authboss/config.go

package authboss

import (
	"time"
)

// Config holds all the configuration for both authboss and it's modules.
type Config struct {
	Paths struct {
		// Mount is the path to mount authboss's routes at (eg /auth).
		Mount string

		// AuthLoginOK is the redirect path after a successful authentication.
		AuthLoginOK string
		// AuthLoginFail is the redirect path after a failed authentication.
		AuthLoginFail string
		// AuthLogoutOK is the redirect path after a log out.
		AuthLogoutOK string

		// RecoverOK is the redirect path after a successful recovery of a password.
		RecoverOK string

		// RegisterOK is the redirect path after a successful registration.
		RegisterOK string

		// RootURL is the scheme+host+port of the web application (eg https://www.happiness.com:8080) for url generation. No trailing slash.
		RootURL string
	}

	Modules struct {
		// BCryptCost is the cost of the bcrypt password hashing function.
		AuthBCryptCost int

		// LogoutMethod is the method the logout route should use (default should be DELETE)
		LogoutMethod string

		// OAuth2Providers lists all providers that can be used. See
		// OAuthProvider documentation for more details.
		OAuth2Providers map[string]OAuth2Provider

		// PreserveFields are fields used with registration that are to be rendered when
		// post fails.
		PreserveFields []string

		// ExpireAfter controls the time an account is idle before being logged out
		// by the ExpireMiddleware.
		ExpireAfter time.Duration

		// RecoverTokenDuration controls how long a token sent via email for password
		// recovery is valid for.
		RecoverTokenDuration time.Duration

		// LockAfter this many tries.
		LockAfter int
		// LockWindow is the waiting time before the number of attemps are reset.
		LockWindow time.Duration
		// LockDuration is how long an account is locked for.
		LockDuration time.Duration
	}

	Mail struct {
		// From is the email address authboss e-mails come from.
		From string
		// SubjectPrefix is used to add something to the front of the authboss
		// email subjects.
		SubjectPrefix string
	}

	Storage struct {
		// Storer is the interface through which Authboss accesses the web apps database
		// for user operations.
		Server ServerStorer

		// CookieState must be defined to provide an interface capapable of
		// storing cookies for the given response, and reading them from the request.
		CookieState ClientStateReadWriter
		// SessionState must be defined to provide an interface capable of
		// storing session-only values for the given response, and reading them
		// from the request.
		SessionState ClientStateReadWriter
	}

	Core struct {
		// Router is the entity that controls all routing to authboss routes
		// modules will register their routes with it.
		Router Router

		// Responder takes a generic response from a controller and prepares
		// the response, uses a renderer to create the body, and replies to the
		// http request.
		Responder HTTPResponder

		// Redirector can redirect a response, similar to Responder but responsible
		// only for redirection.
		Redirector HTTPRedirector

		// Validator helps validate an http request, it's given a name that describes
		// the form it's validating so that conditional logic may be applied.
		Validator Validator

		// ViewRenderer loads the templates for the application.
		ViewRenderer Renderer
		// MailRenderer loads the templates for mail. If this is nil, it will
		// fall back to using the Renderer created from the ViewLoader instead.
		MailRenderer Renderer

		// Mailer is the mailer being used to send e-mails out via smtp
		Mailer Mailer

		// Logger implies just a few log levels for use, can optionally
		// also implement the ContextLogger to be able to upgrade to a
		// request specific logger.
		Logger Logger
	}
}

// Defaults sets the configuration's default values.
func (c *Config) Defaults() {
	/*c.MountPath = "/"
	c.ViewsPath = "./"
	c.RootURL = "http://localhost:8080"
	c.BCryptCost = bcrypt.DefaultCost

	c.PrimaryID = StoreEmail

	c.AuthLoginOKPath = "/"
	c.AuthLoginFailPath = "/"
	c.AuthLogoutOKPath = "/"

	c.RecoverOKPath = "/"
	c.RecoverTokenDuration = time.Duration(24) * time.Hour

	c.RegisterOKPath = "/"

	c.Policies = []Validator{
		Rules{
			FieldName:       "email",
			Required:        true,
			AllowWhitespace: false,
		},
		Rules{
			FieldName:       "password",
			Required:        true,
			MinLength:       4,
			MaxLength:       8,
			AllowWhitespace: false,
		},
	}
	c.ConfirmFields = []string{
		StorePassword, ConfirmPrefix + StorePassword,
	}

	c.ExpireAfter = 60 * time.Minute

	c.LockAfter = 3
	c.LockWindow = 5 * time.Minute
	c.LockDuration = 5 * time.Hour

	c.LogWriter = NewDefaultLogger()
	c.Mailer = LogMailer(ioutil.Discard)
	c.ContextProvider = func(req *http.Request) context.Context {
		return context.TODO()
	}*/
}
Add some more infrastructure. - Add module system. - Add storer interface. 2015-01-03 12:03:57 -08:00			`package authboss`

