aboutsummaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/web.go13
1 files changed, 6 insertions, 7 deletions
diff --git a/web/web.go b/web/web.go
index c5440cf..2cb9669 100644
--- a/web/web.go
+++ b/web/web.go
@@ -97,6 +97,7 @@ func feedHandler(w http.ResponseWriter, r *http.Request) {
}
var AuthCookie = "auth"
+var SecondsInAYear = 60*60*24*365
func loginHandler(w http.ResponseWriter, r *http.Request) {
switch r.Method {
@@ -106,11 +107,11 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
password := r.FormValue("password")
if password == config.Config.DigestPassword {
v,_ := bcrypt.GenerateFromPassword([]byte(password), 0)
- c := http.Cookie{ Name: AuthCookie, Value: string(v), Path: "/", MaxAge: 5000, HttpOnly:false }
+ c := http.Cookie{ Name: AuthCookie, Value: string(v), Path: "/", MaxAge: SecondsInAYear, HttpOnly:false }
http.SetCookie(w, &c)
- fmt.Fprintf(w, "you are logged in")
+ http.Redirect(w, r, "/", 307)
} else {
- http.Error(w, "nope", 401)
+ http.Error(w, "bad login", 401)
}
default:
http.Error(w, "nope", 500)
@@ -120,16 +121,14 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
func logoutHandler(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ Name: AuthCookie, MaxAge: 0, Path: "/", HttpOnly:false }
http.SetCookie(w, &c)
- fmt.Fprintf(w, "you are logged in")
+ fmt.Fprintf(w, "you are logged out")
}
func Authenticated(r *http.Request) bool {
pc,err := r.Cookie("auth")
- log.Printf("%v", pc)
if err != nil {
return false
}
-
err = bcrypt.CompareHashAndPassword( []byte(pc.Value), []byte(config.Config.DigestPassword) )
if err == nil {
return true
@@ -142,7 +141,7 @@ func AuthWrap(wrapped http.HandlerFunc) http.HandlerFunc {
if Authenticated(r) {
wrapped(w, r)
} else {
- http.Error(w, "nope", 401)
+ http.Redirect(w, r, "/login/", 307)
}
}
}