NOTE: If upgrading from prior to a66ab9d, you will need to regenerate password hashes.
This package uses the Gorilla web toolkit's sessions package to implement a user authentication and authorization system for Go web servers.
Multiple user data storage backends are available, and new ones can be implemented relatively easily.
- File based (gob)
- Various SQL Databases (tested with MySQL, PostgresSQL, SQLite)
- MongoDB (mgo)
Access can be restricted by a users' role.
Uses bcrypt for password hashing.
var (
aaa httpauth.Authorizer
)
func login(rw http.ResponseWriter, req *http.Request) {
username := req.PostFormValue("username")
password := req.PostFormValue("password")
if err := aaa.Login(rw, req, username, password, "/"); err != nil && err.Error() == "already authenticated" {
http.Redirect(rw, req, "/", http.StatusSeeOther)
} else if err != nil {
fmt.Println(err)
http.Redirect(rw, req, "/login", http.StatusSeeOther)
}
}Run go run server.go from the examples directory and visit localhost:8009
for an example. You can login with the username and password "admin".
Tests can be run by simulating Travis CI's build environment. There's a very
unsafe script --- start-test-env.sh that will do this for you.
You should follow me on Twitter. Appreciate this package? Buy me a drink!
- User roles - modification
- SMTP email validation (key based)
- More backends
- Possible remove dependance on bcrypt