func main() { //Loads environment variables from a .env file godotenv.Load("environment") var ( clientID = getEnv("OAUTH2_CLIENT_ID", "client_id") clientSecret = getEnv("OAUTH2_CLIENT_SECRET", "client_secret") redirectURL = getEnv("OAUTH2_REDIRECT_URL", "redirect_url") ) secureMux := http.NewServeMux() // Routes that require a logged in user // can be protected by using a separate route handler // If the user is not authenticated, they will be // redirected to the login path. secureMux.HandleFunc("/restrict", func(w http.ResponseWriter, req *http.Request) { token := oauth2.GetToken(req) fmt.Fprintf(w, "OK: %s", token.Access()) }) secure := negroni.New() secure.Use(oauth2.LoginRequired()) secure.UseHandler(secureMux) n := negroni.New() n.Use(sessions.Sessions("my_session", cookiestore.New([]byte("secret123")))) n.Use(oauth2.Google(&oauth2.Config{ ClientID: clientID, ClientSecret: clientSecret, RedirectURL: redirectURL, Scopes: []string{"https://www.googleapis.com/auth/drive"}, })) router := http.NewServeMux() //routes added to mux do not require authentication router.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { token := oauth2.GetToken(req) if token == nil || !token.Valid() { fmt.Fprintf(w, "not logged in, or the access token is expired") return } fmt.Fprintf(w, "logged in") return }) //There is probably a nicer way to handle this than repeat the restricted routes again //of course, you could use something like gorilla/mux and define prefix / regex etc. router.Handle("/restrict", secure) n.UseHandler(router) n.Run(":3000") }
/** * Constructs a new server object. */ func NewCoreServer() CoreServer { server := CoreServer{ Router: mux.NewRouter(), Middleware: negroni.New(), } /** * Add some Negroni middleware. */ server.Middleware.Use(negroni.NewLogger()) // TODO: Need to change key. storage := cookiestore.New([]byte("temporary")) server.Middleware.Use(sessions.Sessions("userprofile", storage)) config := (oauth2.Config)(GetClientConfig()) server.Middleware.Use(oauth2.Google(&config)) /** * Mux describing routes that require the user to be logged in via * oauth first. */ secureMux := http.NewServeMux() // Core app handlers; these require the user to be logged in. secureMux.HandleFunc("/app/fetch", fetch) secureMux.HandleFunc("/app", app_handler) secure := negroni.New() secure.Use(oauth2.LoginRequired()) secure.UseHandler(secureMux) /** * Handlers that don't require authentication. */ server.Router.HandleFunc("/auth", auth_handler) // Static content handler server.Router.PathPrefix("/static").Handler(http.StripPrefix("/static/", http.FileServer(http.Dir("web/")))) // Simple redirect handler server.Router.HandleFunc("/", main_handler) /** * And now connect everything together and call it a day. */ // Make sure the core router knows to let the secure router handle these routes. server.Router.Handle("/app/fetch", secure) server.Router.Handle("/app", secure) // Set negroni handler server.Middleware.UseHandler(server.Router) return server }
func main() { secureMux := http.NewServeMux() // Routes that require a logged in user // can be protected by using a separate route handler // If the user is not authenticated, they will be // redirected to the login path. secureMux.HandleFunc("/restrict", func(w http.ResponseWriter, req *http.Request) { token := oauth2.GetToken(req) fmt.Fprintf(w, "OK: %s", token.Access()) }) secure := negroni.New() secure.Use(oauth2.LoginRequired()) secure.UseHandler(secureMux) n := negroni.New() n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) n.Use(oauth2.Google( goauth2.Client("client_id", "client_secret"), goauth2.RedirectURL("redirect_url"), goauth2.Scope("https://www.googleapis.com/auth/drive"), )) router := http.NewServeMux() //routes added to mux do not require authentication router.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { token := oauth2.GetToken(req) if token == nil || token.Expired() { fmt.Fprintf(w, "not logged in, or the access token is expired") return } fmt.Fprintf(w, "logged in") return }) //There is probably a nicer way to handle this than repeat the restricted routes again //of course, you could use something like gorilla/mux and define prefix / regex etc. router.Handle("/restrict", secure) n.UseHandler(router) n.Run(":3000") }