func WhoamiHandler(c http.ResponseWriter, r *http.Request) {
id, err := session.Get(r, "openid-email")
if err != nil {
template.Error500(c, r, err)
return
}
fmt.Fprintln(c, "Authenticated as:", id)
}
// Basic function that retrieves the permissions a user has based on the contents of their request, including cookies and request path. Designed to be a simple function for most uses. If you want more control, you can use the GetGroupPerms and GetUserPerms functions.
func Get(r *http.Request) (p *Permissions, err error) {
p = new(Permissions)
uname, err := session.Get(r, "openid-email")
if err != nil {
p.Authenticated = false
return p, err
}
p.Authenticated = true
uperms, err := GetUserPerms(uname, r.URL.Path)
if err != nil {
return nil, err
}
if uperms == nil {
p.Recognized = false
return p, nil
}
p.Recognized = true
p.Write = uperms.Write
p.Read = uperms.Read
groups, err := loadGroups(uname)
if err != nil {
// Group permissions can only possibly be *more* permissive than user permissions; failing to load the permissions for a user's group shouldn't be a fatal error.
return p, err
}
for _, group := range groups {
gperms, err := GetGroupPerms(group, r.URL.Path)
if err != nil {
return p, err
}
if gperms == nil {
continue
}
// Use the most permissive interpretation of the permissions. If a group is allowed to access something, so should all the users in the group.
if !uperms.Read {
if gperms.Read {
p.Read = true
}
}
if !uperms.Write {
if gperms.Write {
p.Write = true
}
}
}
return p, nil
}
func AuthHandler(c http.ResponseWriter, r *http.Request) {
grant, _, err := openid.VerifyValues(r.URL.Query())
if err != nil {
emsg := fmt.Sprintln("Error in openid auth handler:", err)
fmt.Println(emsg)
fmt.Fprintln(c, emsg)
return
}
if !grant {
fmt.Println("Permission denied!")
fmt.Fprintln(c, "Access denied by user or internal error.")
return
}
fmt.Println("Permission granted!")
wantedValues := []string{"value.email", "value.first", "value.last", "value.country", "value.lang"}
qvalues := r.URL.Query()
for _, wantedValue := range wantedValues {
value, _ := url.QueryUnescape(qvalues.Get("openid.ext1." + wantedValue))
err := session.Set(c, r, "openid-"+wantedValue[len("value."):], value)
if err != nil {
template.Error500(c, r, err)
return
}
}
id, _ := url.QueryUnescape(qvalues.Get("openid.ext1.value.email"))
err = session.Set(c, r, "openid-email", id)
if err != nil {
template.Error500(c, r, err)
return
}
continueURL, err := session.Get(r, "openid-continue-url")
if err != nil || continueURL == "" {
continueURL = "/"
}
fmt.Println(c, r, continueURL)
http.Redirect(c, r, continueURL, 307)
fmt.Fprintln(c, "Authenticated as", id)
return
}