diff --git a/server/auth/auth.go b/server/auth/auth.go index 0173ea2..ca0ade2 100644 --- a/server/auth/auth.go +++ b/server/auth/auth.go @@ -13,7 +13,7 @@ var ( ErrNoUserForSession = errors.New(`no user for session token`) ) -// Authenticator handles cookies, authentication and authorization of http routes by providing middlewares, logint/logout methods, user sessions and retriving the userID of an authenticated request. +// Authenticator should be used by clients to provide authentication functions and mapping of session tokens to users type Authenticator interface { // CheckUserPassword is called to login a user and create a corresponding session, see also "SessionTokenFromUser" CheckUserPassword(userID string, password string) error @@ -32,7 +32,7 @@ type Authenticator interface { OtherError(error) http.Handler } -// MiddlewareConfig configures the middleware to only accept logged users (if "RequireLogged" is true) and with certain permissions (user must have all permissions inside "WithPermissions") +// MiddlewareConfig configures the middleware to only accept logged users (if "RequireLogged" is true) and with certain permissions (user must have all permissions inside "NeedPermissions") type MiddlewareConfig struct { // RequireLogged rejects not logged users if true RequireLogged bool @@ -41,15 +41,25 @@ type MiddlewareConfig struct { NeedPermissions []string } -// AuthService is the spec of this library +// AuthSessionService given an Authenticator provides functions to login and logout users and an http.Handler middleware that accept users based on permissions and login status type AuthSessionService struct { - SessionCookieName string + SessionCookieName string + SessionCookiePath string + SessionCookieDuration time.Duration + Authenticator } -// NewAuthSessionService creates a new *AuthSessionService with a default session cookie name +// NewAuthSessionService creates a new "*AuthSessionService" with a default session cookie name and path func NewAuthSessionService(auth Authenticator) *AuthSessionService { - return &AuthSessionService{"session", auth} + oneWeek := 7 * 24 * time.Hour + + return &AuthSessionService{ + "session", + "/", + oneWeek, + auth, + } } // Login tries to login a user given its id and password @@ -65,9 +75,9 @@ func (service *AuthSessionService) Login(w http.ResponseWriter, userID, password http.SetCookie(w, &http.Cookie{ Name: service.SessionCookieName, - Path: "/", // TODO: Make configurable + Path: service.SessionCookiePath, Value: token, - Expires: time.Now().Add(7 * 24 * time.Hour), // TODO: Make configurable + Expires: time.Now().Add(service.SessionCookieDuration), }) return nil @@ -77,13 +87,13 @@ func (service *AuthSessionService) Login(w http.ResponseWriter, userID, password func (service *AuthSessionService) Logout(w http.ResponseWriter) { http.SetCookie(w, &http.Cookie{ Name: service.SessionCookieName, - Path: "/", + Path: service.SessionCookiePath, Value: "", Expires: time.Now(), }) } -// Middleware checks if the user is logged or not and if the user has all the permissions set in "config.WithPermissions" +// Middleware returns an http middleware that accepts users based on login status and permissions func (service *AuthSessionService) Middleware(config *MiddlewareConfig) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -157,7 +167,7 @@ func (service *AuthSessionService) Middleware(config *MiddlewareConfig) func(htt // // Middleware(*AuthMiddlewareConfig) // -// that checks if a user is logged, no extra permissions are checked +// that only accepts logged in users, no special permissions are checked func (service *AuthSessionService) LoggedMiddleware() func(http.Handler) http.Handler { return service.Middleware(&MiddlewareConfig{ RequireLogged: true,