-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhandlers.go
190 lines (169 loc) · 6.41 KB
/
handlers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
package main
import (
// "encoding/json"
"fmt"
"net/http"
"time"
"github.com/google/uuid"
// "io/ioutil"
//"html/template"
)
// this map stores the users sessions. For larger scale applications, you can use a database or cache for this purpose
var sessions = map[string]session{}
// each session contains the username of the user and the time at which it expires
type session struct {
username string
expiry time.Time
}
// we'll use this method later to determine if the session has expired
func (s session) isExpired() bool {
return s.expiry.Before(time.Now())
}
// Create a struct that models the structure of a user in the request body
type Credentials struct {
Password string `json:"password"`
Username string `json:"username"`
}
func Usercreate(w http.ResponseWriter, r *http.Request){
var creds Credentials
var message Message
var success bool
// fmt.Println("method:", r.Method) //get request method
r.ParseForm()
// logic part of log in
creds.Username = r.FormValue("username")
creds.Password = r.FormValue("password")
if creds.Password != r.FormValue("password2") {
message.Title = "Non-matching passwords"
message.Body = "Passwords do not match"
http.Redirect(w, r, "/signup?messagetitle="+message.Title+"&messagebody="+message.Body, http.StatusSeeOther)
return
}
fmt.Println("Creating user ",creds.Username,"...")
message, success = Updatepass(creds.Username,creds.Password,r.FormValue("secret"))
if success {
http.Redirect(w, r, "/dashboard?messagetitle="+message.Title+"&messagebody="+message.Body, http.StatusSeeOther)
return
}
http.Redirect(w, r, "/signup?messagetitle="+message.Title+"&messagebody="+message.Body, http.StatusSeeOther)
return
}
func Signin(w http.ResponseWriter, r *http.Request) {
fmt.Println("Logging in...")
var creds Credentials
// fmt.Println("method:", r.Method) //get request method
r.ParseForm()
// logic part of log in
creds.Username = r.FormValue("username")
creds.Password = r.FormValue("password")
permission,message := userauth(creds.Username,creds.Password)
fmt.Println(message.Body)
// If a password exists for the given user
// AND, if it is the same as the password we received, the we can move ahead
// if NOT, then we return an "Unauthorized" status
if permission == "notfound" {
fmt.Println(message.Body)
http.Redirect(w, r, "/login?messagetitle="+message.Title+"&messagebody="+message.Body, http.StatusSeeOther)
return
}
if permission == "newuser" {
fmt.Println(message.Body)
http.Redirect(w, r, "/signup?messagetitle="+message.Title+"&messagebody="+message.Body, http.StatusSeeOther)
return
}
// Create a new random session token
// we use the "github.com/google/uuid" library to generate UUIDs
sessionToken := uuid.NewString()
expiresAt := time.Now().Add(300 * time.Second)
// fmt.Println("Authorized")
// Set the token in the session map, along with the session information
sessions[sessionToken] = session{
username: creds.Username,
expiry: expiresAt,
}
// Finally, we set the client cookie for "session_token" as the session token we just generated
// we also set an expiry time of 120 seconds
http.SetCookie(w, &http.Cookie{
Name: "session_token",
Value: sessionToken,
Expires: expiresAt,
})
// fmt.Println(sessions)
http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
}
func auth(w http.ResponseWriter, r *http.Request) (permission string){
c, err := r.Cookie("session_token")
if err != nil {
if err == http.ErrNoCookie {
//Redirect Login
http.Redirect(w, r, "/login?messagetitle=User Unauthorized&messagebody=Please login to use this site", http.StatusSeeOther)
// If the cookie is not set, return an unauthorized status
return "Unauthorized"
}
}
sessionToken := c.Value
// We then get the name of the user from our session map, where we set the session token
userSession, exists := sessions[sessionToken]
if !exists {
// If the session token is not present in session map, return an unauthorized error
// w.WriteHeader(http.StatusUnauthorized)
fmt.Println("Unauthorized")
http.Redirect(w, r, "/login?messagetitle=User Unauthorized&messagebody=Please login to use this site", http.StatusSeeOther)
return "Unauthorized"
}
if userSession.isExpired() {
delete(sessions, sessionToken)
// w.WriteHeader(http.StatusUnauthorized)
fmt.Println("Unauthorized")
http.Redirect(w, r, "/login?messagetitle=User Unauthorized&messagebody=Please login to use this site", http.StatusSeeOther)
return "Unauthorized"
}
// Finally, return the welcome message to the user
// w.Write([]byte(fmt.Sprintf("Welcome %s!", userSession.username)))
fmt.Println("Authorized")
// If the previous session is valid, create a new session token for the current user
newSessionToken := uuid.NewString()
expiresAt := time.Now().Add(300 * time.Second)
// Set the token in the session map, along with the user whom it represents
sessions[newSessionToken] = session{
username: userSession.username,
expiry: expiresAt,
}
// Delete the older session token
delete(sessions, sessionToken)
// Set the new token as the users `session_token` cookie
http.SetCookie(w, &http.Cookie{
Name: "session_token",
Value: newSessionToken,
Expires: time.Now().Add(300 * time.Second),
})
return userdata(userSession.username)
}
func Logout(w http.ResponseWriter, r *http.Request) {
c, err := r.Cookie("session_token")
if err != nil {
if err == http.ErrNoCookie {
// If the cookie is not set, return an unauthorized status
w.WriteHeader(http.StatusUnauthorized)
http.Redirect(w, r, "/login?messagetitle=User Unauthorized&messagebody=Please login to use this site", http.StatusSeeOther)
return
}
// For any other type of error, return a bad request status
w.WriteHeader(http.StatusBadRequest)
http.Redirect(w, r, "/login?messagetitle=User Unauthorized&messagebody=Please login to use this site", http.StatusSeeOther)
return
}
sessionToken := c.Value
// remove the users session from the session map
delete(sessions, sessionToken)
// We need to let the client know that the cookie is expired
// In the response, we set the session token to an empty
// value and set its expiry as the current time
http.SetCookie(w, &http.Cookie{
Name: "session_token",
Value: "",
Expires: time.Now(),
})
//Redirect Login
http.Redirect(w, r, "/login?messagetitle=Logout Successful&messagebody=You have successfully been logged out", http.StatusSeeOther)
}