├── .gitignore ├── LICENSE ├── README.md ├── ab_views └── html-templates │ └── register.tpl ├── blog.go ├── blogs.go ├── debug.go ├── go.mod ├── go.sum ├── middleware.go ├── storer.go └── views ├── edit.html.tpl ├── index.html.tpl ├── layout.html.tpl ├── new.html.tpl └── partials └── _form.html.tpl /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled Object files, Static and Dynamic libs (Shared Objects) 2 | *.o 3 | *.a 4 | *.so 5 | 6 | # Folders 7 | _obj 8 | _test 9 | 10 | # Architecture specific extensions/prefixes 11 | *.[568vq] 12 | [568vq].out 13 | 14 | *.cgo1.go 15 | *.cgo2.c 16 | _cgo_defun.c 17 | _cgo_gotypes.go 18 | _cgo_export.* 19 | 20 | _testmain.go 21 | 22 | *.exe 23 | *.test 24 | *.prof 25 | 26 | 27 | .idea/ 28 | *.iml 29 | 30 | oauth2.toml 31 | authboss-sample 32 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Kris Runzer, Aaron Lefkowitz 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Authboss Sample 2 | A sample implementation of authboss. 3 | 4 | This is a simple blogging engine with a few basic features: 5 | 6 | - Authentication provided by Authboss (all modules enabled with the exception of expire) 7 | - Some examples of overridden Authboss views. 8 | - CRUD for an in-memory storage of blogs. 9 | - Flash Messages 10 | - CSRF Protection (including authboss routes) 11 | - Support for API style JSON requests and responses (-api flag) 12 | - Various levels of debugging to see what's going wrong (-debug* flags) 13 | 14 | Uses the following default libraries: 15 | 16 | - https://github.com/volatiletech/authboss-renderer 17 | - https://github.com/volatiletech/authboss-clientstate 18 | 19 | # Disclaimer 20 | 21 | This sample is **NOT** a seed project. Do not use it as one. 22 | It is used as an example of how to use the Authboss API. This means if 23 | you copy-paste code from this sample you are likely opening yourself 24 | up to various security holes, bad practice, and bad design. 25 | It's a demonstration of the surface API of Authboss and how the library 26 | can be used to make a functioning web project. 27 | -------------------------------------------------------------------------------- /ab_views/html-templates/register.tpl: -------------------------------------------------------------------------------- 1 |
2 | {{with .errors}}{{with (index . "")}}{{range .}}{{.}}
{{end}}{{end}}{{end -}} 3 | 4 |
5 | {{with .errors}}{{range .name}}{{.}}
{{end}}{{end -}} 6 | 7 |
8 | {{with .errors}}{{range .email}}{{.}}
{{end}}{{end -}} 9 | 10 |
11 | {{with .errors}}{{range .password}}{{.}}
{{end}}{{end -}} 12 | 13 |
14 | {{with .errors}}{{range .confirm_password}}{{.}}
{{end}}{{end -}} 15 |
16 | Cancel 17 | 18 | {{with .csrf_token}}{{end}} 19 |
20 | -------------------------------------------------------------------------------- /blog.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "context" 5 | "encoding/base64" 6 | "encoding/json" 7 | "flag" 8 | "fmt" 9 | "html/template" 10 | "io/ioutil" 11 | "log" 12 | "net/http" 13 | "os" 14 | "regexp" 15 | "strconv" 16 | "time" 17 | 18 | "github.com/BurntSushi/toml" 19 | "github.com/volatiletech/authboss/v3" 20 | _ "github.com/volatiletech/authboss/v3/auth" 21 | "github.com/volatiletech/authboss/v3/confirm" 22 | "github.com/volatiletech/authboss/v3/defaults" 23 | "github.com/volatiletech/authboss/v3/lock" 24 | _ "github.com/volatiletech/authboss/v3/logout" 25 | aboauth "github.com/volatiletech/authboss/v3/oauth2" 26 | "github.com/volatiletech/authboss/v3/otp/twofactor" 27 | "github.com/volatiletech/authboss/v3/otp/twofactor/sms2fa" 28 | "github.com/volatiletech/authboss/v3/otp/twofactor/totp2fa" 29 | _ "github.com/volatiletech/authboss/v3/recover" 30 | _ "github.com/volatiletech/authboss/v3/register" 31 | "github.com/volatiletech/authboss/v3/remember" 32 | 33 | "github.com/volatiletech/authboss-clientstate" 34 | "github.com/volatiletech/authboss-renderer" 35 | 36 | "golang.org/x/oauth2" 37 | "golang.org/x/oauth2/google" 38 | 39 | "github.com/aarondl/tpl" 40 | "github.com/go-chi/chi" 41 | "github.com/gorilla/schema" 42 | "github.com/gorilla/sessions" 43 | "github.com/justinas/nosurf" 44 | ) 45 | 46 | var funcs = template.FuncMap{ 47 | "formatDate": func(date time.Time) string { 48 | return date.Format("2006/01/02 03:04pm") 49 | }, 50 | "yield": func() string { return "" }, 51 | } 52 | 53 | var ( 54 | flagDebug = flag.Bool("debug", false, "output debugging information") 55 | flagDebugDB = flag.Bool("debugdb", false, "output database on each request") 56 | flagDebugCTX = flag.Bool("debugctx", false, "output specific authboss related context keys on each request") 57 | flagAPI = flag.Bool("api", false, "configure the app to be an api instead of an html app") 58 | ) 59 | 60 | var ( 61 | ab = authboss.New() 62 | database = NewMemStorer() 63 | schemaDec = schema.NewDecoder() 64 | 65 | sessionStore abclientstate.SessionStorer 66 | cookieStore abclientstate.CookieStorer 67 | 68 | templates tpl.Templates 69 | ) 70 | 71 | const ( 72 | sessionCookieName = "ab_blog" 73 | ) 74 | 75 | func setupAuthboss() { 76 | ab.Config.Paths.RootURL = "http://localhost:3000" 77 | 78 | if !*flagAPI { 79 | // Prevent us from having to use Javascript in our basic HTML 80 | // to create a delete method, but don't override this default for the API 81 | // version 82 | ab.Config.Modules.LogoutMethod = "GET" 83 | } 84 | 85 | // Set up our server, session and cookie storage mechanisms. 86 | // These are all from this package since the burden is on the 87 | // implementer for these. 88 | ab.Config.Storage.Server = database 89 | ab.Config.Storage.SessionState = sessionStore 90 | ab.Config.Storage.CookieState = cookieStore 91 | 92 | // Another piece that we're responsible for: Rendering views. 93 | // Though note that we're using the authboss-renderer package 94 | // that makes the normal thing a bit easier. 95 | if *flagAPI { 96 | ab.Config.Core.ViewRenderer = defaults.JSONRenderer{} 97 | } else { 98 | ab.Config.Core.ViewRenderer = abrenderer.NewHTML("/auth", "ab_views") 99 | } 100 | 101 | // We render mail with the authboss-renderer but we use a LogMailer 102 | // which simply sends the e-mail to stdout. 