Remove(key string)

Remove removes value from session

func (*BaseSession) Save 

func (s *BaseSession) Save(w http.ResponseWriter) error

Save saves session (implemented by stores)

func (*BaseSession) SetData 

func (s *BaseSession) SetData(data map[string]interface{})

SetData sets session data (for deserialization)

func (*BaseSession) SetFlashData 

func (s *BaseSession) SetFlashData(flash map[string]interface{})

SetFlashData sets flash data (for deserialization)

type BcryptHasher 

type BcryptHasher struct {
	// contains filtered or unexported fields
}

BcryptHasher implements Hasher using bcrypt

func NewBcryptHasher 

func NewBcryptHasher(cost int) *BcryptHasher

NewBcryptHasher creates a new bcrypt hasher. Minimum cost is 10 for security; lower values are overridden with a warning.

func (*BcryptHasher) Hash 

func (h *BcryptHasher) Hash(password string) (string, error)

Hash hashes a password using bcrypt

func (*BcryptHasher) NeedsRehash 

func (h *BcryptHasher) NeedsRehash(hash string) bool

NeedsRehash checks if a hash needs rehashing

func (*BcryptHasher) SetCost 

func (h *BcryptHasher) SetCost(cost int)

SetCost updates the bcrypt cost factor

func (*BcryptHasher) Verify 

func (h *BcryptHasher) Verify(password string, hash string) bool

Verify verifies a password against a hash

type BeforeCallback added in v0.8.0 

type BeforeCallback func(user Authenticatable, ability string, args ...interface{}) *bool

BeforeCallback is called before any gate/policy check Return true to allow, false to deny, nil to continue to the actual check

type BlacklistStore added in v0.9.2 

type BlacklistStore interface {
	// Add adds a token JTI to the blacklist with an expiration time.
	Add(jti string, expiresAt time.Time)
	// IsBlacklisted checks whether a token JTI has been blacklisted.
	IsBlacklisted(jti string) bool
	// Cleanup removes expired entries.
	Cleanup()
}

BlacklistStore defines the interface for JWT token blacklist storage. Implement with Redis or another persistent store for production use.

type Claims 

type Claims struct {
	jwt.RegisteredClaims
	UserID    interface{} `json:"uid,omitempty"`
	Email     string      `json:"email,omitempty"`
	Role      string      `json:"role,omitempty"`
	TokenType string      `json:"type,omitempty"` // "access" or "refresh"
}

Claims represents JWT claims

type Config 

type Config struct {
	DefaultGuard string
	Guards       map[string]GuardConfig
	Providers    map[string]ProviderConfig
	BcryptCost   int // Bcrypt cost for password hashing. 0 uses the default.
}

Config holds authentication configuration

func ConfigFromEnv added in v0.9.5 

func ConfigFromEnv() (Config, bool)

ConfigFromEnv builds a Config from environment variables. Returns the config and true if AUTH_GUARD is set, or a zero Config and false otherwise.

type Gate added in v0.8.0 

type Gate struct {
	// contains filtered or unexported fields
}

Gate manages authorization gates and policies

func GetGate added in v0.8.0 

func GetGate() *Gate

GetGate returns the global gate instance

func NewGate added in v0.8.0 

func NewGate() *Gate

NewGate creates a new Gate instance

func (*Gate) After added in v0.8.0 

func (g *Gate) After(callback AfterCallback)

After registers a callback to run after authorization checks

func (*Gate) Allows added in v0.8.0 

func (g *Gate) Allows(user Authenticatable, ability string, args ...interface{}) bool

Allows checks if a user is allowed to perform an ability

func (*Gate) Any added in v0.8.0 

func (g *Gate) Any(user Authenticatable, abilities []string, args ...interface{}) bool

Any checks if any of the abilities pass

func (*Gate) AuthorizePolicy added in v0.8.0 

func (g *Gate) AuthorizePolicy(user Authenticatable, resourceType, action string, resource interface{}) bool

