func WithAuthentication(h ContextHandler) ContextHandler { return ContextHandlerFunc(func(ctx context.Context, w http.ResponseWriter, req *http.Request) error { user, err := auth.GetUserCookie(req) // if no active user session then authorize user if err != nil || user.Id() == "" { http.Redirect(w, req, auth.Config.LoginRedirect, http.StatusSeeOther) log.Warnf("unidentified user: %+v", user) return nil } if _, ok := accessibleEmail[user.Email()]; !ok { auth.DeleteUserCookie(w, req) http.Redirect(w, req, "http://google.com", http.StatusSeeOther) log.Warnf("unidentified user: %+v", user) return nil } ctx = context.WithValue(ctx, userKey, &user) userID := fmt.Sprintf("%+v", user) globalStorage.Lock() // (X) this will deadlock // defer globalStorage.Unlock() if globalStorage.userIDToData[userID] == nil { globalStorage.userIDToData[userID] = &data{} } globalStorage.Unlock() return h.ServeHTTPContext(ctx, w, req) }) }
func logoutHandler(w http.ResponseWriter, req *http.Request) { switch req.Method { case "GET": auth.DeleteUserCookie(w, req) http.Redirect(w, req, "/", http.StatusSeeOther) default: http.Error(w, "Method Not Allowed", 405) } }
func handlerLogout(ctx context.Context, w http.ResponseWriter, req *http.Request) error { switch req.Method { case "GET": auth.DeleteUserCookie(w, req) http.Redirect(w, req, "/", http.StatusSeeOther) return nil default: http.Error(w, "Method Not Allowed", 405) return fmt.Errorf("Method Not Allowed: %+v", req.Method) } }
func secreteHandler(w http.ResponseWriter, req *http.Request) { switch req.Method { case "GET": user, err := auth.GetUserCookie(req) if err != nil { w.WriteHeader(http.StatusBadRequest) fmt.Fprintln(w, err) return } if user.Email() != "*****@*****.**" { fmt.Println("only [email protected] can access") auth.DeleteUserCookie(w, req) http.Redirect(w, req, "http://google.com", http.StatusSeeOther) } fmt.Fprintf(w, `<a href="/auth/logout">logout</a><br>authorized user: %+v`, user) default: http.Error(w, "Method Not Allowed", 405) } }
// https://github.com/bradrydzewski/go.auth/blob/master/auth.go func WithAuthentication(h ContextHandler) ContextHandler { return ContextHandlerFunc(func(ctx context.Context, w http.ResponseWriter, req *http.Request) error { user, err := auth.GetUserCookie(req) // if no active user session then authorize user if err != nil || user.Id() == "" { http.Redirect(w, req, auth.Config.LoginRedirect, http.StatusSeeOther) log.Warnf("unidentified user: %+v", user) return nil } if _, ok := accessibleEmail[user.Email()]; !ok { auth.DeleteUserCookie(w, req) http.Redirect(w, req, "http://google.com", http.StatusSeeOther) log.Warnf("unidentified user: %+v", user) return nil } // else, add the user to the URL and continue // req.URL.User = url.User(user.Id()) ctx = context.WithValue(ctx, UserKey, &user) return h.ServeHTTPContext(ctx, w, req) }) }