英文:
Is there a Go framework or package that provides canned user authentication support?
问题
我已经被Python中成熟的框架(Django/Flask)宠坏了,所以当我开始学习Go时,我不禁想知道是否有类似的框架存在于Go中,类似于django.contrib.auth或Flask-Login?
主要用例是处理简单的用户认证,并能够扩展它以适应应用程序中的一些基于权限的路由。
英文:
I've gotten pretty spoiled by the mature frameworks available in Python (Django/Flask), so as I'm starting to learn Go, I have to wonder if there are any similar frameworks already in existence in Go to django.contrib.auth or Flask-Login?
The main use case is to handle simple user authentication and be able to extend it to accommodate some permissions-based routing within the app.
答案1
得分: 24
据我所知,目前没有现成的解决方案。最接近的现成身份验证可能是通过Google AppEngine,可以检索到用户的Google帐户,并且可以将某些路径限定为仅供应用程序管理员使用。
在标准的Go Web服务器中,通常需要自己实现身份验证,但这并不像听起来那么困难。许多框架会将您与实际上非常重要的决策隔离开来;按照典型的Go方式,您需要根据应用程序的需求做出这些决策,然后选择适合您的现有库。
登录页面
无论您在何处需要用户登录,通常会使用HTML表单。这些通常使用html/template包来呈现。要在提交表单时检索值,请使用request.FormValue。
数据库
有多种方法可以存储用户信息;可以使用os将其存储在文件系统中,或者使用database/sql将其存储在SQL数据库中。还有一些成熟的NoSQL数据库驱动程序,包括MongoDB和Redis。
密码
为了计算和比较密码的哈希值,您应该使用现有的机制,以免自己重新发明。为此,go.crypto子存储库提供了一个bcrypt包。
会话
如果您想存储会话数据,可以使用像gorilla/sessions这样的解决方案。根据您的安全需求,您可以直接将会话数据存储在(可选的安全)cookie中,或者将其存储在后端,并仅在cookie中存储会话ID。
英文:
As far as I know, there are not. The closest out-of-the-box authentication you can probably get is via Google AppEngine, where the user's Google account can be retrieved and certain paths can be scoped for app administrators only.
In a standard Go web server, you will generally need to roll your own auth, but it's not as difficult as it sounds. Many frameworks isolate you from decisions which are actually quite important; in typical Go fashion, you'll need to make these decisions based on the needs of your app, and then pick the existing libraries that are right for you.
Login page
Wherever you need your users to log in, you will probably use an HTML form. These will typically be rendered using the html/template package. To retrieve the values when the form is submitted, use request.FormValue.
Database
There are a number of ways to store user information; on the filesystem with os or in a SQL database using database/sql. There are mature drivers for some NoSQL databases as well, including MongoDB and Redis.
Passwords
To compute and compare hashes to passwords, you'll want to use a preexisting mechanism so that you don't have to reinvent it yourself. For this, the go.crypto subrepository provides a bcrypt package.
Sessions
If you want to store session data, you can use a solution like gorilla/sessions. Based on your security needs, you can store the session data directly in a (optionally secured) cookie or you can store it in a backend an only store a session ID in the cookie.
答案2
得分: 2
从READ.me
允许您的Martini应用程序通过OAuth 2.0后端支持用户登录。
https://github.com/martini-contrib/oauth2
英文:
From the READ.me
Allows your Martini application to support user login via an OAuth 2.0 backend.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论