auth

package

v0.20.1 Latest Latest Go to latest Published: Oct 17, 2025 License: AGPL-3.0 Imports: 26 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

codeberg.org/superseriousbusiness/gotosocial

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Module
- func New(state *state.State, processor *processing.Processor, idp oidc.IDP) *Module

Constants ¶

View Source

const (
	AuthSignInPath          = "/sign_in"
	Auth2FAPath             = "/2fa"
	AuthCheckYourEmailPath  = "/check_your_email"
	AuthWaitForApprovalPath = "/wait_for_approval"
	AuthAccountDisabledPath = "/account_disabled"
	AuthCallbackPath        = "/callback"

	OauthAuthorizePath = "/authorize"
	OauthFinalizePath  = "/finalize"
	OauthOOBTokenPath  = "/oob"   // #nosec G101 else we get a hardcoded credentials warning
	OauthTokenPath     = "/token" // #nosec G101 else we get a hardcoded credentials warning
	OauthRevokePath    = "/revoke"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Module ¶

type Module struct {
	// contains filtered or unexported fields
}

func New ¶

func New(
	state *state.State,
	processor *processing.Processor,
	idp oidc.IDP,
) *Module

New returns an Auth module which provides both 'oauth' and 'auth' endpoints.

It is safe to pass a nil idp if oidc is disabled.

func (*Module) AuthorizeGETHandler ¶

func (m *Module) AuthorizeGETHandler(c *gin.Context)

AuthorizeGETHandler should be served as GET at https://example.org/oauth/authorize.

The idea here is to present an authorization page to the user, informing them of the scopes the application is requesting, with a button that they have to click to give it permission.

func (*Module) AuthorizePOSTHandler ¶

func (m *Module) AuthorizePOSTHandler(c *gin.Context)

AuthorizePOSTHandler should be served as POST at https://example.org/oauth/authorize.

At this point we assume that the user has signed in and permitted the app to act on their behalf. We should proceed with the authentication flow and generate an oauth code at the redirect URI.

func (*Module) CallbackGETHandler ¶

func (m *Module) CallbackGETHandler(c *gin.Context)

CallbackGETHandler parses a token from an external auth provider.

func (*Module) FinalizePOSTHandler ¶

func (m *Module) FinalizePOSTHandler(c *gin.Context)

FinalizePOSTHandler registers the user after additional data has been provided

func (*Module) OOBTokenGETHandler ¶

func (m *Module) OOBTokenGETHandler(c *gin.Context)

OOBTokenGETHandler parses the OAuth code from the query params and serves a nice little HTML page showing the code.

func (*Module) RouteAuth ¶

func (m *Module) RouteAuth(attachHandler func(method string, path string, f ...gin.HandlerFunc) gin.IRoutes)

RouteAuth routes all paths that should have an 'auth' prefix

func (*Module) RouteOAuth ¶

func (m *Module) RouteOAuth(attachHandler func(method string, path string, f ...gin.HandlerFunc) gin.IRoutes)

RouteOAuth routes all paths that should have an 'oauth' prefix

func (*Module) SignInGETHandler ¶

func (m *Module) SignInGETHandler(c *gin.Context)

SignInGETHandler should be served at GET https://example.org/auth/sign_in.

The idea is to present a friendly sign-in page to the user, where they can enter their username and password.

When submitted, the form will POST to the sign- in page, which will be handled by SignInPOSTHandler.

If an idp provider is set, then the user will be redirected to that to do their sign in.

func (*Module) SignInPOSTHandler ¶

func (m *Module) SignInPOSTHandler(c *gin.Context)

SignInPOSTHandler should be served at POST https://example.org/auth/sign_in.

The handler will check the submitted credentials, then redirect either to the 2fa form, or straight to the authorize page served at /oauth/authorize.

func (*Module) TokenPOSTHandler ¶

func (m *Module) TokenPOSTHandler(c *gin.Context)

TokenPOSTHandler should be served as a POST at https://example.org/oauth/token The idea here is to serve an oauth access token to a user, which can be used for authorizing against non-public APIs.

func (*Module) TokenRevokePOSTHandler ¶

func (m *Module) TokenRevokePOSTHandler(c *gin.Context)

TokenRevokePOSTHandler swagger:operation POST /oauth/revoke oauthTokenRevoke

Revoke an access token to make it no longer valid for use.

---
tags:
- oauth

consumes:
- multipart/form-data

produces:
- application/json

parameters:
-
	name: client_id
	in: formData
	description: The client ID, obtained during app registration.
	type: string
	required: true
-
	name: client_secret
	in: formData
	description: The client secret, obtained during app registration.
	type: string
	required: true
-
	name: token
	in: formData
	description: The previously obtained token, to be invalidated.
	type: string
	required: true

responses:
	'200':
		description: >-
			OK - If you own the provided token, the API call will provide OK and an empty response `{}`.
			This operation is idempotent, so calling this API multiple times will still return OK.
	'400':
		description: bad request
	'403':
		description: >-
			forbidden - If you provide a token you do not own, the API call will return a 403 error.
	'406':
		description: not acceptable
	'500':
		description: internal server error

func (*Module) TwoFactorCodeGETHandler ¶

func (m *Module) TwoFactorCodeGETHandler(c *gin.Context)

TwoFactorCodeGETHandler should be served at GET https://example.org/auth/2fa.

The 2fa template displays a simple form asking the user to input a code from their authenticator app.

func (*Module) TwoFactorCodePOSTHandler ¶

func (m *Module) TwoFactorCodePOSTHandler(c *gin.Context)

TwoFactorCodePOSTHandler should be served at POST https://example.org/auth/2fa.

The idea is to handle a submitted 2fa code, validate it, and if valid redirect to the /oauth/authorize page that the user would get to if they didn't have 2fa enabled.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL