diff options
author | Adam Mathes <adam@trenchant.org> | 2017-01-26 20:09:14 -0800 |
---|---|---|
committer | Adam Mathes <adam@trenchant.org> | 2017-01-26 20:09:14 -0800 |
commit | 857ac6caf70eff11f0770972a7619e4e3229a39c (patch) | |
tree | c465f220e7ab8b693043633dc62843a871531788 | |
parent | 5ee33b579113eb49a061b79be35f683b09e2694d (diff) | |
download | neko-857ac6caf70eff11f0770972a7619e4e3229a39c.tar.gz neko-857ac6caf70eff11f0770972a7619e4e3229a39c.tar.bz2 neko-857ac6caf70eff11f0770972a7619e4e3229a39c.zip |
better cookie handling
-rw-r--r-- | cmd/nekocrawl.go | 14 | ||||
-rw-r--r-- | cmd/nekoweb.go | 14 | ||||
-rw-r--r-- | web/web.go | 13 |
3 files changed, 6 insertions, 35 deletions
diff --git a/cmd/nekocrawl.go b/cmd/nekocrawl.go deleted file mode 100644 index 2852e4f..0000000 --- a/cmd/nekocrawl.go +++ /dev/null @@ -1,14 +0,0 @@ -package main - -import ( - "neko/config" - "neko/crawler" - "neko/models" - "os" -) - -func main() { - config.Read(os.Args[1]) - models.InitDB(config.Config.DBServer) - crawler.Crawl() -} diff --git a/cmd/nekoweb.go b/cmd/nekoweb.go deleted file mode 100644 index 0904a61..0000000 --- a/cmd/nekoweb.go +++ /dev/null @@ -1,14 +0,0 @@ -package main - -import ( - "neko/config" - "neko/models" - "neko/web" - "os" -) - -func main() { - config.Read(os.Args[1]) - models.InitDB(config.Config.DBServer) - web.Serve() -} @@ -97,6 +97,7 @@ func feedHandler(w http.ResponseWriter, r *http.Request) { } var AuthCookie = "auth" +var SecondsInAYear = 60*60*24*365 func loginHandler(w http.ResponseWriter, r *http.Request) { switch r.Method { @@ -106,11 +107,11 @@ func loginHandler(w http.ResponseWriter, r *http.Request) { password := r.FormValue("password") if password == config.Config.DigestPassword { v,_ := bcrypt.GenerateFromPassword([]byte(password), 0) - c := http.Cookie{ Name: AuthCookie, Value: string(v), Path: "/", MaxAge: 5000, HttpOnly:false } + c := http.Cookie{ Name: AuthCookie, Value: string(v), Path: "/", MaxAge: SecondsInAYear, HttpOnly:false } http.SetCookie(w, &c) - fmt.Fprintf(w, "you are logged in") + http.Redirect(w, r, "/", 307) } else { - http.Error(w, "nope", 401) + http.Error(w, "bad login", 401) } default: http.Error(w, "nope", 500) @@ -120,16 +121,14 @@ func loginHandler(w http.ResponseWriter, r *http.Request) { func logoutHandler(w http.ResponseWriter, r *http.Request) { c := http.Cookie{ Name: AuthCookie, MaxAge: 0, Path: "/", HttpOnly:false } http.SetCookie(w, &c) - fmt.Fprintf(w, "you are logged in") + fmt.Fprintf(w, "you are logged out") } func Authenticated(r *http.Request) bool { pc,err := r.Cookie("auth") - log.Printf("%v", pc) if err != nil { return false } - err = bcrypt.CompareHashAndPassword( []byte(pc.Value), []byte(config.Config.DigestPassword) ) if err == nil { return true @@ -142,7 +141,7 @@ func AuthWrap(wrapped http.HandlerFunc) http.HandlerFunc { if Authenticated(r) { wrapped(w, r) } else { - http.Error(w, "nope", 401) + http.Redirect(w, r, "/login/", 307) } } } |