Mercurial > gemma
view pkg/controllers/token.go @ 3678:8f58851927c0
client: make layer factory only return new layer config for individual maps
instead of each time it is invoked. The purpose of the factory was to support multiple maps with individual layers.
But returning a new config each time it is invoked leads to bugs that rely on the layer's state. Now this factory
reuses the same objects it created before, per map.
| author | Markus Kottlaender <markus@intevation.de> |
|---|---|
| date | Mon, 17 Jun 2019 17:31:35 +0200 |
| parents | a244b18cb916 |
| children | 4f9a1ff2c2ee |
line wrap: on
line source
// This is Free Software under GNU Affero General Public License v >= 3.0 // without warranty, see README.md and license for details. // // SPDX-License-Identifier: AGPL-3.0-or-later // License-Filename: LICENSES/AGPL-3.0.txt // // Copyright (C) 2018 by via donau // – Österreichische Wasserstraßen-Gesellschaft mbH // Software engineering by Intevation GmbH // // Author(s): // * Sascha L. Teichmann <sascha.teichmann@intevation.de> package controllers import ( "encoding/json" "fmt" "log" "net/http" "gemma.intevation.de/gemma/pkg/auth" "gemma.intevation.de/gemma/pkg/models" ) func renew(rw http.ResponseWriter, req *http.Request) { token, _ := auth.GetToken(req) newToken, err := auth.Sessions.Renew(token) switch { case err == auth.ErrNoSuchToken: http.NotFound(rw, req) return case err != nil: log.Printf("error: %v\n", err) http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) return } session, _ := auth.GetSession(req) var result = struct { Token string `json:"token"` Expires int64 `json:"expires"` User string `json:"user"` Roles []string `json:"roles"` }{ Token: newToken, Expires: session.ExpiresAt, User: session.User, Roles: session.Roles, } SendJSON(rw, http.StatusOK, &result) } func logout(rw http.ResponseWriter, req *http.Request) { token, ok := auth.GetToken(req) if !ok || !auth.Sessions.Delete(token) { http.NotFound(rw, req) return } rw.Header().Set("Content-Type", "text/plain") fmt.Fprintln(rw, "token deleted") } func login(rw http.ResponseWriter, req *http.Request) { var input struct { User models.UserName `json:"user"` Password string `json:"password"` } defer req.Body.Close() if err := json.NewDecoder(req.Body).Decode(&input); err != nil { log.Printf("%v\n", err) http.Error(rw, "error: "+err.Error(), http.StatusBadRequest) return } if input.Password == "" { http.Error(rw, "Invalid credentials", http.StatusBadRequest) return } token, session, err := auth.GenerateSession( string(input.User), input.Password) if err != nil { log.Printf("error: %v\n", err) http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } var result = struct { Token string `json:"token"` Expires int64 `json:"expires"` User string `json:"user"` Roles []string `json:"roles"` }{ Token: token, Expires: session.ExpiresAt, User: session.User, Roles: session.Roles, } SendJSON(rw, http.StatusCreated, &result) }