github.com/volatiletech/authboss@v2.4.1+incompatible/config.go (about) 1 package authboss 2 3 import ( 4 "net/http" 5 "time" 6 7 "golang.org/x/crypto/bcrypt" 8 ) 9 10 // Config holds all the configuration for both authboss and it's modules. 11 type Config struct { 12 Paths struct { 13 // Mount is the path to mount authboss's routes at (eg /auth). 14 Mount string 15 16 // NotAuthorized is the default URL to kick users back to when 17 // they attempt an action that requires them to be logged in and 18 // they're not auth'd 19 NotAuthorized string 20 21 // AuthLoginOK is the redirect path after a successful authentication. 22 AuthLoginOK string 23 24 // ConfirmOK once a user has confirmed their account 25 // this says where they should go 26 ConfirmOK string 27 // ConfirmNotOK is used by the middleware, when a user is still supposed 28 // to confirm their account, this is where they should be redirected to. 29 ConfirmNotOK string 30 31 // LockNotOK is a path to go to when the user fails 32 LockNotOK string 33 34 // LogoutOK is the redirect path after a log out. 35 LogoutOK string 36 37 // OAuth2LoginOK is the redirect path after a successful oauth2 login 38 OAuth2LoginOK string 39 // OAuth2LoginNotOK is the redirect path after 40 // an unsuccessful oauth2 login 41 OAuth2LoginNotOK string 42 43 // RecoverOK is the redirect path after a successful recovery of a 44 // password. 45 RecoverOK string 46 47 // RegisterOK is the redirect path after a successful registration. 48 RegisterOK string 49 50 // RootURL is the scheme+host+port of the web application 51 // (eg https://www.happiness.com:8080) for url generation. 52 // No trailing slash. 53 RootURL string 54 55 // TwoFactorEmailAuthNotOK is where a user is redirected when 56 // the user attempts to add 2fa to their account without verifying 57 // their e-mail OR when they've completed the first step towards 58 // verification and need to check their e-mail to proceed. 59 TwoFactorEmailAuthNotOK string 60 } 61 62 Modules struct { 63 // BCryptCost is the cost of the bcrypt password hashing function. 64 BCryptCost int 65 66 // ConfirmMethod IS DEPRECATED! See MailRouteMethod instead. 67 // 68 // ConfirmMethod controls which http method confirm expects. 69 // This is because typically this is a GET request since it's a link 70 // from an e-mail, but in api-like cases it needs to be able to be a 71 // post since there's data that must be sent to it. 72 ConfirmMethod string 73 74 // ExpireAfter controls the time an account is idle before being 75 // logged out by the ExpireMiddleware. 76 ExpireAfter time.Duration 77 78 // LockAfter this many tries. 79 LockAfter int 80 // LockWindow is the waiting time before the number of attemps are reset. 81 LockWindow time.Duration 82 // LockDuration is how long an account is locked for. 83 LockDuration time.Duration 84 85 // LogoutMethod is the method the logout route should use 86 // (default should be DELETE) 87 LogoutMethod string 88 89 // MailRouteMethod is used to set the type of request that's used for 90 // routes that require a token from an e-mail link's query string. 91 // This is things like confirm and two factor e-mail auth. 92 // 93 // You should probably set this to POST if you are building an API 94 // so that the user goes to the frontend with their link & token 95 // and the front-end calls the API with the token in a POST JSON body. 96 // 97 // This configuration setting deprecates ConfirmMethod. 98 // If ConfirmMethod is set to the default value (GET) then 99 // MailRouteMethod is used. If ConfirmMethod is not the default value 100 // then it is used until Authboss v3 when only MailRouteMethod will be 101 // used. 102 MailRouteMethod string 103 104 // MailNoGoroutine is used to prevent the mailer from being launched 105 // in a goroutine by the Authboss modules. 106 // 107 // This behavior will become the default in Authboss v3 and each 108 // Mailer implementation will be required to use goroutines if it sees 109 // fit. 110 // 111 // It's important that this is the case if you are using contexts 112 // as the http request context will be cancelled by the Go http server 113 // and it may interrupt your use of the context that the Authboss module 114 // is passing to you, preventing proper use of it. 115 MailNoGoroutine bool 116 117 // RegisterPreserveFields are fields used with registration that are 118 // to be rendered when post fails in a normal way 119 // (for example validation errors), they will be passed back in the 120 // data of the response under the key DataPreserve which 121 // will be a map[string]string. 122 // 123 // All fields that are to be preserved must be able to be returned by 124 // the ArbitraryValuer.GetValues() 125 // 126 // This means in order to have a field named "address" you would need 127 // to have that returned by the ArbitraryValuer.GetValues() method and 128 // then it would be available to be whitelisted by this 129 // configuration variable. 130 RegisterPreserveFields []string 131 132 // RecoverTokenDuration controls how long a token sent via 133 // email for password recovery is valid for. 134 RecoverTokenDuration time.Duration 135 // RecoverLoginAfterRecovery says for the recovery module after a 136 // user has successfully recovered the password, are they simply 137 // logged in, or are they redirected to the login page with an 138 // "updated password" message. 