Inicio Explorar Ayuda
Iniciar sesión
LBP
/
miniflux_v2
espejo de https://github.com/miniflux/v2.git
4
0
Fork 0
Archivos Incidencias 0 Wiki
Árbol: cfc1f3eb69
Ramas Etiquetas
miniflux_v2
/
middleware
/
user_session.go

user_session.go 1.9 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. // Copyright 2017 Frédéric Guillot. All rights reserved.
    2. 

  2. // Use of this source code is governed by the Apache 2.0
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package middleware
    6. 

  6. 

  7. import (
    8. 

  8. 	"context"
    9. 

  9. 	"net/http"
    10. 

  10. 

  11. 	"github.com/miniflux/miniflux/http/cookie"
    12. 

  12. 	"github.com/miniflux/miniflux/http/request"
    13. 

  13. 	"github.com/miniflux/miniflux/http/response"
    14. 

  14. 	"github.com/miniflux/miniflux/http/route"
    15. 

  15. 	"github.com/miniflux/miniflux/logger"
    16. 

  16. 	"github.com/miniflux/miniflux/model"
    17. 

  17. 

  18. 	"github.com/gorilla/mux"
    19. 

  19. )
    20. 

  20. 

  21. // UserSession handles the user session middleware.
    22. 

  22. func (m *Middleware) UserSession(next http.Handler) http.Handler {
    23. 

  23. 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    24. 

  24. 		session := m.getUserSessionFromCookie(r)
    25. 

  25. 

  26. 		if session == nil {
    27. 

  27. 			logger.Debug("[Middleware:UserSession] Session not found")
    28. 

  28. 			if m.isPublicRoute(r) {
    29. 

  29. 				next.ServeHTTP(w, r)
    30. 

  30. 			} else {
    31. 

  31. 				response.Redirect(w, r, route.Path(m.router, "login"))
    32. 

  32. 			}
    33. 

  33. 		} else {
    34. 

  34. 			logger.Debug("[Middleware:UserSession] %s", session)
    35. 

  35. 

  36. 			ctx := r.Context()
    37. 

  37. 			ctx = context.WithValue(ctx, UserIDContextKey, session.UserID)
    38. 

  38. 			ctx = context.WithValue(ctx, IsAuthenticatedContextKey, true)
    39. 

  39. 			ctx = context.WithValue(ctx, UserSessionTokenContextKey, session.Token)
    40. 

  40. 

  41. 			next.ServeHTTP(w, r.WithContext(ctx))
    42. 

  42. 		}
    43. 

  43. 	})
    44. 

  44. }
    45. 

  45. 

  46. func (m *Middleware) isPublicRoute(r *http.Request) bool {
    47. 

  47. 	route := mux.CurrentRoute(r)
    48. 

  48. 	switch route.GetName() {
    49. 

  49. 	case "login",
    50. 

  50. 		"checkLogin",
    51. 

  51. 		"stylesheet",
    52. 

  52. 		"javascript",
    53. 

  53. 		"oauth2Redirect",
    54. 

  54. 		"oauth2Callback",
    55. 

  55. 		"appIcon",
    56. 

  56. 		"favicon",
    57. 

  57. 		"webManifest":
    58. 

  58. 		return true
    59. 

  59. 	default:
    60. 

  60. 		return false
    61. 

  61. 	}
    62. 

  62. }
    63. 

  63. 

  64. func (m *Middleware) getUserSessionFromCookie(r *http.Request) *model.UserSession {
    65. 

  65. 	cookieValue := request.Cookie(r, cookie.CookieUserSessionID)
    66. 

  66. 	if cookieValue == "" {
    67. 

  67. 		return nil
    68. 

  68. 	}
    69. 

  69. 

  70. 	session, err := m.store.UserSessionByToken(cookieValue)
    71. 

  71. 	if err != nil {
    72. 

  72. 		logger.Error("[Middleware:UserSession] %v", err)
    73. 

  73. 		return nil
    74. 

  74. 	}
    75. 

  75. 

  76. 	return session
    77. 

  77. }
    78.