For those building RESTful APIs and JS front-end apps in Go, how are you managing authentication? Are you using any particular libraries or techniques?
I'm surprised to find so little discussion about this. I keep in mind answers like the following, and am trying to avoid developing my own implementation:
Authentication Form in ASP.Net
Is everybody coding their own solution, separately?
转载于:https://stackoverflow.com/questions/25218903/how-are-people-managing-authentication-in-go
分享
This question gets a ton of views--and has a Popular Question badge--so I know there is a lot of latent interest in this topic, and many people are asking exactly the same thing and not finding answers on the Interwebs.
Most of the available information results in the textual equivalent of the hand wavy thing, left as an "exercise for the reader." ;)
However I've finally located one concrete example, (generously) provided by a member of the golang-nuts mailing list:
https://groups.google.com/forum/#!msg/golang-nuts/GE7a_5C5kbA/fdSnH41pOPYJ
This provides a suggested schema and server-side implementation as a basis for custom authentication. The client-side code is still up to you.
(I hope the author of the post sees this: Thanks!)
Excerpted (and reformatted):
"I would suggest something like the following design:
create table User (
ID int primary key identity(1,1),
Username text,
FullName text,
PasswordHash text,
PasswordSalt text,
IsDisabled bool
)
create table UserSession (
SessionKey text primary key,
UserID int not null, -- Could have a hard "references User"
LoginTime <time type> not null,
LastSeenTime <time type> not null
)
