Пример #1
0
func (authData *validatorImpl) LoginHandler(w http.ResponseWriter, r *http.Request) {
	client := r.FormValue("client")
	token := r.FormValue("token")

	if client == "" || token == "" {
		w.Write([]byte(loginHtml))
		return
	}

	existingToken, found := authData.tokenMap[client]
	if !found {
		http.Error(w, "Invalid auth token", http.StatusForbidden)
		return
	}
	if token != existingToken {
		log.Printf("Invalid token: %s != %s", token, existingToken)
		http.Error(w, "Invalid auth token", http.StatusForbidden)
		return
	}

	// Set cookies.
	clientCookie := &http.Cookie{Name: "client", Value: client, Secure: true}
	http.SetCookie(w, clientCookie)

	tokenCookie := &http.Cookie{Name: "token", Value: token, Secure: true}
	http.SetCookie(w, tokenCookie)

	w.Write([]byte("Login successful"))
}
Пример #2
0
func deleteAccountHandler(w http.ResponseWriter, r *http.Request) {

	id := ""
	session, err := sessions.Session(r, "", "datastore")
	c1 := appengine.NewContext(r)
	c1.Debugf("deleteAccount: id=%v, session=%v, err=%v\n", session["userID"], session, err)
	if err == nil {
		if session["userID"] != nil {
			id = session["userID"].(string)
		}
	}
	if id != "" {
		user := loadUser(r, id)
		if user.Id != "" {
			c := appengine.NewContext(r)
			key := datastore.NewKey(c, "User", user.Id, 0, nil)
			datastore.Delete(c, key)
			session["userID"] = ""
			sessions.Save(r, w)
			memUserDelete(c, user.Id)
			memcache.Delete(c, "user"+user.Id)
			http.SetCookie(w, &http.Cookie{Name: "userId", Value: "", Domain: appConfig.AppDomain, Path: "/", MaxAge: -1})
		}
	}
	http.Redirect(w, r, "/", http.StatusFound)
}
Пример #3
0
func createSessionCookie(w http.ResponseWriter, user string) (session string) {
	session = fmt.Sprintf("s%v", rand.Int31())
	value := encodeSecureCookie(user, session, time.UTC().Seconds())
	// Cookie
	cookie := &http.Cookie{Path: "/", Name: "Session", Value: value, Expires: *time.SecondsToUTC(time.UTC().Seconds() + maxAge)}
	http.SetCookie(w, cookie)
	return
}
Пример #4
0
func Login(w http.ResponseWriter, r *http.Request) {
	username, err := ParseJSONField(r, "username")
	if err != nil {
		http.Error(w, err.String(), http.StatusInternalServerError)
		return
	}

	user, err := room.AddUser(username)
	if err != nil {
		http.Error(w, err.String(), http.StatusInternalServerError)
		return
	}

	cookie := &http.Cookie{Name: "username", Value: user.Username, HttpOnly: true}
	http.SetCookie(w, cookie)
}
Пример #5
0
// SetCookie sets a session cookie using the user-defined configuration.
//
// Custom backends will only store a session id in the cookie.
func SetCookie(s SessionStore, w http.ResponseWriter, key string,
	info *SessionInfo) (bool, error) {
	encoded, err := Encode(s, key, info.Data)
	if err != nil {
		return false, err
	}
	cookie := &http.Cookie{
		Name:     key,
		Value:    encoded,
		Path:     info.Config.Path,
		Domain:   info.Config.Domain,
		MaxAge:   info.Config.MaxAge,
		Secure:   info.Config.Secure,
		HttpOnly: info.Config.HttpOnly,
	}
	http.SetCookie(w, cookie)
	return true, nil
}
Пример #6
0
func googleCallbackHandler(w http.ResponseWriter, r *http.Request) {
	c := appengine.NewContext(r)
	code := r.FormValue("code")
	tr := emptyTransport()
	tr.Transport = &urlfetch.Transport{Context: c}
	if _, err := tr.Exchange(code); err != nil {
		c.Debugf("tr: %v\n", tr.Token)
		serveError(c, w, err)
		return
	}
	// get info on the user
	httpClient := tr.Client()
	p, err := plus.New(httpClient)
	if err != nil {
		serveError(c, w, err)
		return
	}

	person, err := p.People.Get("me").Do()
	if err != nil {
		serveError(c, w, err)
		return
	}
	cookie := &http.Cookie{Name: "userId", Value: person.Id, Domain: appConfig.AppDomain, Path: "/", MaxAge: 30000000 /* about a year */}
	http.SetCookie(w, cookie)

	if session, err := sessions.Session(r, "", "datastore"); err == nil {
		session["userID"] = person.Id
		f := sessions.Save(r, w)
		c.Debugf("callback: sessionSave: %v\n", f)
	}

	user := loadUser(r, person.Id)
	if user.Id == "" {
		user = User{Id: person.Id, GoogleAccessToken: tr.Token.AccessToken, GoogleTokenExpiry: tr.Token.TokenExpiry, GoogleRefreshToken: tr.Token.RefreshToken}
		user.GoogleLatest = time.Nanoseconds()
	}
	saveUser(r, &user)

	http.Redirect(w, r, "/", http.StatusFound)
}
Пример #7
0
func handleLogout(w http.ResponseWriter, r *http.Request) {
	// Cookie
	cookie := &http.Cookie{Path: "/", Name: "Session", Value: "", Expires: *time.SecondsToUTC(time.UTC().Seconds() + maxAge)}
	http.SetCookie(w, cookie)
	http.Redirect(w, r, "/login/login.html", 307)
}