Mercurial > gemma
view controllers/token.go @ 401:746d8c9c35f4
fix: fixed broken validation
Rule for passwords was wrong
author | Thomas Junk <thomas.junk@intevation.de> |
---|---|
date | Tue, 14 Aug 2018 14:45:34 +0200 |
parents | 154e0f5bff0a |
children |
line wrap: on
line source
package controllers import ( "encoding/json" "fmt" "log" "net/http" "gemma.intevation.de/gemma/auth" ) func sendJSON(rw http.ResponseWriter, data interface{}) { rw.Header().Set("Content-Type", "application/json") if err := json.NewEncoder(rw).Encode(data); err != nil { log.Printf("error: %v\n", err) } } func renew(rw http.ResponseWriter, req *http.Request) { token, _ := auth.GetToken(req) newToken, err := auth.ConnPool.Renew(token) switch { case err == auth.ErrNoSuchToken: http.NotFound(rw, req) return case err != nil: http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) return } session, _ := auth.GetSession(req) var result = struct { Token string `json:"token"` Expires int64 `json:"expires"` User string `json:"user"` Roles []string `json:"roles"` }{ Token: newToken, Expires: session.ExpiresAt, User: session.User, Roles: session.Roles, } sendJSON(rw, &result) } func logout(rw http.ResponseWriter, req *http.Request) { token, _ := auth.GetToken(req) deleted := auth.ConnPool.Delete(token) if !deleted { http.NotFound(rw, req) return } rw.Header().Set("Content-Type", "text/plain") fmt.Fprintln(rw, "token deleted") } func login(rw http.ResponseWriter, req *http.Request) { var ( user = req.FormValue("user") password = req.FormValue("password") ) if user == "" || password == "" { http.Error(rw, "Invalid credentials", http.StatusBadRequest) return } token, session, err := auth.GenerateSession(user, password) if err != nil { http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusUnauthorized) return } var result = struct { Token string `json:"token"` Expires int64 `json:"expires"` User string `json:"user"` Roles []string `json:"roles"` }{ Token: token, Expires: session.ExpiresAt, User: session.User, Roles: session.Roles, } sendJSON(rw, &result) }