Core functionality for new aiterp.net servers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

116 lines
2.5 KiB

7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
  1. package auth
  2. import (
  3. "net/http"
  4. "strings"
  5. "git.aiterp.net/gisle/wrouter/response"
  6. )
  7. type handler struct {
  8. }
  9. func (h *handler) Handle(path string, w http.ResponseWriter, req *http.Request, user *User) bool {
  10. // Get the subpath out of the path
  11. subpath := req.URL.Path[len(path):]
  12. if subpath[0] == '/' {
  13. subpath = subpath[1:]
  14. }
  15. method := FindAuthenticator(req.Form.Get("method"))
  16. if method == nil {
  17. if user == nil {
  18. response.Text(w, 400, "Invalid method: "+req.Form.Get("method"))
  19. return true
  20. }
  21. method = user.method
  22. }
  23. switch strings.ToLower(subpath) {
  24. case "login":
  25. {
  26. if req.Method != "POST" {
  27. response.Text(w, 405, req.Method+" not allowed")
  28. return true
  29. }
  30. username := req.Form.Get("username")
  31. password := req.Form.Get("password")
  32. w.Header().Set("X-Auth-Method", method.Name())
  33. user, err := method.Login(username, password)
  34. if err == nil && user != nil {
  35. sess := OpenSession(user)
  36. http.SetCookie(w, &http.Cookie{Name: SessionCookieName, Value: sess.ID, Expires: sess.Time.Add(SessionMaxTime), Path: "/", HttpOnly: true})
  37. response.JSON(w, 200, sess)
  38. } else {
  39. response.Text(w, 401, "Login failed")
  40. }
  41. }
  42. case "register":
  43. {
  44. if req.Method != "POST" {
  45. response.Text(w, 405, req.Method+" not allowed")
  46. return true
  47. }
  48. data := make(map[string]string)
  49. for key, value := range req.Form {
  50. if key != "username" && key != "password" && key != "method" {
  51. data[key] = value[0]
  52. }
  53. }
  54. username := req.Form.Get("username")
  55. password := req.Form.Get("password")
  56. user, err := method.Register(username, password, data)
  57. if err == nil && user != nil {
  58. sess := OpenSession(user)
  59. http.SetCookie(w, &http.Cookie{Name: SessionCookieName, Value: sess.ID, Expires: sess.Time.Add(SessionMaxTime), Path: "/", HttpOnly: true})
  60. response.JSON(w, 200, sess)
  61. } else {
  62. response.Text(w, 401, err.Error())
  63. }
  64. }
  65. case "logout-all":
  66. {
  67. if req.Method != "POST" {
  68. response.Text(w, 405, req.Method+" not allowed")
  69. return true
  70. }
  71. if user != nil {
  72. ClearSessions(user)
  73. response.Empty(w)
  74. } else {
  75. response.Text(w, 401, "Not logged in")
  76. }
  77. }
  78. case "status":
  79. {
  80. if req.Method != "GET" {
  81. response.Text(w, 405, req.Method+" not allowed")
  82. return true
  83. }
  84. if user != nil {
  85. response.JSON(w, 200, user)
  86. } else {
  87. response.Text(w, 401, "Not logged in")
  88. }
  89. }
  90. default:
  91. {
  92. response.Text(w, 404, "Operation not found: "+subpath)
  93. }
  94. }
  95. return true
  96. }
  97. var Handler = &handler{}