Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthRequired #147

Closed
mjbonanno opened this issue Nov 12, 2014 · 2 comments
Closed

AuthRequired #147

mjbonanno opened this issue Nov 12, 2014 · 2 comments
Assignees
@javierprovecho

Comments

@mjbonanno
Copy link

Setting up an API and I'm very new to Go and Gin. I am able to return data from each URL until I attempt to integrate AuthRequired()

// User Functions - located in users.go
    user := r.Group("/user")
    user.Use(AuthRequired())
        {
            user.GET("/info", userInfo)
            user.PUT("/update", updateUser)
        user.DELETE("/delete", deleteUser)
        }

I'm assuming AuthRequired is calling a function. That function will then return success or fail based off the parameters provided. When a user is created or logged in, they get a token, that token + email, if found as a matching pair in the DB will grant them access.

//Authenticate User
func AuthRequired() gin.HandlerFunc {
    return func(c *gin.Context) {
        //Get token and e-mail from header
        token := c.Request.Header.Get("AuthToken")
        email := c.Request.Header.Get("AuthEmail")

        //check to see if email & token were provided
        if len(token) == 0 || len(email) == 0 {     
        }   
        //Find email in database
        //Compare stored token with token provided in header
        //Return - Authentication was success or fail
    }
}
@javierprovecho
Copy link
Member

Well, that is the best feature of Gin, you can integrate any middleware before a group of requests,

For example, if you have a group, "/v1" and then you use a middleware Gin Function, that one will execute before the request reach the main function you defined.

If something in that function, let's say a header check, goes wrong, you can throw a "c.Abort(403)", so the thread will not continue to your main defined function.

If your request header is OK, you should let that function finish, so the thread continues to the next middleware or your main defined function.

Hope I answered your question.

@javierprovecho javierprovecho self-assigned this Nov 12, 2014
@mjbonanno
Copy link
Author

Thanks Javier,
You pretty much answered it. I wasn't sure if I was suppose to:
return false
Or how I was to signal a fail. I was also confused by the c.Next() but it found that in another thread and was able to piece it all together. Thanks for your help. I'm now able to authenticate users. :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javierprovecho javierprovecho

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@javierprovecho @mjbonanno