lets-go:11.6 authz again

This commit is contained in:
tamsin johnson 2024-02-07 22:46:35 -08:00
parent 8a854768a0
commit 7db05bca1d
5 changed files with 41 additions and 15 deletions

View File

@ -13,12 +13,12 @@ import (
)
// newTemplateData ...
func (app *application )newTemplateData(r *http.Request) templateData {
func (app *application) newTemplateData(r *http.Request) templateData {
return templateData{
CurrentYear: time.Now().Year(),
Flash: app.sessionManager.PopString(r.Context(), "flash"),
CurrentYear: time.Now().Year(),
Flash: app.sessionManager.PopString(r.Context(), "flash"),
IsAuthenticated: app.isAuthenticated(r),
}
}
// render ...
@ -81,3 +81,7 @@ func (app *application) decodePostForm(r *http.Request, dst any) error {
return nil
}
func (app *application) isAuthenticated(r *http.Request) bool {
return app.sessionManager.Exists(r.Context(), "authenticatedUserID")
}

View File

@ -46,3 +46,16 @@ func secureHeaders(next http.Handler) http.Handler {
next.ServeHTTP(w, r)
})
}
func (app *application) requireAuthentication(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !app.isAuthenticated(r) {
http.Redirect(w, r, "/user/login", http.StatusSeeOther)
return
}
w.Header().Add("Cache-Control", "no-store")
next.ServeHTTP(w, r)
})
}

View File

@ -27,13 +27,16 @@ func (app *application) routes() http.Handler {
router.Handler(http.MethodGet, "/", dynamic.ThenFunc(app.home))
router.Handler(http.MethodGet, "/snippet/view/:id", dynamic.ThenFunc(app.snippetView))
router.Handler(http.MethodGet, "/snippet/create", dynamic.ThenFunc(app.snippetCreate))
router.Handler(http.MethodPost, "/snippet/create", dynamic.ThenFunc(app.snippetCreatePost))
router.Handler(http.MethodGet, "/user/signup", dynamic.ThenFunc(app.userSignup))
router.Handler(http.MethodPost, "/user/signup", dynamic.ThenFunc(app.userSignupPost))
router.Handler(http.MethodGet, "/user/login", dynamic.ThenFunc(app.userLogin))
router.Handler(http.MethodPost, "/user/login", dynamic.ThenFunc(app.userLoginPost))
router.Handler(http.MethodPost, "/user/logout", dynamic.ThenFunc(app.userLogoutPost))
protected := dynamic.Append(app.requireAuthentication)
router.Handler(http.MethodGet, "/snippet/create", protected.ThenFunc(app.snippetCreate))
router.Handler(http.MethodPost, "/snippet/create", protected.ThenFunc(app.snippetCreatePost))
router.Handler(http.MethodPost, "/user/logout", protected.ThenFunc(app.userLogoutPost))
standard := alice.New(app.recoverPanic, app.logRequest, secureHeaders)

View File

@ -9,11 +9,12 @@ import (
)
type templateData struct {
CurrentYear int
Snippet models.Snippet
Snippets []models.Snippet
Form any
Flash string
CurrentYear int
Snippet models.Snippet
Snippets []models.Snippet
Form any
Flash string
IsAuthenticated bool
}
// humanDate ...

View File

@ -2,14 +2,19 @@
<nav>
<div>
<a href="/">Home</a>
{{if .IsAuthenticated}}
<a href="/snippet/create">Create Snippet</a>
{{end}}
</div>
<div>
<a href="/user/signup">Signup</a>
<a href="/user/login">Login</a>
{{if .IsAuthenticated}}
<form action="/user/logout" method="POST">
<button>Logout</button>
</form>
{{else}}
<a href="/user/signup">Signup</a>
<a href="/user/login">Login</a>
{{end}}
</div>
</nav>
{{end}}
{{end}}