func (o *rerouteOutputter) Output(code int, g *gas.Gas) {
var cookieVal string
if o.data != nil {
buf := new(bytes.Buffer)
enc := gob.NewEncoder(buf)
err := enc.Encode(o.data)
// TODO: do we want to ignore an encode error here?
if err != nil {
Error(g, err).Output(code, g)
return
}
cookieVal = base64.StdEncoding.EncodeToString(buf.Bytes())
}
g.SetCookie(&http.Cookie{
Path: "/",
Name: "_reroute",
Value: cookieVal,
Expires: time.Now().Add(60 * time.Second),
HttpOnly: true,
})
redirectOutputter(o.path).Output(code, g)
}
// SignIn signs the user in by creating a new session and setting a cookie on
// the client.
func SignIn(g *gas.Gas, u User, password string) error {
if store == nil {
return ErrNoStore
}
// already signed in?
sess, _ := GetSession(g)
if sess != nil {
cookie, err := g.Cookie("s")
if err != nil && err != http.ErrNoCookie {
return err
}
if err = VerifyCookie(cookie); err != nil {
return err
}
id, err := base64.StdEncoding.DecodeString(cookie.Value)
if err != nil {
return err
}
//id := []byte(cookie.Value)
if err := store.Update(id); err != nil {
return err
}
return nil
}
pass, salt, err := u.Secrets()
if err != nil {
return err
}
if !VerifyHash([]byte(password), pass, salt) {
return ErrBadPassword
}
username := u.Username()
sessid := make([]byte, Env.SessidLen)
rand.Read(sessid)
err = store.Create(sessid, time.Now().Add(Env.MaxCookieAge), username)
if err != nil {
return err
}
cookie := &http.Cookie{
Name: "s",
Path: "/",
Value: base64.StdEncoding.EncodeToString(sessid),
MaxAge: int(Env.MaxCookieAge / time.Second),
HttpOnly: true,
}
SignCookie(cookie)
g.SetCookie(cookie)
return nil
}
// Recover will try to recover the reroute info stored in the cookie and decode
// it into dest. If there is no reroute cookie, an error is returned.
func Recover(g *gas.Gas, dest interface{}) error {
blob := g.Data("_reroute")
if blob == nil {
return ErrNoReroute
}
dec := gob.NewDecoder(bytes.NewReader(blob.([]byte)))
return dec.Decode(dest)
}
func (o jsonOutputter) Output(code int, g *gas.Gas) {
h := g.Header()
if _, foundType := h["Content-Type"]; !foundType {
h.Set("Content-Type", "application/json; charset=utf-8")
}
g.WriteHeader(code)
json.NewEncoder(g).Encode(o.data)
}
// SignOut signs the user out, destroying the associated session and cookie.
func SignOut(g *gas.Gas) error {
if store == nil {
return ErrNoStore
}
cookie, err := g.Cookie("s")
if err != nil {
return err
}
if err := VerifyCookie(cookie); err != nil {
return err
}
id, err := base64.StdEncoding.DecodeString(cookie.Value)
if err != nil {
return err
}
//id := []byte(cookie.Value)
if err := store.Delete(id); err != nil && err != sql.ErrNoRows {
return err
}
cookie = &http.Cookie{
Name: "s",
Path: "/",
Value: "",
Expires: time.Time{},
MaxAge: -1,
HttpOnly: true,
}
SignCookie(cookie)
g.SetCookie(cookie)
return nil
}
// GetSession figures out the session from the session cookie in the request, or
// just return the session if that's been done already.
