Ejemplo n.º 1
0
// Ensures that "user_is_admin" is set to true.
func MustAdmin(h, notFound http.Handler) http.Handler {
	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		isAdmin := session.Bool(req, "user_is_admin", false)
		if !isAdmin {
			weberror.ShowRW(rw, req, 404)
			return
		}

		MustLogin(h).ServeHTTP(rw, req)
	})
}
Ejemplo n.º 2
0
// http.Handler wrapper that bails if a valid action key for the request URL's
// path is not found in the GET/POST variable whose name is specified in
// fieldName.
func Protectn(fieldName string, f func(rw http.ResponseWriter, req *http.Request)) http.Handler {
	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		ac := req.FormValue(fieldName)
		if !IsSafeMethod(req.Method) && !Verify(req, ac) {
			weberror.ShowRW(rw, req, 400)
			return
		}

		f(rw, req)
	})
}