README
¶
session
Status: in development
Go Library for Typed HTTP sessions, either encrypted-cookie or DB based
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultCookieTemplate = &http.Cookie{ HttpOnly: true, Path: "/", SameSite: http.SameSiteLaxMode, }
var DefaultIdleTimeout = 24 * time.Hour
var DefaultKVStoreCookieOpts = &CookieOpts{
Name: "__Host-session-id",
Path: "/",
}
Functions ¶
This section is empty.
Types ¶
type AEAD ¶
type AEAD interface {
// Encrypt the plaintext
Encrypt(plaintext, associatedData []byte) ([]byte, error)
// Decrypt the cipertext
Decrypt(ciphertext, associatedData []byte) ([]byte, error)
}
AEAD defines the interface used for securing cookies. It matches the github.com/tink-crypto/tink-go/v2/tink.AEAD interface, and it is reccomended that tink is used to implement this.
type CookieOpts ¶
CookieOpts can be used to customize the cookie used for tracking sessions.
type KV ¶
type KV interface {
Get(_ context.Context, key string) (_ []byte, found bool, _ error)
Set(_ context.Context, key string, expiresAt time.Time, value []byte) error
Delete(_ context.Context, key string) error
}
func NewMemoryKV ¶
func NewMemoryKV() KV
type KVStore ¶
type KVStore struct {
// contains filtered or unexported fields
}
func NewKVStore ¶
func NewKVStore(kv KV, opts *KVStoreOpts) (*KVStore, error)
func (*KVStore) DeleteSession ¶
DeleteSession deletes the session.
func (*KVStore) GetSession ¶
GetSession loads and unmarshals the session in to into
type KVStoreOpts ¶
type KVStoreOpts struct {
CookieOpts *CookieOpts
}
type Manager ¶
type Manager[T any] struct { // contains filtered or unexported fields }
Manager is used to automatically manage a typed session. It wraps handlers, and loads/saves the session type as needed. It provides methods to interact with the session.
func NewManager ¶
func NewManager[T any, PtrT interface { *T }](s Store, opts *ManagerOpts[PtrT]) (*Manager[PtrT], error)
func (*Manager[T]) Delete ¶
Delete marks the session for deletion at the end of the request, and discards the current session's data.
func (*Manager[T]) Get ¶
Get returns a pointer to the current session. exist indicates if an existing session was loaded, otherwise a new session was started
func (*Manager[T]) Reset ¶
Reset rotates the session ID. Used to avoid session fixation, should be called on privilege elevation. This should be called at the end of a request. If this is not supported by the store, this will no-op.
type ManagerOpts ¶
type Store ¶
type Store interface {
// GetSession loads the encoded data for a session from the request. If there is no
// session data, it should return nil.
GetSession(r *http.Request) ([]byte, error)
// PutSession saves a session. If a session exists it should be updated,
// otherwise a new session should be created. expiresAt indicates the time
// the data can be considered to be no longer used, and can be garbage
// collected.
PutSession(w http.ResponseWriter, r *http.Request, expiresAt time.Time, data []byte) error
// DeleteSession deletes the session.
DeleteSession(w http.ResponseWriter, r *http.Request) error
}
type TestResult ¶
type TestResult[T any] struct { // contains filtered or unexported fields }
func TestContext ¶
func TestContext[T any](mgr *Manager[T], ctx context.Context, sess T) (context.Context, *TestResult[T])
TestContext attaches a session to a context, to be used for testing. The returned TestResult can be used to verify the actions against the session
func (*TestResult[T]) Deleted ¶
func (t *TestResult[T]) Deleted() bool
func (*TestResult[T]) Reset ¶
func (t *TestResult[T]) Reset() bool
func (*TestResult[T]) Result ¶
func (t *TestResult[T]) Result() T
func (*TestResult[T]) Saved ¶
func (t *TestResult[T]) Saved() bool
Source Files
Directories