go-examples/photoblog/admin/admin.go

package admin

import (
	"crypto/hmac"
	"crypto/sha256"
	"errors"
	"fmt"
	"html/template"
	"io/ioutil"
	"log"
	"net/http"
	"os"
	"path/filepath"

	"github.com/gorilla/sessions"
)

const (
	USER      = "username"
	PWD       = "password"
	SESS_USER = "username"
	SESSION   = "photoblog.session"
)

// Application
type AuthCookie struct {
	Templates      *template.Template
	Store          *sessions.CookieStore
	DataDir        *os.File
	PasswordSecret string
}

// Verify Username
func (app *AuthCookie) VerifyUsername(username string) error {
	if username == "" {
		return errors.New("Empty username")
	}
	return nil
}

// Verify password for user, check with file
func (app *AuthCookie) VerifyPassword(username, password string, res http.ResponseWriter, req *http.Request) error {
	if password == "" {
		return errors.New("Empty password")
	}
	if username == "" {
		return nil
	}
	// open password file
	passfile, err := os.Open(filepath.Join(app.DataDir.Name(), username, ".password"))
	if err != nil {
		log.Println("Cannot open password file", err)
		return errors.New("Authentification failed")
	}
	defer passfile.Close()

	// read password file
	expected, err := ioutil.ReadAll(passfile)
	if err != nil {
		log.Println("Cannot read password file", err)
		return errors.New("Authentification failed")
	}
	// hash password and compare
	expectedStr := string(expected)
	var expectedMAC []byte
	fmt.Sscanf(expectedStr, "%x", &expectedMAC)
	mac := hmac.New(sha256.New, []byte(app.PasswordSecret))
	mac.Write([]byte(password))
	passwordMAC := mac.Sum(nil)
	if !hmac.Equal(passwordMAC, expectedMAC) {
		log.Printf("Unmatched password for %s: %x - %x\n", username, passwordMAC, expectedMAC)
		return errors.New("Authentification failed")
	}
	log.Printf("Authentification successful (" + username + ")")
	return nil
}

// Save username in session
func (app *AuthCookie) SaveUsername(username string, res http.ResponseWriter, req *http.Request) {
	session := app.CurrentSession(res, req)
	session.Values[SESS_USER] = username
	session.Save(req, res)
}

// Test if a user is logged in
func (app *AuthCookie) IsLoggedIn(res http.ResponseWriter, req *http.Request) bool {
	session := app.CurrentSession(res, req)
	return session != nil && session.Values[SESS_USER] != ""
}

// Current username (from session cookie)
func (app *AuthCookie) Username(res http.ResponseWriter, req *http.Request) string {
	session := app.CurrentSession(res, req)
	if session == nil {
		return ""
	}
	val, _ := session.Values[SESS_USER].(string)
	return val
}

// Current session
func (app *AuthCookie) CurrentSession(res http.ResponseWriter, req *http.Request) *sessions.Session {
	session, _ := app.Store.Get(req, SESSION)
	return session
}

// Redirect to home page
func (app *AuthCookie) RedirectHome(res http.ResponseWriter, req *http.Request) {
	http.Redirect(res, req, "/", http.StatusSeeOther)
}

// ROUTES //

// login: form
func (app *AuthCookie) LoginPage(res http.ResponseWriter, req *http.Request) {
	formErr := make(map[string]error)
	if req.Method == http.MethodPost {
		username := req.FormValue(USER)
		formErr[USER] = app.VerifyUsername(username)
		formErr[PWD] = app.VerifyPassword(username, req.FormValue(PWD), res, req)
		if formErr[USER] == nil && formErr[PWD] == nil {
			app.SaveUsername(username, res, req)
			app.RedirectHome(res, req)
			return
		}
	}
	app.Templates.ExecuteTemplate(res, "login.html", formErr)
}

// logout: delete session and redirect to home
func (app *AuthCookie) LogoutPage(res http.ResponseWriter, req *http.Request) {
	app.SaveUsername("", res, req)
	app.RedirectHome(res, req)
}
Photoblog 1: auth from authcookie exercise 2017-07-29 09:22:34 +00:00			`package admin`

			`import (`
Style, auth with file 2017-07-29 14:51:12 +00:00			`"crypto/hmac"`
			`"crypto/sha256"`
			`"errors"`
			`"fmt"`
Photoblog 1: auth from authcookie exercise 2017-07-29 09:22:34 +00:00			`"html/template"`
Style, auth with file 2017-07-29 14:51:12 +00:00			`"io/ioutil"`
			`"log"`
Photoblog 1: auth from authcookie exercise 2017-07-29 09:22:34 +00:00			`"net/http"`
Style, auth with file 2017-07-29 14:51:12 +00:00			`"os"`
			`"path/filepath"`
Photoblog 1: auth from authcookie exercise 2017-07-29 09:22:34 +00:00
			`"github.com/gorilla/sessions"`
			`)`

Photoblog: Refactoring 2017-07-29 17:22:11 +00:00			`const (`
			`USER = "username"`
			`PWD = "password"`
			`SESS_USER = "username"`
			`SESSION = "photoblog.session"`
			`)`

			`// Application`
Photoblog 1: auth from authcookie exercise 2017-07-29 09:22:34 +00:00			`type AuthCookie struct {`
Style, auth with file 2017-07-29 14:51:12 +00:00			`Templates *template.Template`
			`Store *sessions.CookieStore`
			`DataDir *os.File`
			`PasswordSecret string`
Photoblog 1: auth from authcookie exercise 2017-07-29 09:22:34 +00:00			`}`

