func LoggedIn(w http.ResponseWriter, r *http.Request, s *securecookie.SecureCookie) bool { if cookie, err := r.Cookie("whiteboard"); err == nil { value := make(map[string]string) if err = s.Decode("whiteboard", cookie.Value, &value); err == nil { return true } return false } return false }
// SetMaxAge restricts the maximum age, in seconds, of the session record // both in database and a browser. This is to change session storage configuration. // If you want just to remove session use your session `s` object and change it's // `Options.MaxAge` to -1, as specified in // http://godoc.org/github.com/gorilla/sessions#Options // // Default is the one provided by this package value - `sessionExpire`. // Set it to 0 for no restriction. // Because we use `MaxAge` also in SecureCookie crypting algorithm you should // use this function to change `MaxAge` value. func (s *DynamoDBStore) SetMaxAge(v int) { var c *securecookie.SecureCookie var ok bool s.Options.MaxAge = v for i := range s.Codecs { if c, ok = s.Codecs[i].(*securecookie.SecureCookie); ok { c.MaxAge(v) } else { fmt.Printf("Can't change MaxAge on codec %v\n", s.Codecs[i]) } } }
func StoreCookie(w http.ResponseWriter, r *http.Request, storedCookie *securecookie.SecureCookie, cookieName, cookieValue string) { value := map[string]string{ cookieName: cookieValue, } if encoded, err := storedCookie.Encode(cookieName, value); err == nil { cookie := &http.Cookie{ Name: cookieName, Value: encoded, Path: "/", } http.SetCookie(w, cookie) } }
func FetchCookie(r *http.Request, storedCookie *securecookie.SecureCookie, cookieName string) string { if cookie, err := r.Cookie(cookieName); err == nil { value := make(map[string]string) if cookie != nil { err = storedCookie.Decode(cookieName, cookie.Value, &value) if len(value[cookieName]) > 0 && err == nil { return value[cookieName] } } } return "" }
func Connect(w http.ResponseWriter, r *http.Request, u auth.User, sessionStore sessions.Store, secureCookie *securecookie.SecureCookie, dbStore *Store) { StatCount("connect call", 1) session, err := sessionStore.Get(r, SESSIONNAME) if err != nil { xlog.Errorf("Error fetching session: %v", err) session, _ = sessionStore.New(r, SESSIONNAME) } if userID, ok := session.Values["userID"].(int); ok { xlog.Debugf("Connect: already logged in (userID = %d), connecting account", userID) // we have a valid session -> connect account to user username := u.Provider() + ":" + u.Id() err := dbStore.AddUser(username, userID) if err != nil { xlog.Errorf("Error adding user: %v", err) http.Error(w, err.Error(), http.StatusForbidden) return } w.Header().Set("Location", "/settings") } else { xlog.Debugf("Connect: not logged in, actually log in user.") // no valid session -> actually login user username := u.Provider() + ":" + u.Id() xlog.Debugf("Connect: username = %s", username) userID, err := dbStore.CreateUser(username) if err != nil { xlog.Errorf("Error creating user: %v", err) http.Error(w, err.Error(), http.StatusForbidden) return } xlog.Debugf("Connect: userID = %d", userID) // set session values session.Values["userID"] = userID session.Values["username"] = username session.Values["email"] = u.Email() session.Values["name"] = u.Name() session.Save(r, w) // set XSRF-TOKEN for AngularJS xsrftoken, _ := secureCookie.Encode(XSRFTOKEN, username) http.SetCookie(w, &http.Cookie{Name: XSRFTOKEN, Value: xsrftoken, Path: "/"}) w.Header().Set("Location", "/") } w.WriteHeader(http.StatusFound) }
func CreateCookie(s *securecookie.SecureCookie) (*http.Cookie, error) { var err error // Create secure cookie with login info value := map[string]string{ "authenticated": "true", } if encoded, err := s.Encode("whiteboard", value); err == nil { cookie := &http.Cookie{ Name: "whiteboard", Value: encoded, Path: "/", } cookie.MaxAge = 10000 return cookie, err } return nil, err }
func VerifyXSRFToken(w http.ResponseWriter, r *http.Request, sessionStore sessions.Store, secureCookie *securecookie.SecureCookie) bool { xsrftoken := r.Header.Get(XSRFTOKENHEADER) userID := "" err := secureCookie.Decode(XSRFTOKEN, xsrftoken, &userID) if err == nil { session, _ := sessionStore.Get(r, SESSIONNAME) if userID != "" && userID == session.Values["username"].(string) { xlog.Infof("XSRF verification success for user %s", session.Values["username"].(string)) return true } xlog.Errorf("XSRF issue: userID = %s session = %s", userID, session.Values["username"].(string)) } xlog.Errorf("XSRF verification failed: %v (Request: %#v", err, *r) http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) StatCount("XSRF verification failed", 1) return false }
func (ac *agentCredentials) Cookie(sc *securecookie.SecureCookie) (*http.Cookie, error) { encoded, err := json.Marshal(ac) if err != nil { return nil, err } secured, err := sc.Encode(agentCookieName, encoded) if err != nil { return nil, err } cookie := &http.Cookie{ Name: agentCookieName, Value: secured, Path: "/", Expires: time.Now().Add(agentCookieDuration), HttpOnly: true, } return cookie, nil }