Example #1
0
func (ss *SubmitServer) securePage(toRun func(runuser *Hyades.Person, w http.ResponseWriter, req *http.Request)) func(w http.ResponseWriter, req *http.Request) {
	return func(w http.ResponseWriter, req *http.Request) {
		str, err := store.New(ss.boltDB, store.Config{}, []byte("secret-key"))
		if err != nil {

			log.Println("securePage store.New", req.URL.Path, "err:", err)
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		session, err := str.Get(req, "session")
		if err != nil {

			log.Println("securePage", req.URL.Path, "err:", err)
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		if SessIDut, ok := session.Values["sessID"]; ok {

			var SessID string
			switch t := SessIDut.(type) {
			case string:
				SessID = t //SessIDut.(string)
			default:
				http.Error(w, "SessID invalid type", http.StatusInternalServerError)
			}

			//runuser, ok := ss.sessionUserMap[SessID]
			runuser := ss.users.getUser(SessID)
			if runuser != nil {
				toRun(runuser, w, req)
			} else {
				javascriptredirect(w, "/?to="+req.URL.RequestURI())
				//http.Error(w, "/", http.StatusTemporaryRedirect )

			}

		} else {
			log.Println("Can't get session ID")
			javascriptredirect(w, "/?to="+req.URL.RequestURI())
			//http.Error(w, "/", http.StatusTemporaryRedirect )
		}
		session.Save(req, w)
	}

}
Example #2
0
func New(db *bolt.DB) httpHandler {
	config := jconfig.LoadConfig("config.json")
	key := config.GetString("session_secret")
	var err error
	str, err = store.New(db, store.Config{}, []byte(key))
	if err != nil {
		panic(err)
	}
	sessionName = config.GetString("session_name")
	return func(h http.Handler) http.Handler {
		return http.HandlerFunc(
			func(w http.ResponseWriter, r *http.Request) {
				session, err := GetSession(r)
				if err != nil {
					util.Error(err, w)
					return
				}
				if t, ok := session.Values["expires"]; ok {
					if time.Now().Before(t.(time.Time)) {
						// authed
						if u, ok := session.Values["user"]; ok {
							w.Header().Set("X-User", u.(string))
						}
						w.Header().Set("X-Expires", t.(time.Time).String())
						h.ServeHTTP(w, r)
						return
					}
				}
				user, pass, ok := r.BasicAuth()
				if ok {
					if checkUserIn(user, pass, w, r) {
						h.ServeHTTP(w, r)
						return
					}
				}
				if r.URL.Path == "/api/v1/auth/" {
					h.ServeHTTP(w, r)
					return
				}
				w.WriteHeader(http.StatusUnauthorized)
			},
		)
	}
}
Example #3
0
func (ss *SubmitServer) loginUser(w http.ResponseWriter, req *http.Request) {

	str, err := store.New(ss.boltDB, store.Config{}, []byte("secret-key"))
	if err != nil {

		log.Println(err)
		http.Error(w, "Internal error", http.StatusInternalServerError)

		return
	}
	session, err := str.New(req, "session")

	if err != nil {
		log.Println("str.New(req, Session)", err)
		http.Error(w, "Internal error", http.StatusInternalServerError)
		return
	}
	req.ParseForm()
	if len(req.PostForm["Name"]) == 0 || len(req.PostForm["Password"]) == 0 {
		log.Println("Name or password missing:", req.PostForm)
		http.Error(w, "Name or password missing", http.StatusUnauthorized)
		return
	}

	u, ok := ss.users.findUser(req.PostForm["Name"][0], req.PostForm["Password"][0])

	if ok {
		session.Values["sessID"] = u.Username
		// Create a session.

		log.Println("!!New session!!")
	} else {
		log.Println("!!Invalid username/password on login!!")
		http.Error(w, "Not a valid username or password", http.StatusUnauthorized)
	}
	if err := session.Save(req, w); err != nil {
		log.Println("Saving session failed")
	}
}