Exemplo n.º 1
0
Arquivo: out.go Projeto: moshee/gas
func (o *rerouteOutputter) Output(code int, g *gas.Gas) {
	var cookieVal string

	if o.data != nil {
		buf := new(bytes.Buffer)
		enc := gob.NewEncoder(buf)
		err := enc.Encode(o.data)

		// TODO: do we want to ignore an encode error here?
		if err != nil {
			Error(g, err).Output(code, g)
			return
		}

		cookieVal = base64.StdEncoding.EncodeToString(buf.Bytes())
	}

	g.SetCookie(&http.Cookie{
		Path:     "/",
		Name:     "_reroute",
		Value:    cookieVal,
		Expires:  time.Now().Add(60 * time.Second),
		HttpOnly: true,
	})

	redirectOutputter(o.path).Output(code, g)
}
Exemplo n.º 2
0
Arquivo: auth.go Projeto: moshee/gas
// SignIn signs the user in by creating a new session and setting a cookie on
// the client.
func SignIn(g *gas.Gas, u User, password string) error {
	if store == nil {
		return ErrNoStore
	}
	// already signed in?
	sess, _ := GetSession(g)
	if sess != nil {
		cookie, err := g.Cookie("s")
		if err != nil && err != http.ErrNoCookie {
			return err
		}

		if err = VerifyCookie(cookie); err != nil {
			return err
		}

		id, err := base64.StdEncoding.DecodeString(cookie.Value)
		if err != nil {
			return err
		}
		//id := []byte(cookie.Value)

		if err := store.Update(id); err != nil {
			return err
		}

		return nil
	}

	pass, salt, err := u.Secrets()
	if err != nil {
		return err
	}
	if !VerifyHash([]byte(password), pass, salt) {
		return ErrBadPassword
	}

	username := u.Username()
	sessid := make([]byte, Env.SessidLen)
	rand.Read(sessid)
	err = store.Create(sessid, time.Now().Add(Env.MaxCookieAge), username)
	if err != nil {
		return err
	}

	cookie := &http.Cookie{
		Name:     "s",
		Path:     "/",
		Value:    base64.StdEncoding.EncodeToString(sessid),
		MaxAge:   int(Env.MaxCookieAge / time.Second),
		HttpOnly: true,
	}

	SignCookie(cookie)

	g.SetCookie(cookie)

	return nil
}
Exemplo n.º 3
0
Arquivo: out.go Projeto: moshee/gas
// Recover will try to recover the reroute info stored in the cookie and decode
// it into dest. If there is no reroute cookie, an error is returned.
func Recover(g *gas.Gas, dest interface{}) error {
	blob := g.Data("_reroute")
	if blob == nil {
		return ErrNoReroute
	}
	dec := gob.NewDecoder(bytes.NewReader(blob.([]byte)))
	return dec.Decode(dest)
}
Exemplo n.º 4
0
Arquivo: out.go Projeto: moshee/gas
func (o jsonOutputter) Output(code int, g *gas.Gas) {
	h := g.Header()
	if _, foundType := h["Content-Type"]; !foundType {
		h.Set("Content-Type", "application/json; charset=utf-8")
	}
	g.WriteHeader(code)
	json.NewEncoder(g).Encode(o.data)
}
Exemplo n.º 5
0
Arquivo: auth.go Projeto: moshee/gas
// SignOut signs the user out, destroying the associated session and cookie.
func SignOut(g *gas.Gas) error {
	if store == nil {
		return ErrNoStore
	}
	cookie, err := g.Cookie("s")
	if err != nil {
		return err
	}
	if err := VerifyCookie(cookie); err != nil {
		return err
	}

	id, err := base64.StdEncoding.DecodeString(cookie.Value)
	if err != nil {
		return err
	}
	//id := []byte(cookie.Value)

	if err := store.Delete(id); err != nil && err != sql.ErrNoRows {
		return err
	}

	cookie = &http.Cookie{
		Name:     "s",
		Path:     "/",
		Value:    "",
		Expires:  time.Time{},
		MaxAge:   -1,
		HttpOnly: true,
	}

	SignCookie(cookie)
	g.SetCookie(cookie)

	return nil
}
Exemplo n.º 6
0
Arquivo: auth.go Projeto: moshee/gas
// GetSession figures out the session from the session cookie in the request, or
// just return the session if that's been done already.
func GetSession(g *gas.Gas) (*Session, error) {
	if store == nil {
		return nil, ErrNoStore
	}
	const sessKey = "_gas_session"
	if sessBox := g.Data(sessKey); sessBox != nil {
		if sess, ok := sessBox.(*Session); ok {
			return sess, nil
		}
	}

	cookie, err := g.Cookie("s")
	if err != nil {
		if err == http.ErrNoCookie {
			return nil, nil
		}
		SignOut(g)
		return nil, err
	}

	if err = VerifyCookie(cookie); err != nil {
		return nil, err
	}

	id, err := base64.StdEncoding.DecodeString(cookie.Value)
	if err != nil {
		// this means invalid session
		SignOut(g)
		return nil, err
	}
	//id := []byte(cookie.Value)

	sess, err := store.Read(id)

