From 857ac6caf70eff11f0770972a7619e4e3229a39c Mon Sep 17 00:00:00 2001 From: Adam Mathes Date: Thu, 26 Jan 2017 20:09:14 -0800 Subject: better cookie handling --- cmd/nekocrawl.go | 14 -------------- cmd/nekoweb.go | 14 -------------- web/web.go | 13 ++++++------- 3 files changed, 6 insertions(+), 35 deletions(-) delete mode 100644 cmd/nekocrawl.go delete mode 100644 cmd/nekoweb.go diff --git a/cmd/nekocrawl.go b/cmd/nekocrawl.go deleted file mode 100644 index 2852e4f..0000000 --- a/cmd/nekocrawl.go +++ /dev/null @@ -1,14 +0,0 @@ -package main - -import ( - "neko/config" - "neko/crawler" - "neko/models" - "os" -) - -func main() { - config.Read(os.Args[1]) - models.InitDB(config.Config.DBServer) - crawler.Crawl() -} diff --git a/cmd/nekoweb.go b/cmd/nekoweb.go deleted file mode 100644 index 0904a61..0000000 --- a/cmd/nekoweb.go +++ /dev/null @@ -1,14 +0,0 @@ -package main - -import ( - "neko/config" - "neko/models" - "neko/web" - "os" -) - -func main() { - config.Read(os.Args[1]) - models.InitDB(config.Config.DBServer) - web.Serve() -} diff --git a/web/web.go b/web/web.go index c5440cf..2cb9669 100644 --- a/web/web.go +++ b/web/web.go @@ -97,6 +97,7 @@ func feedHandler(w http.ResponseWriter, r *http.Request) { } var AuthCookie = "auth" +var SecondsInAYear = 60*60*24*365 func loginHandler(w http.ResponseWriter, r *http.Request) { switch r.Method { @@ -106,11 +107,11 @@ func loginHandler(w http.ResponseWriter, r *http.Request) { password := r.FormValue("password") if password == config.Config.DigestPassword { v,_ := bcrypt.GenerateFromPassword([]byte(password), 0) - c := http.Cookie{ Name: AuthCookie, Value: string(v), Path: "/", MaxAge: 5000, HttpOnly:false } + c := http.Cookie{ Name: AuthCookie, Value: string(v), Path: "/", MaxAge: SecondsInAYear, HttpOnly:false } http.SetCookie(w, &c) - fmt.Fprintf(w, "you are logged in") + http.Redirect(w, r, "/", 307) } else { - http.Error(w, "nope", 401) + http.Error(w, "bad login", 401) } default: http.Error(w, "nope", 500) @@ -120,16 +121,14 @@ func loginHandler(w http.ResponseWriter, r *http.Request) { func logoutHandler(w http.ResponseWriter, r *http.Request) { c := http.Cookie{ Name: AuthCookie, MaxAge: 0, Path: "/", HttpOnly:false } http.SetCookie(w, &c) - fmt.Fprintf(w, "you are logged in") + fmt.Fprintf(w, "you are logged out") } func Authenticated(r *http.Request) bool { pc,err := r.Cookie("auth") - log.Printf("%v", pc) if err != nil { return false } - err = bcrypt.CompareHashAndPassword( []byte(pc.Value), []byte(config.Config.DigestPassword) ) if err == nil { return true @@ -142,7 +141,7 @@ func AuthWrap(wrapped http.HandlerFunc) http.HandlerFunc { if Authenticated(r) { wrapped(w, r) } else { - http.Error(w, "nope", 401) + http.Redirect(w, r, "/login/", 307) } } } -- cgit v1.2.3