Add a lot of module related stuff. - Leave a failing test to make hate not love. 2015-01-05 00:18:41 -08:00			`import (`
Add beginnings of lock package. - Adjust configuration for some lock variables and better XML Names. 2015-01-23 16:25:12 -08:00			`"time"`
First part of recover module reworking 2015-02-08 23:08:33 -08:00			`)`

Add a lot of module related stuff. - Leave a failing test to make hate not love. 2015-01-05 00:18:41 -08:00			`// Config holds all the configuration for both authboss and it's modules.`
started work on auth module. redefined how configuration is going to work and where core is going to reside 2015-01-04 10:33:53 -08:00			`type Config struct {`
Get tests working after latest refactors - Change changelog format to use keepachangelog standard - Refactor the config to be made of substructs to help organize all the pieces - Add the new interfaces to the configuration - Clean up module loading (no unnecessary reflection to create new value) - Change User interface to have a Get/SetPID not E-mail/Username, this way we don't ever have to refer to one or the other, we just always assume pid. In the case of Confirm/Recover we'll have to make a GetEmail or there won't be a way for us to get the e-mail to send to. - Delete the xsrf nonsense in the core 2018-02-01 15:42:48 -08:00			`Paths struct {`
			`// Mount is the path to mount authboss's routes at (eg /auth).`
			`Mount string`

			`// AuthLoginOK is the redirect path after a successful authentication.`
			`AuthLoginOK string`
			`// AuthLoginFail is the redirect path after a failed authentication.`
			`AuthLoginFail string`
			`// AuthLogoutOK is the redirect path after a log out.`
			`AuthLogoutOK string`

			`// RecoverOK is the redirect path after a successful recovery of a password.`
			`RecoverOK string`

			`// RegisterOK is the redirect path after a successful registration.`
			`RegisterOK string`

			`// RootURL is the scheme+host+port of the web application (eg https://www.happiness.com:8080) for url generation. No trailing slash.`
			`RootURL string`
			`}`

			`Modules struct {`
			`// BCryptCost is the cost of the bcrypt password hashing function.`
Work on the auth module - Move more *User interfaces into storage.go, no need for them to be in each individual module. 2018-02-01 17:23:31 -08:00			`AuthBCryptCost int`

			`// LogoutMethod is the method the logout route should use (default should be DELETE)`
			`LogoutMethod string`
Get tests working after latest refactors - Change changelog format to use keepachangelog standard - Refactor the config to be made of substructs to help organize all the pieces - Add the new interfaces to the configuration - Clean up module loading (no unnecessary reflection to create new value) - Change User interface to have a Get/SetPID not E-mail/Username, this way we don't ever have to refer to one or the other, we just always assume pid. In the case of Confirm/Recover we'll have to make a GetEmail or there won't be a way for us to get the e-mail to send to. - Delete the xsrf nonsense in the core 2018-02-01 15:42:48 -08:00
			`// OAuth2Providers lists all providers that can be used. See`
			`// OAuthProvider documentation for more details.`
			`OAuth2Providers map[string]OAuth2Provider`

			`// PreserveFields are fields used with registration that are to be rendered when`
			`// post fails.`
			`PreserveFields []string`

			`// ExpireAfter controls the time an account is idle before being logged out`
			`// by the ExpireMiddleware.`
			`ExpireAfter time.Duration`

			`// RecoverTokenDuration controls how long a token sent via email for password`
			`// recovery is valid for.`
			`RecoverTokenDuration time.Duration`

			`// LockAfter this many tries.`
			`LockAfter int`
			`// LockWindow is the waiting time before the number of attemps are reset.`
			`LockWindow time.Duration`
			`// LockDuration is how long an account is locked for.`
			`LockDuration time.Duration`
			`}`

			`Mail struct {`
			`// From is the email address authboss e-mails come from.`
			`From string`
			`// SubjectPrefix is used to add something to the front of the authboss`
			`// email subjects.`
			`SubjectPrefix string`
			`}`

			`Storage struct {`
			`// Storer is the interface through which Authboss accesses the web apps database`
			`// for user operations.`
			`Server ServerStorer`

			`// CookieState must be defined to provide an interface capapable of`
			`// storing cookies for the given response, and reading them from the request.`
			`CookieState ClientStateReadWriter`
			`// SessionState must be defined to provide an interface capable of`
			`// storing session-only values for the given response, and reading them`
			`// from the request.`
			`SessionState ClientStateReadWriter`
			`}`

			`Core struct {`
			`// Router is the entity that controls all routing to authboss routes`
			`// modules will register their routes with it.`
			`Router Router`

			`// Responder takes a generic response from a controller and prepares`
			`// the response, uses a renderer to create the body, and replies to the`
			`// http request.`
			`Responder HTTPResponder`

			`// Redirector can redirect a response, similar to Responder but responsible`
			`// only for redirection.`
			`Redirector HTTPRedirector`

			`// Validator helps validate an http request, it's given a name that describes`
			`// the form it's validating so that conditional logic may be applied.`
			`Validator Validator`

			`// ViewRenderer loads the templates for the application.`
			`ViewRenderer Renderer`
			`// MailRenderer loads the templates for mail. If this is nil, it will`
			`// fall back to using the Renderer created from the ViewLoader instead.`
			`MailRenderer Renderer`

