github.com/smhanov/auth

auth

Package auth provides boring user authentication code for golang.

Download:

go get github.com/smhanov/auth

Package auth provides boring user authentication code for golang.

Because I'm tired of writing the same things over and over again.

Provides a complete user authentication system, including:

• Email / password

• Facebook / Google authentication

• SAML authentication, redirecting to the appropriate authority by email address. Users can have different SSO providers.

• Change of password / email

• Forgotten passwords

• Rate limiting requests

Tested with SQLITE and Postgresql. To use it, create a database using the sqlx module, and then create an auth.UserDB from that, and then call auth.New() to create an HTTP handler for "/user/" (note the trailing slash). It provides the following endpoints which work with GET and POST. It also allows CORS and OPTIONS requests.

All HTTP responses might have the additional "Status" header which is a user-readable explanation of what went wrong.

Auth

/user/auth has two cases. In case one, pass "email" and "password" and you will receive either an HTTP error, or the UserInfo structure.

In the second case, use "method" and "token" to perform oauth authentication. This will either sign in or create a new user. If the method is "facebook" or "google" then the token is used to get the user's email from the authority's servers.

Create

/user/create will create a password user, using the "email" and "password".

Get

/user/get will retrieve the user's information and return it as JSON, or return code 401 if not signed in.

Signout

/user/signout will forget the user's session cookie. It always returns code 200

Update

/user/update takes two parameters, "email" and "password". If email is non-blank, it changes the user's email. If password is non-blank, it changes the password.

Oauth add

/user/oauth/add performs takes three parameters, "method", "token" and "update_email". It performs oauth authentication and adds the authentication to the user's account so they can later sign in. If "update_email" is true, it also changes the user's email address to the one provided by the oauth provider.

Oauth remove

/user/oauth/remove removes the oauth method from the user's account. The only parameter is "method" which can be "facebook" or "google"

Forgot password

/user/forgotpassword just takes an "email" parameter and "url". If the user exists in the system, it sends an email with the password reset token to the user's email address. Otherwise it returns a sensible error message in the Status header.

The url parameter must have "${TOKEN}" in it which is replaced with the token generated in the email message.

Reset password

/user/resetpassword takes the "token" parameter and "password". It will update the user's password and also sign them in, returning UserInfo.

Database tables

Auth will automatically create database tables if they do not exist to hold users, sessions, oauth data, and password reset tokens. Passwords are stored as salted values returned by bcrypt. You can see the schema in schema.go

Automatically generated by autoreadme on 2019.04.11