2016-11-22 21:33:50 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2017-01-25 16:11:35 +00:00
|
|
|
"context"
|
2016-12-11 13:50:01 +00:00
|
|
|
"encoding/json"
|
2016-12-24 13:09:24 +00:00
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
|
2017-01-25 12:46:43 +00:00
|
|
|
"github.com/dannyvankooten/ana/datastore"
|
2016-12-11 13:50:01 +00:00
|
|
|
"github.com/gorilla/sessions"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
2016-11-22 21:33:50 +00:00
|
|
|
)
|
|
|
|
|
2017-01-25 16:11:35 +00:00
|
|
|
type key int
|
|
|
|
|
|
|
|
const (
|
|
|
|
userKey key = 0
|
|
|
|
)
|
|
|
|
|
2016-12-24 13:09:24 +00:00
|
|
|
type login struct {
|
2016-12-11 13:50:01 +00:00
|
|
|
Email string `json:"email"`
|
|
|
|
Password string `json:"password"`
|
2016-12-08 17:44:49 +00:00
|
|
|
}
|
|
|
|
|
2017-01-25 15:19:07 +00:00
|
|
|
var store = sessions.NewCookieStore([]byte(os.Getenv("ANA_SECRET_KEY")))
|
2016-11-23 14:51:19 +00:00
|
|
|
|
|
|
|
// URL: POST /api/session
|
2016-12-08 17:44:49 +00:00
|
|
|
var LoginHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2016-11-23 14:51:19 +00:00
|
|
|
|
2016-12-11 13:50:01 +00:00
|
|
|
// check login creds
|
2017-01-13 11:46:54 +00:00
|
|
|
var l login
|
|
|
|
json.NewDecoder(r.Body).Decode(&l)
|
2017-01-25 16:11:35 +00:00
|
|
|
|
|
|
|
u, err := datastore.GetUserByEmail(l.Email)
|
2016-12-08 17:44:49 +00:00
|
|
|
|
2017-01-13 11:46:54 +00:00
|
|
|
// compare pwd
|
2017-01-25 16:11:35 +00:00
|
|
|
if err != nil || bcrypt.CompareHashAndPassword([]byte(u.HashedPassword), []byte(l.Password)) != nil {
|
2016-12-11 13:50:01 +00:00
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
2017-01-13 11:46:54 +00:00
|
|
|
respond(w, envelope{Error: "invalid_credentials"})
|
2016-12-11 13:50:01 +00:00
|
|
|
return
|
|
|
|
}
|
2016-12-08 17:44:49 +00:00
|
|
|
|
2016-12-11 13:50:01 +00:00
|
|
|
session, _ := store.Get(r, "auth")
|
|
|
|
session.Values["user_id"] = u.ID
|
|
|
|
err = session.Save(r, w)
|
|
|
|
checkError(err)
|
2016-12-08 17:44:49 +00:00
|
|
|
|
2017-01-13 11:46:54 +00:00
|
|
|
respond(w, envelope{Data: true})
|
2016-11-23 14:51:19 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
// URL: DELETE /api/session
|
2016-12-08 17:44:49 +00:00
|
|
|
var LogoutHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2016-12-11 13:50:01 +00:00
|
|
|
session, _ := store.Get(r, "auth")
|
|
|
|
if !session.IsNew {
|
|
|
|
session.Options.MaxAge = -1
|
|
|
|
session.Save(r, w)
|
|
|
|
}
|
2016-11-23 14:51:19 +00:00
|
|
|
|
2017-01-13 11:46:54 +00:00
|
|
|
respond(w, envelope{Data: true})
|
2016-11-23 14:51:19 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
/* middleware */
|
2016-11-22 21:33:50 +00:00
|
|
|
func Authorize(next http.Handler) http.Handler {
|
2016-12-11 13:50:01 +00:00
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
session, _ := store.Get(r, "auth")
|
|
|
|
userID, ok := session.Values["user_id"]
|
2016-12-08 17:44:49 +00:00
|
|
|
|
2016-12-11 13:50:01 +00:00
|
|
|
if !ok {
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
2016-11-22 21:33:50 +00:00
|
|
|
|
2016-12-11 13:50:01 +00:00
|
|
|
// find user
|
2017-01-25 16:11:35 +00:00
|
|
|
u, err := datastore.GetUser(userID.(int64))
|
2016-12-11 13:50:01 +00:00
|
|
|
if err != nil {
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
2016-11-22 21:33:50 +00:00
|
|
|
|
2017-01-25 16:11:35 +00:00
|
|
|
ctx := context.WithValue(r.Context(), userKey, u)
|
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
2016-12-11 13:50:01 +00:00
|
|
|
})
|
2016-11-22 21:33:50 +00:00
|
|
|
}
|