diff options
Diffstat (limited to 'middleware/user_session.go')
-rw-r--r-- | middleware/user_session.go | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/middleware/user_session.go b/middleware/user_session.go new file mode 100644 index 0000000..2cb9f8a --- /dev/null +++ b/middleware/user_session.go @@ -0,0 +1,74 @@ +// Copyright 2017 Frédéric Guillot. All rights reserved. +// Use of this source code is governed by the Apache 2.0 +// license that can be found in the LICENSE file. + +package middleware + +import ( + "context" + "net/http" + + "github.com/miniflux/miniflux/http/cookie" + "github.com/miniflux/miniflux/http/route" + "github.com/miniflux/miniflux/logger" + "github.com/miniflux/miniflux/model" + + "github.com/gorilla/mux" +) + +// UserSession handles the user session middleware. +func (m *Middleware) UserSession(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + session := m.getSessionFromCookie(r) + + if session == nil { + logger.Debug("[Middleware:UserSession] Session not found") + if m.isPublicRoute(r) { + next.ServeHTTP(w, r) + } else { + http.Redirect(w, r, route.Path(m.router, "login"), http.StatusFound) + } + } else { + logger.Debug("[Middleware:UserSession] %s", session) + ctx := r.Context() + ctx = context.WithValue(ctx, UserIDContextKey, session.UserID) + ctx = context.WithValue(ctx, IsAuthenticatedContextKey, true) + ctx = context.WithValue(ctx, UserSessionTokenContextKey, session.Token) + + next.ServeHTTP(w, r.WithContext(ctx)) + } + }) +} + +func (m *Middleware) isPublicRoute(r *http.Request) bool { + route := mux.CurrentRoute(r) + switch route.GetName() { + case "login", + "checkLogin", + "stylesheet", + "javascript", + "oauth2Redirect", + "oauth2Callback", + "appIcon", + "favicon", + "webManifest": + return true + default: + return false + } +} + +func (m *Middleware) getSessionFromCookie(r *http.Request) *model.UserSession { + sessionCookie, err := r.Cookie(cookie.CookieUserSessionID) + if err == http.ErrNoCookie { + return nil + } + + session, err := m.store.UserSessionByToken(sessionCookie.Value) + if err != nil { + logger.Error("[Middleware:UserSession] %v", err) + return nil + } + + return session +} |