func (authData *validatorImpl) LoginHandler(w http.ResponseWriter, r *http.Request) {
client := r.FormValue("client")
token := r.FormValue("token")
if client == "" || token == "" {
w.Write([]byte(loginHtml))
return
}
existingToken, found := authData.tokenMap[client]
if !found {
http.Error(w, "Invalid auth token", http.StatusForbidden)
return
}
if token != existingToken {
log.Printf("Invalid token: %s != %s", token, existingToken)
http.Error(w, "Invalid auth token", http.StatusForbidden)
return
}
// Set cookies.
clientCookie := &http.Cookie{Name: "client", Value: client, Secure: true}
http.SetCookie(w, clientCookie)
tokenCookie := &http.Cookie{Name: "token", Value: token, Secure: true}
http.SetCookie(w, tokenCookie)
w.Write([]byte("Login successful"))
}
func deleteAccountHandler(w http.ResponseWriter, r *http.Request) {
id := ""
session, err := sessions.Session(r, "", "datastore")
c1 := appengine.NewContext(r)
c1.Debugf("deleteAccount: id=%v, session=%v, err=%v\n", session["userID"], session, err)
if err == nil {
if session["userID"] != nil {
id = session["userID"].(string)
}
}
if id != "" {
user := loadUser(r, id)
if user.Id != "" {
c := appengine.NewContext(r)
key := datastore.NewKey(c, "User", user.Id, 0, nil)
datastore.Delete(c, key)
session["userID"] = ""
sessions.Save(r, w)
memUserDelete(c, user.Id)
memcache.Delete(c, "user"+user.Id)
http.SetCookie(w, &http.Cookie{Name: "userId", Value: "", Domain: appConfig.AppDomain, Path: "/", MaxAge: -1})
}
}
http.Redirect(w, r, "/", http.StatusFound)
}
func createSessionCookie(w http.ResponseWriter, user string) (session string) {
session = fmt.Sprintf("s%v", rand.Int31())
value := encodeSecureCookie(user, session, time.UTC().Seconds())
// Cookie
cookie := &http.Cookie{Path: "/", Name: "Session", Value: value, Expires: *time.SecondsToUTC(time.UTC().Seconds() + maxAge)}
http.SetCookie(w, cookie)
return
}
func Login(w http.ResponseWriter, r *http.Request) {
username, err := ParseJSONField(r, "username")
if err != nil {
http.Error(w, err.String(), http.StatusInternalServerError)
return
}
user, err := room.AddUser(username)
if err != nil {
http.Error(w, err.String(), http.StatusInternalServerError)
return
}
cookie := &http.Cookie{Name: "username", Value: user.Username, HttpOnly: true}
http.SetCookie(w, cookie)
}
// SetCookie sets a session cookie using the user-defined configuration.
//
// Custom backends will only store a session id in the cookie.
func SetCookie(s SessionStore, w http.ResponseWriter, key string,
info *SessionInfo) (bool, error) {
encoded, err := Encode(s, key, info.Data)
if err != nil {
return false, err
}
cookie := &http.Cookie{
Name: key,
Value: encoded,
Path: info.Config.Path,
Domain: info.Config.Domain,
MaxAge: info.Config.MaxAge,
Secure: info.Config.Secure,
HttpOnly: info.Config.HttpOnly,
}
http.SetCookie(w, cookie)
return true, nil
}
func googleCallbackHandler(w http.ResponseWriter, r *http.Request) {
c := appengine.NewContext(r)
code := r.FormValue("code")
tr := emptyTransport()
tr.Transport = &urlfetch.Transport{Context: c}
if _, err := tr.Exchange(code); err != nil {
c.Debugf("tr: %v\n", tr.Token)
serveError(c, w, err)
return
}
// get info on the user
httpClient := tr.Client()
p, err := plus.New(httpClient)
if err != nil {
serveError(c, w, err)
return
}
person, err := p.People.Get("me").Do()
if err != nil {
serveError(c, w, err)
return
}
cookie := &http.Cookie{Name: "userId", Value: person.Id, Domain: appConfig.AppDomain, Path: "/", MaxAge: 30000000 /* about a year */}
http.SetCookie(w, cookie)
if session, err := sessions.Session(r, "", "datastore"); err == nil {
session["userID"] = person.Id
f := sessions.Save(r, w)
c.Debugf("callback: sessionSave: %v\n", f)
}
user := loadUser(r, person.Id)
if user.Id == "" {
user = User{Id: person.Id, GoogleAccessToken: tr.Token.AccessToken, GoogleTokenExpiry: tr.Token.TokenExpiry, GoogleRefreshToken: tr.Token.RefreshToken}
user.GoogleLatest = time.Nanoseconds()
}
saveUser(r, &user)
http.Redirect(w, r, "/", http.StatusFound)
}
func handleLogout(w http.ResponseWriter, r *http.Request) {
// Cookie
cookie := &http.Cookie{Path: "/", Name: "Session", Value: "", Expires: *time.SecondsToUTC(time.UTC().Seconds() + maxAge)}
http.SetCookie(w, cookie)
http.Redirect(w, r, "/login/login.html", 307)
}