History

Willem van Dreumel 01d957677f Oauth2 consumer (#679 ) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)		2017-02-22 08:14:37 +01:00
..
LICENSE	Oauth2 consumer (#679 )	2017-02-22 08:14:37 +01:00
README.md	Oauth2 consumer (#679 )	2017-02-22 08:14:37 +01:00
doc.go	Oauth2 consumer (#679 )	2017-02-22 08:14:37 +01:00
lex.go	Oauth2 consumer (#679 )	2017-02-22 08:14:37 +01:00
sessions.go	Oauth2 consumer (#679 )	2017-02-22 08:14:37 +01:00
store.go	Oauth2 consumer (#679 )	2017-02-22 08:14:37 +01:00

README.md

sessions

gorilla/sessions provides cookie and filesystem sessions and infrastructure for custom session backends.

The key features are:

Simple API: use it as an easy way to set signed (and optionally encrypted) cookies.
Built-in backends to store sessions in cookies or the filesystem.
Flash messages: session values that last until read.
Convenient way to switch session persistency (aka "remember me") and set other attributes.
Mechanism to rotate authentication and encryption keys.
Multiple sessions per request, even using different backends.
Interfaces and infrastructure for custom session backends: sessions from different stores can be retrieved and batch-saved using a common API.

Let's start with an example that shows the sessions API in a nutshell:

	import (
		"net/http"
		"github.com/gorilla/sessions"
	)

	var store = sessions.NewCookieStore([]byte("something-very-secret"))

	func MyHandler(w http.ResponseWriter, r *http.Request) {
		// Get a session. We're ignoring the error resulted from decoding an
		// existing session: Get() always returns a session, even if empty.
		session, _ := store.Get(r, "session-name")
		// Set some session values.
		session.Values["foo"] = "bar"
		session.Values[42] = 43
		// Save it before we write to the response/return from the handler.
		session.Save(r, w)
	}

First we initialize a session store calling NewCookieStore() and passing a secret key used to authenticate the session. Inside the handler, we call store.Get() to retrieve an existing session or a new one. Then we set some session values in session.Values, which is a map[interface{}]interface{}. And finally we call session.Save() to save the session in the response.

Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory! An easy way to do this is to wrap the top-level mux when calling http.ListenAndServe:

More examples are available on the Gorilla website.

Store Implementations

Other implementations of the sessions.Store interface:

github.com/starJammer/gorilla-sessions-arangodb - ArangoDB
github.com/yosssi/boltstore - Bolt
github.com/srinathgs/couchbasestore - Couchbase
github.com/denizeren/dynamostore - Dynamodb on AWS
github.com/bradleypeabody/gorilla-sessions-memcache - Memcache
github.com/dsoprea/go-appengine-sessioncascade - Memcache/Datastore/Context in AppEngine
github.com/kidstuff/mongostore - MongoDB
github.com/srinathgs/mysqlstore - MySQL
github.com/EnumApps/clustersqlstore - MySQL Cluster
github.com/antonlindstrom/pgstore - PostgreSQL
github.com/boj/redistore - Redis
github.com/boj/rethinkstore - RethinkDB
github.com/boj/riakstore - Riak
github.com/michaeljs1990/sqlitestore - SQLite
github.com/wader/gormstore - GORM (MySQL, PostgreSQL, SQLite)
github.com/gernest/qlstore - ql

License

BSD licensed. See the LICENSE file for details.