evan/imagini
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-11-13. You can view files and clone it, but cannot push or open issues or pull requests.
cd97b6262f
imagini/internal/api/auth.go
Evan Reichard cd97b6262f Finally Framework
2021-01-16 17:00:17 -05:00

76 lines
2.2 KiB
Go
Raw Blame History

package api
import (
"time"
"encoding/json"
"net/http"
"reichard.io/imagini/internal/models"
// "github.com/lestrrat-go/jwx/jwt"
// "github.com/lestrrat-go/jwx/jwa"
// log "github.com/sirupsen/logrus"
)
// https://www.calhoun.io/pitfalls-of-context-values-and-how-to-avoid-or-mitigate-them/
// https://pace.dev/blog/2018/05/09/how-I-write-http-services-after-eight-years.html
// https://medium.com/@benbjohnson/standard-package-layout-7cdbc8391fc1#333c
// https://www.alexedwards.net/blog/organising-database-access <---- best
// - TLDR: Do what you're doing, but use closeures for the handlers
func (api *API) loginHandler(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
errorJSON(w, "Method is not supported.", http.StatusMethodNotAllowed)
return
}
// Decode into Struct
var creds models.APICredentials
err := json.NewDecoder(r.Body).Decode(&creds)
if err != nil {
errorJSON(w, "Invalid parameters.", http.StatusBadRequest)
return
}
// Validate
if creds.User == "" || creds.Password == "" {
errorJSON(w, "Invalid parameters.", http.StatusBadRequest)
return
}
// TODO: Is user already logged in? If so refresh token, if different user, kill session and log in new user?
// Do login
resp := api.Auth.AuthenticateUser(creds)
if resp == true {
// Return Success
cookie := http.Cookie{
Name: "Token",
Value: "testToken",
}
http.SetCookie(w, &cookie)
successJSON(w, "Login success.", http.StatusOK)
}else {
// Return Failure
errorJSON(w, "Invalid credentials.", http.StatusUnauthorized)
}
}
func (api *API) logoutHandler(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
http.Error(w, "Method is not supported.", http.StatusMethodNotAllowed)
return
}
// Do logout
// TODO: Clear Session Server Side
// Tell Client to Expire Token
cookie := &http.Cookie{
Name: "Token",
Value: "",
Path: "/",
Expires: time.Unix(0, 0),
HttpOnly: true,
}
http.SetCookie(w, cookie)
}
Reference in New Issue View Git Blame Copy Permalink