From 903060c8a252c2f8004078271db2e5efd0702984 Mon Sep 17 00:00:00 2001 From: Luka Hietala Date: Mon, 24 Nov 2025 19:36:58 +0200 Subject: [PATCH] =?UTF-8?q?simppeli=20auth=20middleware=20ja=20kirjaudu=20?= =?UTF-8?q?sis=C3=A4=C3=A4n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- go.mod | 4 ++++ go.sum | 8 +++++++ internal/auth/auth.go | 47 +++++++++++++++++++++++++++++++++++++ internal/auth/middleware.go | 19 +++++++++++++++ main.go | 25 +++++++++++++++++--- web/templates/login.html | 11 +++++++++ 6 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 internal/auth/auth.go create mode 100644 internal/auth/middleware.go create mode 100644 web/templates/login.html diff --git a/go.mod b/go.mod index 29efbf8..253aae2 100644 --- a/go.mod +++ b/go.mod @@ -14,12 +14,16 @@ require ( github.com/bytedance/sonic/loader v0.4.0 // indirect github.com/cloudwego/base64x v0.1.6 // indirect github.com/gabriel-vasile/mimetype v1.4.11 // indirect + github.com/gin-contrib/sessions v1.0.4 // indirect github.com/gin-contrib/sse v1.1.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/go-playground/validator/v10 v10.28.0 // indirect github.com/goccy/go-json v0.10.5 // indirect github.com/goccy/go-yaml v1.18.0 // indirect + github.com/gorilla/context v1.1.2 // indirect + github.com/gorilla/securecookie v1.1.2 // indirect + github.com/gorilla/sessions v1.4.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/cpuid/v2 v2.3.0 // indirect github.com/leodido/go-urn v1.4.0 // indirect diff --git a/go.sum b/go.sum index f2d8c87..736e06e 100644 --- a/go.sum +++ b/go.sum @@ -13,6 +13,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/gabriel-vasile/mimetype v1.4.11 h1:AQvxbp830wPhHTqc1u7nzoLT+ZFxGY7emj5DR5DYFik= github.com/gabriel-vasile/mimetype v1.4.11/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s= +github.com/gin-contrib/sessions v1.0.4 h1:ha6CNdpYiTOK/hTp05miJLbpTSNfOnFg5Jm2kbcqy8U= +github.com/gin-contrib/sessions v1.0.4/go.mod h1:ccmkrb2z6iU2osiAHZG3x3J4suJK+OU27oqzlWOqQgs= github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w= github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM= github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk= @@ -34,6 +36,12 @@ github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7Lk github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o= +github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM= +github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= +github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= +github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ= +github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= diff --git a/internal/auth/auth.go b/internal/auth/auth.go new file mode 100644 index 0000000..2835071 --- /dev/null +++ b/internal/auth/auth.go @@ -0,0 +1,47 @@ +package auth + +import ( + "github.com/gin-contrib/sessions" + "github.com/gin-gonic/gin" +) + +func Login(c *gin.Context) { + c.HTML(200, "login.html", gin.H{}) +} + +func LoginPost(c *gin.Context) { + session := sessions.Default(c) + username := c.PostForm("username") + password := c.PostForm("password") + if password != "" && username != "" { + if username != "mirri" || password != "kissa" { + c.HTML(401, "login.html", gin.H{"Error": "Käyttäjää ei löytynyt"}) + return + } + + session.Set(userkey, username) + if err := session.Save(); err != nil { + c.HTML(500, "login.html", gin.H{"Error": "Ongelmissa"}) + return + } + c.Redirect(302, "/") + return + } + + c.HTML(200, "login.html", gin.H{}) +} + +func Logout(c *gin.Context) { + session := sessions.Default(c) + user := session.Get(userkey) + if user == nil { + c.Redirect(302, "/") + return + } + session.Delete(userkey) + if err := session.Save(); err != nil { + c.JSON(500, gin.H{"error": "session save failed"}) + return + } + c.Redirect(302, "/") +} diff --git a/internal/auth/middleware.go b/internal/auth/middleware.go new file mode 100644 index 0000000..1dcc899 --- /dev/null +++ b/internal/auth/middleware.go @@ -0,0 +1,19 @@ +package auth + +import ( + "github.com/gin-contrib/sessions" + "github.com/gin-gonic/gin" +) + +const userkey = "user" + +func AuthRequired(c *gin.Context) { + session := sessions.Default(c) + + if user := session.Get(userkey); user == nil { + c.AbortWithStatusJSON(401, gin.H{"error": "unauthorized"}) + return + } + + c.Next() +} diff --git a/main.go b/main.go index 431def0..c7caedf 100644 --- a/main.go +++ b/main.go @@ -1,8 +1,11 @@ package main import ( + "uutissivusto/internal/auth" "uutissivusto/internal/database" + "github.com/gin-contrib/sessions" + "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" ) @@ -14,10 +17,16 @@ func main() { } defer db.Close() - router := gin.Default() + router := gin.New() + router.Use(gin.Logger()) + router.Use(gin.Recovery()) router.Static("/static", "web/static/") router.LoadHTMLGlob("web/templates/*") + // for auth middleware + store := cookie.NewStore([]byte("salaisuus")) + router.Use(sessions.Sessions("auth", store)) + router.GET("/", func(c *gin.Context) { articles, err := database.GetArticles(db) if err != nil { @@ -80,9 +89,19 @@ func main() { "Article": article, "Categories": categories, }) - }) - router.Run() + router.GET("/kirjaudu", auth.Login) + router.POST("/kirjaudu", auth.LoginPost) + router.GET("/logout", auth.Logout) + + authorized := router.Group("/admin") + + authorized.Use(auth.AuthRequired) + + authorized.GET("/luo", func(c *gin.Context) { + c.JSON(200, gin.H{"msg": "mirri"}) + }) + router.Run(":8080") } diff --git a/web/templates/login.html b/web/templates/login.html new file mode 100644 index 0000000..6bd6b18 --- /dev/null +++ b/web/templates/login.html @@ -0,0 +1,11 @@ + +
+ + + +
+ {{if .Error}} + {{.Error}} + {{end}} + + -- 2.47.3