// Handle requests containing JSON with user credentials. If the credentials are valid the response will set a session cookie effectively logging in the user. // // Expected JSON format: // {"Username":"******", "Password":"******"} // // Invalid credentials will result in a 401 StatusUnauthorized response. Malformed JSON will result in a 400 StatusBadRequest or possibly 500 StatusInternalServerError. func AuthHandlerFunc(w http.ResponseWriter, r *http.Request) { // Parse the JSON into a user object loginInfo := new(data.User) decoder := json.NewDecoder(r.Body) err := decoder.Decode(&loginInfo) if err != nil { log.Println("JSON problem") log.Println(err) http.Error(w, "Malformed json.", http.StatusBadRequest) return } // Try and load the actual user user := new(data.User) user.Username = loginInfo.Username err = storage.Select(user) if err == storage.ErrZeroAffected { log.Println("No such user: "******"Invalid credentials.", http.StatusUnauthorized) return } else if err != nil { log.Println(err) http.Error(w, "Database error, likely due to malformed request.", http.StatusInternalServerError) return } // Validate if !user.Auth(loginInfo.Password) { log.Println("Wrong Password for: ", user.Username) http.Error(w, "Invalid credentials.", http.StatusUnauthorized) return } // Get role permissions role := new(data.Role) role.Title = user.Role err = storage.Select(role) if err != nil { log.Println("Issues loading role during auth", err) role.Permissions = 0 // Default to no permissions } // Build a cookie session session, _ := store.Get(r, "rter-credentials") session.Values["username"] = user.Username session.Values["role"] = user.Role session.Values["permissions"] = role.Permissions err = session.Save(r, w) if err != nil { log.Println(err) } }