139 RecoverLoginAfterRecovery bool 140 141 // OAuth2Providers lists all providers that can be used. See 142 // OAuthProvider documentation for more details. 143 OAuth2Providers map[string]OAuth2Provider 144 145 // TwoFactorEmailAuthRequired forces users to first confirm they have 146 // access to their e-mail with the current device by clicking a link 147 // and confirming a token stored in the session. 148 TwoFactorEmailAuthRequired bool 149 150 // TOTP2FAIssuer is the issuer that appears in the url when scanning 151 // a qr code for google authenticator. 152 TOTP2FAIssuer string 153 154 // DEPRECATED: See ResponseOnUnauthed 155 // RoutesRedirectOnUnauthed controls whether or not a user is redirected 156 // or given a 404 when they are unauthenticated and attempting to access 157 // a route that's login-protected inside Authboss itself. 158 // The otp/twofactor modules all use authboss.Middleware to protect 159 // their routes and this is the redirectToLogin parameter in that 160 // middleware that they pass through. 161 RoutesRedirectOnUnauthed bool 162 163 // ResponseOnUnauthed controls how a user is responded to when 164 // attempting to access a route that's login-protected inside Authboss 165 // itself. The otp/twofactor modules all use authboss.Middleware2 to 166 // protect their routes and this is the failResponse parameter in that 167 // middleware that they pass through. 168 // 169 // This deprecates RoutesRedirectOnUnauthed. If RoutesRedirectOnUnauthed 170 // is true, the value of this will be set to RespondRedirect until 171 // authboss v3. 172 ResponseOnUnauthed MWRespondOnFailure 173 } 174 175 Mail struct { 176 // RootURL is a full path to an application that is hosting a front-end 177 // Typically using a combination of Paths.RootURL and Paths.Mount 178 // MailRoot will be assembled if not set. 179 // Typically looks like: https://our-front-end.com/authenication 180 // No trailing slash. 181 RootURL string 182 183 // From is the email address authboss e-mails come from. 184 From string 185 // FromName is the name authboss e-mails come from. 186 FromName string 187 // SubjectPrefix is used to add something to the front of the authboss 188 // email subjects. 189 SubjectPrefix string 190 } 191 192 Storage struct { 193 // Storer is the interface through which Authboss accesses the web apps 194 // database for user operations. 195 Server ServerStorer 196 197 // CookieState must be defined to provide an interface capapable of 198 // storing cookies for the given response, and reading them from the 199 // request. 200 CookieState ClientStateReadWriter 201 // SessionState must be defined to provide an interface capable of 202 // storing session-only values for the given response, and reading them 203 // from the request. 204 SessionState ClientStateReadWriter 205 206 // SessionStateWhitelistKeys are set to preserve keys in the session 207 // when authboss.DelAllSession is called. A correct implementation 208 // of ClientStateReadWriter will delete ALL session key-value pairs 209 // unless that key is whitelisted here. 210 SessionStateWhitelistKeys []string 211 } 212 213 Core struct { 214 // Router is the entity that controls all routing to authboss routes 215 // modules will register their routes with it. 216 Router Router 217 218 // ErrorHandler wraps http requests with centralized error handling. 219 ErrorHandler ErrorHandler 220 221 // Responder takes a generic response from a controller and prepares 222 // the response, uses a renderer to create the body, and replies to the 223 // http request. 224 Responder HTTPResponder 225 226 // Redirector can redirect a response, similar to Responder but 227 // responsible only for redirection. 228 Redirector HTTPRedirector 229 230 // BodyReader reads validatable data from the body of a request to 231 // be able to get data from the user's client. 232 BodyReader BodyReader 233 234 // ViewRenderer loads the templates for the application. 235 ViewRenderer Renderer 236 // MailRenderer loads the templates for mail. If this is nil, it will 237 // fall back to using the Renderer created from the ViewLoader instead. 238 MailRenderer Renderer 239 240 // Mailer is the mailer being used to send e-mails out via smtp 241 Mailer Mailer 242 243 // Logger implies just a few log levels for use, can optionally 244 // also implement the ContextLogger to be able to upgrade to a 245 // request specific logger. 246 Logger Logger 247 } 248 } 249 250 // Defaults sets the configuration's default values. 251 func (c *Config) Defaults() { 252 c.Paths.Mount = "/auth" 253 c.Paths.NotAuthorized = "/" 254 c.Paths.AuthLoginOK = "/" 255 c.Paths.ConfirmOK = "/" 256 c.Paths.ConfirmNotOK = "/" 257 c.Paths.LockNotOK = "/" 258 c.Paths.LogoutOK = "/" 259 c.Paths.OAuth2LoginOK = "/" 260 c.Paths.OAuth2LoginNotOK = "/" 261 c.Paths.RecoverOK = "/" 262 c.Paths.RegisterOK = "/" 263 c.Paths.RootURL = "http://localhost:8080" 264 c.Paths.TwoFactorEmailAuthNotOK = "/" 265 266 c.Modules.BCryptCost = bcrypt.DefaultCost 267 c.Modules.ConfirmMethod = http.MethodGet 268 c.Modules.ExpireAfter = time.Hour 269 c.Modules.LockAfter = 3 270 c.Modules.LockWindow = 5 * time.Minute 271 c.Modules.LockDuration = 12 * time.Hour 272 c.Modules.LogoutMethod = "DELETE" 273 c.Modules.MailRouteMethod = http.MethodGet 274 c.Modules.RecoverLoginAfterRecovery = false 275 c.Modules.RecoverTokenDuration = 24 * time.Hour 276 }