	if err != nil {
		if err == sql.ErrNoRows {
			SignOut(g)
			return nil, nil
		}
		return nil, err
	}

	if time.Now().After(sess.Expires) {
		SignOut(g)
		return nil, ErrCookieExpired
	}

	g.SetData(sessKey, sess)

	return sess, nil
}
Exemplo n.º 7
0
Arquivo: out.go Projeto: moshee/gas
// CheckReroute is a middleware handler that will check for and deal with
// reroute cookies
func CheckReroute(g *gas.Gas) (int, gas.Outputter) {
	reroute, err := g.Cookie("_reroute")
	if reroute != nil {
		if err == nil {
			blob, err := base64.StdEncoding.DecodeString(reroute.Value)

			if err == nil {
				g.SetData("_reroute", blob)
			} else {
				log.Println("gas: dispatch reroute:", err)
			}
		} else {
			log.Println("gas: reroute cookie:", err)
		}

		// Empty the cookie out and toss it back
		reroute.Value = ""
		reroute.MaxAge = -1

		g.SetCookie(reroute)
	}

	return g.Continue()
}
Exemplo n.º 8
0
func (o *templateOutputter) Output(code int, g *gas.Gas) {
	templateLock.RLock()
	defer templateLock.RUnlock()
	group := Templates[o.path]
	var t *template.Template

	if group == nil {
		log.Printf("templates: failed to access template group \"%s\"", o.path)
		g.WriteHeader(500)
		fmt.Fprintf(g, "Error: template group \"%s\" not found. Did it fail to compile?", o.path)
		return
	}

	partial := g.Request.Header.Get("X-Ajax-Partial") != ""

	// If it's a partial page request, try to serve a partial template
	// (denoted by a '%' prepended to the template name). If it doesn't
	// exist, fall back to the regular one.
	if partial && !strings.HasPrefix(o.name, "%") {
		t = group.Lookup("%" + o.name)
	}

	if t == nil {
		t = group.Lookup(o.name)
	}

	if t == nil {
		log.Printf("No such template: %s/%s", o.path, o.name)
		g.WriteHeader(500)
		fmt.Fprintf(g, "Error: no such template: %s/%s", o.path, o.name)
		return
	}

	h := g.Header()
	if _, foundType := h["Content-Type"]; !foundType {
		h.Set("Content-Type", "text/html; charset=utf-8")
	}
	var w io.Writer
	if strings.Contains(g.Request.Header.Get("Accept-Encoding"), "gzip") {
		h.Set("Content-Encoding", "gzip")
		gz := gzip.NewWriter(g)
		defer gz.Close()

		w = io.Writer(gz)
	} else {
		w = g
	}

	if !partial && o.layouts != nil && len(o.layouts) > 0 {
		layouts := make([]*template.Template, len(o.layouts))

		// conceptually the layouts are arranged like this
		// [l1, l2, l3] t
		//  ^
		// execution starts at the beginning of the queue. l1 has a link via
		// the closure below to l(1+1) = l2, l2 has a link to l3, and l3 has a
		// link to t. Once the execution chain starts, each one will fire off
		// the next one until it reaches the end, at which point the main
		// content template is rendered. The layouts will then be rendered
		// outside-in with the main content last (innermost).

		// we need this func slice to properly close over the loop variables.
		// Otherwise the value of n would be the final value always. The layout
		// execution would then always skip all layouts after the first.
		funcs := make([]func(), len(o.layouts))

		for n, path := range o.layouts {
			if err := (func(i int) error {
				group, ok := Templates[path.path]
				if !ok {
					return fmt.Errorf("no such template path %s for layout %s", path.path, path.name)
				}
				layout := group.Lookup(path.name)
				if layout == nil {
					return fmt.Errorf("no such layout %s in path %s", path.name, path.path)
				}

				layouts[i] = layout

				// closure closes over:
				// - layouts slice so that it can access the next layout,
				// - w so that it can write a template with minimal buffering,
				// - i so that it knows its position,
				// - t to render the final content.

				funcs[i] = func() {
					f := func() (string, error) {
						// If this is the last layout in the queue, then do the
						// data instead. Then it'll stop "recursing" to this
						// closure.
						if i < len(funcs)-1 {
							funcs[i+1]()
							return "", layouts[i+1].Execute(w, o.data)
						}
						return "", t.Execute(w, o.data)
					}
					layout.Funcs(template.FuncMap{"content": f})
				}

				return nil
			})(n); err != nil {
				log.Printf("Render: Layouts: %v", err)
				g.WriteHeader(500)
				fmt.Fprint(w, err)
			}
		}

		g.WriteHeader(code)
		funcs[0]()
		if err := layouts[0].Execute(w, o.data); err != nil {
			fmt.Fprint(w, err)
		}
		return
	}

	g.WriteHeader(code)

	if err := t.Execute(w, o.data); err != nil {
		t = Templates[o.path].Lookup(o.name + "-error")
		if t == nil {
			fmt.Fprintf(g, "Error: failed to serve error page for %s/%s (error template not found)", o.path, o.name)
			return
		}
		if err = t.Execute(g, err); err != nil {
			fmt.Fprintf(g, "Error: failed to serve error page for %s/%s (%v)", o.path, o.name, err)
			return
		}
	}
}