dgreceanu of The Code Killers
4/22/2014 - 10:04 AM

Exemplu de autentificare cu tigertronic fara session managament

Exemplu de autentificare cu tigertronic fara session managament

autentificare.go
content_copyfile_download
package main

import (
    "fmt"
    "io"
    //"github.com/rcrowley/go-metrics"
    "crypto/md5"
    "github.com/rcrowley/go-tigertonic"
    "net/http"
    "net/url"
)

var headerAllowOriginAll = http.Header{"Access-Control-Allow-Origin": {"*"}}

var userhashmap = map[string]string{
    md5sum("salam"): md5sum("desibiu"),
}

type AuthRequest struct {
    User string `json:"user"`
    Hash string `json:"hash"`
}

type AuthResponse struct {
    Cod   string `json:"cod"`
    Mesaj string `json:"mesaj"`
}

func md5sum(input string) string {
    h := md5.New()
    io.WriteString(h, input)
    return fmt.Sprintf("%x", h.Sum(nil))
}

func checkLogin(req *AuthRequest) (int, http.Header, *AuthResponse, error) {
    //verific req.User si req.Hash sa fie un login valid
    //daca e login valid inserez in array-ul de sessiuni valide si dau return OK
    if req.Hash == userhashmap[req.User] { //TODO array-ul cu sesiuni
        return http.StatusOK, http.Header{"Access-Control-Allow-Origin": {"*"}}, &AuthResponse{"OK", "Login ok!"}, nil
    } else {
        return http.StatusOK, headerAllowOriginAll, &AuthResponse{"ERROR", "Login Error!"}, nil
    }
}

//session management: versiunea A
//1. facem acilishea un array sau ceva cu user:ok (sau chiar un map)
//2. In asd.html facem o variabila globala care se modifica in functie de rasp de la server.
//3. Un $.ajax care face POST la fiecare refresh daca raspunsul este OK (pe langa alea din butoane)
//4. Modificam checkLogin() ca sa fie si un date.Now() per request.
//session management: versiunea B
//1. inca un handle() pe GET, asd.html se serveste din html.template.execute
//2. in functie de timpul trecut handleFunc-ul de pe GET o sa dea la un momendat EROARE
//session management: versiunea C
//1. ii dam un cookie :)

func postroot(u *url.URL, h http.Header, req *AuthRequest) (int, http.Header, *AuthResponse, error) {
    if req.User != "" && req.Hash != "" {
        return checkLogin(req)
    }
    //in cazul in care json-ul primit nu are macar 2 key-uri user si hash, raspunsul default, scurt si la obiect :))
    return http.StatusOK, headerAllowOriginAll, &AuthResponse{"OROARE", "ESTI MAI PROST CA NOAPTEA!!!11oneoneeleven"}, nil
}

func optionsroot(u *url.URL, h http.Header, req *AuthRequest) (int, http.Header, *AuthResponse, error) {
    //raspunsul default, scurt si la obiect :))
    return http.StatusOK, http.Header{"Access-Control-Allow-Origin": {"*"}, "Access-Control-Allow-Headers": {"accept, content-type"}}, &AuthResponse{}, nil
}

func main() {
    mux := tigertonic.NewTrieServeMux()
    mux.Handle("OPTIONS", "/", tigertonic.Timed(tigertonic.Marshaled(optionsroot), "OPTIONS /", nil))
    mux.Handle("POST", "/", tigertonic.Timed(tigertonic.Marshaled(postroot), "POST /", nil))
    tigertonic.NewServer(":8000", tigertonic.Logged(mux, nil)).ListenAndServe()
}