103 | ab.Config.Core.MailRenderer = abrenderer.NewEmail("/auth", "ab_views") 104 | 105 | // The preserve fields are things we don't want to 106 | // lose when we're doing user registration (prevents having 107 | // to type them again) 108 | ab.Config.Modules.RegisterPreserveFields = []string{"email", "name"} 109 | 110 | // TOTP2FAIssuer is the name of the issuer we use for totp 2fa 111 | ab.Config.Modules.TOTP2FAIssuer = "ABBlog" 112 | ab.Config.Modules.ResponseOnUnauthed = authboss.RespondRedirect 113 | 114 | // Turn on e-mail authentication required 115 | ab.Config.Modules.TwoFactorEmailAuthRequired = true 116 | 117 | // This instantiates and uses every default implementation 118 | // in the Config.Core area that exist in the defaults package. 119 | // Just a convenient helper if you don't want to do anything fancy. 120 | defaults.SetCore(&ab.Config, *flagAPI, false) 121 | 122 | // Here we initialize the bodyreader as something customized in order to accept a name 123 | // parameter for our user as well as the standard e-mail and password. 124 | // 125 | // We also change the validation for these fields 126 | // to be something less secure so that we can use test data easier. 127 | emailRule := defaults.Rules{ 128 | FieldName: "email", Required: true, 129 | MatchError: "Must be a valid e-mail address", 130 | MustMatch: regexp.MustCompile(`.*@.*\.[a-z]+`), 131 | } 132 | passwordRule := defaults.Rules{ 133 | FieldName: "password", Required: true, 134 | MinLength: 4, 135 | } 136 | nameRule := defaults.Rules{ 137 | FieldName: "name", Required: true, 138 | MinLength: 2, 139 | } 140 | 141 | ab.Config.Core.BodyReader = defaults.HTTPBodyReader{ 142 | ReadJSON: *flagAPI, 143 | Rulesets: map[string][]defaults.Rules{ 144 | "register": {emailRule, passwordRule, nameRule}, 145 | "recover_end": {passwordRule}, 146 | }, 147 | Confirms: map[string][]string{ 148 | "register": {"password", authboss.ConfirmPrefix + "password"}, 149 | "recover_end": {"password", authboss.ConfirmPrefix + "password"}, 150 | }, 151 | Whitelist: map[string][]string{ 152 | "register": {"email", "name", "password"}, 153 | }, 154 | } 155 | 156 | oauthcreds := struct { 157 | ClientID string `toml:"client_id"` 158 | ClientSecret string `toml:"client_secret"` 159 | }{} 160 | 161 | // Set up 2fa 162 | twofaRecovery := &twofactor.Recovery{Authboss: ab} 163 | if err := twofaRecovery.Setup(); err != nil { 164 | panic(err) 165 | } 166 | 167 | totp := &totp2fa.TOTP{Authboss: ab} 168 | if err := totp.Setup(); err != nil { 169 | panic(err) 170 | } 171 | 172 | sms := &sms2fa.SMS{Authboss: ab, Sender: smsLogSender{}} 173 | if err := sms.Setup(); err != nil { 174 | panic(err) 175 | } 176 | 177 | // Set up Google OAuth2 if we have credentials in the 178 | // file oauth2.toml for it. 179 | _, err := toml.DecodeFile("oauth2.toml", &oauthcreds) 180 | if err == nil && len(oauthcreds.ClientID) != 0 && len(oauthcreds.ClientSecret) != 0 { 181 | fmt.Println("oauth2.toml exists, configuring google oauth2") 182 | ab.Config.Modules.OAuth2Providers = map[string]authboss.OAuth2Provider{ 183 | "google": { 184 | OAuth2Config: &oauth2.Config{ 185 | ClientID: oauthcreds.ClientID, 186 | ClientSecret: oauthcreds.ClientSecret, 187 | Scopes: []string{`profile`, `email`}, 188 | Endpoint: google.Endpoint, 189 | }, 190 | FindUserDetails: aboauth.GoogleUserDetails, 191 | }, 192 | } 193 | } else if os.IsNotExist(err) { 194 | fmt.Println("oauth2.toml doesn't exist, not registering oauth2 handling") 195 | } else { 196 | fmt.Println("error loading oauth2.toml:", err) 197 | } 198 | 199 | // Initialize authboss (instantiate modules etc.) 200 | if err := ab.Init(); err != nil { 201 | panic(err) 202 | } 203 | } 204 | 205 | func main() { 206 | flag.Parse() 207 | 208 | // Load our application's templates 209 | if !*flagAPI { 210 | templates = tpl.Must(tpl.Load("views", "views/partials", "layout.html.tpl", funcs)) 211 | } 212 | 213 | // Initialize Sessions and Cookies 214 | // Typically gorilla securecookie and sessions packages require 215 | // highly random secret keys that are not divulged to the public. 216 | // 217 | // In this example we use keys generated one time (if these keys ever become 218 | // compromised the gorilla libraries allow for key rotation, see gorilla docs) 219 | // The keys are 64-bytes as recommended for HMAC keys as per the gorilla docs. 220 | // 221 | // These values MUST be changed for any new project as these keys are already "compromised" 222 | // as they're in the public domain, if you do not change these your application will have a fairly 223 | // wide-opened security hole. You can generate your own with the code below, or using whatever method 224 | // you prefer: 225 | // 226 | // func main() { 227 | // fmt.Println(base64.StdEncoding.EncodeToString(securecookie.GenerateRandomKey(64))) 228 | // } 229 | // 230 | // We store them in base64 in the example to make it easy if we wanted to move them later to 231 | // a configuration environment var or file. 232 | cookieStoreKey, _ := base64.StdEncoding.DecodeString(`NpEPi8pEjKVjLGJ6kYCS+VTCzi6BUuDzU0wrwXyf5uDPArtlofn2AG6aTMiPmN3C909rsEWMNqJqhIVPGP3Exg==`) 233 | sessionStoreKey, _ := base64.StdEncoding.DecodeString(`AbfYwmmt8UCwUuhd9qvfNA9UCuN1cVcKJN1ofbiky6xCyyBj20whe40rJa3Su0WOWLWcPpO1taqJdsEI/65+JA==`) 234 | cookieStore = abclientstate.NewCookieStorer(cookieStoreKey, nil) 235 | cookieStore.HTTPOnly = false 236 | cookieStore.Secure = false 237 | sessionStore = abclientstate.NewSessionStorer(sessionCookieName, sessionStoreKey, nil) 238 | cstore := sessionStore.Store.(*sessions.CookieStore) 239 | cstore.Options.HttpOnly = false 240 | cstore.Options.Secure = false 241 | cstore.MaxAge(int((30 * 24 * time.Hour) / time.Second)) 242 | 243 | // Initialize authboss 244 | setupAuthboss() 245 | 246 | // Set up our router 247 | schemaDec.IgnoreUnknownKeys(true) 248 | 249 | mux := chi.NewRouter() 250 | // The middlewares we're using: 251 | // - logger just does basic logging of requests and debug info 252 | // - nosurfing is a more verbose wrapper around csrf handling 253 | // - LoadClientStateMiddleware is required for session/cookie stuff 254 | // - remember middleware logs users in if they have a remember token 255 | // - dataInjector is for putting data into the request context we need for our template layout 256 | mux.Use(logger, nosurfing, ab.LoadClientStateMiddleware, remember.Middleware(ab), dataInjector) 257 | 258 | // Authed routes 259 | mux.Group(func(mux chi.Router) { 260 | mux.Use(authboss.Middleware2(ab, authboss.RequireNone, authboss.RespondUnauthorized), lock.Middleware(ab), confirm.Middleware(ab)) 261 | mux.MethodFunc("GET", "/blogs/new", newblog) 262 | mux.MethodFunc("GET", "/blogs/{id}/edit", edit) 263 | mux.MethodFunc("POST", "/blogs/{id}/edit", update) 264 | mux.MethodFunc("POST", "/blogs/new", create) 265 | // This should actually be a DELETE but can't be bothered to make a proper 266 | // destroy link using javascript atm. See where AB allows you to configure 267 | // the logout HTTP method. 