Mercurial > gemma
comparison controllers/token.go @ 286:a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Tue, 31 Jul 2018 11:08:31 +0200 |
| parents | 694f959ba3e7 |
| children | 154e0f5bff0a |
comparison
equal
deleted
inserted
replaced
| 282:dfb989088158 | 286:a42f55ea0a20 |
|---|---|
| 6 "log" | 6 "log" |
| 7 "net/http" | 7 "net/http" |
| 8 | 8 |
| 9 "gemma.intevation.de/gemma/auth" | 9 "gemma.intevation.de/gemma/auth" |
| 10 ) | 10 ) |
| 11 | |
| 12 func sendJSON(rw http.ResponseWriter, data interface{}) { | |
| 13 rw.Header().Set("Content-Type", "application/json") | |
| 14 if err := json.NewEncoder(rw).Encode(data); err != nil { | |
| 15 log.Printf("error: %v\n", err) | |
| 16 } | |
| 17 } | |
| 11 | 18 |
| 12 func renew(rw http.ResponseWriter, req *http.Request) { | 19 func renew(rw http.ResponseWriter, req *http.Request) { |
| 13 token, _ := auth.GetToken(req) | 20 token, _ := auth.GetToken(req) |
| 14 newToken, err := auth.ConnPool.Renew(token) | 21 newToken, err := auth.ConnPool.Renew(token) |
| 15 switch { | 22 switch { |
| 33 Expires: session.ExpiresAt, | 40 Expires: session.ExpiresAt, |
| 34 User: session.User, | 41 User: session.User, |
| 35 Roles: session.Roles, | 42 Roles: session.Roles, |
| 36 } | 43 } |
| 37 | 44 |
| 38 rw.Header().Set("Content-Type", "text/plain") | 45 sendJSON(rw, &result) |
| 39 if err := json.NewEncoder(rw).Encode(&result); err != nil { | |
| 40 log.Printf("error: %v\n", err) | |
| 41 } | |
| 42 } | 46 } |
| 43 | 47 |
| 44 func logout(rw http.ResponseWriter, req *http.Request) { | 48 func logout(rw http.ResponseWriter, req *http.Request) { |
| 45 token, _ := auth.GetToken(req) | 49 token, _ := auth.GetToken(req) |
| 46 deleted := auth.ConnPool.Delete(token) | 50 deleted := auth.ConnPool.Delete(token) |
| 51 rw.Header().Set("Content-Type", "text/plain") | 55 rw.Header().Set("Content-Type", "text/plain") |
| 52 fmt.Fprintln(rw, "token deleted") | 56 fmt.Fprintln(rw, "token deleted") |
| 53 } | 57 } |
| 54 | 58 |
| 55 func login(rw http.ResponseWriter, req *http.Request) { | 59 func login(rw http.ResponseWriter, req *http.Request) { |
| 56 user := req.FormValue("user") | 60 |
| 57 password := req.FormValue("password") | 61 var ( |
| 62 user = req.FormValue("user") | |
| 63 password = req.FormValue("password") | |
| 64 ) | |
| 65 | |
| 66 if user == "" || password == "" { | |
| 67 http.Error(rw, "Invalid credentials", http.StatusBadRequest) | |
| 68 return | |
| 69 } | |
| 58 | 70 |
| 59 token, session, err := auth.GenerateSession(user, password) | 71 token, session, err := auth.GenerateSession(user, password) |
| 60 | |
| 61 if err != nil { | 72 if err != nil { |
| 62 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) | 73 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) |
| 63 return | 74 return |
| 64 } | 75 } |
| 65 | 76 |
| 73 Expires: session.ExpiresAt, | 84 Expires: session.ExpiresAt, |
| 74 User: session.User, | 85 User: session.User, |
| 75 Roles: session.Roles, | 86 Roles: session.Roles, |
| 76 } | 87 } |
| 77 | 88 |
| 78 rw.Header().Set("Content-Type", "application/json") | 89 sendJSON(rw, &result) |
| 79 if err := json.NewEncoder(rw).Encode(&result); err != nil { | |
| 80 log.Printf("error: %v\n", err) | |
| 81 } | |
| 82 } | 90 } |