			`// Mailer is the mailer being used to send e-mails out via smtp`
			`Mailer Mailer`

Abstract logger and error handling - Replace the old logging mechanisms with a leveled one. This is important as authboss needs to start saying a lot more about what's happening in the Info log, which will end up like Debug but that's okay. - Replace the error handling mechanisms with something different. This allows people to define their own error handlers. 2018-02-02 12:11:47 -08:00			`// Logger implies just a few log levels for use, can optionally`
			`// also implement the ContextLogger to be able to upgrade to a`
			`// request specific logger.`
			`Logger Logger`
Get tests working after latest refactors - Change changelog format to use keepachangelog standard - Refactor the config to be made of substructs to help organize all the pieces - Add the new interfaces to the configuration - Clean up module loading (no unnecessary reflection to create new value) - Change User interface to have a Get/SetPID not E-mail/Username, this way we don't ever have to refer to one or the other, we just always assume pid. In the case of Confirm/Recover we'll have to make a GetEmail or there won't be a way for us to get the e-mail to send to. - Delete the xsrf nonsense in the core 2018-02-01 15:42:48 -08:00			`}`
Add a lot of module related stuff. - Leave a failing test to make hate not love. 2015-01-05 00:18:41 -08:00			`}`
started work on auth module. redefined how configuration is going to work and where core is going to reside 2015-01-04 10:33:53 -08:00
Stop reliance on global scope. - This change was necessary because multi-tenancy sites could not use authboss properly. 2015-03-31 12:34:03 -07:00			`// Defaults sets the configuration's default values.`
			`func (c *Config) Defaults() {`
Start moving default implementations 2018-01-29 13:14:55 -08:00			`/*c.MountPath = "/"`
Stop reliance on global scope. - This change was necessary because multi-tenancy sites could not use authboss properly. 2015-03-31 12:34:03 -07:00			`c.ViewsPath = "./"`
			`c.RootURL = "http://localhost:8080"`
			`c.BCryptCost = bcrypt.DefaultCost`

			`c.PrimaryID = StoreEmail`

			`c.AuthLoginOKPath = "/"`
			`c.AuthLoginFailPath = "/"`
			`c.AuthLogoutOKPath = "/"`

			`c.RecoverOKPath = "/"`
			`c.RecoverTokenDuration = time.Duration(24) * time.Hour`

			`c.RegisterOKPath = "/"`

			`c.Policies = []Validator{`
			`Rules{`
Fix default validators to be inline with default primary ID 2015-06-04 13:34:29 -07:00			`FieldName: "email",`
Stop reliance on global scope. - This change was necessary because multi-tenancy sites could not use authboss properly. 2015-03-31 12:34:03 -07:00			`Required: true,`
			`AllowWhitespace: false,`
Reworking recover module 2015-01-30 15:38:28 -08:00			`},`
Stop reliance on global scope. - This change was necessary because multi-tenancy sites could not use authboss properly. 2015-03-31 12:34:03 -07:00			`Rules{`
			`FieldName: "password",`
			`Required: true,`
			`MinLength: 4,`
			`MaxLength: 8,`
			`AllowWhitespace: false,`
Add PrimaryID to the system. - Fix #17 2015-02-22 13:16:11 -08:00			`},`
Stop reliance on global scope. - This change was necessary because multi-tenancy sites could not use authboss properly. 2015-03-31 12:34:03 -07:00			`}`
			`c.ConfirmFields = []string{`
			`StorePassword, ConfirmPrefix + StorePassword,`
			`}`
Reworking recover module 2015-01-30 15:38:28 -08:00
Stop reliance on global scope. - This change was necessary because multi-tenancy sites could not use authboss properly. 2015-03-31 12:34:03 -07:00			`c.ExpireAfter = 60 * time.Minute`
Move create from Storer to RegisterStorer - Fixed the qq tests - Removed all module singletons 2015-02-26 23:09:37 -08:00
Stop reliance on global scope. - This change was necessary because multi-tenancy sites could not use authboss properly. 2015-03-31 12:34:03 -07:00			`c.LockAfter = 3`
			`c.LockWindow = 5 * time.Minute`
			`c.LockDuration = 5 * time.Hour`
Update config documentation. - Fix #47: Remove ModuleAttrMeta from Storers. Rename to ModuleAttributes. - Add some additional deafult values to config. 2015-03-15 08:31:48 -07:00
Stop reliance on global scope. - This change was necessary because multi-tenancy sites could not use authboss properly. 2015-03-31 12:34:03 -07:00			`c.LogWriter = NewDefaultLogger()`
			`c.Mailer = LogMailer(ioutil.Discard)`
Fix a problem with not getting the correct Context when running on Google App Engine 2015-09-11 16:03:05 +02:00			`c.ContextProvider = func(req *http.Request) context.Context {`
			`return context.TODO()`
Start moving default implementations 2018-01-29 13:14:55 -08:00			`}*/`
started work on auth module. redefined how configuration is going to work and where core is going to reside 2015-01-04 10:33:53 -08:00			`}`