268 | mux.MethodFunc("GET", "/blogs/{id}/destroy", destroy) 269 | }) 270 | 271 | // Routes 272 | mux.Group(func(mux chi.Router) { 273 | mux.Use(authboss.ModuleListMiddleware(ab)) 274 | mux.Mount("/auth", http.StripPrefix("/auth", ab.Config.Core.Router)) 275 | }) 276 | mux.Get("/blogs", index) 277 | mux.Get("/", index) 278 | 279 | if *flagAPI { 280 | // In order to have a "proper" API with csrf protection we allow 281 | // the options request to return the csrf token that's required to complete the request 282 | // when using post 283 | optionsHandler := func(w http.ResponseWriter, r *http.Request) { 284 | w.Header().Set("X-CSRF-TOKEN", nosurf.Token(r)) 285 | w.WriteHeader(http.StatusOK) 286 | } 287 | 288 | // We have to add each of the authboss get/post routes specifically because 289 | // chi sees the 'Mount' above as overriding the '/*' pattern. 290 | routes := []string{"login", "logout", "recover", "recover/end", "register"} 291 | mux.MethodFunc("OPTIONS", "/*", optionsHandler) 292 | for _, r := range routes { 293 | mux.MethodFunc("OPTIONS", "/auth/"+r, optionsHandler) 294 | } 295 | } 296 | 297 | // Start the server 298 | port := os.Getenv("PORT") 299 | if len(port) == 0 { 300 | port = "3000" 301 | } 302 | log.Printf("Listening on localhost: %s", port) 303 | log.Println(http.ListenAndServe("localhost:"+port, mux)) 304 | } 305 | 306 | func dataInjector(handler http.Handler) http.Handler { 307 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 308 | data := layoutData(w, &r) 309 | r = r.WithContext(context.WithValue(r.Context(), authboss.CTXKeyData, data)) 310 | handler.ServeHTTP(w, r) 311 | }) 312 | } 313 | 314 | // layoutData is passing pointers to pointers be able to edit the current pointer 315 | // to the request. This is still safe as it still creates a new request and doesn't 316 | // modify the old one, it just modifies what we're pointing to in our methods so 317 | // we're able to skip returning an *http.Request everywhere 318 | func layoutData(w http.ResponseWriter, r **http.Request) authboss.HTMLData { 319 | currentUserName := "" 320 | userInter, err := ab.LoadCurrentUser(r) 321 | if userInter != nil && err == nil { 322 | currentUserName = userInter.(*User).Name 323 | } 324 | 325 | return authboss.HTMLData{ 326 | "loggedin": userInter != nil, 327 | "current_user_name": currentUserName, 328 | "csrf_token": nosurf.Token(*r), 329 | "flash_success": authboss.FlashSuccess(w, *r), 330 | "flash_error": authboss.FlashError(w, *r), 331 | } 332 | } 333 | 334 | func index(w http.ResponseWriter, r *http.Request) { 335 | mustRender(w, r, "index", authboss.HTMLData{"posts": blogs}) 336 | } 337 | 338 | func newblog(w http.ResponseWriter, r *http.Request) { 339 | mustRender(w, r, "new", authboss.HTMLData{"post": Blog{}}) 340 | } 341 | 342 | var nextID = len(blogs) + 1 343 | 344 | func create(w http.ResponseWriter, r *http.Request) { 345 | // TODO: Validation 346 | 347 | var b Blog 348 | if *flagAPI { 349 | byt, err := ioutil.ReadAll(r.Body) 350 | _ = r.Body.Close() 351 | if badRequest(w, err) { 352 | return 353 | } 354 | 355 | if badRequest(w, json.Unmarshal(byt, &b)) { 356 | return 357 | } 358 | } else { 359 | err := r.ParseForm() 360 | if badRequest(w, err) { 361 | return 362 | } 363 | 364 | if badRequest(w, schemaDec.Decode(&b, r.PostForm)) { 365 | return 366 | } 367 | } 368 | 369 | abuser := ab.CurrentUserP(r) 370 | user := abuser.(*User) 371 | 372 | b.ID = nextID 373 | nextID++ 374 | b.Date = time.Now() 375 | b.AuthorID = user.Name 376 | 377 | blogs = append(blogs, b) 378 | 379 | if *flagAPI { 380 | w.WriteHeader(http.StatusOK) 381 | return 382 | } 383 | 384 | redirect(w, r, "/") 385 | } 386 | 387 | func edit(w http.ResponseWriter, r *http.Request) { 388 | id, ok := blogID(w, r) 389 | if !ok { 390 | return 391 | } 392 | 393 | mustRender(w, r, "edit", authboss.HTMLData{"post": blogs.Get(id)}) 394 | } 395 | 396 | func update(w http.ResponseWriter, r *http.Request) { 397 | id, ok := blogID(w, r) 398 | if !ok { 399 | return 400 | } 401 | 402 | // TODO: Validation 403 | 404 | var b = blogs.Get(id) 405 | 406 | if *flagAPI { 407 | byt, err := ioutil.ReadAll(r.Body) 408 | _ = r.Body.Close() 409 | if badRequest(w, err) { 410 | return 411 | } 412 | 413 | if badRequest(w, json.Unmarshal(byt, &b)) { 414 | return 415 | } 416 | } else { 417 | err := r.ParseForm() 418 | if badRequest(w, err) { 419 | return 420 | } 421 | if badRequest(w, schemaDec.Decode(b, r.PostForm)) { 422 | return 423 | } 424 | } 425 | 426 | b.Date = time.Now() 427 | 428 | if *flagAPI { 429 | w.WriteHeader(http.StatusOK) 430 | return 431 | } 432 | 433 | redirect(w, r, "/") 434 | } 435 | 436 | func destroy(w http.ResponseWriter, r *http.Request) { 437 | id, ok := blogID(w, r) 438 | if !ok { 439 | return 440 | } 441 | 442 | blogs.Delete(id) 443 | 444 | if *flagAPI { 445 | w.WriteHeader(http.StatusOK) 446 | return 447 | } 448 | 449 | redirect(w, r, "/") 450 | } 451 | 452 | func blogID(w http.ResponseWriter, r *http.Request) (int, bool) { 453 | str := chi.RouteContext(r.Context()).URLParam("id") 454 | 455 | id, err := strconv.Atoi(str) 456 | if err != nil { 457 | log.Println("Error parsing blog id:", err) 458 | redirect(w, r, "/") 459 | return 0, false 460 | } 461 | 462 | if id <= 0 { 463 | redirect(w, r, "/") 464 | return 0, false 465 | } 466 | 467 | return id, true 468 | } 469 | 470 | func mustRender(w http.ResponseWriter, r *http.Request, name string, data authboss.HTMLData) { 471 | // We've sort of hijacked the authboss mechanism for providing layout data 472 | // for our own purposes. There's nothing really wrong with this but it looks magical 473 | // so here's a comment. 474 | var current authboss.HTMLData 475 | dataIntf := r.Context().Value(authboss.CTXKeyData) 476 | if dataIntf == nil { 477 | current = authboss.HTMLData{} 478 | } else { 479 | current = dataIntf.