Preparing for generics

server/auth/auth.go

@@ -13,7 +13,7 @@ var (
 	ErrNoUserForSession = errors.New(`no user for session token`)
 )
 
-// Authenticator handles cookies, authentication and authorization of http routes by providing middlewares, logint/logout methods, user sessions and retriving the userID of an authenticated request.
+// Authenticator should be used by clients to provide authentication functions and mapping of session tokens to users
 type Authenticator interface {
 	// CheckUserPassword is called to login a user and create a corresponding session, see also "SessionTokenFromUser"
 	CheckUserPassword(userID string, password string) error
@@ -32,7 +32,7 @@ type Authenticator interface {
 	OtherError(error) http.Handler
 }
 
-// MiddlewareConfig configures the middleware to only accept logged users (if "RequireLogged" is true) and with certain permissions (user must have all permissions inside "WithPermissions")
+// MiddlewareConfig configures the middleware to only accept logged users (if "RequireLogged" is true) and with certain permissions (user must have all permissions inside "NeedPermissions")
 type MiddlewareConfig struct {
 	// RequireLogged rejects not logged users if true
 	RequireLogged bool
@@ -41,15 +41,25 @@ type MiddlewareConfig struct {
 	NeedPermissions []string
 }
 
-// AuthService is the spec of this library
+// AuthSessionService given an Authenticator provides functions to login and logout users and an http.Handler middleware that accept users based on permissions and login status
 type AuthSessionService struct {
-	SessionCookieName string
+	SessionCookieName     string
+	SessionCookiePath     string
+	SessionCookieDuration time.Duration
+
 	Authenticator
 }
 
-// NewAuthSessionService creates a new *AuthSessionService with a default session cookie name
+// NewAuthSessionService creates a new "*AuthSessionService" with a default session cookie name and path
 func NewAuthSessionService(auth Authenticator) *AuthSessionService {
-	return &AuthSessionService{"session", auth}
+	oneWeek := 7 * 24 * time.Hour
+
+	return &AuthSessionService{
+		"session",
+		"/",
+		oneWeek,
+		auth,
+	}
 }
 
 // Login tries to login a user given its id and password
@@ -65,9 +75,9 @@ func (service *AuthSessionService) Login(w http.ResponseWriter, userID, password
 
 	http.SetCookie(w, &http.Cookie{
 		Name:    service.SessionCookieName,
-		Path:    "/", // TODO: Make configurable
+		Path:    service.SessionCookiePath,
 		Value:   token,
-		Expires: time.Now().Add(7 * 24 * time.Hour), // TODO: Make configurable
+		Expires: time.Now().Add(service.SessionCookieDuration),
 	})
 
 	return nil
@@ -77,13 +87,13 @@ func (service *AuthSessionService) Login(w http.ResponseWriter, userID, password
 func (service *AuthSessionService) Logout(w http.ResponseWriter) {
 	http.SetCookie(w, &http.Cookie{
 		Name:    service.SessionCookieName,
-		Path:    "/",
+		Path:    service.SessionCookiePath,
 		Value:   "",
 		Expires: time.Now(),
 	})
 }
 
-// Middleware checks if the user is logged or not and if the user has all the permissions set in "config.WithPermissions"
+// Middleware returns an http middleware that accepts users based on login status and permissions
 func (service *AuthSessionService) Middleware(config *MiddlewareConfig) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -157,7 +167,7 @@ func (service *AuthSessionService) Middleware(config *MiddlewareConfig) func(htt
 //
 //	Middleware(*AuthMiddlewareConfig)
 //
-// that checks if a user is logged, no extra permissions are checked
+// that only accepts logged in users, no special permissions are checked
 func (service *AuthSessionService) LoggedMiddleware() func(http.Handler) http.Handler {
 	return service.Middleware(&MiddlewareConfig{
 		RequireLogged:   true,