Photoblog: Refactoring 2017-07-29 17:22:11 +00:00			`// Verify Username`
Style, auth with file 2017-07-29 14:51:12 +00:00			`func (app *AuthCookie) VerifyUsername(username string) error {`
			`if username == "" {`
			`return errors.New("Empty username")`
			`}`
			`return nil`
			`}`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00
			`// Verify password for user, check with file`
Style, auth with file 2017-07-29 14:51:12 +00:00			`func (app AuthCookie) VerifyPassword(username, password string, res http.ResponseWriter, req http.Request) error {`
			`if password == "" {`
			`return errors.New("Empty password")`
			`}`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00			`if username == "" {`
			`return nil`
			`}`
			`// open password file`
Style, auth with file 2017-07-29 14:51:12 +00:00			`passfile, err := os.Open(filepath.Join(app.DataDir.Name(), username, ".password"))`
			`if err != nil {`
			`log.Println("Cannot open password file", err)`
			`return errors.New("Authentification failed")`
			`}`
			`defer passfile.Close()`

Photoblog: Refactoring 2017-07-29 17:22:11 +00:00			`// read password file`
Style, auth with file 2017-07-29 14:51:12 +00:00			`expected, err := ioutil.ReadAll(passfile)`
			`if err != nil {`
			`log.Println("Cannot read password file", err)`
			`return errors.New("Authentification failed")`
			`}`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00			`// hash password and compare`
Style, auth with file 2017-07-29 14:51:12 +00:00			`expectedStr := string(expected)`
			`var expectedMAC []byte`
			`fmt.Sscanf(expectedStr, "%x", &expectedMAC)`
			`mac := hmac.New(sha256.New, []byte(app.PasswordSecret))`
			`mac.Write([]byte(password))`
			`passwordMAC := mac.Sum(nil)`
			`if !hmac.Equal(passwordMAC, expectedMAC) {`
			`log.Printf("Unmatched password for %s: %x - %x\n", username, passwordMAC, expectedMAC)`
			`return errors.New("Authentification failed")`
			`}`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00			`log.Printf("Authentification successful (" + username + ")")`
Style, auth with file 2017-07-29 14:51:12 +00:00			`return nil`
			`}`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00
			`// Save username in session`
Photoblog 1: auth from authcookie exercise 2017-07-29 09:22:34 +00:00			`func (app AuthCookie) SaveUsername(username string, res http.ResponseWriter, req http.Request) {`
			`session := app.CurrentSession(res, req)`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00			`session.Values[SESS_USER] = username`
Photoblog 1: auth from authcookie exercise 2017-07-29 09:22:34 +00:00			`session.Save(req, res)`
			`}`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00
			`// Test if a user is logged in`
Photo blog 2: unstyled, no auth 2017-07-29 11:54:23 +00:00			`func (app AuthCookie) IsLoggedIn(res http.ResponseWriter, req http.Request) bool {`
			`session := app.CurrentSession(res, req)`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00			`return session != nil && session.Values[SESS_USER] != ""`
Photo blog 2: unstyled, no auth 2017-07-29 11:54:23 +00:00			`}`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00
			`// Current username (from session cookie)`
Photo blog 2: unstyled, no auth 2017-07-29 11:54:23 +00:00			`func (app AuthCookie) Username(res http.ResponseWriter, req http.Request) string {`
			`session := app.CurrentSession(res, req)`
			`if session == nil {`
			`return ""`
			`}`
Photoblog: fix cast nil session value 2017-07-29 17:30:32 +00:00			`val, _ := session.Values[SESS_USER].(string)`
			`return val`
Photo blog 2: unstyled, no auth 2017-07-29 11:54:23 +00:00			`}`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00
			`// Current session`
			`func (app AuthCookie) CurrentSession(res http.ResponseWriter, req http.Request) *sessions.Session {`
			`session, _ := app.Store.Get(req, SESSION)`
			`return session`
			`}`

			`// Redirect to home page`
			`func (app AuthCookie) RedirectHome(res http.ResponseWriter, req http.Request) {`
Photoblog 1: auth from authcookie exercise 2017-07-29 09:22:34 +00:00			`http.Redirect(res, req, "/", http.StatusSeeOther)`
			`}`
Photoblog: Refactoring 2017-07-29 17:22:11 +00:00
			`// ROUTES //`

			`// login: form`
			`func (app AuthCookie) LoginPage(res http.ResponseWriter, req http.Request) {`
			`formErr := make(map[string]error)`
			`if req.Method == http.MethodPost {`
			`username := req.FormValue(USER)`
			`formErr[USER] = app.VerifyUsername(username)`
			`formErr[PWD] = app.VerifyPassword(username, req.FormValue(PWD), res, req)`
			`if formErr[USER] == nil && formErr[PWD] == nil {`
			`app.SaveUsername(username, res, req)`
			`app.RedirectHome(res, req)`
			`return`
			`}`
			`}`
			`app.Templates.ExecuteTemplate(res, "login.html", formErr)`
			`}`

			`// logout: delete session and redirect to home`
			`func (app AuthCookie) LogoutPage(res http.ResponseWriter, req http.Request) {`
			`app.SaveUsername("", res, req)`
			`app.RedirectHome(res, req)`
			`}`