(authboss.HTMLData) 480 | } 481 | 482 | current.MergeKV("csrf_token", nosurf.Token(r)) 483 | current.Merge(data) 484 | 485 | if *flagAPI { 486 | w.Header().Set("Content-Type", "application/json") 487 | 488 | byt, err := json.Marshal(current) 489 | if err != nil { 490 | w.WriteHeader(http.StatusInternalServerError) 491 | fmt.Println("failed to marshal json:", err) 492 | _, _ = fmt.Fprintln(w, `{"error":"internal server error"}`) 493 | } 494 | 495 | _, _ = w.Write(byt) 496 | return 497 | } 498 | 499 | err := templates.Render(w, name, current) 500 | if err == nil { 501 | return 502 | } 503 | 504 | w.Header().Set("Content-Type", "text/plain") 505 | w.WriteHeader(http.StatusInternalServerError) 506 | _, _ = fmt.Fprintln(w, "Error occurred rendering template:", err) 507 | } 508 | 509 | func redirect(w http.ResponseWriter, r *http.Request, path string) { 510 | if *flagAPI { 511 | w.Header().Set("Content-Type", "application/json") 512 | w.Header().Set("Location", path) 513 | w.WriteHeader(http.StatusFound) 514 | _, _ = fmt.Fprintf(w, `{"path": %q}`, path) 515 | return 516 | } 517 | 518 | http.Redirect(w, r, path, http.StatusFound) 519 | } 520 | 521 | func badRequest(w http.ResponseWriter, err error) bool { 522 | if err == nil { 523 | return false 524 | } 525 | 526 | if *flagAPI { 527 | w.Header().Set("Content-Type", "application/json") 528 | w.WriteHeader(http.StatusBadRequest) 529 | _, _ = fmt.Fprintln(w, `{"error":"bad request"}`, err) 530 | return true 531 | } 532 | 533 | w.Header().Set("Content-Type", "text/plain") 534 | w.WriteHeader(http.StatusBadRequest) 535 | _, _ = fmt.Fprintln(w, "Bad request:", err) 536 | return true 537 | } 538 | 539 | type smsLogSender struct { 540 | } 541 | 542 | // Send an SMS 543 | func (s smsLogSender) Send(_ context.Context, number, text string) error { 544 | fmt.Println("sms sent to:", number, "contents:", text) 545 | return nil 546 | } 547 | -------------------------------------------------------------------------------- /blogs.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import "time" 4 | 5 | // Blog data 6 | type Blog struct { 7 | ID int `json:"id,omitempty"` 8 | Title string `json:"title,omitempty"` 9 | AuthorID string `json:"author_id,omitempty"` 10 | Date time.Time `json:"date,omitempty"` 11 | Content string `json:"content,omitempty"` 12 | } 13 | 14 | // Blogs storage 15 | type Blogs []Blog 16 | 17 | var blogs = Blogs{ 18 | {1, "My first portal", "Rick", time.Now().AddDate(0, 0, -3).Add(-time.Hour * 2), 19 | `I successfully opened a portal to another dimension, I think it's pretty clear that I'm the smartest person on earth ` + 20 | `and this'll let me go see if there's anything out in the verse that can compete with my tremendous intellect, after ` + 21 | `dragging Morty along on a few adventures I think the answer is still a resounding: no.`, 22 | }, 23 | {2, "My Life", "Morty", time.Now().AddDate(0, 0, -1), 24 | `My Grandpa is a really cool guy, but who I really think is great is Jessica. I keep staring at her in class hoping ` + 25 | `that one day she'll realize just how great a guy she's missing out on. She doesn't need any of these bad ` + 26 | `guys she keeps dating, that's only going to hurt her. I'm a whole lot of Morty, and I'm waiting for you Jessica.`, 27 | }, 28 | } 29 | 30 | // Get blogs 31 | func (blgs *Blogs) Get(id int) *Blog { 32 | for i := range blogs { 33 | b := &blogs[i] 34 | if b.ID == id { 35 | return b 36 | } 37 | } 38 | return nil 39 | } 40 | 41 | // Delete a blog 42 | func (blgs *Blogs) Delete(id int) { 43 | if len(blogs) == 1 { 44 | blogs = []Blog{} 45 | return 46 | } 47 | 48 | found := -1 49 | for i := range blogs { 50 | b := &blogs[i] 51 | if b.ID == id { 52 | found = i 53 | } 54 | } 55 | 56 | for i := found; i < len(blogs)-1; i++ { 57 | blogs[i], blogs[i+1] = blogs[i+1], blogs[i] 58 | } 59 | blogs = blogs[:len(blogs)-1] 60 | } 61 | -------------------------------------------------------------------------------- /debug.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import "fmt" 4 | 5 | func debugln(args ...interface{}) { 6 | if !*flagDebug { 7 | return 8 | } 9 | 10 | fmt.Println(args...) 11 | } 12 | 13 | func debugf(format string, args ...interface{}) { 14 | if !*flagDebug { 15 | return 16 | } 17 | 18 | fmt.Printf(format, args...) 19 | } 20 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/volatiletech/authboss-sample 2 | 3 | go 1.14 4 | 5 | require ( 6 | github.com/BurntSushi/toml v0.3.1 7 | github.com/aarondl/tpl v0.0.0-20180717141031-b5afe9b3122c 8 | github.com/davecgh/go-spew v1.1.1 9 | github.com/go-chi/chi v4.1.2+incompatible 10 | github.com/golang/protobuf v1.4.2 // indirect 11 | github.com/gorilla/schema v1.1.0 12 | github.com/gorilla/sessions v1.2.0 13 | github.com/justinas/nosurf v1.1.1 14 | github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect 15 | github.com/pkg/errors v0.9.1 16 | github.com/volatiletech/authboss-clientstate v0.0.0-20200703184255-59bd50e97df6 17 | github.com/volatiletech/authboss-renderer v0.0.0-20200703184356-6cbaa5b2354e 18 | github.com/volatiletech/authboss/v3 v3.0.0-20200703183239-fddf30677c32 19 | golang.org/x/net v0.7.0 // indirect 20 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d 21 | google.golang.org/appengine v1.6.6 // indirect 22 | google.golang.org/protobuf v1.25.0 // indirect 23 | ) 24 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 2 | cloud.google.com/go v0.34.0 h1:eOI3/cP2VTU6uZLDYAoic+eyzzB9YyGmJ7eIjl8rOPg= 3 | cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 4 | github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= 5 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 6 | github.com/aarondl/tpl v0.0.0-20180717141031-b5afe9b3122c h1:9B+GJ/i8BKvPXn0Hse7JjFwiPwsv5jtnA6KyLf7A8qU= 7 | github.com/aarondl/tpl v0.0.0-20180717141031-b5afe9b3122c/go.mod h1:vf0U/Yk3C84E/RUUu1KQ7jUIVpnW5l1d83CzcIniZdU= 8 | github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= 9 | github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= 10 | github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= 11 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= 12 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 13 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 14 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 15 | github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= 16 | github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= 17 | github.com/friendsofgo/errors v0.9.2 h1:X6NYxef4efCBdwI7BgS820zFaN7Cphrmb+Pljdzjtgk= 18 | github.com/friendsofgo/errors v0.9.2/go.mod h1:yCvFW5AkDIL9qn7suHVLiI/gH228n7PC4Pn44IGoTOI= 19 | github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= 20 | github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= 21 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= 22 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 23 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 24 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 