Package auth provides helpers for encryption, hashing and encoding.
Setup the package on startup
auth.HMACKey = auth.HexToBytes("myhmac_key_from_config")
auth.SecretKey = auth.HexToBytes("my_secret_key_from_config")
auth.SessionName = "my_cookie_name"
auth.SecureCookies = true
Use auth.HashPassword to encrypt and auth.CheckPassword to check hashed passwords (with bcrypt)
user.HashedPassword, err = auth.HashPassword(params.Get("password")
if err != nil {
return err
}
err = auth.CheckPassword(params.Get("password"), user.HashedPassword)
Use auth.Session to set and get values from cookies, encrypted with AES GCM.
// Build the session from the secure cookie, or create a new one
session, err := auth.Session(writer, request)
if err != nil {
return err
}
// Store something in the session
session.Set("my_key","my_value")
session.Save(writer)
Generate and compare random tokens in constant time using the crypto/rand and crypto/subtle packages.
// Generate a new token
token := auth.RandomToken(32)
// Check tokens
if auth.CheckRandomToken(tok1,tok2) {
// Tokens match
}
You can use auth/can (separately) to authorise access to resources.
To authorise actions:
// Add an authorisation for admins to manage the pages resource
can.Authorise(role.Admin, can.ManageResource, "pages")
To check authorisation in handlers:
// Check whether resource (conforming to can.Resource)
// can be managed by user (conforming to can.User)
can.Manage(resource,user)
// Interfaces for Users and Resources
// User defines the interface for users which must have numeric roles
type User interface {
RoleID() int64 // for role check
UserID() int64 // for ownership check
}
// Resource defines the interface for resources
type Resource interface {
OwnedBy(int64) bool // for ownership check, passed a UserID
ResourceID() string // for check against abilities registered on this resource
}