AuthorizePolicy checks authorization using a registered policy

func (*Gate) Before added in v0.8.0 

func (g *Gate) Before(callback BeforeCallback)

Before registers a callback to run before authorization checks

func (*Gate) Check added in v0.8.0 

func (g *Gate) Check(user Authenticatable, abilities []string, args ...interface{}) bool

Check checks multiple abilities (all must pass)

func (*Gate) Define added in v0.8.0 

func (g *Gate) Define(ability string, callback GateCallback)

Define registers a gate callback for an ability

func (*Gate) Denies added in v0.8.0 

func (g *Gate) Denies(user Authenticatable, ability string, args ...interface{}) bool

Denies checks if a user is denied from performing an ability

func (*Gate) ForUser added in v0.8.0 

func (g *Gate) ForUser(user Authenticatable) *UserGate

ForUser creates a user-scoped authorization checker

func (*Gate) HasAllRoles added in v0.8.0 

func (g *Gate) HasAllRoles(user Authenticatable, roles ...string) bool

HasAllRoles checks if a user has all the given roles

func (*Gate) HasAnyRole added in v0.8.0 

func (g *Gate) HasAnyRole(user Authenticatable, roles ...string) bool

HasAnyRole checks if a user has any of the given roles

func (*Gate) HasRole added in v0.8.0 

func (g *Gate) HasRole(user Authenticatable, role string) bool

HasRole checks if a user has a specific role

func (*Gate) RegisterPolicy added in v0.8.0 

func (g *Gate) RegisterPolicy(resourceType string, policy Policy)

Policy registers a policy for a resource type

func (*Gate) SetRoleChecker added in v0.8.0 

func (g *Gate) SetRoleChecker(checker RoleChecker)

SetRoleChecker sets the function used to check user roles

type GateCallback added in v0.8.0 

type GateCallback func(user Authenticatable, args ...interface{}) bool

GateCallback is a function that determines if a user can perform an action

type Guard 

type Guard interface {
	// Check if user is authenticated
	Check(r *http.Request) bool

	// Get authenticated user
	User(r *http.Request) Authenticatable

	// Get user ID
	ID(r *http.Request) interface{}

	// Login user
	Login(w http.ResponseWriter, r *http.Request, user Authenticatable, remember ...bool) error

	// Login by user ID
	LoginByID(w http.ResponseWriter, r *http.Request, id interface{}, remember ...bool) error

	// Attempt login with credentials
	Attempt(w http.ResponseWriter, r *http.Request, credentials map[string]interface{}, remember ...bool) (bool, error)

	// Logout user
	Logout(w http.ResponseWriter, r *http.Request) error

	// Set user provider
	SetProvider(provider UserProvider)
}

Guard defines authentication guard interface

func GetGuard 

func GetGuard(name string) (Guard, error)

GetGuard returns a guard by name from global manager.

type GuardConfig 

type GuardConfig struct {
	Driver   string
	Provider string
	Options  map[string]interface{}
}

GuardConfig holds guard configuration

type Hasher 

type Hasher interface {
	// Hash a password
	Hash(password string) (string, error)

	// Verify a password against a hash
	Verify(password string, hash string) bool

	// Check if hash needs rehashing
	NeedsRehash(hash string) bool
}

Hasher handles password hashing and verification

func GetHasher 

func GetHasher() Hasher

GetHasher returns the global hasher.

type InMemoryBlacklistStore added in v0.9.2 

type InMemoryBlacklistStore struct {
	// contains filtered or unexported fields
}

InMemoryBlacklistStore is the default in-memory blacklist (not suitable for multi-instance deployments).

func NewInMemoryBlacklistStore added in v0.9.2 

func NewInMemoryBlacklistStore() *InMemoryBlacklistStore

NewInMemoryBlacklistStore creates a new in-memory blacklist store.