25 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 26 | github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= 27 | github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= 28 | github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= 29 | github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= 30 | github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= 31 | github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= 32 | github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= 33 | github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= 34 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= 35 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 36 | github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 37 | github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 38 | github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w= 39 | github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 40 | github.com/gorilla/schema v1.1.0 h1:CamqUDOFUBqzrvxuz2vEwo8+SUdwsluFh7IlzJh30LY= 41 | github.com/gorilla/schema v1.1.0/go.mod h1:kgLaKoK1FELgZqMAVxx/5cbj0kT+57qxUrAlIO2eleU= 42 | github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= 43 | github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= 44 | github.com/gorilla/sessions v1.2.0 h1:S7P+1Hm5V/AT9cjEcUD5uDaQSX0OE577aCXgoaKpYbQ= 45 | github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= 46 | github.com/justinas/nosurf v1.1.1 h1:92Aw44hjSK4MxJeMSyDa7jwuI9GR2J/JCQiaKvXXSlk= 47 | github.com/justinas/nosurf v1.1.1/go.mod h1:ALpWdSbuNGy2lZWtyXdjkYv4edL23oSEgfBT1gPJ5BQ= 48 | github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw= 49 | github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0= 50 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 51 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 52 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 53 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 54 | github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok= 55 | github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= 56 | github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 57 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 58 | github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= 59 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 60 | github.com/volatiletech/authboss-clientstate v0.0.0-20200703184255-59bd50e97df6 h1:s6u2nGybeJleMqG/FU1EPkrAXId3jQkXet9dlqw5rKs= 61 | github.com/volatiletech/authboss-clientstate v0.0.0-20200703184255-59bd50e97df6/go.mod h1:gOgbw1ML6vDAq153GjOZGJJkzSp75nyLlNrlqyg1Sxk= 62 | github.com/volatiletech/authboss-renderer v0.0.0-20200703184356-6cbaa5b2354e h1:zqbEQorEbTdbDHTKCTFviLYeoyigxNUDxvEswb5umdQ= 63 | github.com/volatiletech/authboss-renderer v0.0.0-20200703184356-6cbaa5b2354e/go.mod h1:xRhfW1ZHZiRH0AO7KozE1CVNq2Lt8ImSbMZA7EdcqFM= 64 | github.com/volatiletech/authboss/v3 v3.0.0-20200703183239-fddf30677c32 h1:0rwVnFzjXfwFuSij+TZpCSK42zkNFVoebtcTRn6jd64= 65 | github.com/volatiletech/authboss/v3 v3.0.0-20200703183239-fddf30677c32/go.mod h1:xxNCf8P21WCCRkU/9Ih80KN98c8ffgmzOBhJ4CqU3B4= 66 | github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= 67 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 68 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 69 | golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= 70 | golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= 71 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 72 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 73 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= 74 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 75 | golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= 76 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 77 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 78 | golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 79 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 80 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 81 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 82 | golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= 83 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 84 | golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 85 | golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= 86 | golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= 87 | golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= 88 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= 89 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= 90 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 91 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 92 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 93 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 94 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 95 | golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 96 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 97 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 98 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 99 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 100 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 101 | golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 102 | golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 103 | golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 104 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 105 | golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 106 | golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= 107 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 108 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 109 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 110 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= 111 | golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= 112 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 113 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 114 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= 115 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 116 | golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 117 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 118 | golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= 119 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 120 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= 121 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 122 