jlelse
/
GoBlog
mirror of https://github.com/jlelse/GoBlog
1
Fork 0
Code Packages Releases Activity

Don't send a cookie with every request

This commit is contained in:
Jan-Lukas Else 2020-12-15 17:56:08 +01:00
parent 74d02b00bd
commit 68650a883e
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
authentication.go
View File

@ -21,15 +21,10 @@ func jwtKey() []byte {
func authMiddleware(next http.Handler) http.Handler { func authMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
success := func() {
if acceptLogin(w) {
next.ServeHTTP(w, r)
}
}
// 1. Check basic auth // 1. Check basic auth
username, password, basicauth := r.BasicAuth() username, password, basicauth := r.BasicAuth()
if basicauth && checkCredentials(username, password) { if basicauth && checkCredentials(username, password) {
success() next.ServeHTTP(w, r)
return return
} }
// 2. Check JWT // 2. Check JWT
@ -37,7 +32,7 @@ func authMiddleware(next http.Handler) http.Handler {
if tkn, err := jwt.Parse(tokenCookie.Value, func(t *jwt.Token) (interface{}, error) { if tkn, err := jwt.Parse(tokenCookie.Value, func(t *jwt.Token) (interface{}, error) {
return jwtKey(), nil return jwtKey(), nil
}); err == nil && tkn.Valid { }); err == nil && tkn.Valid {
success() next.ServeHTTP(w, r)
return return
} }
} }
@ -86,6 +81,8 @@ func checkLogin(w http.ResponseWriter, r *http.Request) bool {
} }
// Set basic auth // Set basic auth
req.SetBasicAuth(r.FormValue("username"), r.FormValue("password")) req.SetBasicAuth(r.FormValue("username"), r.FormValue("password"))
// Send cookie
sendTokenCookie(w)
// Serve original request // Serve original request
d.ServeHTTP(w, req) d.ServeHTTP(w, req)
return true return true
@ -93,12 +90,12 @@ func checkLogin(w http.ResponseWriter, r *http.Request) bool {
return false return false
} }
func acceptLogin(w http.ResponseWriter) bool { func sendTokenCookie(w http.ResponseWriter) {
expiration := time.Now().Add(7 * 24 * time.Hour) expiration := time.Now().Add(7 * 24 * time.Hour)
tokenString, err := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.StandardClaims{ExpiresAt: expiration.Unix()}).SignedString(jwtKey()) tokenString, err := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.StandardClaims{ExpiresAt: expiration.Unix()}).SignedString(jwtKey())
if err != nil { if err != nil {
http.Error(w, "failed to sign JWT", http.StatusInternalServerError) http.Error(w, "failed to sign JWT", http.StatusInternalServerError)
return false return
} }
http.SetCookie(w, &http.Cookie{ http.SetCookie(w, &http.Cookie{
Name: "token", Name: "token",
@ -106,6 +103,7 @@ func acceptLogin(w http.ResponseWriter) bool {
Expires: expiration, Expires: expiration,
Secure: true, Secure: true,
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteStrictMode,
}) })
return true return
} }