package main import ( "github.com/gorilla/mux" "github.com/gorilla/sessions" "net/http" "github.com/dballard/transmet/user" "fmt" "time" ) func GetFlashes(session *sessions.Session) map[string]interface{} { var flashes = make(map[string]interface{}) flashes["error"] = session.Flashes(flash_err) flashes["info"] = session.Flashes(flash_info) return flashes } func sessionWipe(session *sessions.Session) { session.Values = make(map[interface{}]interface{}) } func initSessionUser(r *http.Request) (*user.User, *sessions.Session) { session, _ := store.Get(r, "c_user") if session.Values["username"] == nil { return nil, session } return user.NewUserFromUsername(db, session.Values["username"].(string)), session } // wrapper for handlers requiring a User func userHandler(next func(http.ResponseWriter, *http.Request, *user.User)) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { user, _ := initSessionUser(r) if user == nil { http.Redirect(w, r, "/", http.StatusFound) } else { next(w, r, user) } } } // wrapper for handlers forking on GET and POST // r.HandleFunc("/login", getPostHandler(LoginFormHandler, LoginPostHandler)) func getPostHandler(getFn, postFn func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { if r.Method == "GET" { getFn(w, r) } else { // POST postFn(w, r) } } } // Log in page handler func LoginFormHandler(w http.ResponseWriter, r *http.Request) { session, _ := store.Get(r, "c_user") flashes := GetFlashes(session) session.Save(r, w) err := templates["login"].Execute(w, map[string]interface{}{"flashes": flashes}) if err != nil { fmt.Println("Exec err: ", err) } } // handler for login POST // TODO: proper per account and client flood control rate limiting // currently weak per call slow down is by-passable at scale func LoginPostHandler(w http.ResponseWriter, r *http.Request) { time.Sleep(500 * time.Millisecond) // WEAK poor mans rate limiting for logins r.ParseForm() username := r.PostFormValue("username") // lookup user password := r.PostFormValue("password") user := user.NewUserFromAuth(db, username, password) if user != nil { session, _ := store.Get(r, "c_user") session.Values["username"] = user.Username session.Save(r, w) http.Redirect(w, r, "/home", http.StatusFound) } else { time.Sleep(500 * time.Millisecond) // WEAK bypassable poor mans rate limiting for failed logins session, _ := store.Get(r, "c_user") session.AddFlash("Username or password", flash_err) session.Save(r, w) http.Redirect(w, r, "/login", http.StatusFound) } } func addFormHandler( ) { } func init_route_handlers() { http.Handle("/js/", http.StripPrefix("/js/", http.FileServer(http.Dir("js/")))) http.Handle("/css/", http.StripPrefix("/css/", http.FileServer(http.Dir("css/")))) http.Handle("/fonts/", http.StripPrefix("/fonts", http.FileServer(http.Dir("fonts/")))) r := mux.NewRouter() r.HandleFunc("/login", getPostHandler(LoginFormHandler, LoginPostHandler)) r.HandleFunc("/add", getPostHandler(userHandler(addFormHandler), userHandler(addPostHandler))) r.HandleFunc("/", getPostHandler(userHandler(templateFormHandler), userHandler(templatePostHandler))) http.Handle("/", r) }