Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions docs/handler/auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,16 @@
h := &handler.AuthHandler{
Users: userStore,
JWT: jwtMgr,
CookieName: "session",
SecureCookies: true,
DisableSignup: false, // set true to prevent self-registration
Sessions: sessionStore, // optional; enables session tracking and refresh tokens
RefreshTokenTTL: handler.DefaultRefreshTokenTTL, // defaults to 7 days when Sessions is set
RefreshCookieName: "refresh", // required when Sessions is set; stores refresh token in an HttpOnly cookie
RequireVerification: true, // optional; rejects login for unverified email addresses
RequireVerification: true, // optional; rejects login for unverified email addresses
// Logger: nil, // optional; when nil, slog.Default() is resolved at each log site
SessionConfig: handler.SessionConfig{
CookieName: "session",
SecureCookies: true,
Sessions: sessionStore, // optional; enables session tracking and refresh tokens
RefreshTokenTTL: handler.DefaultRefreshTokenTTL, // defaults to 7 days when Sessions is set
RefreshCookieName: "refresh", // required when Sessions is set
},
}

if err := h.Validate(); err != nil {
Expand Down
24 changes: 13 additions & 11 deletions docs/handler/magic-links.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,22 @@

```go
h := &handler.MagicLinkHandler{
Users: userStore,
MagicLinks: magicLinkStore,
JWT: jwtMgr,
Sender: func(ctx context.Context, email, token string) error {
Users: userStore,
MagicLinks: magicLinkStore,
JWT: jwtMgr,
Sender: func(ctx context.Context, email, token string) error {
/* compose and send the login email */
return nil
},
CookieName: "session",
SecureCookies: true,
Sessions: sessionStore, // optional
RefreshTokenTTL: handler.DefaultRefreshTokenTTL, // default 7 days
RefreshCookieName: "refresh",
TokenTTL: 15 * time.Minute, // optional; defaults to 15 minutes
// Logger: nil, // optional; when nil, slog.Default() is resolved at each log site
TokenTTL: 15 * time.Minute, // optional; defaults to 15 minutes
// Logger: nil, // optional; when nil, slog.Default() is resolved at each log site
SessionConfig: handler.SessionConfig{
CookieName: "session",
SecureCookies: true,
Sessions: sessionStore, // optional
RefreshTokenTTL: handler.DefaultRefreshTokenTTL, // default 7 days
RefreshCookieName: "refresh",
},
}

if err := h.Validate(); err != nil {
Expand Down
19 changes: 9 additions & 10 deletions docs/handler/oauth2.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,18 +83,17 @@ h := &handler.OAuth2Handler{
Endpoint: github.Endpoint, // from golang.org/x/oauth2/github
Scopes: []string{"read:user", "user:email"},
},
Provider: &handler.GitHubProvider{},
CookieName: "session",
SecureCookies: true,

// Optional: enable server-side sessions and refresh-token rotation.
Sessions: sessionStore,
RefreshTokenTTL: handler.DefaultRefreshTokenTTL,
RefreshCookieName: "refresh",

Provider: &handler.GitHubProvider{},
SessionConfig: handler.SessionConfig{
CookieName: "session",
SecureCookies: true,
// Optional: enable server-side sessions and refresh-token rotation.
Sessions: sessionStore,
RefreshTokenTTL: handler.DefaultRefreshTokenTTL,
RefreshCookieName: "refresh",
},
// Optional: customise the post-login redirect query parameter.
LoginRedirect: "github_login=1", // redirects to /?github_login=1

// Logger: nil, // optional; when nil, slog.Default() is resolved at each log site
}

Expand Down
26 changes: 14 additions & 12 deletions docs/handler/passkeys.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,20 @@ wa, err := webauthn.New(&webauthn.Config{
})

h := &handler.PasskeyHandler{
Users: userStore,
Passkeys: passkeyStore,
WebAuthn: wa, // set to nil to disable passkeys
JWT: jwtMgr,
CookieName: "session",
SecureCookies: true,
URLParamFunc: chi.URLParam,
// Optional: enable session tracking and refresh-token rotation.
Sessions: sessionStore,
RefreshTokenTTL: handler.DefaultRefreshTokenTTL, // default 7 days
RefreshCookieName: "refresh",
// Logger: nil, // optional; when nil, slog.Default() is resolved at each log site
Users: userStore,
Passkeys: passkeyStore,
WebAuthn: wa, // set to nil to disable passkeys
JWT: jwtMgr,
URLParamFunc: chi.URLParam,
// Logger: nil, // optional; when nil, slog.Default() is resolved at each log site
SessionConfig: handler.SessionConfig{
CookieName: "session",
SecureCookies: true,
// Optional: enable session tracking and refresh-token rotation.
Sessions: sessionStore,
RefreshTokenTTL: handler.DefaultRefreshTokenTTL, // default 7 days
RefreshCookieName: "refresh",
},
}

if err := h.Validate(); err != nil {
Expand Down
16 changes: 9 additions & 7 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,15 @@ jwtMgr, err := auth.NewJWTManager("your-secret-at-least-32-bytes-long", 15*time.

// 3. Wire up handlers.
authHandler := &handler.AuthHandler{
Users: userStore,
JWT: jwtMgr,
CookieName: "session",
SecureCookies: true,
Sessions: sessionStore, // enables server-side sessions + refresh tokens
RefreshTokenTTL: 7 * 24 * time.Hour,
RefreshCookieName: "refresh", // required when Sessions is set
Users: userStore,
JWT: jwtMgr,
SessionConfig: handler.SessionConfig{
CookieName: "session",
SecureCookies: true,
Sessions: sessionStore, // enables server-side sessions + refresh tokens
RefreshTokenTTL: 7 * 24 * time.Hour,
RefreshCookieName: "refresh", // required when Sessions is set
},
}
apiKeyHandler := &handler.APIKeyHandler{
APIKeys: apiKeyStore,
Expand Down
18 changes: 10 additions & 8 deletions docs/tutorial.md
Original file line number Diff line number Diff line change
Expand Up @@ -299,13 +299,15 @@ func main() {

// 3. Configure the AuthHandler.
authH := &handler.AuthHandler{
Users: users,
JWT: jwtMgr,
CookieName: "session",
SecureCookies: false, // set true in production (HTTPS only)
Sessions: sessions,
RefreshTokenTTL: 7 * 24 * time.Hour,
RefreshCookieName: "refresh",
Users: users,
JWT: jwtMgr,
SessionConfig: handler.SessionConfig{
CookieName: "session",
SecureCookies: false, // set true in production (HTTPS only)
Sessions: sessions,
RefreshTokenTTL: 7 * 24 * time.Hour,
RefreshCookieName: "refresh",
},
}
if err := authH.Validate(); err != nil {
log.Fatal("authH:", err)
Expand All @@ -330,7 +332,7 @@ func main() {

// 5. Start the maintenance background worker.
ctx := context.Background()
stop := maintenance.StartCleanup(ctx, 10*time.Minute,
stop := maintenance.StartCleanup(ctx, nil, 10*time.Minute,
sessions.DeleteExpiredSessions,
)
defer stop()
Expand Down
Loading