// Use adds the session capability on router.
func Use(router *wcg.Router, configure func()) {
middleware.SessionConfigIni.StoreFactory = gae.SessionStoreFactory
sessionBefore, sessionAfter := middleware.SessionSupport()
csrf := middleware.CSRFSupport()
router.Before(wcg.NewNamedHandler("session.before", func(res *wcg.Response, req *wcg.Request) {
if canSkipSessionMiddleware(req) {
return
}
sessionBefore.Process(res, req)
if lib.IsOnGAE() { // Check only on GAE environment
if req.Method() != "GET" && req.Method() != "HEAD" {
csrf.Process(res, req)
}
}
}))
configure()
router.After(wcg.NewNamedHandler("session.after", func(res *wcg.Response, req *wcg.Request) {
if canSkipSessionMiddleware(req) {
return
}
sessionAfter.Process(res, req)
}))
}
// RouteTo to dispatch http request to the router object to emulate the request/response.
func (r *TestRequest) RouteTo(router *wcg.Router) *TestResponse {
router.Dispatch(r.res, r.Request)
body, err := ioutil.ReadAll(r.recorder.Body)
if err != nil {
panic(err)
}
return &TestResponse{
r.recorder.Code,
r.recorder.Header(),
body,
r,
}
}
func byHeader(router *wcg.Router, configure func()) {
router.Before(wcg.NewNamedHandler("HeaderAuth", func(res *wcg.Response, req *wcg.Request) {
if !request.ByGuest(req) { // already authenticated
req.Logger.Warnf("request.Authorize is called more than once.")
return
}
// req.Logger.Infof("Token Authorization: %s", tokenString)
if request.IsTask(req) {
req.User = request.NewTaskUser(req)
} else if request.IsCron(req) {
req.User = request.CronUser
} else {
authorizeByAPIToken(req)
}
}))
configure()
}
func bySession(router *wcg.Router, configure func()) {
fbconfig := facebook.NewAuthConfig("dummy", "dumyy", "")
fbconfig.RedirectURL = "/login/facebook/callback"
fbconfig.ContextFactory = func(res *wcg.Response, req *wcg.Request) context.Context {
return gae.NewContext(req)
}
fbconfig.UnauthorizedHandler = wcg.AnonymousHandler(func(res *wcg.Response, req *wcg.Request) {
res.TemplatesWithStatus(401, nil, "permrejected.html", "header.html", "footer.html")
})
fbconfig.AuthorizedHandler = wcg.AnonymousHandler(func(res *wcg.Response, req *wcg.Request) {
ref, _ := req.Session.Get("LoginRef")
if ref != "" && strings.HasPrefix(ref, "/") {
res.Redirect(wcg.AbsoluteURL(req, ref), http.StatusFound)
} else {
res.Redirect("/", http.StatusFound)
}
})
fbconfig.InvalidatedHandler = wcg.AnonymousHandler(func(res *wcg.Response, req *wcg.Request) {
req.Logger.Debugf("Guest user access.")
})
fbconfig.Scopes = []string{}
fbauth, fbcallback, fbvalidates, fblogout := middleware.OAuth2(fbconfig)
// set routes
router.Before(wcg.NewNamedHandler("facebook.validate", func(res *wcg.Response, req *wcg.Request) {
if !request.ByGuest(req) { // already authenticated
return
}
if req.Session == nil {
return
}
// Check the fbconfig from ServerConfig
fbapp := configs.GetMultiValues(
req,
"facebook_app_id",
"facebook_app_secret",
"facebook_page_id",
)
if fbapp[0] != "" && fbapp[1] != "" {
fbconfig.ClientID = fbapp[0]
fbconfig.ClientSecret = fbapp[1]
fbvalidates.Process(res, req)
}
}))
router.GET("/login/facebook", wcg.NewNamedHandler("facebook.login.auth", func(res *wcg.Response, req *wcg.Request) {
if !isFBConfigured(fbconfig) {
return
}
req.Session.Set("LoginRef", req.Query("ref"))
fbauth.Process(res, req)
}))
router.GET("/login/facebook/callback", wcg.NewNamedHandler("facebook.login.callback", func(res *wcg.Response, req *wcg.Request) {
if !isFBConfigured(fbconfig) {
return
}
fbcallback.Process(res, req)
}))
router.POST("/logout/facebook", wcg.NewNamedHandler("facebook.logout", func(res *wcg.Response, req *wcg.Request) {
if !isFBConfigured(fbconfig) {
return
}
fblogout.Process(res, req)
res.Redirect("/", http.StatusFound)
}))
configure()
}