Doc fixes and ensure proper default config

config.go

@@ -146,19 +146,23 @@ type Config struct {
 // Defaults sets the configuration's default values.
 func (c *Config) Defaults() {
 	c.Paths.Mount = "/auth"
-	c.Paths.RootURL = "http://localhost:8080"
 	c.Paths.AuthLoginOK = "/"
 	c.Paths.ConfirmOK = "/"
 	c.Paths.ConfirmNotOK = "/"
+	c.Paths.LockNotOK = "/"
 	c.Paths.LogoutOK = "/"
+	c.Paths.OAuth2LoginOK = "/"
+	c.Paths.OAuth2LoginNotOK = "/"
 	c.Paths.RecoverOK = "/"
 	c.Paths.RegisterOK = "/"
+	c.Paths.RootURL = "http://localhost:8080"
 
 	c.Modules.BCryptCost = bcrypt.DefaultCost
-	c.Modules.ExpireAfter = 60 * time.Minute
+	c.Modules.ExpireAfter = time.Hour
 	c.Modules.LockAfter = 3
 	c.Modules.LockWindow = 5 * time.Minute
-	c.Modules.LockDuration = 5 * time.Hour
+	c.Modules.LockDuration = 12 * time.Hour
 	c.Modules.LogoutMethod = "DELETE"
-	c.Modules.RecoverTokenDuration = time.Duration(24) * time.Hour
+	c.Modules.RecoverLoginAfterRecovery = false
+	c.Modules.RecoverTokenDuration = 24 * time.Hour
 }

lock/lock.go

@@ -154,12 +154,9 @@ func (l *Lock) Unlock(ctx context.Context, key string) error {
 	return l.Authboss.Config.Storage.Server.Save(ctx, lu)
 }
 
-// Middleware ensures that a user is confirmed, or else it will intercept the request
-// and send them to the confirm page, this will load the user if he's not been loaded
-// yet from the session.
-//
-// Panics if the user was not able to be loaded in order to allow a panic handler to show
-// a nice error page, also panics if it failed to redirect for whatever reason.
+// Middleware ensures that a user is not locked, or else it will intercept the request
+// and send them to the configured LockNotOK page, this will load the user if he's not been loaded
+// yet from the session. And panics if it cannot load the user.
 func Middleware(ab *authboss.Authboss) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {