60 lines
1.5 KiB
Go
60 lines
1.5 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"nilfm.cc/git/quartzgun/auth"
|
|
"nilfm.cc/git/quartzgun/cookie"
|
|
)
|
|
|
|
func Protected(next http.Handler, method string, userStore auth.UserStore) http.Handler {
|
|
handlerFunc := func(w http.ResponseWriter, req *http.Request) {
|
|
user, err := cookie.GetToken("user", req)
|
|
if err == nil {
|
|
session, err := cookie.GetToken("session", req)
|
|
if err == nil {
|
|
login, err := userStore.ValidateUser(user, session)
|
|
if err == nil && login {
|
|
fmt.Printf("authorized!\n")
|
|
fmt.Printf("user: %s, session: %s\n", user, session)
|
|
req.Method = method
|
|
next.ServeHTTP(w, req)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
fmt.Printf("unauthorized...\n")
|
|
req.Method = http.MethodGet
|
|
http.Redirect(w, req, "/login", http.StatusSeeOther)
|
|
}
|
|
|
|
return http.HandlerFunc(handlerFunc)
|
|
}
|
|
|
|
func Authorize(next string, userStore auth.UserStore) http.Handler {
|
|
handlerFunc := func(w http.ResponseWriter, req *http.Request) {
|
|
err := auth.Login(
|
|
req.FormValue("user"),
|
|
req.FormValue("password"),
|
|
userStore,
|
|
w,
|
|
24*7*52)
|
|
if err == nil {
|
|
req.Method = http.MethodGet
|
|
fmt.Printf("logged in as %s\n", req.FormValue("user"))
|
|
http.Redirect(w, req, next, http.StatusSeeOther)
|
|
} else {
|
|
*req = *req.WithContext(
|
|
context.WithValue(
|
|
req.Context(),
|
|
"message",
|
|
"Incorrect credentials"))
|
|
fmt.Printf("login failed!\n")
|
|
req.Method = http.MethodGet
|
|
http.Redirect(w, req, "/login", http.StatusSeeOther)
|
|
}
|
|
}
|
|
|
|
return http.HandlerFunc(handlerFunc)
|
|
}
|