forked from volatiletech/authboss
/
config.go
209 lines (182 loc) · 8.6 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
package authboss
import (
"html/template"
"io"
"io/ioutil"
"net/http"
"time"
"golang.org/x/crypto/bcrypt"
"golang.org/x/net/context"
)
// Config holds all the configuration for both authboss and it's modules.
type Config struct {
// MountPath is the path to mount authboss's routes at (eg /auth).
MountPath string
// ViewsPath is the path to search for overridden templates.
ViewsPath string
// RootURL is the scheme+host+port of the web application (eg https://www.happiness.com:8080) for url generation. No trailing slash.
RootURL string
// BCryptCost is the cost of the bcrypt password hashing function.
BCryptCost int
// PrimaryID is the primary identifier of the user. Set to one of:
// authboss.StoreEmail, authboss.StoreUsername (StoreEmail is default)
PrimaryID string
// Allow the user to be automatically signed in after confirm his account
AllowInsecureLoginAfterConfirm bool
// Allow the user to be automatically signed in after reset his password
AllowLoginAfterResetPassword bool
// Layout that all authboss views will be inserted into.
Layout *template.Template
// LayoutHTMLEmail is for emails going out in HTML form, authbosses e-mail templates
// will be inserted into this layout.
LayoutHTMLEmail *template.Template
// LayoutTextEmail is for emails going out in text form, authbosses e-mail templates
// will be inserted into this layout.
LayoutTextEmail *template.Template
// LayoutDataMaker is a function that can provide authboss with the layout's
// template data. It will be merged with the data being provided for the current
// view in order to render the templates.
LayoutDataMaker ViewDataMaker
// OAuth2Providers lists all providers that can be used. See
// OAuthProvider documentation for more details.
OAuth2Providers map[string]OAuth2Provider
// ErrorHandler handles would be 500 errors.
ErrorHandler http.Handler
// BadRequestHandler handles would be 400 errors.
BadRequestHandler http.Handler
// NotFoundHandler handles would be 404 errors.
NotFoundHandler http.Handler
// AuthLoginOKPath is the redirect path after a successful authentication.
AuthLoginOKPath string
// AuthLoginFailPath is the redirect path after a failed authentication.
AuthLoginFailPath string
// AuthLogoutOKPath is the redirect path after a log out.
AuthLogoutOKPath string
// RecoverOKPath is the redirect path after a successful recovery of a password.
RecoverOKPath string
// RecoverTokenDuration controls how long a token sent via email for password
// recovery is valid for.
RecoverTokenDuration time.Duration
// RegisterOKPath is the redirect path after a successful registration.
RegisterOKPath string
// Policies control validation of form fields and are automatically run
// against form posts that include the fields.
Policies []Validator
// ConfirmFields are fields that are supposed to be submitted with confirmation
// fields alongside them, passwords, emails etc.
ConfirmFields []string
// PreserveFields are fields used with registration that are to be rendered when
// post fails.
PreserveFields []string
// ExpireAfter controls the time an account is idle before being logged out
// by the ExpireMiddleware.
ExpireAfter time.Duration
// LockAfter this many tries.
LockAfter int
// LockWindow is the waiting time before the number of attemps are reset.
LockWindow time.Duration
// LockDuration is how long an account is locked for.
LockDuration time.Duration
// EmailFrom is the email address authboss e-mails come from.
EmailFrom string
// EmailSubjectPrefix is used to add something to the front of the authboss
// email subjects.
EmailSubjectPrefix string
// XSRFName is the name of the xsrf token to put in the hidden form fields.
XSRFName string
// XSRFMaker is a function that returns an xsrf token for the current non-POST request.
XSRFMaker XSRF
// Storer is the interface through which Authboss accesses the web apps database.
Storer Storer
// StoreMaker is an alternative to defining Storer directly, which facilitates creating
// a Storer on demand from the current http request. Unless you have an exceedingly unusual
// special requirement, defining Storer directly is the preferred pattern; literally the only
// known use case at the time of this property being added is Google App Engine, which requires
// the current context as an argument to its datastore API methods. To avoid passing StoreMaker
// an expired request object, where relevant, calls to this function will never be spun off as
// goroutines.
