This repository has been archived by the owner on Nov 28, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
170 lines (156 loc) · 4.04 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
package main
import (
"github.com/satori/go.uuid"
"golang.org/x/crypto/bcrypt"
"html/template"
"net/http"
"time"
)
type user struct {
UserName string
Password []byte
First string
Last string
Role string
}
type session struct {
un string
lastActivity time.Time
}
var tpl *template.Template
var dbUsers = map[string]user{} // user ID, user
var dbSessions = map[string]session{} // session ID, session
var dbSessionsCleaned time.Time
const sessionLength int = 30
func init() {
tpl = template.Must(template.ParseGlob("templates/*"))
dbSessionsCleaned = time.Now()
}
func main() {
http.HandleFunc("/", index)
http.HandleFunc("/bar", bar)
http.HandleFunc("/signup", signup)
http.HandleFunc("/login", login)
http.HandleFunc("/logout", logout)
http.Handle("/favicon.ico", http.NotFoundHandler())
http.ListenAndServe(":80", nil)
}
func index(w http.ResponseWriter, req *http.Request) {
u := getUser(w, req)
showSessions() // for demonstration purposes
tpl.ExecuteTemplate(w, "index.gohtml", u)
}
func bar(w http.ResponseWriter, req *http.Request) {
u := getUser(w, req)
if !alreadyLoggedIn(w, req) {
http.Redirect(w, req, "/", http.StatusSeeOther)
return
}
if u.Role != "007" {
http.Error(w, "You must be 007 to enter the bar", http.StatusForbidden)
return
}
showSessions() // for demonstration purposes
tpl.ExecuteTemplate(w, "bar.gohtml", u)
}
func signup(w http.ResponseWriter, req *http.Request) {
if alreadyLoggedIn(w, req) {
http.Redirect(w, req, "/", http.StatusSeeOther)
return
}
var u user
// process form submission
if req.Method == http.MethodPost {
// get form values
un := req.FormValue("username")
p := req.FormValue("password")
f := req.FormValue("firstname")
l := req.FormValue("lastname")
r := req.FormValue("role")
// username taken?
if _, ok := dbUsers[un]; ok {
http.Error(w, "Username already taken", http.StatusForbidden)
return
}
// create session
sID, _ := uuid.NewV4()
c := &http.Cookie{
Name: "session",
Value: sID.String(),
}
c.MaxAge = sessionLength
http.SetCookie(w, c)
dbSessions[c.Value] = session{un, time.Now()}
// store user in dbUsers
bs, err := bcrypt.GenerateFromPassword([]byte(p), bcrypt.MinCost)
if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
u = user{un, bs, f, l, r}
dbUsers[un] = u
// redirect
http.Redirect(w, req, "/", http.StatusSeeOther)
return
}
showSessions() // for demonstration purposes
tpl.ExecuteTemplate(w, "signup.gohtml", u)
}
func login(w http.ResponseWriter, req *http.Request) {
if alreadyLoggedIn(w, req) {
http.Redirect(w, req, "/", http.StatusSeeOther)
return
}
var u user
// process form submission
if req.Method == http.MethodPost {
un := req.FormValue("username")
p := req.FormValue("password")
// is there a username?
u, ok := dbUsers[un]
if !ok {
http.Error(w, "Username and/or password do not match", http.StatusForbidden)
return
}
// does the entered password match the stored password?
err := bcrypt.CompareHashAndPassword(u.Password, []byte(p))
if err != nil {
http.Error(w, "Username and/or password do not match", http.StatusForbidden)
return
}
// create session
sID, _ := uuid.NewV4()
c := &http.Cookie{
Name: "session",
Value: sID.String(),
}
c.MaxAge = sessionLength
http.SetCookie(w, c)
dbSessions[c.Value] = session{un, time.Now()}
http.Redirect(w, req, "/", http.StatusSeeOther)
return
}
showSessions() // for demonstration purposes
tpl.ExecuteTemplate(w, "login.gohtml", u)
}
func logout(w http.ResponseWriter, req *http.Request) {
if !alreadyLoggedIn(w, req) {
http.Redirect(w, req, "/", http.StatusSeeOther)
return
}
c, _ := req.Cookie("session")
// delete the session
delete(dbSessions, c.Value)
// remove the cookie
c = &http.Cookie{
Name: "session",
Value: "",
MaxAge: -1,
}
http.SetCookie(w, c)
// clean up dbSessions
if time.Now().Sub(dbSessionsCleaned) > (time.Second * 30) {
go cleanSessions()
}
http.Redirect(w, req, "/login", http.StatusSeeOther)
}