lets-go:11.6 authz again

2024-02-07 22:46:35 -08:00 · 2024-02-07 22:46:35 -08:00 · 7db05bca1d
commit 7db05bca1d
parent 8a854768a0
5 changed files with 41 additions and 15 deletions
--- a/snippetbox/cmd/web/helpers.go
+++ b/snippetbox/cmd/web/helpers.go
@ -17,8 +17,8 @@ func (app *application )newTemplateData(r *http.Request) templateData {
 	return templateData{
 		CurrentYear:     time.Now().Year(),
 		Flash:           app.sessionManager.PopString(r.Context(), "flash"),
+		IsAuthenticated: app.isAuthenticated(r),
 	}
-
 }

 // render ...
@ -81,3 +81,7 @@ func (app *application) decodePostForm(r *http.Request, dst any) error {

 	return nil
 }
+
+func (app *application) isAuthenticated(r *http.Request) bool {
+	return app.sessionManager.Exists(r.Context(), "authenticatedUserID")
+}
--- a/snippetbox/cmd/web/middleware.go
+++ b/snippetbox/cmd/web/middleware.go
@ -46,3 +46,16 @@ func secureHeaders(next http.Handler) http.Handler {
 		next.ServeHTTP(w, r)
 	})
 }
+
+func (app *application) requireAuthentication(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !app.isAuthenticated(r) {
+			http.Redirect(w, r, "/user/login", http.StatusSeeOther)
+			return
+		}
+
+		w.Header().Add("Cache-Control", "no-store")
+
+		next.ServeHTTP(w, r)
+	})
+}
--- a/snippetbox/cmd/web/routes.go
+++ b/snippetbox/cmd/web/routes.go
@ -27,13 +27,16 @@ func (app *application) routes() http.Handler {

 	router.Handler(http.MethodGet, "/", dynamic.ThenFunc(app.home))
 	router.Handler(http.MethodGet, "/snippet/view/:id", dynamic.ThenFunc(app.snippetView))
-	router.Handler(http.MethodGet, "/snippet/create", dynamic.ThenFunc(app.snippetCreate))
-	router.Handler(http.MethodPost, "/snippet/create", dynamic.ThenFunc(app.snippetCreatePost))
 	router.Handler(http.MethodGet, "/user/signup", dynamic.ThenFunc(app.userSignup))
 	router.Handler(http.MethodPost, "/user/signup", dynamic.ThenFunc(app.userSignupPost))
 	router.Handler(http.MethodGet, "/user/login", dynamic.ThenFunc(app.userLogin))
 	router.Handler(http.MethodPost, "/user/login", dynamic.ThenFunc(app.userLoginPost))
-	router.Handler(http.MethodPost, "/user/logout", dynamic.ThenFunc(app.userLogoutPost))
+
+	protected := dynamic.Append(app.requireAuthentication)
+
+	router.Handler(http.MethodGet, "/snippet/create", protected.ThenFunc(app.snippetCreate))
+	router.Handler(http.MethodPost, "/snippet/create", protected.ThenFunc(app.snippetCreatePost))
+	router.Handler(http.MethodPost, "/user/logout", protected.ThenFunc(app.userLogoutPost))

 	standard := alice.New(app.recoverPanic, app.logRequest, secureHeaders)

--- a/snippetbox/cmd/web/templates.go
+++ b/snippetbox/cmd/web/templates.go
@ -14,6 +14,7 @@ type templateData struct {
 	Snippets        []models.Snippet
 	Form            any
 	Flash           string
+	IsAuthenticated bool
 }

 // humanDate ...
--- a/snippetbox/ui/html/partials/nav.tmpl
+++ b/snippetbox/ui/html/partials/nav.tmpl
@ -2,14 +2,19 @@
    <nav>
      <div>
        <a href="/">Home</a>
+        {{if .IsAuthenticated}}
        <a href="/snippet/create">Create Snippet</a>
+        {{end}}
      </div>
      <div>
-        <a href="/user/signup">Signup</a>
-        <a href="/user/login">Login</a>
+        {{if .IsAuthenticated}}
        <form action="/user/logout" method="POST">
          <button>Logout</button>
        </form>
+        {{else}}
+        <a href="/user/signup">Signup</a>
+        <a href="/user/login">Login</a>
+        {{end}}
      </div>
    </nav>
 {{end}}