volatiletech / authboss Goto Github PK
View Code? Open in Web Editor NEWThe boss of http auth.
License: MIT License
The boss of http auth.
License: MIT License
Both should be overridden using the same template system for web views. This makes the overall integration experience easier.
TokenStorer, RecoverStorer, and ConfrmStorer should be moved from storer.go to their respective modules.
Allows users to reset their passwords, which will create a unique token for the password reset request, send it to the e-mail registered, and allow a user to reset their password with use of the token.
A generic approach to storing and retrieving the information we need. Each one of these things must be separate but hopefully use the same standard interface.
User information (email, password, auth tokens, etc etc)
Cookie information (some people store these in DB, in files, etc)
Secrets
We could also provide some common storage implementations like Go's sql.DB for sqlite3, mysql and postgres and keep them in a subpackage like /storers. Mongo can be in there too ^_^
Sets an expiry on the user's log in sessions beyond their session cookies.
At least need a 500 page
Responsible for:
Does this really need PrimaryID AND Email? Just not sure.
Does user/email/password validation.
A generic approach to storing and retrieving the information we need. Each one of these things must be separate but hopefully use the same standard interface.
User information (email, password, auth tokens, etc etc)
Cookie information (some people store these in DB, in files, etc)
Secrets
We could also provide some common storage implementations like Go's sql.DB for sqlite3, mysql and postgres and keep them in a subpackage like /storers. Mongo can be in there too ^_^
Make them have context
Why does this exist? Shouldn't it always just refresh the page with validation errors etc?
This will allow use to work with SQLDriver values like NullString and NullTime
When requested, a user who is signing in will be remembered by a unique token that's given to the user.
Instead of Authenticating with email & password, the token is used, it is deleted and a new one is given.
Care must be given to flagging the logged in session as not half-authed. To disallow entry to sensitive areas without full-authentication.
How do we handle expired tokens on the Storer side of the equation.
RememberMe
Expire
Lock
Register
Confirm
Auth
Validate
How do users reset their password in a normal flow? Do they really have to go through recover and getting e-mails etc? Or are we leaving all user editing up to the other person, who then now has to know about authboss semantics such as if you update a password it should invalidate all remember me tokens, and bcrypt the password with the correct configured strength.
This requires us to bail ship on parallel testing.
Locks out users who try to fail authentication. Should accept parameters for reset times, number of failures, duration of lockout etc.
Responsible for:
Let's find out ^_^
I think it shouldn't be rendering tmpl.Name() but just the name of the layout, which we'd need to save somehow.
Session Vars and User Var lookups (should return err if nil|len=0)
str, err := User.StringErr()
if err != nil {
return err // err is authboss.AttributeErr
}
authboss.ClientDataErr // session & cookie store helpers should return this :D
Redirect (on success) -> Leave it
func FlashRedirect(w, "/", "", "")
func Redirect(w, "/")
Redirect (on failure) -> Get router to handle this as en error type
func RedirectErr(w, r, "/", "login successful", "") (flash messages, go to endpoint)
Render things that handle errors better.
data = data.Merge("username", username).FlashSuccess(ctx, "lol")
func views.Render(w, r, templName, data) err (authboss.RenderErr)
Tidy up callbacks & handler (both need to return error, callbacks need to stop execution with ok, not error)
clean up e-mailers in confirm & recover to use same code
Remember module has a comparison of hashed values (technically a password).
So does Recovery
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.