Ejemplo n.º 1
0
// Must ensures that any route is authorized to access the next handler
// otherwise an error is returned.
//
// TODO custom not authorized handler?
func Must() echo.HandlerFunc {
	return func(ctx *echo.Context) error {
		// If this is called somewhere on the middleware chain, if we find the user
		// we check the context if is set.
		if v := ctx.Get("IsLoged"); v != nil && v.(bool) == true {
			return nil
		}
		ss, err := store.Get(ctx.Request(), settings.App.Session.Name)
		if err != nil {
			// TODO: log this?
		}
		if v, ok := ss.Values["userID"]; ok {
			person, err := query.GetPersonByUserID(v.(int))
			if err != nil {
				// TODO: log this?
			}
			if person != nil {

				// set in main context
				ctx.Set("IsLoged", true)
				ctx.Set("User", person)

				// for templates
				utils.SetData(ctx, "IsLoged", true)
				utils.SetData(ctx, "User", person)
				return nil
			}
		}
		return echo.NewHTTPError(http.StatusUnauthorized)
	}
}
Ejemplo n.º 2
0
// LoginPost handlers login form, and logs in the user. If the form is valid, the user is
// redirected to "/auth/login" with the form validation errors. When the user is validated
// redirection is made to "/".
//
//		Method           POST
//
//		Route            /auth/login
//
//		Restrictions     None
//
// 		Template         None (All actions redirect to other routes )
//
// Flash messages may be set before redirection.
func LoginPost(ctx *echo.Context) error {
	var flashMessages = flash.New()

	f := forms.New(utils.GetLang(ctx))
	lf := f.LoginForm()(ctx.Request())
	if !lf.IsValid() {
		utils.SetData(ctx, authForm, lf)
		ctx.Redirect(http.StatusFound, "/auth/login")
		return nil
	}

	// Check email and password
	user, err := query.AuthenticateUserByEmail(lf.GetModel().(forms.Login))
	if err != nil {
		log.Error(ctx, err)

		// We want the user to try again, but rather than rendering the form right
		// away, we redirect him/her to /auth/login route(where the login process with
		// start aflsesh albeit with a flash message)
		flashMessages.Err(msgLoginErr)
		flashMessages.Save(ctx)
		ctx.Redirect(http.StatusFound, "/auth/login")
		return nil
	}

	// create a session for the user after the validation has passed. The info stored
	// in the session is the user ID, where as the key is userID.
	ss, err := sessStore.Get(ctx.Request(), settings.App.Session.Name)
	if err != nil {
		log.Error(ctx, err)
	}
	ss.Values["userID"] = user.ID
	err = ss.Save(ctx.Request(), ctx.Response())
	if err != nil {
		log.Error(ctx, err)
	}
	person, err := query.GetPersonByUserID(user.ID)
	if err != nil {
		log.Error(ctx, err)
		flashMessages.Err(msgLoginErr)
		flashMessages.Save(ctx)
		ctx.Redirect(http.StatusFound, "/auth/login")
		return nil
	}

	// add context data. IsLoged is just a conveniece in template rendering. the User
	// contains a models.Person object, where the PersonName is already loaded.
	utils.SetData(ctx, "IsLoged", true)
	utils.SetData(ctx, "User", person)
	flashMessages.Success(msgLoginSuccess)
	flashMessages.Save(ctx)
	ctx.Redirect(http.StatusFound, "/")

	log.Info(ctx, "login success")
	return nil
}