Waylon  Bruen

Waylon Bruen

1646852100

Sessionup: Straightforward HTTP Session Management

sessionup 🚀

Simple, yet effective HTTP session management and identification package

Features

  • Effortless session management:
    • Initialization.
    • Request authentication.
    • Retrieval of all sessions.
    • Revokation of the current session.
    • Revokation of all other sessions.
    • Revokation of all sessions.
  • Optionally identifiable sessions (IP address, OS, browser).
  • Authentication via middleware.
  • Fully customizable, but with sane defaults.
  • Lightweight.
  • Straightforward API.
  • Allows custom session stores.

Installation

go get github.com/swithek/sessionup

Usage

The first thing you will need, in order to start creating and validating your sessions, is a Manager:

store := memstore.New(time.Minute * 5)
manager := sessionup.NewManager(store)

Out-of-the-box sessionup's Manager instance comes with recommended OWASP configuration options already set, but if you feel the need to customize the behaviour and the cookie values the Manager will use, you can easily provide your own options:

manager := sessionup.NewManager(store, sessionup.Secure(false), sessionup.ExpiresIn(time.Hour * 24))

During registration, login or whenever you want to create a fresh session, you have to call the Init method and provide a key by which the sessions will be grouped during revokation and retrieval. The key can be anything that defines the owner of the session well: ID, email, username, etc.

func login(w http.ResponseWriter, r *http.Request) {
      userID := ...
      if err := manager.Init(w, r, userID); err != nil {
            // handle error
      }
      // success
}

You can store additional information with your session as well.

func login(w http.ResponseWriter, r *http.Request) {
      userID := ...
      err := manager.Init(w, r, userID, sessionup.MetaEntry("permission", "write"), sessionup.MetaEntry("age", "111"))
      if err != nil {
            // handle error
      }
      // success
}

Public / Auth middlewares check whether the request has a cookie with a valid session ID and add the session to the request's context. Public, contrary to Auth, does not call the Manager's rejection function (also customizable), thus allowing the wrapped handler to execute successfully.

http.Handle("/", manager.Public(publicHandler))
http.Handle("/private", manager.Auth(privateHandler))

There's a FetchAll method, should you want to retrieve all sessions under the same key as the current context session:

func retrieveAll(w http.ResponseWriter, r *http.Request) {
      sessions, err := manager.FetchAll(r.Context())
      if err != nil {
            // handle error
      }
      // success
}

When the time comes for session termination, use Revoke method:

func logout(w http.ResponseWriter, r *http.Request) {    
      if err := manager.Revoke(r.Context(), w); err != nil {
            // handle error
      }
      // success
}

What if you want to revoke all sessions under the same key as the current context session? Use RevokeAll:

func revokeAll(w http.ResponseWriter, r *http.Request) {
      if err := manager.RevokeAll(r.Context(), w); err != nil {
            // handle error
      }
      // success
}

... and if you want to revoke all sessions under the same key as the current context session excluding the current context session, use RevokeOther:

func revokeOther(w http.ResponseWriter, r *http.Request) {
      if err := manager.RevokeOther(r.Context()); err != nil {
            // handle error
      }
      // success
}

Sessions & Cookies

On each Init method call, a new random session ID will be generated. Since only the generated ID and no sensitive data is being stored in the cookie, there is no need to encrypt anything. If you think that the generation functionality lacks randomness or has other issues, pass your custom ID generation function as an option when creating a new Manager.

Store implementations

Custom stores need to implement the Store interface to be used by the Manager.

Limitations

sessionup offers server-only session storing and management, since the functionality to revoke/retrieve session not in the incoming request is not possible with cookie stores.

Demo

You can see sessionup in action by trying out the demo in cmd/example/

Author: Swithek
Source Code: https://github.com/swithek/sessionup  
License: MIT License

#go #golang 

What is GEEK

Buddha Community

Sessionup: Straightforward HTTP Session Management
Origin Scale

Origin Scale

1616572311

Originscale Order Management System

Originscale order management software helps to manage all your orders across channels in a single place. Originscale collects orders across multiple channels in real-time - online, offline, D2C, B2B, and more. View all your orders in one single window and process them with a simple click.

#order management system #ordering management system #order management software #free order management software #purchase order management software #best order management software

Tech Avidus

Tech Avidus

1604379605

Digital Assets Management Software Solution | AI-based Assets Management System

A Digital Asset Management System makes it easier to store, manage, and share all of your digital assets on cloud-based storage.

We help you to build Digital Asset Management (DAM) systems with your precise business requirements, whether you want one for maintaining management, production management, brand management systems, or implementing with your sales department with the digital assets it needs.

To learn more about how the Digital Asset Management system will help your business, email us at hello@techavidus.com

#digital assets management #assets management solution #digital asset management system #production management #brand management

Revenue Cycle Management Software Services and Custom Integration - SISGAIN

Revenues come day in day out and it becomes strenuous to keep a track of them. With the help of Revenue cycle management software, one is able to perform the hospital revenue cycle management in Oklahoma, USA in a much simplified and easy manner. Our skilful developers and engineers created the healthcare revenue cycle management software that is convenient to use by its users and meets the customers requirement. We happen to be one of the notable revenue cycle management companies, facilitating the needs of our customers and being efficient and useful in performance. For more information call us at +18444455767 or email us at hello@sisgain.com

#revenue cycle management #revenue cycle management software #revenue cycle management companies #hospital revenue cycle management #revenue cycle management services #revenue cycle management solutions

Origin Scale

Origin Scale

1619083348

Inventory Management Software

Originscale Inventory Management Software help you seamlessly integrates your sales channels and inventory locations to give your team complete and reliable inventory control. TRY FOR FREE Today

#inventory management #inventory management software #inventory management system #manufacturing inventory management #inventory control software #stock inventory management

Property Management Software Services - SISGAIN

Are you thinking about remodeling your business? SISGAIN is one of the best top property management software companies specialised to make innovative property management software web portals and mobile applications for property management especially designed for automating and modernizing your business with a motive of growth at flexible pricing. Property management product development can really benefit your business in many ways but you’ll have to contact us first. For more information call us at +18444455767 or email us at hello@sisgain.com

#top property management software companies #best property management software #property management product development #real estate management software #property management app