func WebRouter(u *repository.UserRepository, session sessions.Store) http.Handler { userRepository = u webInit() r := mux.NewRouter() r.Handle("/", WebAction(WebIndex)).Methods("GET") r.Handle("/login", WebAction(WebLogin)).Methods("POST") r.Handle("/register", WebAction(WebRegisterGet)).Methods("GET") r.Handle("/register", WebAction(WebRegister)).Methods("POST") r.Handle("/logout", WebAction(WebLogout)) r.Handle("/panel", WebAction(WebPanelIndex)).Methods("GET") r.Handle("/panel/keys", WebAction(WebPanelKeysPost)).Methods("POST") r.Handle("/panel/keys/delete/{id}", WebAction(WebPanelKeysDelete)).Methods("POST") app := negroni.New() app.Use(middleware.NewSession(session)) app.Use(middleware.NewCsrfMiddleware("csrf")) app.Use(middleware.NewUserMiddleware(&middleware.UserMiddlewareConfig{ Authenticator: func(userId string) (interface{}, error) { userObj := domain.NewUser() str, err := userRepository.GetUserById(userId) if err != nil { return nil, err } json.Unmarshal([]byte(str), &userObj) return userObj, nil }, })) app.UseFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { if iface := context.Get(r, "user"); iface == nil { user := domain.NewUser() context.Set(r, "user", user) } next(w, r) }) app.UseFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { if 0 == strings.Index(r.URL.Path, "/panel") && !context.Get(r, "user").(*domain.User).IsLogin() { http.Redirect(w, r, "/webapp", http.StatusFound) return } if r.URL.Path == "/" && context.Get(r, "user").(*domain.User).IsLogin() { http.Redirect(w, r, "/webapp/panel", http.StatusFound) return } next(w, r) }) app.UseHandler(r) return context.ClearHandler(app) }
func (mw *UserMiddleware) MiddlewareFunc(h rest.HandlerFunc) rest.HandlerFunc { return func(w rest.ResponseWriter, r *rest.Request) { userId := r.Env["REMOTE_USER"].(string) res, _ := userRepository.GetUserById(userId) user := domain.NewUser() json.Unmarshal([]byte(res), user) r.Env["USER"] = user // call the handler h(w, r) } }
func WebLogin(w http.ResponseWriter, r *http.Request, ctx *WebContext) (err error) { session := ctx.Session r.ParseForm() username := r.Form.Get("username") pass := r.Form.Get("pass") res, err := userRepository.GetUserById(username) if res != "" && err == nil { user := domain.NewUser() err = json.Unmarshal([]byte(res), user) pHash := xxhash.Checksum64([]byte(pass)) var passBytes []byte passBytes = strconv.AppendUint(passBytes, pHash, 10) if nil == err && user.Pass == string(passBytes) { session.Values["user"] = username } } http.Redirect(w, r, "/webapp/panel", http.StatusFound) return }
func NewWebApi() http.Handler { Authenticator := func(userId, password string) bool { res, err := userRepository.GetUserById(userId) if err != nil || res == "" { return false } user := domain.NewUser() err = json.Unmarshal([]byte(res), user) return nil == err && user.Pass == domain.HashPassword(password) } var jwt_middleware = &jwt.JWTMiddleware{ Key: []byte("testKey"), Realm: "Unitrans", Timeout: time.Hour * 30, MaxRefresh: time.Hour * 24, Authenticator: Authenticator, } var DevStack = []rest.Middleware{ &rest.AccessLogApacheMiddleware{}, &rest.TimerMiddleware{}, &rest.RecorderMiddleware{}, &rest.PoweredByMiddleware{ XPoweredBy: "unitrans", }, &rest.RecoverMiddleware{ EnableResponseStackTrace: true, }, &rest.JsonIndentMiddleware{}, } api := rest.NewApi() api.Use(DevStack...) api.Use(&rest.CorsMiddleware{ RejectNonCorsRequests: false, OriginValidator: func(origin string, request *rest.Request) bool { return true }, AllowedMethods: []string{"GET", "POST", "PUT", "DELETE"}, AllowedHeaders: []string{"Authorization", "Accept", "Content-Type", "X-Custom-Header", "Origin"}, AccessControlAllowCredentials: true, AccessControlMaxAge: 3600, }) api.Use(&rest.IfMiddleware{ Condition: func(request *rest.Request) bool { return request.URL.Path != "/login" && request.URL.Path != "/refresh" && request.URL.Path != "/register" && request.URL.Path != "/checkExists" && request.URL.Path != "/tr" }, IfTrue: jwt_middleware, }) api.Use(&rest.IfMiddleware{ Condition: func(r *rest.Request) bool { _, ok := r.Env["REMOTE_USER"] return ok }, IfTrue: &UserMiddleware{}, }) api_router, _ := rest.MakeRouter( rest.Post("/login", jwt_middleware.LoginHandler), rest.Get("/test", handle_auth), rest.Get("/refresh", jwt_middleware.RefreshHandler), rest.Post("/register", Register), rest.Post("/checkExists", CheckExists), rest.Get("/keys", KeysList), rest.Post("/keys", KeyCreate), rest.Delete("/keys/*key", KeyDelete), rest.Post("/tr", Translate), ) api.SetApp(api_router) return api.MakeHandler() }