func main() {
defer log.Flush()
flag.Parse()
log.StartLogging()
var sessionStore session.Store
if *useEtcd {
sessionStore = session.NewEtcdStore(*etcdAddr)
} else {
sessionStore = session.NewInMemoryStore()
}
auth := auth.New(auth.NewInMemoryStore())
// TODO(jwall): This is totally cheating and should be removed once
// we have real storage backends.
if err := auth.NewUser("rtp-debug", "rtp rules!"); err != nil {
log.Fatal(err)
}
muxer.HandleFunc("/quitquitquit", quitQuitQuitHandler)
// TODO(jwall): handle codecs.
muxer.Handle("/_api/login", rest.New(&LoginHandler{ss: sessionStore}, auth))
muxer.Handle("/_api/logout", rest.New(&LogoutHandler{ss: sessionStore}, auth))
muxer.Handle("/_api/backendAddress", rest.New(&BackendAddressHandler{}, auth))
muxer.Handle("/{path:.*}", http.FileServer(DefaultIndex{dir: http.Dir(*staticDir)}))
// Note(jwall): to test this for now:
// curl -v -H 'Content-Type: application/json' --data '{"Username":"******","Password":"******"}' http://localhost:8080/_api/login
http.Handle("/", muxer)
log.Infof("Server now listening on %v", *addr)
log.Fatal(http.ListenAndServe(*addr, nil))
}
func (d DefaultIndex) Open(name string) (http.File, error) {
log.Infof("Request: %v", name)
f, err := d.dir.Open(name)
if err != nil {
f, err = d.dir.Open("/index.html")
}
return f, err
}
func (h *LoginHandler) Post(ctx rest.Context) (int, interface{}) {
log.Infof("Handling login request %q")
ar := AuthRequest{}
ctx.Deserialize(&ar)
status := 200
// Check for a cookie already present.
c := getSessionCookie(ctx)
if c == nil {
c = &http.Cookie{}
c.Name = authCookieName
c.Value = simpleUUID4()
// TODO(jwall): Session expiration?
sess, err := h.ss.StartSession(c.Value)
if err != nil {
panic("Can't create user session. Something is very wrong!!!" + err.Error())
}
sess.Values[usernameKey] = ar.Username
err = h.ss.Save(sess)
if err != nil {
panic("Can't save user session. Something is very wrong!!!" + err.Error())
}
} else {
sess, err := h.ss.Get(c.Value)
if err != nil || sess == nil {
panic("Error Getting session " + err.Error())
}
if ar.Username != sess.Values[usernameKey].(string) {
// Status 409 Conflict.
// There is a conflict with the current session username
// and the requested login username.
return 409, nil
}
}
if ok, err := ctx.Auth.Authenticate(ar.Username, ar.Password); ok {
ctx.Header().Add("Set-Cookie", c.String())
} else {
log.Errorf("Unable to authenticate %q err %q", ar.Username, err)
status = 403
}
return status, nil
}