github.com/EngineerKamesh/gofullstack@v0.0.0-20180609171605-d41341d7d4ee/volume3/section5/gopherface/common/authenticate/cookie.go (about) 1 package authenticate 2 3 import ( 4 "log" 5 "net/http" 6 "os" 7 "time" 8 9 "github.com/EngineerKamesh/gofullstack/volume3/section5/gopherface/models" 10 11 "github.com/gorilla/securecookie" 12 ) 13 14 var hashKey []byte 15 var blockKey []byte 16 var s *securecookie.SecureCookie 17 18 func CreateSecureCookie(u *models.User, sessionID string, w http.ResponseWriter, r *http.Request) error { 19 20 value := map[string]string{ 21 "username": u.Username, 22 "sid": sessionID, 23 } 24 25 if encoded, err := s.Encode("session", value); err == nil { 26 cookie := &http.Cookie{ 27 Name: "session", 28 Value: encoded, 29 Path: "/", 30 Secure: true, 31 HttpOnly: true, 32 } 33 34 http.SetCookie(w, cookie) 35 } else { 36 log.Print(err) 37 return err 38 } 39 40 return nil 41 42 } 43 44 func ReadSecureCookieValues(w http.ResponseWriter, r *http.Request) (map[string]string, error) { 45 if cookie, err := r.Cookie("session"); err == nil { 46 value := make(map[string]string) 47 if err = s.Decode("session", cookie.Value, &value); err == nil { 48 return value, nil 49 } else { 50 return nil, err 51 } 52 } else { 53 return nil, nil 54 } 55 } 56 57 func ExpireSecureCookie(w http.ResponseWriter, r *http.Request) { 58 59 cookie := &http.Cookie{ 60 Name: "session", 61 Value: "", 62 Path: "/", 63 MaxAge: -1, 64 } 65 w.Header().Set("Cache-Control", "no-cache, private, max-age=0") 66 w.Header().Set("Expires", time.Unix(0, 0).Format(http.TimeFormat)) 67 w.Header().Set("Pragma", "no-cache") 68 w.Header().Set("X-Accel-Expires", "0") 69 70 http.SetCookie(w, cookie) 71 http.Redirect(w, r, "/login", 301) 72 } 73 74 func init() { 75 76 hashKey = []byte(os.Getenv("GOPHERFACE_HASH_KEY")) 77 blockKey = []byte(os.Getenv("GOPHERFACE_BLOCK_KEY")) 78 79 s = securecookie.New(hashKey, blockKey) 80 }