Skip to content
forked from apexskier/httpauth

Go (lang) HTTP session authentication

License

Notifications You must be signed in to change notification settings

lootch/httpauth

Repository files navigation

Go Session Authentication

Build Status Coverage GoDoc ![https://img.shields.io/badge/version-2.0.0-lightgrey.svg]

NOTE: If upgrading from prior to a66ab9d137543fc0c3e56c6fe5d7d377c93087f6, you will need to regenerate password hashes.

This package uses the Gorilla web toolkit's sessions package to implement a user authentication and authorization system for Go web servers.

Multiple user data storage backends are available, and new ones can be implemented relatively easily.

Access can be restricted by a users' role.

Uses bcrypt for password hashing.

var (
    aaa httpauth.Authorizer
)

func login(rw http.ResponseWriter, req *http.Request) {
    username := req.PostFormValue("username")
    password := req.PostFormValue("password")
    if err := aaa.Login(rw, req, username, password, "/"); err != nil && err.Error() == "already authenticated" {
        http.Redirect(rw, req, "/", http.StatusSeeOther)
    } else if err != nil {
        fmt.Println(err)
        http.Redirect(rw, req, "/login", http.StatusSeeOther)
    }
}

Run go run server.go from the examples directory and visit localhost:8009 for an example. You can login with the username and password "admin".

Tests can be run by simulating Travis CI's build environment. There's a very unsafe script --- start-test-env.sh that will do this for you.

You should follow me on Twitter. Appreciate this package? Buy me a drink!

TODO

  • User roles - modification
  • SMTP email validation (key based)
  • More backends
  • Possible remove dependance on bcrypt

About

Go (lang) HTTP session authentication

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 98.8%
  • Shell 1.2%