//User login func (uc UsersController) login(request *restful.Request, response *restful.Response) { loginCredentials := new(UserLoginCredentials) err := request.ReadEntity(loginCredentials) if err != nil { LogError(request, response, err) WriteIllegalRequestError(response) return } cookieAuth, err := new(UserManager).Login(loginCredentials) if err != nil { LogError(request, response, err) WriteError(err, response) return } //Create an Auth cookie authCookie := http.Cookie{ Name: "AuthSession", Value: cookieAuth.AuthToken, Path: "/", HttpOnly: true, } //Create a CSRF cookie for this session //Subsequent requests must include this in a header field //X-Csrf-Token csrfCookie := http.Cookie{ Name: "CsrfToken", Value: util.GenHashString(cookieAuth.AuthToken), Path: "/", HttpOnly: false, } response.AddHeader("Set-Cookie", authCookie.String()) response.AddHeader("Set-Cookie", csrfCookie.String()) response.WriteEntity(BooleanResponse{Success: true}) }
//Set Updated auth cookies func SetAuth(response *restful.Response, auth couchdb.Auth) { authData := auth.GetUpdatedAuth() if authData == nil { return } if val, ok := authData["AuthSession"]; ok { authCookie := http.Cookie{ Name: "AuthSession", Value: val, Path: "/", HttpOnly: true, } //Create a CSRF cookie csrfCookie := http.Cookie{ Name: "CsrfToken", Value: util.GenHashString(val), Path: "/", HttpOnly: false, } response.AddHeader("Set-Cookie", authCookie.String()) response.AddHeader("Set-Cookie", csrfCookie.String()) } }