2015-01-04 20:33:53 +02:00
|
|
|
package auth
|
|
|
|
|
|
|
|
|
|
import (
|
2015-01-11 08:49:06 +02:00
|
|
|
"errors"
|
2015-01-04 20:33:53 +02:00
|
|
|
"net/http"
|
2015-01-08 09:45:41 +02:00
|
|
|
"path/filepath"
|
2015-01-04 20:33:53 +02:00
|
|
|
|
2015-01-13 07:08:52 +02:00
|
|
|
"code.google.com/p/go.crypto/bcrypt"
|
|
|
|
|
|
2015-01-10 08:51:02 +02:00
|
|
|
"gopkg.in/authboss.v0"
|
|
|
|
|
|
2015-01-08 09:45:41 +02:00
|
|
|
"html/template"
|
2015-01-05 00:50:34 +02:00
|
|
|
|
2015-01-10 08:51:02 +02:00
|
|
|
"io"
|
2015-01-04 20:33:53 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
methodGET = "GET"
|
|
|
|
|
methodPOST = "POST"
|
|
|
|
|
|
2015-01-13 07:08:52 +02:00
|
|
|
pageLogin = "login.tpl"
|
|
|
|
|
|
|
|
|
|
attrUsername = "Username"
|
|
|
|
|
attrPassword = "Password"
|
|
|
|
|
)
|
2015-01-11 08:49:06 +02:00
|
|
|
|
2015-01-04 20:33:53 +02:00
|
|
|
func init() {
|
|
|
|
|
a := &Auth{}
|
2015-01-08 09:45:41 +02:00
|
|
|
authboss.RegisterModule("auth", a)
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
|
|
|
|
|
2015-01-13 07:08:52 +02:00
|
|
|
type AuthPage struct {
|
|
|
|
|
Error string
|
|
|
|
|
Username string
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-04 20:33:53 +02:00
|
|
|
type Auth struct {
|
2015-01-13 07:08:52 +02:00
|
|
|
routes authboss.RouteTable
|
|
|
|
|
storageOptions authboss.StorageOptions
|
|
|
|
|
users authboss.Storer
|
|
|
|
|
logoutRedirect string
|
|
|
|
|
loginRedirect string
|
|
|
|
|
logger io.Writer
|
|
|
|
|
templates *template.Template
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
|
|
|
|
|
2015-01-08 09:45:41 +02:00
|
|
|
func (a *Auth) Initialize(c *authboss.Config) (err error) {
|
2015-01-13 07:08:52 +02:00
|
|
|
if a.templates, err = template.ParseFiles(filepath.Join(c.ViewsPath, pageLogin)); err != nil {
|
|
|
|
|
var loginTplBytes []byte
|
|
|
|
|
if loginTplBytes, err = views_login_tpl_bytes(); err != nil {
|
2015-01-05 00:50:34 +02:00
|
|
|
return err
|
|
|
|
|
}
|
2015-01-05 06:41:20 +02:00
|
|
|
|
2015-01-13 07:08:52 +02:00
|
|
|
if a.templates, err = template.New(pageLogin).Parse(string(loginTplBytes)); err != nil {
|
2015-01-05 06:41:20 +02:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-01-04 20:33:53 +02:00
|
|
|
|
2015-01-11 08:49:06 +02:00
|
|
|
a.storageOptions = authboss.StorageOptions{
|
2015-01-13 07:08:52 +02:00
|
|
|
attrUsername: authboss.String,
|
|
|
|
|
attrPassword: authboss.String,
|
2015-01-11 08:49:06 +02:00
|
|
|
}
|
2015-01-08 09:45:41 +02:00
|
|
|
a.routes = authboss.RouteTable{
|
2015-01-13 07:08:52 +02:00
|
|
|
"login": a.loginHandlerFunc,
|
|
|
|
|
"logout": a.logoutHandlerFunc,
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
2015-01-11 08:49:06 +02:00
|
|
|
a.users = c.Storer
|
2015-01-11 09:12:40 +02:00
|
|
|
a.logoutRedirect = c.AuthLogoutRoute
|
2015-01-13 07:08:52 +02:00
|
|
|
a.loginRedirect = c.AuthLoginSuccessRoute
|
2015-01-05 00:50:34 +02:00
|
|
|
|
2015-01-04 20:33:53 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-08 09:45:41 +02:00
|
|
|
func (a *Auth) Routes() authboss.RouteTable {
|
2015-01-05 00:50:34 +02:00
|
|
|
return a.routes
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
|
|
|
|
|
2015-01-08 09:45:41 +02:00
|
|
|
func (a *Auth) Storage() authboss.StorageOptions {
|
2015-01-10 08:51:02 +02:00
|
|
|
return a.storageOptions
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
|
|
|
|
|
2015-01-13 07:08:52 +02:00
|
|
|
func (a *Auth) loginHandlerFunc(c *authboss.Context, w http.ResponseWriter, r *http.Request) {
|
2015-01-04 20:33:53 +02:00
|
|
|
switch r.Method {
|
|
|
|
|
case methodGET:
|
2015-01-13 07:08:52 +02:00
|
|
|
a.templates.ExecuteTemplate(w, pageLogin, nil)
|
2015-01-04 20:33:53 +02:00
|
|
|
case methodPOST:
|
2015-01-13 07:08:52 +02:00
|
|
|
u := r.PostFormValue("username")
|
|
|
|
|
p := r.PostFormValue("password")
|
|
|
|
|
|
|
|
|
|
if err := a.authenticate(u, p); err != nil {
|
2015-01-11 09:12:40 +02:00
|
|
|
w.WriteHeader(http.StatusForbidden)
|
2015-01-13 07:08:52 +02:00
|
|
|
a.templates.ExecuteTemplate(w, pageLogin, AuthPage{"invalid username and/or password", u})
|
2015-01-11 09:12:40 +02:00
|
|
|
return
|
|
|
|
|
}
|
2015-01-13 07:08:52 +02:00
|
|
|
http.Redirect(w, r, a.loginRedirect, http.StatusFound)
|
2015-01-04 20:33:53 +02:00
|
|
|
default:
|
|
|
|
|
w.WriteHeader(http.StatusMethodNotAllowed)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-11 08:49:06 +02:00
|
|
|
func (a *Auth) authenticate(username, password string) error {
|
2015-01-13 07:08:52 +02:00
|
|
|
if userInter, err := a.users.Get(username, nil); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
} else {
|
|
|
|
|
userAttrs := authboss.Unbind(userInter)
|
|
|
|
|
if err := bcrypt.CompareHashAndPassword([]byte(userAttrs[attrPassword].Value.(string)), []byte(password)); err != nil {
|
|
|
|
|
return errors.New("invalid password")
|
|
|
|
|
}
|
2015-01-11 08:49:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-13 07:08:52 +02:00
|
|
|
func (a *Auth) logoutHandlerFunc(c *authboss.Context, w http.ResponseWriter, r *http.Request) {
|
2015-01-04 20:33:53 +02:00
|
|
|
switch r.Method {
|
|
|
|
|
case methodGET:
|
2015-01-11 09:12:40 +02:00
|
|
|
http.Redirect(w, r, a.logoutRedirect, http.StatusFound)
|
2015-01-04 20:33:53 +02:00
|
|
|
default:
|
|
|
|
|
w.WriteHeader(http.StatusMethodNotAllowed)
|
|
|
|
|
}
|
|
|
|
|
}
|
