Example #1
0
func ExampleRouter() {
	// A simple "static" route.
	loginForm := func(g *gas.Gas) (int, gas.Outputter) {
		return 200, out.HTML("example/login-form", nil)
	}

	// JSON REST? Sure.
	login := func(g *gas.Gas) (int, gas.Outputter) {
		u := new(myUser).byUsername(g.FormValue("user"))
		if err := auth.SignIn(g, u, g.FormValue("pass")); err != nil {
			return 403, out.JSON(M{"error": err.Error()})
		} else {
			return 204, nil
		}
	}

	// Reroute users (+ a cookie with the path data) if not logged in
	checkLogin := func(path string) func(g *gas.Gas) (int, gas.Outputter) {
		return func(g *gas.Gas) (int, gas.Outputter) {
			if sess, err := auth.GetSession(g); sess == nil || err != nil {
				return 303, out.Reroute(path, map[string]string{"path": g.URL.Path})
			} else {
				g.SetData("user", new(myUser).byUsername(sess.Username))
			}
			return 0, nil
		}
	}

	// A page behind the login wall
	profile := func(g *gas.Gas) (int, gas.Outputter) {
		user := g.Data("user").(*myUser)
		return 200, out.HTML("example", user)
	}

	// The router
	gas.New().
		Get("/profile", checkLogin("/login"), profile).
		Get("/login", loginForm).
		Post("/login", login)
}
Example #2
0
func TestAuth(t *testing.T) {
	/*
		runtime.GOMAXPROCS(runtime.NumCPU())
		go func() {
			//fmt.Println(http.ListenAndServe(":6006", nil))
		}()
	*/
	testPass := "******"
	hash, salt := auth.NewHash([]byte(testPass))

	tx, err := db.DB.Begin()
	if err != nil {
		t.Fatal(err)
	}
	tx.Exec(`
	CREATE TEMP TABLE gas_test_users (
		id serial PRIMARY KEY,
		name text NOT NULL,
		pass bytea NOT NULL,
		salt bytea NOT NULL
	)`)
	tx.Exec(`INSERT INTO gas_test_users VALUES ( DEFAULT, 'moshee', $1, $2 )`, hash, salt)
	if err := tx.Commit(); err != nil {
		t.Fatal(err)
	}

	r := gas.New().Get("/", func(g *gas.Gas) (int, gas.Outputter) {
		if sess, err := auth.GetSession(g); sess == nil || err != nil {
			fmt.Fprint(g, "no")
		} else {
			if u, err := new(MyUser).byUsername(sess.Username); err != nil {
				fmt.Fprint(g, "no")
			} else {
				fmt.Fprintf(g, "%d", u.Id)
			}
		}
		return -1, nil
	}).Get("/hmac", func(g *gas.Gas) (int, gas.Outputter) {
		_, err := auth.GetSession(g)
		if err != nil {
			fmt.Fprint(g, "no")
			if err != auth.ErrBadMac {
				t.Fatalf("Expected hmac error, got %v", err)
			}
		} else {
			fmt.Fprint(g, "yes")
		}
		return -1, nil
	}).Post("/login", func(g *gas.Gas) (int, gas.Outputter) {
		u, err := new(MyUser).byUsername(g.FormValue("username"))
		if err != nil {
			fmt.Fprint(g, "no")
			return -1, nil
		}
		if err = auth.SignIn(g, u, g.FormValue("pass")); err != nil {
			fmt.Fprint(g, "no")
		} else {
			fmt.Fprint(g, "yes")
		}
		return -1, nil
	}).Get("/logout", func(g *gas.Gas) (int, gas.Outputter) {
		if err := auth.SignOut(g); err != nil {
			fmt.Fprint(g, "no")
		} else {
			fmt.Fprint(g, "yes")
		}
		return -1, nil
	})

	t.Log("Testing DB session store")
	dbs, err := db.NewStore("gas_sessions")
	if err != nil {
		t.Fatal(err)
	}
	auth.UseSessionStore(dbs)
	testAuth(t, testPass, r)

	t.Log("Testing FS session store")
	fss, err := auth.NewFileStore()
	if err != nil {
		t.Fatal(err)
	}
	defer fss.Destroy()
	auth.UseSessionStore(fss)
	testAuth(t, testPass, r)
}