func (*InMemoryBlacklistStore) Add added in v0.9.2 

func (s *InMemoryBlacklistStore) Add(jti string, expiresAt time.Time)

func (*InMemoryBlacklistStore) Cleanup added in v0.9.2 

func (s *InMemoryBlacklistStore) Cleanup()

func (*InMemoryBlacklistStore) IsBlacklisted added in v0.9.2 

func (s *InMemoryBlacklistStore) IsBlacklisted(jti string) bool

type JWTConfig 

type JWTConfig struct {
	Secret           string
	Algorithm        string
	TTL              int    // Minutes
	RefreshTTL       int    // Minutes
	Issuer           string // Optional JWT issuer (iss claim)
	Audience         string // Optional JWT audience (aud claim)
	BlacklistEnabled bool
	BlacklistStore   BlacklistStore // Optional persistent store; defaults to in-memory
}

JWTConfig holds JWT configuration

type JWTManager 

type JWTManager struct {
	// contains filtered or unexported fields
}

JWTManager handles JWT operations

func NewJWTManager 

func NewJWTManager(config JWTConfig) *JWTManager

NewJWTManager creates a new JWT manager. Panics if Secret is empty or shorter than 32 bytes.

func (*JWTManager) CleanupBlacklist 

func (j *JWTManager) CleanupBlacklist()

CleanupBlacklist removes expired entries from blacklist

func (*JWTManager) GenerateRefreshToken 

func (j *JWTManager) GenerateRefreshToken(user Authenticatable) (string, error)

GenerateRefreshToken generates a refresh token

func (*JWTManager) GenerateToken 

func (j *JWTManager) GenerateToken(user Authenticatable, customClaims ...map[string]interface{}) (string, error)

GenerateToken generates a JWT token for a user

func (*JWTManager) IsBlacklisted 

func (j *JWTManager) IsBlacklisted(jti string) bool

IsBlacklisted checks if token is blacklisted

func (*JWTManager) ParseTokenWithoutValidation 

func (j *JWTManager) ParseTokenWithoutValidation(tokenString string) (*Claims, error)

ParseTokenWithoutValidation parses a token WITHOUT verifying its signature.

WARNING: This method is UNSAFE for authentication or authorization decisions. Claims returned by this method have NOT been verified and may have been tampered with. Only use this for non-security-sensitive operations such as extracting claims from expired tokens for logging or token rotation. Never trust the returned claims for granting access or making security decisions.

func (*JWTManager) RefreshToken 

func (j *JWTManager) RefreshToken(refreshTokenString string, provider UserProvider) (string, error)

RefreshToken creates a new token from a refresh token

func (*JWTManager) RevokeToken 

func (j *JWTManager) RevokeToken(jti string, expiresAt ...time.Time)

RevokeToken adds token to blacklist. If expiresAt is provided, use it as the blacklist expiry; otherwise falls back to the access token TTL.

func (*JWTManager) SetBlacklistStore added in v0.9.2 

func (j *JWTManager) SetBlacklistStore(store BlacklistStore)

SetBlacklistStore replaces the blacklist store (e.g., swap in a Redis-backed store).

func (*JWTManager) ValidateToken 

func (j *JWTManager) ValidateToken(tokenString string) (*Claims, error)

ValidateToken validates a JWT token

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager manages multiple authentication guards

func GetManager 

func GetManager() (*Manager, error)

GetManager returns the global auth manager.

func NewManager 

func NewManager() *Manager

NewManager creates a new auth manager

func NewManagerFromConfig added in v0.9.5 

func NewManagerFromConfig(config Config) (*Manager, error)

NewManagerFromConfig creates a new Manager configured from the provided Config. This is the preferred way to create auth managers instead of using the global Init().

func (*Manager) Attempt added in v0.9.5 

func (m *Manager) Attempt(w http.ResponseWriter, r *http.Request, credentials map[string]interface{}, remember ...bool) (bool, error)

