FAQ
I have a website that needs to verify the user is logged in on every
request. If they are, it retrieves some information about the user that
I've stored. If they're not logged in, I need to redirect the user to the
login page.

I cannot figure out a DRY way to do this. Currently, every request handler
tries to bootstrap the user object, and sets the redirect header and
returns early if the user isn't logged in. I can't help but feel there must
be a less redundant way to handle this than copy/pasting that logic into
every. single. request handler. I've tried e.g., passing the request and
response objects to the user bootstrap function to set the header there,
but I still have to trigger the user object bootstrap process, and check
for an error in the request handler and return early. Ideally, the
logged-in check would happen in only one place, and that place would also
pass the user object into the request handler.

Is there a better way to handle this?

I'm using the Gorilla mux library, but I'm open to others if they can solve
this.

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Matt Silverlock at Jun 2, 2013 at 11:22 pm
    There's a couple of ways to solve this using what you have. I've just
    recently encountered this myself having picked up Go a few weeks ago.

    1) Add sessions using gorilla/sessions
    (http://www.gorillatoolkit.org/pkg/sessions) to the mix. When a user logs
    in, add a session variable and check against that. A 'helper' function such
    as isAuthenticated() that checks the session variable returns true/false
    and/or an error should keep it DRY. Re-direct the user to your auth page if
    isAuthenicated fails, using http.Redirect(w, r, "/login",
    http.StatusSeeOther)

    i.e.

    func isAuthenticated(w http.ResponseWriter, r *http.Request) bool {

    session, _ := store.Get(r, "session-name")

    if session.Values["authenticated"] = true {
    return true
    }

    return false
    }

    func accountHandler(w http.ResponseWriter, r *http.Request) {

             if isAuthenticated != true {
                  http.Redirect(w, r, "/login", http.StatusSeeOther)
             }

             // rest of your handler here
    }


    2) Use the approach seen in go.auth
    (https://github.com/bradrydzewski/go.auth/blob/master/auth.go#L183) by
    creating a wrapper for your "private" routes. In routes that you want to
    restrict to authenticated users, do the following:

    r.HandleFunc("/account", AuthOnly(accountHandler)
    r.HandleFunc("/account/edit", AuthOnly(editAccountHandler))


    Hope that helps.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • John Nagle at Jun 3, 2013 at 6:09 pm

    On 6/2/2013 2:43 PM, spiffytech wrote:
    I have a website that needs to verify the user is logged in on every
    request. If they are, it retrieves some information about the user that
    I've stored. If they're not logged in, I need to redirect the user to the
    login page.
         You can return an HTML page with a META REFRESH to send them to the
    desired page. You don't have to redirect at the HTTP level.

         John Nagle

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedJun 2, '13 at 9:43p
activeJun 3, '13 at 6:09p
posts3
users3
websitegolang.org

People

Translate

site design / logo © 2021 Grokbase