lets-go:11.6 authz again

This commit is contained in:
tamsin johnson 2024-02-07 22:46:35 -08:00
parent 8a854768a0
commit 7db05bca1d
5 changed files with 41 additions and 15 deletions

View File

@ -13,12 +13,12 @@ import (
) )
// newTemplateData ... // newTemplateData ...
func (app *application )newTemplateData(r *http.Request) templateData { func (app *application) newTemplateData(r *http.Request) templateData {
return templateData{ return templateData{
CurrentYear: time.Now().Year(), CurrentYear: time.Now().Year(),
Flash: app.sessionManager.PopString(r.Context(), "flash"), Flash: app.sessionManager.PopString(r.Context(), "flash"),
IsAuthenticated: app.isAuthenticated(r),
} }
} }
// render ... // render ...
@ -81,3 +81,7 @@ func (app *application) decodePostForm(r *http.Request, dst any) error {
return nil return nil
} }
func (app *application) isAuthenticated(r *http.Request) bool {
return app.sessionManager.Exists(r.Context(), "authenticatedUserID")
}

View File

@ -46,3 +46,16 @@ func secureHeaders(next http.Handler) http.Handler {
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}) })
} }
func (app *application) requireAuthentication(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !app.isAuthenticated(r) {
http.Redirect(w, r, "/user/login", http.StatusSeeOther)
return
}
w.Header().Add("Cache-Control", "no-store")
next.ServeHTTP(w, r)
})
}

View File

@ -27,13 +27,16 @@ func (app *application) routes() http.Handler {
router.Handler(http.MethodGet, "/", dynamic.ThenFunc(app.home)) router.Handler(http.MethodGet, "/", dynamic.ThenFunc(app.home))
router.Handler(http.MethodGet, "/snippet/view/:id", dynamic.ThenFunc(app.snippetView)) router.Handler(http.MethodGet, "/snippet/view/:id", dynamic.ThenFunc(app.snippetView))
router.Handler(http.MethodGet, "/snippet/create", dynamic.ThenFunc(app.snippetCreate))
router.Handler(http.MethodPost, "/snippet/create", dynamic.ThenFunc(app.snippetCreatePost))
router.Handler(http.MethodGet, "/user/signup", dynamic.ThenFunc(app.userSignup)) router.Handler(http.MethodGet, "/user/signup", dynamic.ThenFunc(app.userSignup))
router.Handler(http.MethodPost, "/user/signup", dynamic.ThenFunc(app.userSignupPost)) router.Handler(http.MethodPost, "/user/signup", dynamic.ThenFunc(app.userSignupPost))
router.Handler(http.MethodGet, "/user/login", dynamic.ThenFunc(app.userLogin)) router.Handler(http.MethodGet, "/user/login", dynamic.ThenFunc(app.userLogin))
router.Handler(http.MethodPost, "/user/login", dynamic.ThenFunc(app.userLoginPost)) router.Handler(http.MethodPost, "/user/login", dynamic.ThenFunc(app.userLoginPost))
router.Handler(http.MethodPost, "/user/logout", dynamic.ThenFunc(app.userLogoutPost))
protected := dynamic.Append(app.requireAuthentication)
router.Handler(http.MethodGet, "/snippet/create", protected.ThenFunc(app.snippetCreate))
router.Handler(http.MethodPost, "/snippet/create", protected.ThenFunc(app.snippetCreatePost))
router.Handler(http.MethodPost, "/user/logout", protected.ThenFunc(app.userLogoutPost))
standard := alice.New(app.recoverPanic, app.logRequest, secureHeaders) standard := alice.New(app.recoverPanic, app.logRequest, secureHeaders)

View File

@ -9,11 +9,12 @@ import (
) )
type templateData struct { type templateData struct {
CurrentYear int CurrentYear int
Snippet models.Snippet Snippet models.Snippet
Snippets []models.Snippet Snippets []models.Snippet
Form any Form any
Flash string Flash string
IsAuthenticated bool
} }
// humanDate ... // humanDate ...

View File

@ -2,14 +2,19 @@
<nav> <nav>
<div> <div>
<a href="/">Home</a> <a href="/">Home</a>
{{if .IsAuthenticated}}
<a href="/snippet/create">Create Snippet</a> <a href="/snippet/create">Create Snippet</a>
{{end}}
</div> </div>
<div> <div>
<a href="/user/signup">Signup</a> {{if .IsAuthenticated}}
<a href="/user/login">Login</a>
<form action="/user/logout" method="POST"> <form action="/user/logout" method="POST">
<button>Logout</button> <button>Logout</button>
</form> </form>
{{else}}
<a href="/user/signup">Signup</a>
<a href="/user/login">Login</a>
{{end}}
</div> </div>
</nav> </nav>
{{end}} {{end}}