Move login & main to cmd/budgeteer

2016-12-19 18:43:07 +01:00
parent 28b26c088e
commit f759600db1
2 changed files with 0 additions and 0 deletions
--- a/cmd/budgeteer/login.go
+++ b/cmd/budgeteer/login.go
@ -0,0 +1,81 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/dgrijalva/jwt-go"
+	"gopkg.in/gin-gonic/gin.v1"
+)
+
+const (
+	expiration = 72
+	secret     = "uditapbzuditagscwxuqdflgzpbu´ßiaefnlmzeßtrubiadern"
+	authCookie = "authentication"
+)
+
+func verifyLogin(c *gin.Context) (jwt.MapClaims, bool) {
+	tokenString, err := c.Cookie(authCookie)
+	if err != nil {
+		return nil, false
+	}
+
+	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
+		}
+		return []byte(secret), nil
+	})
+
+	claims, ok := verifyToken(c, token, err)
+	if !ok {
+		c.SetCookie(authCookie, "", -1, "", "", false, false)
+		return nil, false
+	}
+
+	return claims, true
+}
+
+func verifyToken(c *gin.Context, token *jwt.Token, err error) (jwt.MapClaims, bool) {
+	if err != nil {
+		return nil, false
+	}
+
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok || !token.Valid {
+		return nil, false
+	}
+
+	if !claims.VerifyExpiresAt(time.Now().Unix(), true) {
+		return nil, false
+	}
+
+	return claims, true
+}
+
+func loginSuccess(c *gin.Context, username string, name string) {
+	// Create token
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"usr":  username,
+		"name": name,
+		"exp":  time.Now().Add(time.Hour * expiration).Unix(),
+	})
+
+	// Generate encoded token and send it as response.
+	t, err := token.SignedString([]byte(secret))
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+	}
+
+	maxAge := (int)((expiration * time.Hour).Seconds())
+	c.SetCookie(authCookie, t, maxAge, "", "", false, true)
+
+	c.JSON(http.StatusOK, map[string]string{
+		"token": t,
+	})
+}
+
+func clearLogin(c *gin.Context) {
+	c.SetCookie(authCookie, "", -1, "", "", false, true)
+}
--- a/cmd/budgeteer/main.go
+++ b/cmd/budgeteer/main.go
@ -0,0 +1,78 @@
+package main
+
+import (
+	"net/http"
+
+	"gopkg.in/gin-gonic/gin.v1"
+)
+
+func main() {
+	router := gin.Default()
+
+	router.LoadHTMLGlob("./templates/*")
+	router.Static("/static", "./static")
+
+	router.GET("/", func(c *gin.Context) { c.HTML(http.StatusOK, "index", nil) })
+	router.GET("/login", login)
+	api := router.Group("/api/v1")
+	{
+		api.GET("/logout", logout)
+		api.GET("/login", func(c *gin.Context) {
+			c.Redirect(http.StatusPermanentRedirect, "/login")
+		})
+		api.POST("/login", loginPost)
+
+		// Unauthenticated routes
+		api.GET("/check", func(c *gin.Context) {
+			c.String(http.StatusOK, "Accessible")
+		})
+		api.GET("/hello", func(c *gin.Context) {
+			c.String(http.StatusOK, "Hello, World!")
+		})
+
+		// Restricted group
+		r := api.Group("/restricted")
+		{
+			//r.Use(middleware.JWT([]byte(secret)))
+			r.GET("", restricted)
+		}
+	}
+
+	router.Run(":1323")
+}
+
+func restricted(c *gin.Context) {
+	claims, ok := verifyLogin(c)
+	if !ok {
+		c.Redirect(http.StatusTemporaryRedirect, "/login")
+		return
+	}
+
+	name := claims["name"].(string)
+	c.String(http.StatusOK, "Welcome "+name+"!")
+}
+
+func login(c *gin.Context) {
+	if _, ok := verifyLogin(c); ok {
+		c.Redirect(http.StatusTemporaryRedirect, "/api/v1/hello")
+		return
+	}
+
+	c.HTML(http.StatusOK, "login", nil)
+}
+
+func logout(c *gin.Context) {
+	clearLogin(c)
+}
+
+func loginPost(c *gin.Context) {
+	username, _ := c.GetPostForm("username")
+	password, _ := c.GetPostForm("password")
+
+	if username != "jan" || password != "passwort" {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	loginSuccess(c, username, "Jan Bader")
+}