Ejemplo n.º 1
0
// Use adds the session capability on router.
func Use(router *wcg.Router, configure func()) {
	middleware.SessionConfigIni.StoreFactory = gae.SessionStoreFactory
	sessionBefore, sessionAfter := middleware.SessionSupport()
	csrf := middleware.CSRFSupport()

	router.Before(wcg.NewNamedHandler("session.before", func(res *wcg.Response, req *wcg.Request) {
		if canSkipSessionMiddleware(req) {
			return
		}
		sessionBefore.Process(res, req)
		if lib.IsOnGAE() { // Check only on GAE environment
			if req.Method() != "GET" && req.Method() != "HEAD" {
				csrf.Process(res, req)
			}
		}
	}))

	configure()

	router.After(wcg.NewNamedHandler("session.after", func(res *wcg.Response, req *wcg.Request) {
		if canSkipSessionMiddleware(req) {
			return
		}
		sessionAfter.Process(res, req)
	}))
}
Ejemplo n.º 2
0
func authorizeByAPIToken(req *wcg.Request) {
	tokenString := req.Header(request.APITokenHeader)
	if !lib.IsOnGAE() && !lib.IsProduction() && tokenString == string(request.APITestUser.Token) {
		req.User = request.APITestUser
		return
	}
	if !wcg.IsUUID(tokenString) {
		// Do not access APIToken entity if it's not a valid UUID.
		return
	}

	_, ent, err := entities.APIToken.Get().Key(tokenString).Cache(true).One(req)
	if err == nil {
		req.User = &request.APITokenUser{ent.(*models.APIToken)}
		return
	}
}