StoreMaker StoreMaker
// OAuth2Storer is a different kind of storer only meant for OAuth2.
OAuth2Storer OAuth2Storer
// OAuth2StoreMaker is an alternative to defining OAuth2Storer directly, which facilitates creating
// a OAuth2Storer on demand from the current http request. Unless you have an exceedingly unusual
// special requirement, defining OAuth2Storer directly is the preferred pattern; literally the only
// known use case at the time of this property being added is Google App Engine, which requires
// the current context as an argument to its datastore API methods. To avoid passing OAuth2StoreMaker
// an expired request object, where relevant, calls to this function will never be spun off as
// goroutines.
OAuth2StoreMaker OAuth2StoreMaker
// CookieStoreMaker must be defined to provide an interface capapable of storing cookies
// for the given response, and reading them from the request.
CookieStoreMaker CookieStoreMaker
// SessionStoreMaker must be defined to provide an interface capable of storing session-only
// values for the given response, and reading them from the request.
SessionStoreMaker SessionStoreMaker
// LogWriter is written to when errors occur, as well as on startup to show which modules are loaded
// and which routes they registered. By default writes to io.Discard.
LogWriter io.Writer
// LogWriteMaker is an alternative to defining LogWriter directly, which facilitates creating
// a LogWriter on demand from the current http request. Unless you have an exceedingly unusual
// special requirement, defining LogWriter directly is the preferred pattern; literally the only
// known use case at the time of this property being added is Google App Engine, which requires
// the current context as an argument to its logging API methods. To avoid passing LogWriteMaker
// an expired request object, where relevant, calls to this function will never be spun off as
// goroutines.
LogWriteMaker LogWriteMaker
// Mailer is the mailer being used to send e-mails out. Authboss defines two loggers for use
// LogMailer and SMTPMailer, the default is a LogMailer to io.Discard.
Mailer Mailer
// MailMaker is an alternative to defining Mailer directly, which facilitates creating
// a Mailer on demand from the current http request. Unless you have an exceedingly unusual
// special requirement, defining Mailer directly is the preferred pattern; literally the only
// known use case at the time of this property being added is Google App Engine, which requires
// the current context as an argument to its mail API methods. To avoid passing MailMaker
// an expired request object, where relevant, calls to this function will never be spun off as
// goroutines.
MailMaker MailMaker
// ContextProvider provides a context for a given request
ContextProvider func(*http.Request) context.Context
}
// Defaults sets the configuration's default values.
func (c *Config) Defaults() {
c.MountPath = "/"
c.ViewsPath = "./"
c.RootURL = "http://localhost:8080"
c.BCryptCost = bcrypt.DefaultCost
c.PrimaryID = StoreEmail
c.Layout = template.Must(template.New("").Parse(`<!DOCTYPE html><html><body>{{template "authboss" .}}</body></html>`))
c.LayoutHTMLEmail = template.Must(template.New("").Parse(`<!DOCTYPE html><html><body>{{template "authboss" .}}</body></html>`))
c.LayoutTextEmail = template.Must(template.New("").Parse(`{{template "authboss" .}}`))
c.AuthLoginOKPath = "/"
c.AuthLoginFailPath = "/"
c.AuthLogoutOKPath = "/"
c.RecoverOKPath = "/"
c.RecoverTokenDuration = time.Duration(24) * time.Hour
c.RegisterOKPath = "/"
c.Policies = []Validator{
Rules{
FieldName: "email",
Required: true,
AllowWhitespace: false,
},
Rules{
FieldName: "password",
Required: true,
MinLength: 4,
MaxLength: 8,
AllowWhitespace: false,
},
}
c.ConfirmFields = []string{
StorePassword, ConfirmPrefix + StorePassword,
}
c.ExpireAfter = 60 * time.Minute
c.LockAfter = 3
c.LockWindow = 5 * time.Minute
c.LockDuration = 5 * time.Hour
c.LogWriter = NewDefaultLogger()
c.Mailer = LogMailer(ioutil.Discard)
c.ContextProvider = func(req *http.Request) context.Context {
return context.TODO()
}
}