// Use adds the session capability on router.
func Use(router *wcg.Router, configure func()) {
middleware.SessionConfigIni.StoreFactory = gae.SessionStoreFactory
sessionBefore, sessionAfter := middleware.SessionSupport()
csrf := middleware.CSRFSupport()
router.Before(wcg.NewNamedHandler("session.before", func(res *wcg.Response, req *wcg.Request) {
if canSkipSessionMiddleware(req) {
return
}
sessionBefore.Process(res, req)
if lib.IsOnGAE() { // Check only on GAE environment
if req.Method() != "GET" && req.Method() != "HEAD" {
csrf.Process(res, req)
}
}
}))
configure()
router.After(wcg.NewNamedHandler("session.after", func(res *wcg.Response, req *wcg.Request) {
if canSkipSessionMiddleware(req) {
return
}
sessionAfter.Process(res, req)
}))
}
func authorizeByAPIToken(req *wcg.Request) {
tokenString := req.Header(request.APITokenHeader)
if !lib.IsOnGAE() && !lib.IsProduction() && tokenString == string(request.APITestUser.Token) {
req.User = request.APITestUser
return
}
if !wcg.IsUUID(tokenString) {
// Do not access APIToken entity if it's not a valid UUID.
return
}
_, ent, err := entities.APIToken.Get().Key(tokenString).Cache(true).One(req)
if err == nil {
req.User = &request.APITokenUser{ent.(*models.APIToken)}
return
}
}