Description
I'm a newbie both in Go and authboss.
I would like to open a wiki page (or more) for newbies that summarizes all the problems and doubts I had and that clearly explains how to get authboss up and running in your Go project.
What do you think, @aarondl?
Before starting I would like to recap here what I have already done and what I have not yet understood how to do:
Remember me
-
Remember me cookie in authboss-sample has MaxAge=Session. Explanation. (issue: Remember me cookie in authboss-sample has MaxAge=Session. Explanation. #217). Closed. Was a bug in volatiletech/authboss-clientstate@0943df8
-
Remember me with or without checkbox in authboss-sample save "rm" cookie and session in DB anyway (issue: Remember me with or without checkbox in authboss-sample save "rm" cookie and session in DB anyway. #215). Closed. Was a bug in volatiletech/authboss-clientstate@0943df8
-
Remember me, DB struct (table) hints. (issue: Remember me, DB struct (table) hints. #218)
-
Proposal: Implement shallow remember me (issue: Implement shallow remember me #212). Not enough interest on the subject to invest time.
-
Doubt about theft prevention (issue: Remember me, theft prevention doubt #227)
-
Expired tokens in DB table (issue: Remember me, expired tokens in DB table #228)
-
Race condition for "Remember Me" module (issue: Race condition for "Remember Me" module #281)
-
"Remember me" enabled by default if module installed (issue: "Remember me" enabled by default if module installed #282)
-
Redirects
-
Doubts about login/logout redir behaviour (issue: Doubts about login/logout redir behaviour #236)
-
Is it possibile to use
CorceRedirectTo200in master? (issue: Is it possibile to useCorceRedirectTo200in master? #251) -
Cookies
-
Where is the session persisted? Is there a way to use cookie as a session storage even with its limits (4KB)? (like Rails devise gem does) (issue: Where is the session persisted? Is there a way to use cookie as a session storage even with its limits #213) @aarondl answered perfectly. Added in FAQ (https://github.com/volatiletech/authboss/wiki/FAQ).
-
API mode
-
Do I need CSRF protection for
/loginendpoint? (issue: Do I need CSRF protection for /login endpoint? #247) -
Message
{"status":"success"}onGETcall on/loginendpoint? (issue: Message {"status":"success"} on GET call on /login endpoint? #248) -
Total compatibility as API endpoint (issue: Total compatibility as API endpoint #283)
-
Various
-
Override default templates using scss/less/js assets (writing wiki page with just some advices...)
-
CurrentUser() vs LoadCurrentUser(). What is the right one to use? (issue: CurrentUser() vs LoadCurrentUser(). What is the right one to use? #220) @aarondl answered perfectly. Added in FAQ (https://github.com/volatiletech/authboss/wiki/FAQ).
-
Content-Type: application/jsonandRespondUnauthorized/RespondRedirectwith panic (issue: Content-Type application/json error: "failed to redirect user during authboss.Middleware redirect: template for page redirect not found" authboss-sample#29) -
Hooks for authboss routes (issue: Hooks for authboss routes. #221)
-
Using authboss with Gorm and Postgresql (doubts about columns and indexes, issue: Postgres and Gorm struct tags / DB columns and indexes definition #209). Started draft: https://github.com/volatiletech/authboss/wiki/Using-Authboss-with-Gorm-and-Postgresql
-
"Redirect template for page" problem (issue: Content-Type application/json error: "failed to redirect user during authboss.Middleware redirect: template for page redirect not found" #208) requesting middleware auth protected page with
Content-Type: application/jsonheader -
Lists all possible security holes using authboss-sample as it is and what to do to make it stronger. Also check
authboss-samplebased on with https://www.calhoun.io/securing-cookies-in-go -
Integrate it with Buffalo (some problems fixed, but still not 100% integration): https://github.com/frederikhors/buffalo-authboss-sample
-
Use with precompiled templates, eg. with Quicktemplate (issue: Use with precompiled templates, eg. with Quicktemplate #239)