- Remove a test that was obsoleted by optimizations. Not 100% sure this
is correct, but it seems like if nothing has changed since the
previous session/cookie read then we shouldn't need to write any new
headers for them. This is especially true in the typical "I use
cookies for everything" use case, but may not be true of other use
cases... Remains to be seen. Since they're optimizations they should
be able to removed "safely" later.
- Add a ClientStateMiddleware that loads the client state into the
request context and prepares a ClientStateResponseWriter for
downstream handlers
- Clean up some of the handling around session and cookie state, for
example don't write if there are no events to be processed
- Redo the Defaultts() method for config to be useful again.
- Prefix LogoutMethod with Auth to be consistent
Discovered many problems with the abstractions along the way
and did small fixes to get to the end of the auth module.
- Use more constants for random strings
- Create forcing functions to deal with the upgrades to different
interfaces
In order to support multiple different types of requests, there needed
to be an interface to be able to read values from a request, and
subsequently validate them to return any errors.
So we've adjusted the Validator interface to no longer validate a
request but instead validate the object it lives on.
And we've created a new BodyReader interface.
- Replace the old logging mechanisms with a leveled one. This is
important as authboss needs to start saying a lot more about what's
happening in the Info log, which will end up like Debug but that's
okay.
- Replace the error handling mechanisms with something different. This
allows people to define their own error handlers.
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
way we don't ever have to refer to one or the other, we just always
assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
- Delete callbacks tests
- Remove some useless code (SendMail), as well as some extra arguments
in certain functions that didn't require them.
- Remove tests for more code that has been moved to default
implementations
- Make the default responder aggregate data, this allows aggregation of
data from various middlewares like csrf or extra data for the layout
without having to have an extra callback function like LayoutDataMaker
or CRSFMaker
- Document more things
- Remove module code
- Remove callbacks code
- Remove data makers, flash messages, and context providers in exchange
for middlewares that use context (unwritten)
- Move more implementations (responses, redirector, router) to defaults
package
- Rename key interfaces (again), Storer -> User, StoreLoader ->
ServerStorer (opposite of ClientStateStorer) if this is the last time
I rename these I'll be shocked
- This addresses the problem of having to update multiple times during
one request. It's hard to have a nice interface especially with JWT
because you always end up having to decode the request, encode new
response, write header, then a second write to it comes, and where do
you grab the value from? Often you don't have access to the response
as a "read" structure. So we store it as events instead, and play
those events against the original data right before the response is
written to set the headers.
- Change response to be more central to Authboss. Make sure it has
useful methods and works with the new rendering idioms.
- Change the load user methods to all work with context keys, and even
be able to set context keys on the current request to avoid setting
contexts everywhere in the code base.
