mirror of https://github.com/jlelse/GoBlog
Don't send a cookie with every request
This commit is contained in:
parent
74d02b00bd
commit
68650a883e
|
@ -21,15 +21,10 @@ func jwtKey() []byte {
|
||||||
|
|
||||||
func authMiddleware(next http.Handler) http.Handler {
|
func authMiddleware(next http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
success := func() {
|
|
||||||
if acceptLogin(w) {
|
|
||||||
next.ServeHTTP(w, r)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// 1. Check basic auth
|
// 1. Check basic auth
|
||||||
username, password, basicauth := r.BasicAuth()
|
username, password, basicauth := r.BasicAuth()
|
||||||
if basicauth && checkCredentials(username, password) {
|
if basicauth && checkCredentials(username, password) {
|
||||||
success()
|
next.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// 2. Check JWT
|
// 2. Check JWT
|
||||||
|
@ -37,7 +32,7 @@ func authMiddleware(next http.Handler) http.Handler {
|
||||||
if tkn, err := jwt.Parse(tokenCookie.Value, func(t *jwt.Token) (interface{}, error) {
|
if tkn, err := jwt.Parse(tokenCookie.Value, func(t *jwt.Token) (interface{}, error) {
|
||||||
return jwtKey(), nil
|
return jwtKey(), nil
|
||||||
}); err == nil && tkn.Valid {
|
}); err == nil && tkn.Valid {
|
||||||
success()
|
next.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -86,6 +81,8 @@ func checkLogin(w http.ResponseWriter, r *http.Request) bool {
|
||||||
}
|
}
|
||||||
// Set basic auth
|
// Set basic auth
|
||||||
req.SetBasicAuth(r.FormValue("username"), r.FormValue("password"))
|
req.SetBasicAuth(r.FormValue("username"), r.FormValue("password"))
|
||||||
|
// Send cookie
|
||||||
|
sendTokenCookie(w)
|
||||||
// Serve original request
|
// Serve original request
|
||||||
d.ServeHTTP(w, req)
|
d.ServeHTTP(w, req)
|
||||||
return true
|
return true
|
||||||
|
@ -93,12 +90,12 @@ func checkLogin(w http.ResponseWriter, r *http.Request) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func acceptLogin(w http.ResponseWriter) bool {
|
func sendTokenCookie(w http.ResponseWriter) {
|
||||||
expiration := time.Now().Add(7 * 24 * time.Hour)
|
expiration := time.Now().Add(7 * 24 * time.Hour)
|
||||||
tokenString, err := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.StandardClaims{ExpiresAt: expiration.Unix()}).SignedString(jwtKey())
|
tokenString, err := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.StandardClaims{ExpiresAt: expiration.Unix()}).SignedString(jwtKey())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, "failed to sign JWT", http.StatusInternalServerError)
|
http.Error(w, "failed to sign JWT", http.StatusInternalServerError)
|
||||||
return false
|
return
|
||||||
}
|
}
|
||||||
http.SetCookie(w, &http.Cookie{
|
http.SetCookie(w, &http.Cookie{
|
||||||
Name: "token",
|
Name: "token",
|
||||||
|
@ -106,6 +103,7 @@ func acceptLogin(w http.ResponseWriter) bool {
|
||||||
Expires: expiration,
|
Expires: expiration,
|
||||||
Secure: true,
|
Secure: true,
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
|
SameSite: http.SameSiteStrictMode,
|
||||||
})
|
})
|
||||||
return true
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue