heimoshuiyu/gonic
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
adceff1267500a0af860a92b1f1c49e410fb0894
gonic/server/ctrladmin/middleware.go
sentriz 8b803ecf20 refactor: move shared packages up a level
2022-04-13 01:10:46 +01:00

66 lines
2.0 KiB
Go
Raw Blame History

package ctrladmin
import (
"context"
"fmt"
"net/http"
"github.com/gorilla/sessions"
"go.senan.xyz/gonic"
"go.senan.xyz/gonic/db"
)
func (c *Controller) WithSession(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session, err := c.sessDB.Get(r, gonic.Name)
if err != nil {
http.Error(w, fmt.Sprintf("error getting session: %s", err), 500)
return
}
withSession := context.WithValue(r.Context(), CtxSession, session)
next.ServeHTTP(w, r.WithContext(withSession))
})
}
func (c *Controller) WithUserSession(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// session exists at this point
session := r.Context().Value(CtxSession).(*sessions.Session)
userID, ok := session.Values["user"].(int)
if !ok {
sessAddFlashW(session, []string{"you are not authenticated"})
sessLogSave(session, w, r)
http.Redirect(w, r, c.Path("/admin/login"), http.StatusSeeOther)
return
}
// take username from sesion and add the user row to the context
user := c.DB.GetUserByID(userID)
if user == nil {
// the username in the client's session no longer relates to a
// user in the database (maybe the user was deleted)
session.Options.MaxAge = -1
sessLogSave(session, w, r)
http.Redirect(w, r, c.Path("/admin/login"), http.StatusSeeOther)
return
}
withUser := context.WithValue(r.Context(), CtxUser, user)
next.ServeHTTP(w, r.WithContext(withUser))
})
}
func (c *Controller) WithAdminSession(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// session and user exist at this point
session := r.Context().Value(CtxSession).(*sessions.Session)
user := r.Context().Value(CtxUser).(*db.User)
if !user.IsAdmin {
sessAddFlashW(session, []string{"you are not an admin"})
sessLogSave(session, w, r)
http.Redirect(w, r, c.Path("/admin/login"), http.StatusSeeOther)
return
}
next.ServeHTTP(w, r)
})
}
Reference in New Issue View Git Blame Copy Permalink