diff --git a/snippetbox/cmd/web/helpers.go b/snippetbox/cmd/web/helpers.go index 342efe7..2572fff 100644 --- a/snippetbox/cmd/web/helpers.go +++ b/snippetbox/cmd/web/helpers.go @@ -13,12 +13,12 @@ import ( ) // newTemplateData ... -func (app *application )newTemplateData(r *http.Request) templateData { +func (app *application) newTemplateData(r *http.Request) templateData { return templateData{ - CurrentYear: time.Now().Year(), - Flash: app.sessionManager.PopString(r.Context(), "flash"), + CurrentYear: time.Now().Year(), + Flash: app.sessionManager.PopString(r.Context(), "flash"), + IsAuthenticated: app.isAuthenticated(r), } - } // render ... @@ -81,3 +81,7 @@ func (app *application) decodePostForm(r *http.Request, dst any) error { return nil } + +func (app *application) isAuthenticated(r *http.Request) bool { + return app.sessionManager.Exists(r.Context(), "authenticatedUserID") +} diff --git a/snippetbox/cmd/web/middleware.go b/snippetbox/cmd/web/middleware.go index b25aeda..301025e 100644 --- a/snippetbox/cmd/web/middleware.go +++ b/snippetbox/cmd/web/middleware.go @@ -46,3 +46,16 @@ func secureHeaders(next http.Handler) http.Handler { next.ServeHTTP(w, r) }) } + +func (app *application) requireAuthentication(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if !app.isAuthenticated(r) { + http.Redirect(w, r, "/user/login", http.StatusSeeOther) + return + } + + w.Header().Add("Cache-Control", "no-store") + + next.ServeHTTP(w, r) + }) +} diff --git a/snippetbox/cmd/web/routes.go b/snippetbox/cmd/web/routes.go index 849089e..b25b31e 100644 --- a/snippetbox/cmd/web/routes.go +++ b/snippetbox/cmd/web/routes.go @@ -27,13 +27,16 @@ func (app *application) routes() http.Handler { router.Handler(http.MethodGet, "/", dynamic.ThenFunc(app.home)) router.Handler(http.MethodGet, "/snippet/view/:id", dynamic.ThenFunc(app.snippetView)) - router.Handler(http.MethodGet, "/snippet/create", dynamic.ThenFunc(app.snippetCreate)) - router.Handler(http.MethodPost, "/snippet/create", dynamic.ThenFunc(app.snippetCreatePost)) router.Handler(http.MethodGet, "/user/signup", dynamic.ThenFunc(app.userSignup)) router.Handler(http.MethodPost, "/user/signup", dynamic.ThenFunc(app.userSignupPost)) router.Handler(http.MethodGet, "/user/login", dynamic.ThenFunc(app.userLogin)) router.Handler(http.MethodPost, "/user/login", dynamic.ThenFunc(app.userLoginPost)) - router.Handler(http.MethodPost, "/user/logout", dynamic.ThenFunc(app.userLogoutPost)) + + protected := dynamic.Append(app.requireAuthentication) + + router.Handler(http.MethodGet, "/snippet/create", protected.ThenFunc(app.snippetCreate)) + router.Handler(http.MethodPost, "/snippet/create", protected.ThenFunc(app.snippetCreatePost)) + router.Handler(http.MethodPost, "/user/logout", protected.ThenFunc(app.userLogoutPost)) standard := alice.New(app.recoverPanic, app.logRequest, secureHeaders) diff --git a/snippetbox/cmd/web/templates.go b/snippetbox/cmd/web/templates.go index 7751f24..d1c5a30 100644 --- a/snippetbox/cmd/web/templates.go +++ b/snippetbox/cmd/web/templates.go @@ -9,11 +9,12 @@ import ( ) type templateData struct { - CurrentYear int - Snippet models.Snippet - Snippets []models.Snippet - Form any - Flash string + CurrentYear int + Snippet models.Snippet + Snippets []models.Snippet + Form any + Flash string + IsAuthenticated bool } // humanDate ... diff --git a/snippetbox/ui/html/partials/nav.tmpl b/snippetbox/ui/html/partials/nav.tmpl index d2f783b..b203562 100644 --- a/snippetbox/ui/html/partials/nav.tmpl +++ b/snippetbox/ui/html/partials/nav.tmpl @@ -2,14 +2,19 @@ -{{end}} \ No newline at end of file +{{end}}