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= 123 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 124 | google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= 125 | google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 126 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= 127 | google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= 128 | google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= 129 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= 130 | google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= 131 | google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 132 | google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= 133 | google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= 134 | google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= 135 | google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= 136 | google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= 137 | google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 138 | google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 139 | google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 140 | google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= 141 | google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= 142 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 143 | honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 144 | -------------------------------------------------------------------------------- /middleware.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "log" 6 | "net/http" 7 | 8 | "github.com/davecgh/go-spew/spew" 9 | "github.com/justinas/nosurf" 10 | "github.com/volatiletech/authboss/v3" 11 | ) 12 | 13 | func nosurfing(h http.Handler) http.Handler { 14 | surfing := nosurf.New(h) 15 | surfing.SetFailureHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 16 | log.Println("Failed to validate CSRF token:", nosurf.Reason(r)) 17 | w.WriteHeader(http.StatusBadRequest) 18 | })) 19 | return surfing 20 | } 21 | 22 | func logger(h http.Handler) http.Handler { 23 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 24 | fmt.Printf("\n%s %s %s\n", r.Method, r.URL.Path, r.Proto) 25 | 26 | if *flagDebug { 27 | session, err := sessionStore.Get(r, sessionCookieName) 28 | if err == nil { 29 | fmt.Print("Session: ") 30 | first := true 31 | for k, v := range session.Values { 32 | if first { 33 | first = false 34 | } else { 35 | fmt.Print(", ") 36 | } 37 | fmt.Printf("%s = %v", k, v) 38 | } 39 | fmt.Println() 40 | } 41 | } 42 | 43 | if *flagDebugDB { 44 | fmt.Println("Database:") 45 | for _, u := range database.Users { 46 | fmt.Printf("! %#v\n", u) 47 | } 48 | } 49 | 50 | if *flagDebugCTX { 51 | if val := r.Context().Value(authboss.CTXKeyData); val != nil { 52 | fmt.Printf("CTX Data: %s", spew.Sdump(val)) 53 | } 54 | if val := r.Context().Value(authboss.CTXKeyValues); val != nil { 55 | fmt.Printf("CTX Values: %s", spew.Sdump(val)) 56 | } 57 | } 58 | 59 | h.ServeHTTP(w, r) 60 | }) 61 | } 62 | -------------------------------------------------------------------------------- /storer.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "context" 5 | "time" 6 | 7 | "github.com/davecgh/go-spew/spew" 8 | "github.com/pkg/errors" 9 | "github.com/volatiletech/authboss/v3" 10 | aboauth "github.com/volatiletech/authboss/v3/oauth2" 11 | "github.com/volatiletech/authboss/v3/otp/twofactor/sms2fa" 12 | "github.com/volatiletech/authboss/v3/otp/twofactor/totp2fa" 13 | ) 14 | 15 | // User struct for authboss 16 | type User struct { 17 | ID int 18 | 19 | // Non-authboss related field 20 | Name string 21 | 22 | // Auth 23 | Email string 24 | Password string 25 | 26 | // Confirm 27 | ConfirmSelector string 28 | ConfirmVerifier string 29 | Confirmed bool 30 | 31 | // Lock 32 | AttemptCount int 33 | LastAttempt time.Time 34 | Locked time.Time 35 | 36 | // Recover 37 | RecoverSelector string 38 | RecoverVerifier string 39 | RecoverTokenExpiry time.Time 40 | 41 | // OAuth2 42 | OAuth2UID string 43 | OAuth2Provider string 44 | OAuth2AccessToken string 45 | OAuth2RefreshToken string 46 | OAuth2Expiry time.Time 47 | 48 | // 2fa 49 | TOTPSecretKey string 50 | SMSPhoneNumber string 51 | SMSSeedPhoneNumber string 52 | RecoveryCodes string 53 | 54 | // Remember is in another table 55 | } 56 | 57 | // This pattern is useful in real code to ensure that 58 | // we've got the right interfaces implemented. 59 | var ( 60 | assertUser = &User{} 61 | assertStorer = &MemStorer{} 62 | 63 | _ authboss.User = assertUser 64 | _ authboss.AuthableUser = assertUser 65 | _ authboss.ConfirmableUser = assertUser 66 | _ authboss.LockableUser = assertUser 67 | _ authboss.RecoverableUser = assertUser 68 | _ authboss.ArbitraryUser = assertUser 69 | 70 | _ totp2fa.User = assertUser 71 | _ sms2fa.User = assertUser 72 | 73 | _ authboss.CreatingServerStorer = assertStorer 74 | _ authboss.ConfirmingServerStorer = assertStorer 75 | _ authboss.RecoveringServerStorer = assertStorer 76 | _ authboss.RememberingServerStorer = assertStorer 77 | ) 78 | 79 | // PutPID into user 80 | func (u *User) PutPID(pid string) { u.Email = pid } 81 | 82 | // PutPassword into user 83 | func (u *User) PutPassword(password string) { u.Password = password } 84 | 85 | // PutEmail into user 86 | func (u *User) PutEmail(email string) { u.Email = email } 87 | 88 | // PutConfirmed into user 89 | func (u *User) PutConfirmed(confirmed bool) { u.Confirmed = confirmed } 90 | 91 | // PutConfirmSelector into user 92 | func (u *User) PutConfirmSelector(confirmSelector string) { u.ConfirmSelector = confirmSelector } 93 | 94 | // PutConfirmVerifier into user 95 | func (u *User) PutConfirmVerifier(confirmVerifier string) { u.ConfirmVerifier = confirmVerifier } 96 | 97 | // PutLocked into user 98 | func (u *User) PutLocked(locked time.Time) { u.Locked = locked } 99 | 100 | // PutAttemptCount into user 101 | func (u *User) PutAttemptCount(attempts int) { u.AttemptCount = attempts } 102 | 103 | // PutLastAttempt into user 104 | func (u *User) PutLastAttempt(last time.Time) { u.LastAttempt = last } 105 | 106 | // PutRecoverSelector into user 107 | func (u *User) PutRecoverSelector(token string) { u.RecoverSelector = token } 108 | 109 | // PutRecoverVerifier into user 110 | func (u *User) PutRecoverVerifier(token string) { u.RecoverVerifier = token } 111 | 112 | // PutRecoverExpiry into user 113 | func (u *User) PutRecoverExpiry(expiry time.Time) { u.RecoverTokenExpiry = expiry } 114 | 115 | // PutTOTPSecretKey