func Login(s sessions.Session, wlog *weblogger.Logger, ldb LoginUserDB, r *http.Request) (int, string) {
decoder := json.NewDecoder(r.Body)
lr := &LoginRequest{}
err := decoder.Decode(lr)
if err != nil {
panic(err)
}
// Decode the data.
sigpay := strings.Split(string(lr.SignedRequest), ".")
sig, err := Base64URLDecodeString(sigpay[0])
if err != nil {
return http.StatusBadRequest, "Bad Signature: " + err.Error()
}
pay, err := Base64URLDecodeString(sigpay[1])
if err != nil {
return http.StatusBadRequest, "Bad Payload: " + err.Error()
}
val := &fb.SignedRequest{}
err = json.Unmarshal(pay, val)
if err != nil {
return http.StatusBadRequest, "Bad JSON: " + err.Error()
}
mac := hmac.New(sha256.New, []byte(*fb.ClientSecret))
mac.Write([]byte(sigpay[1]))
if !bytes.Equal(mac.Sum(nil), sig) {
return http.StatusBadRequest, "Bad Signed Request"
}
// Parse user from request.
s.Set("user_id", val.UserId) // Set cookie.
u, err := ldb.Parse(lr.User)
if err != nil {
return http.StatusBadRequest, "Parse User failed: " + err.Error()
}
wlog.Remotef("User logged IN: %+v", u)
ldb.Login(u)
return http.StatusOK, ""
}
func (fbs *Stub) ProcessSub(sb *SubRequest, wlog weblogger.Logger, w http.ResponseWriter, r *http.Request) (int, error) {
wlog.Remotef("Entry: %v", sb)
return http.StatusOK, nil
}