tamsin/learn-go
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lets-go:12.2 request context for authz

Browse Source
This commit is contained in:
tamsin johnson 2024-02-08 09:26:25 -08:00
parent 1a59a9e720
commit 4f7fcf863c
5 changed files with 42 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
snippetbox/cmd/web/context.go Normal file
View File

@ -0,0 +1,5 @@
package main
type contextKey string
const isAuthenticatedContextKey = contextKey("isAuthenticated")

7
snippetbox/cmd/web/helpers.go
View File

@ -85,5 +85,10 @@ func (app *application) decodePostForm(r *http.Request, dst any) error {
} }
func (app *application) isAuthenticated(r *http.Request) bool { func (app *application) isAuthenticated(r *http.Request) bool {
return app.sessionManager.Exists(r.Context(), "authenticatedUserID") isAuthenticated, ok := r.Context().Value(isAuthenticatedContextKey).(bool)
if !ok {
return false
}
return isAuthenticated
} }

24
snippetbox/cmd/web/middleware.go
View File

@ -1,12 +1,36 @@
package main package main
import ( import (
"context"
"fmt" "fmt"
"net/http" "net/http"
"github.com/justinas/nosurf" "github.com/justinas/nosurf"
) )
func (app *application) authenticate(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
id := app.sessionManager.GetInt(r.Context(), "authenticatedUserID")
if id == 0 {
next.ServeHTTP(w, r)
return
}
exists, err := app.users.Exists(id)
if err != nil {
app.serverError(w, r, err)
return
}
if exists {
ctx := context.WithValue(r.Context(), isAuthenticatedContextKey, true)
r = r.WithContext(ctx)
}
next.ServeHTTP(w, r)
})
}
// logRequest ... // logRequest ...
func (app *application) logRequest(next http.Handler) http.Handler { func (app *application) logRequest(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

2
snippetbox/cmd/web/routes.go
View File

@ -23,7 +23,7 @@ func (app *application) routes() http.Handler {
fileServer := http.FileServer(http.Dir("./ui/static")) fileServer := http.FileServer(http.Dir("./ui/static"))
router.Handler(http.MethodGet, "/static/*filepath", http.StripPrefix("/static", fileServer)) router.Handler(http.MethodGet, "/static/*filepath", http.StripPrefix("/static", fileServer))
dynamic := alice.New(app.sessionManager.LoadAndSave, noSurf) dynamic := alice.New(app.sessionManager.LoadAndSave, noSurf, app.authenticate)
router.Handler(http.MethodGet, "/", dynamic.ThenFunc(app.home)) router.Handler(http.MethodGet, "/", dynamic.ThenFunc(app.home))
router.Handler(http.MethodGet, "/snippet/view/:id", dynamic.ThenFunc(app.snippetView)) router.Handler(http.MethodGet, "/snippet/view/:id", dynamic.ThenFunc(app.snippetView))

7
snippetbox/internal/models/users.go
View File

@ -76,5 +76,10 @@ func (m *UserModel) Authenticate(email, password string) (int, error) {
// Exists // Exists
func (m *UserModel) Exists(id int) (bool, error) { func (m *UserModel) Exists(id int) (bool, error) {
return false, nil var exists bool
stmt := "SELECT EXISTS(SELECT true FROM users WHERE id = ?)"
err := m.DB.QueryRow(stmt, id).Scan(&exists)
return exists, err
} }