into user 116 | func (u *User) PutTOTPSecretKey(key string) { u.TOTPSecretKey = key } 117 | 118 | // PutSMSPhoneNumber into user 119 | func (u *User) PutSMSPhoneNumber(key string) { u.SMSPhoneNumber = key } 120 | 121 | // PutRecoveryCodes into user 122 | func (u *User) PutRecoveryCodes(key string) { u.RecoveryCodes = key } 123 | 124 | // PutOAuth2UID into user 125 | func (u *User) PutOAuth2UID(uid string) { u.OAuth2UID = uid } 126 | 127 | // PutOAuth2Provider into user 128 | func (u *User) PutOAuth2Provider(provider string) { u.OAuth2Provider = provider } 129 | 130 | // PutOAuth2AccessToken into user 131 | func (u *User) PutOAuth2AccessToken(token string) { u.OAuth2AccessToken = token } 132 | 133 | // PutOAuth2RefreshToken into user 134 | func (u *User) PutOAuth2RefreshToken(refreshToken string) { u.OAuth2RefreshToken = refreshToken } 135 | 136 | // PutOAuth2Expiry into user 137 | func (u *User) PutOAuth2Expiry(expiry time.Time) { u.OAuth2Expiry = expiry } 138 | 139 | // PutArbitrary into user 140 | func (u *User) PutArbitrary(values map[string]string) { 141 | if n, ok := values["name"]; ok { 142 | u.Name = n 143 | } 144 | } 145 | 146 | // GetPID from user 147 | func (u User) GetPID() string { return u.Email } 148 | 149 | // GetPassword from user 150 | func (u User) GetPassword() string { return u.Password } 151 | 152 | // GetEmail from user 153 | func (u User) GetEmail() string { return u.Email } 154 | 155 | // GetConfirmed from user 156 | func (u User) GetConfirmed() bool { return u.Confirmed } 157 | 158 | // GetConfirmSelector from user 159 | func (u User) GetConfirmSelector() string { return u.ConfirmSelector } 160 | 161 | // GetConfirmVerifier from user 162 | func (u User) GetConfirmVerifier() string { return u.ConfirmVerifier } 163 | 164 | // GetLocked from user 165 | func (u User) GetLocked() time.Time { return u.Locked } 166 | 167 | // GetAttemptCount from user 168 | func (u User) GetAttemptCount() int { return u.AttemptCount } 169 | 170 | // GetLastAttempt from user 171 | func (u User) GetLastAttempt() time.Time { return u.LastAttempt } 172 | 173 | // GetRecoverSelector from user 174 | func (u User) GetRecoverSelector() string { return u.RecoverSelector } 175 | 176 | // GetRecoverVerifier from user 177 | func (u User) GetRecoverVerifier() string { return u.RecoverVerifier } 178 | 179 | // GetRecoverExpiry from user 180 | func (u User) GetRecoverExpiry() time.Time { return u.RecoverTokenExpiry } 181 | 182 | // GetTOTPSecretKey from user 183 | func (u User) GetTOTPSecretKey() string { return u.TOTPSecretKey } 184 | 185 | // GetSMSPhoneNumber from user 186 | func (u User) GetSMSPhoneNumber() string { return u.SMSPhoneNumber } 187 | 188 | // GetSMSPhoneNumberSeed from user 189 | func (u User) GetSMSPhoneNumberSeed() string { return u.SMSSeedPhoneNumber } 190 | 191 | // GetRecoveryCodes from user 192 | func (u User) GetRecoveryCodes() string { return u.RecoveryCodes } 193 | 194 | // IsOAuth2User returns true if the user was created with oauth2 195 | func (u User) IsOAuth2User() bool { return len(u.OAuth2UID) != 0 } 196 | 197 | // GetOAuth2UID from user 198 | func (u User) GetOAuth2UID() (uid string) { return u.OAuth2UID } 199 | 200 | // GetOAuth2Provider from user 201 | func (u User) GetOAuth2Provider() (provider string) { return u.OAuth2Provider } 202 | 203 | // GetOAuth2AccessToken from user 204 | func (u User) GetOAuth2AccessToken() (token string) { return u.OAuth2AccessToken } 205 | 206 | // GetOAuth2RefreshToken from user 207 | func (u User) GetOAuth2RefreshToken() (refreshToken string) { return u.OAuth2RefreshToken } 208 | 209 | // GetOAuth2Expiry from user 210 | func (u User) GetOAuth2Expiry() (expiry time.Time) { return u.OAuth2Expiry } 211 | 212 | // GetArbitrary from user 213 | func (u User) GetArbitrary() map[string]string { 214 | return map[string]string{ 215 | "name": u.Name, 216 | } 217 | } 218 | 219 | // MemStorer stores users in memory 220 | type MemStorer struct { 221 | Users map[string]User 222 | Tokens map[string][]string 223 | } 224 | 225 | // NewMemStorer constructor 226 | func NewMemStorer() *MemStorer { 227 | return &MemStorer{ 228 | Users: map[string]User{ 229 | "rick@councilofricks.com": { 230 | ID: 1, 231 | Name: "Rick", 232 | Password: "$2a$10$XtW/BrS5HeYIuOCXYe8DFuInetDMdaarMUJEOg/VA/JAIDgw3l4aG", // pass = 1234 233 | Email: "rick@councilofricks.com", 234 | Confirmed: true, 235 | SMSSeedPhoneNumber: "(777)-123-4567", 236 | }, 237 | }, 238 | Tokens: make(map[string][]string), 239 | } 240 | } 241 | 242 | // Save the user 243 | func (m MemStorer) Save(_ context.Context, user authboss.User) error { 244 | u := user.(*User) 245 | m.Users[u.Email] = *u 246 | 247 | debugln("Saved user:", u.Name) 248 | return nil 249 | } 250 | 251 | // Load the user 252 | func (m MemStorer) Load(_ context.Context, key string) (user authboss.User, err error) { 253 | // Check to see if our key is actually an oauth2 pid 254 | provider, uid, err := authboss.ParseOAuth2PID(key) 255 | if err == nil { 256 | for _, u := range m.Users { 257 | if u.OAuth2Provider == provider && u.OAuth2UID == uid { 258 | debugln("Loaded OAuth2 user:", u.Email) 259 | return &u, nil 260 | } 261 | } 262 | 263 | return nil, authboss.ErrUserNotFound 264 | } 265 | 266 | u, ok := m.Users[key] 267 | if !ok { 268 | return nil, authboss.ErrUserNotFound 269 | } 270 | 271 | debugln("Loaded user:", u.Name) 272 | return &u, nil 273 | } 274 | 275 | // New user creation 276 | func (m MemStorer) New(_ context.Context) authboss.User { 277 | return &User{} 278 | } 279 | 280 | // Create the user 281 | func (m MemStorer) Create(_ context.Context, user authboss.User) error { 282 | u := user.