func GetSession(g *gas.Gas) (*Session, error) {
if store == nil {
return nil, ErrNoStore
}
const sessKey = "_gas_session"
if sessBox := g.Data(sessKey); sessBox != nil {
if sess, ok := sessBox.(*Session); ok {
return sess, nil
}
}
cookie, err := g.Cookie("s")
if err != nil {
if err == http.ErrNoCookie {
return nil, nil
}
SignOut(g)
return nil, err
}
if err = VerifyCookie(cookie); err != nil {
return nil, err
}
id, err := base64.StdEncoding.DecodeString(cookie.Value)
if err != nil {
// this means invalid session
SignOut(g)
return nil, err
}
//id := []byte(cookie.Value)
sess, err := store.Read(id)
if err != nil {
if err == sql.ErrNoRows {
SignOut(g)
return nil, nil
}
return nil, err
}
if time.Now().After(sess.Expires) {
SignOut(g)
return nil, ErrCookieExpired
}
g.SetData(sessKey, sess)
return sess, nil
}
// CheckReroute is a middleware handler that will check for and deal with
// reroute cookies
func CheckReroute(g *gas.Gas) (int, gas.Outputter) {
reroute, err := g.Cookie("_reroute")
if reroute != nil {
if err == nil {
blob, err := base64.StdEncoding.DecodeString(reroute.Value)
if err == nil {
g.SetData("_reroute", blob)
} else {
log.Println("gas: dispatch reroute:", err)
}
} else {
log.Println("gas: reroute cookie:", err)
}
// Empty the cookie out and toss it back
reroute.Value = ""
reroute.MaxAge = -1
g.SetCookie(reroute)
}
return g.Continue()
}
func (o *templateOutputter) Output(code int, g *gas.Gas) {
templateLock.RLock()
defer templateLock.RUnlock()
group := Templates[o.path]
var t *template.Template
if group == nil {
log.Printf("templates: failed to access template group \"%s\"", o.path)
g.WriteHeader(500)
fmt.Fprintf(g, "Error: template group \"%s\" not found. Did it fail to compile?", o.path)
return
}
partial := g.Request.Header.Get("X-Ajax-Partial") != ""
// If it's a partial page request, try to serve a partial template
// (denoted by a '%' prepended to the template name). If it doesn't
// exist, fall back to the regular one.
if partial && !strings.HasPrefix(o.name, "%") {
t = group.Lookup("%" + o.name)
}
if t == nil {
t = group.Lookup(o.name)
}
if t == nil {
log.Printf("No such template: %s/%s", o.path, o.name)
g.WriteHeader(500)
fmt.Fprintf(g, "Error: no such template: %s/%s", o.path, o.name)
return
}
h := g.Header()
if _, foundType := h["Content-Type"]; !foundType {
h.Set("Content-Type", "text/html; charset=utf-8")
}
var w io.Writer
if strings.Contains(g.Request.Header.Get("Accept-Encoding"), "gzip") {
h.Set("Content-Encoding", "gzip")
gz := gzip.NewWriter(g)
defer gz.Close()
w = io.Writer(gz)
} else {
w = g
}
if !partial && o.layouts != nil && len(o.layouts) > 0 {
layouts := make([]*template.Template, len(o.layouts))
// conceptually the layouts are arranged like this
// [l1, l2, l3] t
// ^
// execution starts at the beginning of the queue. l1 has a link via
// the closure below to l(1+1) = l2, l2 has a link to l3, and l3 has a
// link to t. Once the execution chain starts, each one will fire off
// the next one until it reaches the end, at which point the main
// content template is rendered. The layouts will then be rendered
// outside-in with the main content last (innermost).
// we need this func slice to properly close over the loop variables.
// Otherwise the value of n would be the final value always. The layout
// execution would then always skip all layouts after the first.
funcs := make([]func(), len(o.layouts))
for n, path := range o.layouts {
if err := (func(i int) error {
group, ok := Templates[path.path]
if !ok {
return fmt.Errorf("no such template path %s for layout %s", path.path, path.name)
}
layout := group.Lookup(path.name)
if layout == nil {
return fmt.Errorf("no such layout %s in path %s", path.name, path.path)
}
layouts[i] = layout
// closure closes over:
// - layouts slice so that it can access the next layout,
// - w so that it can write a template with minimal buffering,
// - i so that it knows its position,
// - t to render the final content.
funcs[i] = func() {
f := func() (string, error) {
// If this is the last layout in the queue, then do the
// data instead. Then it'll stop "recursing" to this
// closure.
if i < len(funcs)-1 {
funcs[i+1]()
return "", layouts[i+1].Execute(w, o.data)
}
return "", t.Execute(w, o.data)
}
layout.Funcs(template.FuncMap{"content": f})
}
return nil
})(n); err != nil {
log.Printf("Render: Layouts: %v", err)
g.WriteHeader(500)
fmt.Fprint(w, err)
}
}
g.WriteHeader(code)
funcs[0]()
if err := layouts[0].Execute(w, o.data); err != nil {
fmt.Fprint(w, err)
}
return
}
g.WriteHeader(code)
if err := t.Execute(w, o.data); err != nil {
t = Templates[o.path].Lookup(o.name + "-error")
if t == nil {
fmt.Fprintf(g, "Error: failed to serve error page for %s/%s (error template not found)", o.path, o.name)
return
}
if err = t.Execute(g, err); err != nil {
fmt.Fprintf(g, "Error: failed to serve error page for %s/%s (%v)", o.path, o.name, err)
return
}
}
}