blog/core/auth.go

package core

import (
	"context"
	"errors"
	"net/http"

	"github.com/kirsle/blog/core/forms"
	"github.com/kirsle/blog/core/models/users"
)

type key int

const (
	userKey key = iota
)

// AuthMiddleware loads the user's authentication state.
func (b *Blog) AuthMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	session, _ := b.store.Get(r, "session")
	log.Info("Session: %v", session.Values)
	if loggedIn, ok := session.Values["logged-in"].(bool); ok && loggedIn {
		// They seem to be logged in. Get their user object.
		id := session.Values["user-id"].(int)
		u, err := users.Load(id)
		if err != nil {
			log.Error("Error loading user ID %d from session: %v", id, err)
			next(w, r)
			return
		}

		ctx := context.WithValue(r.Context(), userKey, u)
		next(w, r.WithContext(ctx))
	}
	next(w, r)
}

// LoginHandler shows and handles the login page.
func (b *Blog) LoginHandler(w http.ResponseWriter, r *http.Request) {
	vars := &Vars{
		Form: forms.Setup{},
	}

	if r.Method == "POST" {
		form := &forms.Login{
			Username: r.FormValue("username"),
			Password: r.FormValue("password"),
		}
		vars.Form = form
		err := form.Validate()
		if err != nil {
			vars.Error = err
		} else {
			// Test the login.
			user, err := users.CheckAuth(form.Username, form.Password)
			if err != nil {
				vars.Error = errors.New("bad username or password")
			} else {
				// Login OK!
				vars.Flash = "Login OK!"

				// Log in the user.
				session, err := b.store.Get(r, "session") // TODO session name
				if err != nil {
					vars.Error = err
				} else {
					session.Values["logged-in"] = true
					session.Values["user-id"] = user.ID
					session.Save(r, w)
				}

				b.Redirect(w, "/login")
				return
			}
		}
	}

	b.RenderTemplate(w, r, "login", vars)
}

// LogoutHandler logs the user out and redirects to the home page.
func (b *Blog) LogoutHandler(w http.ResponseWriter, r *http.Request) {
	session, _ := b.store.Get(r, "session")
	delete(session.Values, "logged-in")
	delete(session.Values, "user-id")
	session.Save(r, w)
	b.Redirect(w, "/")
}
User login and out, sessions and request context 2017-11-07 17:53:02 +00:00			`package core`

			`import (`
			`"context"`
			`"errors"`
			`"net/http"`

			`"github.com/kirsle/blog/core/forms"`
			`"github.com/kirsle/blog/core/models/users"`
			`)`

			`type key int`

			`const (`
			`userKey key = iota`
			`)`

			`// AuthMiddleware loads the user's authentication state.`
			`func (b Blog) AuthMiddleware(w http.ResponseWriter, r http.Request, next http.HandlerFunc) {`
			`session, _ := b.store.Get(r, "session")`
			`log.Info("Session: %v", session.Values)`
			`if loggedIn, ok := session.Values["logged-in"].(bool); ok && loggedIn {`
			`// They seem to be logged in. Get their user object.`
			`id := session.Values["user-id"].(int)`
			`u, err := users.Load(id)`
			`if err != nil {`
			`log.Error("Error loading user ID %d from session: %v", id, err)`
			`next(w, r)`
			`return`
			`}`

			`ctx := context.WithValue(r.Context(), userKey, u)`
			`next(w, r.WithContext(ctx))`
			`}`
			`next(w, r)`
			`}`

			`// LoginHandler shows and handles the login page.`
			`func (b Blog) LoginHandler(w http.ResponseWriter, r http.Request) {`
			`vars := &Vars{`
			`Form: forms.Setup{},`
			`}`

			`if r.Method == "POST" {`
			`form := &forms.Login{`
			`Username: r.FormValue("username"),`
			`Password: r.FormValue("password"),`
			`}`
			`vars.Form = form`
			`err := form.Validate()`
			`if err != nil {`
			`vars.Error = err`
			`} else {`
			`// Test the login.`
			`user, err := users.CheckAuth(form.Username, form.Password)`
			`if err != nil {`
			`vars.Error = errors.New("bad username or password")`
			`} else {`
			`// Login OK!`
			`vars.Flash = "Login OK!"`

			`// Log in the user.`
			`session, err := b.store.Get(r, "session") // TODO session name`
			`if err != nil {`
			`vars.Error = err`
			`} else {`
			`session.Values["logged-in"] = true`
			`session.Values["user-id"] = user.ID`
			`session.Save(r, w)`
			`}`

			`b.Redirect(w, "/login")`
			`return`
			`}`
			`}`
			`}`

			`b.RenderTemplate(w, r, "login", vars)`
			`}`

			`// LogoutHandler logs the user out and redirects to the home page.`
			`func (b Blog) LogoutHandler(w http.ResponseWriter, r http.Request) {`
			`session, _ := b.store.Get(r, "session")`
			`delete(session.Values, "logged-in")`
			`delete(session.Values, "user-id")`
			`session.Save(r, w)`
			`b.Redirect(w, "/")`
			`}`