(*User) 283 | 284 | if _, ok := m.Users[u.Email]; ok { 285 | return authboss.ErrUserFound 286 | } 287 | 288 | debugln("Created new user:", u.Name) 289 | m.Users[u.Email] = *u 290 | return nil 291 | } 292 | 293 | // LoadByConfirmSelector looks a user up by confirmation token 294 | func (m MemStorer) LoadByConfirmSelector(_ context.Context, selector string) (user authboss.ConfirmableUser, err error) { 295 | for _, v := range m.Users { 296 | if v.ConfirmSelector == selector { 297 | debugln("Loaded user by confirm selector:", selector, v.Name) 298 | return &v, nil 299 | } 300 | } 301 | 302 | return nil, authboss.ErrUserNotFound 303 | } 304 | 305 | // LoadByRecoverSelector looks a user up by confirmation selector 306 | func (m MemStorer) LoadByRecoverSelector(_ context.Context, selector string) (user authboss.RecoverableUser, err error) { 307 | for _, v := range m.Users { 308 | if v.RecoverSelector == selector { 309 | debugln("Loaded user by recover selector:", selector, v.Name) 310 | return &v, nil 311 | } 312 | } 313 | 314 | return nil, authboss.ErrUserNotFound 315 | } 316 | 317 | // AddRememberToken to a user 318 | func (m MemStorer) AddRememberToken(_ context.Context, pid, token string) error { 319 | m.Tokens[pid] = append(m.Tokens[pid], token) 320 | debugf("Adding rm token to %s: %s\n", pid, token) 321 | spew.Dump(m.Tokens) 322 | return nil 323 | } 324 | 325 | // DelRememberTokens removes all tokens for the given pid 326 | func (m MemStorer) DelRememberTokens(_ context.Context, pid string) error { 327 | delete(m.Tokens, pid) 328 | debugln("Deleting rm tokens from:", pid) 329 | spew.Dump(m.Tokens) 330 | return nil 331 | } 332 | 333 | // UseRememberToken finds the pid-token pair and deletes it. 334 | // If the token could not be found return ErrTokenNotFound 335 | func (m MemStorer) UseRememberToken(_ context.Context, pid, token string) error { 336 | tokens, ok := m.Tokens[pid] 337 | if !ok { 338 | debugln("Failed to find rm tokens for:", pid) 339 | return authboss.ErrTokenNotFound 340 | } 341 | 342 | for i, tok := range tokens { 343 | if tok == token { 344 | tokens[len(tokens)-1] = tokens[i] 345 | m.Tokens[pid] = tokens[:len(tokens)-1] 346 | debugf("Used remember for %s: %s\n", pid, token) 347 | return nil 348 | } 349 | } 350 | 351 | return authboss.ErrTokenNotFound 352 | } 353 | 354 | // NewFromOAuth2 creates an oauth2 user (but not in the database, just a blank one to be saved later) 355 | func (m MemStorer) NewFromOAuth2(_ context.Context, provider string, details map[string]string) (authboss.OAuth2User, error) { 356 | switch provider { 357 | case "google": 358 | email := details[aboauth.OAuth2Email] 359 | 360 | var user *User 361 | if u, ok := m.Users[email]; ok { 362 | user = &u 363 | } else { 364 | user = &User{} 365 | } 366 | 367 | // Google OAuth2 doesn't allow us to fetch real name without more complicated API calls 368 | // in order to do this properly in your own app, look at replacing the authboss oauth2.GoogleUserDetails 369 | // method with something more thorough. 370 | user.Name = "Unknown" 371 | user.Email = details[aboauth.OAuth2Email] 372 | user.OAuth2UID = details[aboauth.OAuth2UID] 373 | user.Confirmed = true 374 | 375 | return user, nil 376 | } 377 | 378 | return nil, errors.Errorf("unknown provider %s", provider) 379 | } 380 | 381 | // SaveOAuth2 user 382 | func (m MemStorer) SaveOAuth2(_ context.Context, user authboss.OAuth2User) error { 383 | u := user.(*User) 384 | m.Users[u.Email] = *u 385 | 386 | return nil 387 | } 388 | 389 | /* 390 | func (s MemStorer) PutOAuth(uid, provider string, attr authboss.Attributes) error { 391 | return s.Create(uid+provider, attr) 392 | } 393 | 394 | func (s MemStorer) GetOAuth(uid, provider string) (result interface{}, err error) { 395 | user, ok := s.Users[uid+provider] 396 | if !ok { 397 | return nil, authboss.ErrUserNotFound 398 | } 399 | 400 | return &user, nil 401 | } 402 | 403 | func (s MemStorer) AddToken(key, token string) error { 404 | s.Tokens[key] = append(s.Tokens[key], token) 405 | fmt.Println("AddToken") 406 | spew.Dump(s.Tokens) 407 | return nil 408 | } 409 | 410 | func (s MemStorer) DelTokens(key string) error { 411 | delete(s.Tokens, key) 412 | fmt.Println("DelTokens") 413 | spew.Dump(s.Tokens) 414 | return nil 415 | } 416 | 417 | func (s MemStorer) UseToken(givenKey, token string) error { 418 | toks, ok := s.Tokens[givenKey] 419 | if !ok { 420 | return authboss.ErrTokenNotFound 421 | } 422 | 423 | for i, tok := range toks { 424 | if tok == token { 425 | toks[i], toks[len(toks)-1] = toks[len(toks)-1], toks[i] 426 | s.Tokens[givenKey] = toks[:len(toks)-1] 427 | return nil 428 | } 429 | } 430 | 431 | return authboss.ErrTokenNotFound 432 | } 433 | 434 | func (s MemStorer) ConfirmUser(tok string) (result interface{}, err error) { 435 | fmt.Println("==============", tok) 436 | 437 | for _, u := range s.Users { 438 | if u.ConfirmToken == tok { 439 | return &u, nil 440 | } 441 | } 442 | 443 | return nil, authboss.ErrUserNotFound 444 | } 445 | 446 | func (s MemStorer) RecoverUser(rec string) (result interface{}, err error) { 447 | for _, u := range s.Users { 448 | if u.RecoverToken == rec { 449 | return &u, nil 450 | } 451 | } 452 | 453 | return nil, authboss.ErrUserNotFound 454 | } 455 | */ 456 | -------------------------------------------------------------------------------- /views/edit.html.tpl: -------------------------------------------------------------------------------- 1 | {{define "pagetitle"}}Blogs - Edit{{end}} 2 | 3 |
4 |
5 |

Edit Post

6 |
7 |
8 | 9 | 10 | {{template "_form" .}} -------------------------------------------------------------------------------- /views/index.html.tpl: -------------------------------------------------------------------------------- 1 | {{define "pagetitle"}}Blogs - Index{{end}} 2 | 3 | {{$loggedin := .loggedin}} 4 | {{if $loggedin}} 5 |
6 |
7 | New Post 8 |
9 |
10 | {{end}} 11 | 12 |
13 |
14 | {{range .posts}} 15 |
16 |
17 |
18 |
{{.Title}}
19 |
20 | {{if $loggedin}} 21 | Edit 22 | Delete 23 | {{end}} 24 |
25 |
26 |
27 |
{{.Content}}
28 |
29 |
30 |
By {{.AuthorID}}
31 |
Posted on {{formatDate .Date}}
32 |
33 |
34 |
35 | {{end}} 36 |
37 |
-------------------------------------------------------------------------------- /views/layout.html.tpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | {{template "pagetitle" .}} 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 45 | 46 | {{with .flash_success}}
{{.}}
{{end}} 47 | {{with .flash_error}}
{{.}}
{{end}} 48 | {{template "yield" .}} 49 | 50 | 51 | {{define "pagetitle"}}{{end}} 52 | {{define "yield"}}{{end}} 53 | -------------------------------------------------------------------------------- /views/new.html.tpl: -------------------------------------------------------------------------------- 1 | {{define "pagetitle"}}Blogs - New{{end}} 2 | 3 |
4 |
5 |

New Post

6 |
7 |
8 | 9 | {{template "_form" .}} -------------------------------------------------------------------------------- /views/partials/_form.html.tpl: -------------------------------------------------------------------------------- 1 |
2 |
3 |
4 |
5 | 6 | 7 |
8 |
9 |
10 | 11 |
12 | 13 |
14 | {{with .post.ID}} 15 | 16 | {{else}} 17 | 18 | {{end}} 19 | Cancel 20 | 21 |
22 |
23 |
24 | --------------------------------------------------------------------------------