func (authData *validatorImpl) LoginHandler(w http.ResponseWriter, r *http.Request) { client := r.FormValue("client") token := r.FormValue("token") if client == "" || token == "" { w.Write([]byte(loginHtml)) return } existingToken, found := authData.tokenMap[client] if !found { http.Error(w, "Invalid auth token", http.StatusForbidden) return } if token != existingToken { log.Printf("Invalid token: %s != %s", token, existingToken) http.Error(w, "Invalid auth token", http.StatusForbidden) return } // Set cookies. clientCookie := &http.Cookie{Name: "client", Value: client, Secure: true} http.SetCookie(w, clientCookie) tokenCookie := &http.Cookie{Name: "token", Value: token, Secure: true} http.SetCookie(w, tokenCookie) w.Write([]byte("Login successful")) }
func deleteAccountHandler(w http.ResponseWriter, r *http.Request) { id := "" session, err := sessions.Session(r, "", "datastore") c1 := appengine.NewContext(r) c1.Debugf("deleteAccount: id=%v, session=%v, err=%v\n", session["userID"], session, err) if err == nil { if session["userID"] != nil { id = session["userID"].(string) } } if id != "" { user := loadUser(r, id) if user.Id != "" { c := appengine.NewContext(r) key := datastore.NewKey(c, "User", user.Id, 0, nil) datastore.Delete(c, key) session["userID"] = "" sessions.Save(r, w) memUserDelete(c, user.Id) memcache.Delete(c, "user"+user.Id) http.SetCookie(w, &http.Cookie{Name: "userId", Value: "", Domain: appConfig.AppDomain, Path: "/", MaxAge: -1}) } } http.Redirect(w, r, "/", http.StatusFound) }
func createSessionCookie(w http.ResponseWriter, user string) (session string) { session = fmt.Sprintf("s%v", rand.Int31()) value := encodeSecureCookie(user, session, time.UTC().Seconds()) // Cookie cookie := &http.Cookie{Path: "/", Name: "Session", Value: value, Expires: *time.SecondsToUTC(time.UTC().Seconds() + maxAge)} http.SetCookie(w, cookie) return }
func Login(w http.ResponseWriter, r *http.Request) { username, err := ParseJSONField(r, "username") if err != nil { http.Error(w, err.String(), http.StatusInternalServerError) return } user, err := room.AddUser(username) if err != nil { http.Error(w, err.String(), http.StatusInternalServerError) return } cookie := &http.Cookie{Name: "username", Value: user.Username, HttpOnly: true} http.SetCookie(w, cookie) }
// SetCookie sets a session cookie using the user-defined configuration. // // Custom backends will only store a session id in the cookie. func SetCookie(s SessionStore, w http.ResponseWriter, key string, info *SessionInfo) (bool, error) { encoded, err := Encode(s, key, info.Data) if err != nil { return false, err } cookie := &http.Cookie{ Name: key, Value: encoded, Path: info.Config.Path, Domain: info.Config.Domain, MaxAge: info.Config.MaxAge, Secure: info.Config.Secure, HttpOnly: info.Config.HttpOnly, } http.SetCookie(w, cookie) return true, nil }
func googleCallbackHandler(w http.ResponseWriter, r *http.Request) { c := appengine.NewContext(r) code := r.FormValue("code") tr := emptyTransport() tr.Transport = &urlfetch.Transport{Context: c} if _, err := tr.Exchange(code); err != nil { c.Debugf("tr: %v\n", tr.Token) serveError(c, w, err) return } // get info on the user httpClient := tr.Client() p, err := plus.New(httpClient) if err != nil { serveError(c, w, err) return } person, err := p.People.Get("me").Do() if err != nil { serveError(c, w, err) return } cookie := &http.Cookie{Name: "userId", Value: person.Id, Domain: appConfig.AppDomain, Path: "/", MaxAge: 30000000 /* about a year */} http.SetCookie(w, cookie) if session, err := sessions.Session(r, "", "datastore"); err == nil { session["userID"] = person.Id f := sessions.Save(r, w) c.Debugf("callback: sessionSave: %v\n", f) } user := loadUser(r, person.Id) if user.Id == "" { user = User{Id: person.Id, GoogleAccessToken: tr.Token.AccessToken, GoogleTokenExpiry: tr.Token.TokenExpiry, GoogleRefreshToken: tr.Token.RefreshToken} user.GoogleLatest = time.Nanoseconds() } saveUser(r, &user) http.Redirect(w, r, "/", http.StatusFound) }
func handleLogout(w http.ResponseWriter, r *http.Request) { // Cookie cookie := &http.Cookie{Path: "/", Name: "Session", Value: "", Expires: *time.SecondsToUTC(time.UTC().Seconds() + maxAge)} http.SetCookie(w, cookie) http.Redirect(w, r, "/login/login.html", 307) }