Attempt attempts login with credentials using the default guard.

func (*Manager) Check added in v0.9.5 

func (m *Manager) Check(r *http.Request) bool

Check returns true if the request is authenticated using the default guard.

func (*Manager) DefaultGuard 

func (m *Manager) DefaultGuard() (Guard, error)

DefaultGuard returns the default guard

func (*Manager) GetHasher added in v0.9.5 

func (m *Manager) GetHasher() Hasher

GetHasher returns the manager's hasher, falling back to a default bcrypt hasher.

func (*Manager) Guard 

func (m *Manager) Guard(name string) (Guard, error)

Guard returns a guard by name

func (*Manager) Hash added in v0.9.5 

func (m *Manager) Hash(password string) (string, error)

Hash hashes a password using the manager's hasher.

func (*Manager) ID added in v0.9.5 

func (m *Manager) ID(r *http.Request) interface{}

ID returns the authenticated user ID using the default guard.

func (*Manager) Login added in v0.9.5 

func (m *Manager) Login(w http.ResponseWriter, r *http.Request, user Authenticatable, remember ...bool) error

Login logs in a user using the default guard.

func (*Manager) Logout added in v0.9.5 

func (m *Manager) Logout(w http.ResponseWriter, r *http.Request) error

Logout logs out the user using the default guard.

func (*Manager) Provider 

func (m *Manager) Provider(name string) (UserProvider, error)

Provider returns a provider by name

func (*Manager) RegisterGuard 

func (m *Manager) RegisterGuard(name string, guard Guard)

RegisterGuard registers an authentication guard

func (*Manager) RegisterProvider 

func (m *Manager) RegisterProvider(name string, provider UserProvider)

RegisterProvider registers a user provider

func (*Manager) SetDefaultGuard 

func (m *Manager) SetDefaultGuard(name string)

SetDefaultGuard sets the default guard

func (*Manager) SetHasher added in v0.9.5 

func (m *Manager) SetHasher(h Hasher)

SetHasher sets the hasher on the manager.

func (*Manager) User added in v0.9.5 

func (m *Manager) User(r *http.Request) Authenticatable

User returns the authenticated user using the default guard.

func (*Manager) Verify added in v0.9.5 

func (m *Manager) Verify(password string, hash string) bool

Verify verifies a password against a hash using the manager's hasher.

type ORMUserProvider 

type ORMUserProvider struct {
	// contains filtered or unexported fields
}

ORMUserProvider provides users from ORM models

func NewORMUserProvider 

func NewORMUserProvider(modelType string) *ORMUserProvider

NewORMUserProvider creates a new ORM user provider

func (*ORMUserProvider) FindByCredentials 

func (p *ORMUserProvider) FindByCredentials(credentials map[string]interface{}) (Authenticatable, error)

FindByCredentials finds user by credentials (email/username)

func (*ORMUserProvider) FindByID 

func (p *ORMUserProvider) FindByID(id interface{}) (Authenticatable, error)

FindByID finds user by ID

func (*ORMUserProvider) UpdateRememberToken 

func (p *ORMUserProvider) UpdateRememberToken(user Authenticatable, token string) error

UpdateRememberToken updates user's remember token and persists it to the database.

func (*ORMUserProvider) ValidateCredentials 

func (p *ORMUserProvider) ValidateCredentials(user Authenticatable, credentials map[string]interface{}) bool

ValidateCredentials validates user credentials

type Policy added in v0.8.0 

type Policy interface {
	// Authorize checks if user can perform action on the resource
	Authorize(user Authenticatable, action string, resource interface{}) bool
}

Policy defines authorization logic for a specific resource type

type PolicyFunc added in v0.8.0 

type PolicyFunc func(user Authenticatable, action string, resource interface{}) bool

