-
Notifications
You must be signed in to change notification settings - Fork 0
/
handlers.go
186 lines (162 loc) · 5.21 KB
/
handlers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
package main
import (
"encoding/json"
"errors"
"fmt"
"net/http"
"time"
"github.com/google/uuid"
)
// we create a map to store username and password pairs. In a real-world application, this would be stored in a database
var users = map[string]string{
"user1": "password1",
"user2": "password2",
}
// this map stores the users sessions. For larger scale applications, you can use a database or cache for this purpose
var sessions = map[string]session{}
// each session contains the username of the user and the time at which it expires
type session struct {
username string
expiry time.Time
}
// we'll use this method later to determine if the session has expired
func (s session) isExpired() bool {
return s.expiry.Before(time.Now())
}
// Create a struct that models the structure of a user in the request body
type Credentials struct {
Password string `json:"password"`
Username string `json:"username"`
}
func Signin(w http.ResponseWriter, r *http.Request) {
var creds Credentials
// Get the JSON body and decode into credentials
err := json.NewDecoder(r.Body).Decode(&creds)
if err != nil {
// If the structure of the body is wrong, return an HTTP error
w.WriteHeader(http.StatusBadRequest)
return
}
// Get the expected password from our in memory map
expectedPassword, ok := users[creds.Username]
// If a password exists for the given user
// AND, if it is the same as the password we received, the we can move ahead
// if NOT, then we return an "Unauthorized" status
if !ok || expectedPassword != creds.Password {
w.WriteHeader(http.StatusUnauthorized)
return
}
// Create a new random session token
sessionToken := uuid.NewString()
expiresAt := time.Now().Add(120 * time.Second)
// Set the token in the session map, along with the user whom it represents
sessions[sessionToken] = session{
username: creds.Username,
expiry: expiresAt,
}
// Finally, we set the client cookie for "session_token" as the session token we just generated
// we also set an expiry time of 120 seconds
http.SetCookie(w, &http.Cookie{
Name: "session_token",
Value: sessionToken,
Expires: expiresAt,
Domain: "localhost",
HttpOnly: false,
Secure: false,
Path: "/",
})
}
func Welcome(w http.ResponseWriter, r *http.Request) {
// We can obtain the session token from the requests cookies, which come with every request
c, err := r.Cookie("session_token")
fmt.Fprint(w, c)
if err != nil {
if errors.Is(err, http.ErrNoCookie) {
// If the cookie is not set, return an unauthorized status
w.WriteHeader(http.StatusUnauthorized)
return
}
// For any other type of error, return a bad request status
w.WriteHeader(http.StatusBadRequest)
return
}
sessionToken := c.Value
// We then get the name of the user from our session map, where we set the session token
userSession, exists := sessions[sessionToken]
if !exists {
// If the session token is not present in session map, return an unauthorized error
w.WriteHeader(http.StatusUnauthorized)
return
}
if userSession.isExpired() {
delete(sessions, sessionToken)
w.WriteHeader(http.StatusUnauthorized)
return
}
// Finally, return the welcome message to the user
w.Write([]byte(fmt.Sprintf("Welcome %s!", userSession.username)))
}
func Refresh(w http.ResponseWriter, r *http.Request) {
// (BEGIN) The code from this point is the same as the first part of the `Welcome` route
c, err := r.Cookie("session_token")
if err != nil {
if err == http.ErrNoCookie {
w.WriteHeader(http.StatusUnauthorized)
return
}
w.WriteHeader(http.StatusBadRequest)
return
}
sessionToken := c.Value
userSession, exists := sessions[sessionToken]
if !exists {
w.WriteHeader(http.StatusUnauthorized)
return
}
if userSession.isExpired() {
delete(sessions, sessionToken)
w.WriteHeader(http.StatusUnauthorized)
return
}
// (END) The code until this point is the same as the first part of the `Welcome` route
// If the previous session is valid, create a new session token for the current user
newSessionToken := uuid.NewString()
expiresAt := time.Now().Add(120 * time.Second)
// Set the token in the session map, along with the user whom it represents
sessions[newSessionToken] = session{
username: userSession.username,
expiry: expiresAt,
}
// Delete the older session token
delete(sessions, sessionToken)
// Set the new token as the users `session_token` cookie
http.SetCookie(w, &http.Cookie{
Name: "session_token",
Value: newSessionToken,
Expires: time.Now().Add(120 * time.Second),
})
}
func Logout(w http.ResponseWriter, r *http.Request) {
c, err := r.Cookie("session_token")
if err != nil {
if err == http.ErrNoCookie {
// If the cookie is not set, return an unauthorized status
w.WriteHeader(http.StatusUnauthorized)
return
}
// For any other type of error, return a bad request status
w.WriteHeader(http.StatusBadRequest)
return
}
sessionToken := c.Value
// remove the users session from the session map
delete(sessions, sessionToken)
// We need to let the client know that the cookie is expired
// In the response, we set the session token to an empty
// value and set its expiry as the current time
http.SetCookie(w, &http.Cookie{
Name: "session_token",
Value: "",
Expires: time.Now(),
})
}