//LoginFunc implements the login functionality, will add a cookie to the cookie store for managing authentication
func LoginFunc(w http.ResponseWriter, r *http.Request) {
session, err := sessions.Store.Get(r, "session")
if err != nil {
log.Println("error identifying session")
loginTemplate.Execute(w, nil)
return
}
switch r.Method {
case "GET":
loginTemplate.Execute(w, nil)
case "POST":
log.Print("Inside POST")
r.ParseForm()
username := r.Form.Get("username")
password := r.Form.Get("password")
if (username != "" && password != "") && db.ValidUser(username, password) {
session.Values["loggedin"] = "true"
session.Values["username"] = username
session.Save(r, w)
log.Print("user ", username, " is authenticated")
http.Redirect(w, r, "/", 302)
return
}
log.Print("Invalid user " + username)
loginTemplate.Execute(w, nil)
default:
http.Redirect(w, r, "/login/", http.StatusUnauthorized)
}
}
//GetTokenHandler will get a token for the username and password
func GetTokenHandler(w http.ResponseWriter, r *http.Request) {
if r.Method != "POST" {
w.Write([]byte("Method not allowed"))
return
}
r.ParseForm()
username := r.Form.Get("username")
password := r.Form.Get("password")
log.Println(username, " ", password)
if username == "" || password == "" {
w.Write([]byte("Invalid Username or password"))
return
}
if db.ValidUser(username, password) {
/* Set token claims */
// Create the Claims
claims := MyCustomClaims{
username,
jwt.StandardClaims{
ExpiresAt: time.Now().Add(time.Hour * 5).Unix(),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
/* Sign the token with our secret */
tokenString, err := token.SignedString(mySigningKey)
if err != nil {
log.Println("Something went wrong with signing token")
w.Write([]byte("Authentication failed"))
return
}
/* Finally, write the token to the browser window */
w.Write([]byte(tokenString))
} else {
w.Write([]byte("Authentication failed"))
}
}