PolicyFunc is a function adapter for simple policies

func (PolicyFunc) Authorize added in v0.8.0 

func (f PolicyFunc) Authorize(user Authenticatable, action string, resource interface{}) bool

Authorize implements Policy interface

type ProviderConfig 

type ProviderConfig struct {
	Driver  string
	Model   string
	Options map[string]interface{}
}

ProviderConfig holds provider configuration

type ResourceLoader added in v0.8.0 

type ResourceLoader func(r *http.Request) (interface{}, error)

ResourceLoader loads a resource from request parameters

type RoleChecker added in v0.8.0 

type RoleChecker func(user Authenticatable, role string) bool

RoleChecker is a function that checks if a user has a role

type Session 

type Session interface {
	// Get session ID
	ID() string

	// Get value from session
	Get(key string) interface{}

	// Put value in session
	Put(key string, value interface{})

	// Has checks if key exists
	Has(key string) bool

	// Remove value from session
	Remove(key string)

	// Clear all session data
	Clear()

	// Regenerate session ID
	Regenerate() error

	// Invalidate session
	Invalidate() error

	// Flash messages
	Flash(key string, value interface{})
	GetFlash(key string) interface{}

	// Save session
	Save(w http.ResponseWriter) error
}

Session represents a user session

func GetSessionFromRequest 

func GetSessionFromRequest(r *http.Request, store SessionStore, name string) (Session, error)

GetSessionFromRequest gets session from request

type SessionConfig 

type SessionConfig struct {
	Driver   string
	Name     string
	Lifetime int // Minutes
	Path     string
	Domain   string
	Secure   bool
	HttpOnly bool
	SameSite http.SameSite
}

SessionConfig holds session configuration

func NewSessionConfigFromEnv 

func NewSessionConfigFromEnv() SessionConfig

NewSessionConfigFromEnv creates a SessionConfig from environment variables

type SessionStore 

type SessionStore interface {
	// Create a new session
	Create(id string) (Session, error)

	// Get session by ID
	Get(r *http.Request, id string) (Session, error)

	// Save session
	Save(w http.ResponseWriter, session Session) error

	// Destroy session
	Destroy(id string) error

	// Garbage collection
	GarbageCollect(maxLifetime time.Duration) error
}

SessionStore handles session storage

type UserGate added in v0.8.0 

type UserGate struct {
	// contains filtered or unexported fields
}

UserGate provides authorization methods for a specific user

func ForRequest added in v0.8.0 

func ForRequest(r *http.Request) *UserGate

ForRequest creates a user-scoped gate for the authenticated user

func (*UserGate) Allows added in v0.8.0 

func (ug *UserGate) Allows(ability string, args ...interface{}) bool

Allows checks if the user is allowed to perform an ability

func (*UserGate) Authorize added in v0.8.0 

func (ug *UserGate) Authorize(ability string, args ...interface{}) error

Authorize checks authorization and returns an error if denied

func (*UserGate) Can added in v0.8.0 

func (ug *UserGate) Can(ability string, args ...interface{}) bool

Can is an alias for Allows

func (*UserGate) Cannot added in v0.8.0 

func (ug *UserGate) Cannot(ability string, args ...interface{}) bool

Cannot is an alias for Denies

func (*UserGate) Denies added in v0.8.0 

func (ug *UserGate) Denies(ability string, args ...interface{}) bool

Denies checks if the user is denied from performing an ability

type UserProvider 

type UserProvider interface {
	// Retrieve user by ID
	FindByID(id interface{}) (Authenticatable, error)

	// Retrieve user by credentials
	FindByCredentials(credentials map[string]interface{}) (Authenticatable, error)

	// Validate user credentials
	ValidateCredentials(user Authenticatable, credentials map[string]interface{}) bool

	// Update remember token
	UpdateRememberToken(user Authenticatable, token string) error
}

UserProvider handles user retrieval and validation

Source Files

View all Source files

Directories

Path Synopsis
drivers
guards
session

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.