func logout(w http.ResponseWriter, r *http.Request) error {
session := web.Session(r)
delete(session.Values, "userId")
web.FlashInfo(r, "You have been logged out")
http.Redirect(w, r, "/login", http.StatusFound)
return nil
}
func login(w http.ResponseWriter, r *http.Request) error {
username := r.FormValue("username")
password := r.FormValue("password")
userLog.Info("Log in: %v/%v", username, password)
query := DB.QueryRow("SELECT id, username, password FROM users WHERE username = $1", username)
var user User
err := query.Scan(&user.Id, &user.Username, &user.password)
if err != nil {
web.FlashWarning(r, "No such user found")
http.Redirect(w, r, "/login", http.StatusFound)
return nil
}
if string(user.password) == password {
session := web.Session(r)
session.Values["userId"] = user.Id
web.FlashInfo(r, fmt.Sprintf("Logged in as %v", user.Username))
if dest, ok := session.Values["loginDestination"]; ok {
http.Redirect(w, r, dest.(string), http.StatusFound)
} else {
http.Redirect(w, r, "/user", http.StatusFound)
}
return nil
}
web.FlashWarning(r, "Incorrect username or password")
http.Redirect(w, r, "/login", http.StatusFound)
return nil
}
// AuthenticateOrRedirect asserts that there is a user logged in. If there
// is not a user logged in, then the user is redirected to the login page and
// the current URL is stored in the session. Returns true if the user was
// redirected.
func AuthenticateOrRedirect(w http.ResponseWriter, r *http.Request, urlStr string) bool {
user, err := CurrentUser(r)
if user == nil || err != nil {
session := web.Session(r)
session.Values["loginDestinatation"] = r.URL.String()
http.Redirect(w, r, urlStr, http.StatusFound)
return true
}
return false
}
// CurrentUser returns the currently logged in user. It attempts to load
// the user from the context first, and if that fails, it reads a userId
// from the session and loads the user, storing it in the context. If
// there is no userId in the session (user is not authenticated) then nil
// is returned
func CurrentUser(r *http.Request) (*User, error) {
if user := context.Get(r, userKey); user != nil {
return user.(*User), nil
} else {
session := web.Session(r)
userId, ok := session.Values["userId"]
if !ok {
// The current user is not authenticated....
return nil, nil
}
user, err := LoadUser(userId.(int))
if err != nil {
return nil, err
}
context.Set(r, userKey, user)
return user, nil
}
return nil, nil
}