diff --git a/go.mod b/go.mod
index 29efbf8..253aae2 100644
--- a/go.mod
+++ b/go.mod
github.com/bytedance/sonic/loader v0.4.0 // indirect
github.com/cloudwego/base64x v0.1.6 // indirect
github.com/gabriel-vasile/mimetype v1.4.11 // indirect
+ github.com/gin-contrib/sessions v1.0.4 // indirect
github.com/gin-contrib/sse v1.1.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.28.0 // indirect
github.com/goccy/go-json v0.10.5 // indirect
github.com/goccy/go-yaml v1.18.0 // indirect
+ github.com/gorilla/context v1.1.2 // indirect
+ github.com/gorilla/securecookie v1.1.2 // indirect
+ github.com/gorilla/sessions v1.4.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
diff --git a/go.sum b/go.sum
index f2d8c87..736e06e 100644
--- a/go.sum
+++ b/go.sum
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/gabriel-vasile/mimetype v1.4.11 h1:AQvxbp830wPhHTqc1u7nzoLT+ZFxGY7emj5DR5DYFik=
github.com/gabriel-vasile/mimetype v1.4.11/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gin-contrib/sessions v1.0.4 h1:ha6CNdpYiTOK/hTp05miJLbpTSNfOnFg5Jm2kbcqy8U=
+github.com/gin-contrib/sessions v1.0.4/go.mod h1:ccmkrb2z6iU2osiAHZG3x3J4suJK+OU27oqzlWOqQgs=
github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
+github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
+github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
new file mode 100644
index 0000000..2835071
--- /dev/null
+++ b/internal/auth/auth.go
+package auth
+
+import (
+ "github.com/gin-contrib/sessions"
+ "github.com/gin-gonic/gin"
+)
+
+func Login(c *gin.Context) {
+ c.HTML(200, "login.html", gin.H{})
+}
+
+func LoginPost(c *gin.Context) {
+ session := sessions.Default(c)
+ username := c.PostForm("username")
+ password := c.PostForm("password")
+ if password != "" && username != "" {
+ if username != "mirri" || password != "kissa" {
+ c.HTML(401, "login.html", gin.H{"Error": "Käyttäjää ei löytynyt"})
+ return
+ }
+
+ session.Set(userkey, username)
+ if err := session.Save(); err != nil {
+ c.HTML(500, "login.html", gin.H{"Error": "Ongelmissa"})
+ return
+ }
+ c.Redirect(302, "/")
+ return
+ }
+
+ c.HTML(200, "login.html", gin.H{})
+}
+
+func Logout(c *gin.Context) {
+ session := sessions.Default(c)
+ user := session.Get(userkey)
+ if user == nil {
+ c.Redirect(302, "/")
+ return
+ }
+ session.Delete(userkey)
+ if err := session.Save(); err != nil {
+ c.JSON(500, gin.H{"error": "session save failed"})
+ return
+ }
+ c.Redirect(302, "/")
+}
diff --git a/internal/auth/middleware.go b/internal/auth/middleware.go
new file mode 100644
index 0000000..1dcc899
--- /dev/null
+++ b/internal/auth/middleware.go
+package auth
+
+import (
+ "github.com/gin-contrib/sessions"
+ "github.com/gin-gonic/gin"
+)
+
+const userkey = "user"
+
+func AuthRequired(c *gin.Context) {
+ session := sessions.Default(c)
+
+ if user := session.Get(userkey); user == nil {
+ c.AbortWithStatusJSON(401, gin.H{"error": "unauthorized"})
+ return
+ }
+
+ c.Next()
+}
diff --git a/main.go b/main.go
index 431def0..c7caedf 100644
--- a/main.go
+++ b/main.go
package main
import (
+ "uutissivusto/internal/auth"
"uutissivusto/internal/database"
+ "github.com/gin-contrib/sessions"
+ "github.com/gin-contrib/sessions/cookie"
"github.com/gin-gonic/gin"
)
}
defer db.Close()
- router := gin.Default()
+ router := gin.New()
+ router.Use(gin.Logger())
+ router.Use(gin.Recovery())
router.Static("/static", "web/static/")
router.LoadHTMLGlob("web/templates/*")
+ // for auth middleware
+ store := cookie.NewStore([]byte("salaisuus"))
+ router.Use(sessions.Sessions("auth", store))
+
router.GET("/", func(c *gin.Context) {
articles, err := database.GetArticles(db)
if err != nil {
"Article": article,
"Categories": categories,
})
-
})
- router.Run()
+ router.GET("/kirjaudu", auth.Login)
+ router.POST("/kirjaudu", auth.LoginPost)
+ router.GET("/logout", auth.Logout)
+
+ authorized := router.Group("/admin")
+
+ authorized.Use(auth.AuthRequired)
+
+ authorized.GET("/luo", func(c *gin.Context) {
+ c.JSON(200, gin.H{"msg": "mirri"})
+ })
+ router.Run(":8080")
}
diff --git a/web/templates/login.html b/web/templates/login.html
new file mode 100644
index 0000000..6bd6b18
--- /dev/null
+++ b/web/templates/login.html
+<html>
+ <form action="" method="post">
+ <input type="text" name="username"/>
+ <input type="password" name="password">
+ <button type="submit">Kirjaudu</button>
+ </form>
+ {{if .Error}}
+ {{.Error}}
+ {{end}}
+
+</html>