From efe9d55f6c7a7cdb617950d45ebdac70b217e9ba Mon Sep 17 00:00:00 2001 From: txya900619 Date: Sun, 26 Jan 2020 18:03:27 +0800 Subject: [PATCH 1/5] create auth middleware for login api apply method to transfer db to router and middleware add database query function(init) --- database/user.go | 20 ++++++++++++++++++++ gqlgen.yml | 2 ++ middleware/auth.go | 21 +++++++++++++++++++++ model/model_gqlgen.go | 7 ------- router/router.go | 12 ++++++++---- server.go | 2 +- 6 files changed, 52 insertions(+), 12 deletions(-) create mode 100644 database/user.go create mode 100644 middleware/auth.go diff --git a/database/user.go b/database/user.go new file mode 100644 index 0000000..609491c --- /dev/null +++ b/database/user.go @@ -0,0 +1,20 @@ +package database + +import ( + "fmt" + "github.com/NPC-GO/MaJaJalist-backend/model" + "github.com/go-pg/pg/v9" +) + +type User struct { + DB *pg.DB +} + +func (u *User) GetUserByField(field, value string) (*model.User, error) { + var user model.User + err := u.DB.Model(&user).Where(fmt.Sprintf("%v = ?", field), value).First() + return &user, err +} +func (u *User) GetUserByToken(token string) (*model.User, error) { + return u.GetUserByField("token", token) +} diff --git a/gqlgen.yml b/gqlgen.yml index a86a0ea..b87f9c4 100644 --- a/gqlgen.yml +++ b/gqlgen.yml @@ -45,5 +45,7 @@ models: model: github.com/NPC-GO/MaJaJalist-backend/model.TodoConfig ChangeTodoConfigValueInput: model: github.com/NPC-GO/MaJaJalist-backend/model.ChangeTodoConfigValueInput + TodoAuthorLayout: + model: github.com/NPC-GO/MaJaJalist-backend/model.TodoAuthorLayout diff --git a/middleware/auth.go b/middleware/auth.go new file mode 100644 index 0000000..49a4f98 --- /dev/null +++ b/middleware/auth.go @@ -0,0 +1,21 @@ +package middleware + +import ( + "github.com/NPC-GO/MaJaJalist-backend/database" + "net/http" +) + +func BeforeLoginAuth(user database.User) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + session, err := r.Cookie("session") + if err == nil { + if _, err := user.GetUserByToken(session.Value); err == nil { + http.Redirect(w, r, "https://"+r.URL.Host, 302) + } + http.SetCookie(w, &http.Cookie{Name: "session", MaxAge: -1}) + } + next.ServeHTTP(w, r) + }) + } +} diff --git a/model/model_gqlgen.go b/model/model_gqlgen.go index 13253b9..612beef 100644 --- a/model/model_gqlgen.go +++ b/model/model_gqlgen.go @@ -24,13 +24,6 @@ type LoginInput struct { RecaptchaToken string `json:"recaptchaToken"` } -type TodoAuthorLayout struct { - ID string `json:"id"` - NickName string `json:"nickName"` - Avatar string `json:"avatar"` - Special bool `json:"special"` -} - type Level string const ( diff --git a/router/router.go b/router/router.go index 8850e03..dedcfe6 100644 --- a/router/router.go +++ b/router/router.go @@ -1,18 +1,22 @@ package router import ( + "github.com/NPC-GO/MaJaJalist-backend/database" + "github.com/NPC-GO/MaJaJalist-backend/middleware" "github.com/NPC-GO/MaJaJalist-backend/router/handler" "github.com/go-chi/chi" - "github.com/go-chi/chi/middleware" + chimiddleware "github.com/go-chi/chi/middleware" + "github.com/go-pg/pg/v9" "net/http" ) -func InitRouter() chi.Router { +func InitRouter(db *pg.DB) chi.Router { router := chi.NewRouter() router.Use( - middleware.Logger, - middleware.Recoverer, + chimiddleware.Logger, + chimiddleware.Recoverer, ) + router.With(middleware.BeforeLoginAuth(database.User{DB: db})).Post("/login") router.Get("/*", http.StripPrefix("/", http.FileServer(http.Dir("dist"))).ServeHTTP) router.Get("/", handler.HtmlHandler) return router diff --git a/server.go b/server.go index f3ef10f..a95d3a8 100644 --- a/server.go +++ b/server.go @@ -16,7 +16,7 @@ func main() { Addr: "database:5432", }) defer DB.Close() - server := router.InitRouter() + server := router.InitRouter(DB) err := http.ListenAndServeTLS(":443", "./certs/server.crt", "./certs/server.key", server) if err != nil { fmt.Println(err) From cb52b716c12778e341e9cafb4561c397137fb20d Mon Sep 17 00:00:00 2001 From: txya900619 Date: Sun, 26 Jan 2020 19:02:42 +0800 Subject: [PATCH 2/5] change github actions file try to fix build fail problem --- .github/workflows/BuildTest.yml | 5 ++--- middleware/auth.go | 8 ++++++-- router/handler/handler.go | 6 ++++++ router/router.go | 8 ++++---- 4 files changed, 18 insertions(+), 9 deletions(-) diff --git a/.github/workflows/BuildTest.yml b/.github/workflows/BuildTest.yml index a7efd2a..64d013f 100644 --- a/.github/workflows/BuildTest.yml +++ b/.github/workflows/BuildTest.yml @@ -5,11 +5,10 @@ jobs: name: tryToBuild runs-on: ubuntu-latest steps: - - name: Set up Go 1.13.x + - name: Set up Go 1.13.5 uses: actions/setup-go@v1 with: - go-version: 1.13.x - id: go + go-version: 1.13.5 - name: Check out code into the Go module directory uses: actions/checkout@v1 diff --git a/middleware/auth.go b/middleware/auth.go index 49a4f98..de8d322 100644 --- a/middleware/auth.go +++ b/middleware/auth.go @@ -11,9 +11,13 @@ func BeforeLoginAuth(user database.User) func(http.Handler) http.Handler { session, err := r.Cookie("session") if err == nil { if _, err := user.GetUserByToken(session.Value); err == nil { - http.Redirect(w, r, "https://"+r.URL.Host, 302) + if r.Method == http.MethodGet { + http.Redirect(w, r, "https://"+r.URL.Host, 302) + return + } + http.Error(w, "you has login", 403) + return } - http.SetCookie(w, &http.Cookie{Name: "session", MaxAge: -1}) } next.ServeHTTP(w, r) }) diff --git a/router/handler/handler.go b/router/handler/handler.go index cf116f8..66cd23a 100644 --- a/router/handler/handler.go +++ b/router/handler/handler.go @@ -1,9 +1,15 @@ package handler import ( + "github.com/NPC-GO/MaJaJalist-backend/database" "net/http" ) func HtmlHandler(w http.ResponseWriter, r *http.Request) { http.ServeFile(w, r, "./dist/index.html") } +func Login(user database.User) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + + } +} diff --git a/router/router.go b/router/router.go index dedcfe6..9147ffe 100644 --- a/router/router.go +++ b/router/router.go @@ -5,7 +5,7 @@ import ( "github.com/NPC-GO/MaJaJalist-backend/middleware" "github.com/NPC-GO/MaJaJalist-backend/router/handler" "github.com/go-chi/chi" - chimiddleware "github.com/go-chi/chi/middleware" + chiMiddleware "github.com/go-chi/chi/middleware" "github.com/go-pg/pg/v9" "net/http" ) @@ -13,10 +13,10 @@ import ( func InitRouter(db *pg.DB) chi.Router { router := chi.NewRouter() router.Use( - chimiddleware.Logger, - chimiddleware.Recoverer, + chiMiddleware.Logger, + chiMiddleware.Recoverer, ) - router.With(middleware.BeforeLoginAuth(database.User{DB: db})).Post("/login") + router.With(middleware.BeforeLoginAuth(database.User{DB: db})).Post("/login", handler.Login(database.User{DB: db})) router.Get("/*", http.StripPrefix("/", http.FileServer(http.Dir("dist"))).ServeHTTP) router.Get("/", handler.HtmlHandler) return router From 133078545a91cda11f69edd40943b8f5b123994e Mon Sep 17 00:00:00 2001 From: txya900619 Date: Sun, 26 Jan 2020 21:30:30 +0800 Subject: [PATCH 3/5] add some comment 01.26 --- router/handler/handler.go | 2 +- router/router.go | 1 + server.go | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/router/handler/handler.go b/router/handler/handler.go index 66cd23a..09afca0 100644 --- a/router/handler/handler.go +++ b/router/handler/handler.go @@ -12,4 +12,4 @@ func Login(user database.User) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { } -} +} //post /login 的handler diff --git a/router/router.go b/router/router.go index 9147ffe..8c98ebd 100644 --- a/router/router.go +++ b/router/router.go @@ -17,6 +17,7 @@ func InitRouter(db *pg.DB) chi.Router { chiMiddleware.Recoverer, ) router.With(middleware.BeforeLoginAuth(database.User{DB: db})).Post("/login", handler.Login(database.User{DB: db})) + //用middleware擋住已經登錄的 router.Get("/*", http.StripPrefix("/", http.FileServer(http.Dir("dist"))).ServeHTTP) router.Get("/", handler.HtmlHandler) return router diff --git a/server.go b/server.go index a95d3a8..dba20e5 100644 --- a/server.go +++ b/server.go @@ -14,12 +14,12 @@ func main() { Password: "postgres", Database: "MaJaJalist", Addr: "database:5432", - }) - defer DB.Close() + }) //連接到database + defer DB.Close() //在最後斷開連接 server := router.InitRouter(DB) err := http.ListenAndServeTLS(":443", "./certs/server.crt", "./certs/server.key", server) if err != nil { fmt.Println(err) - http.ListenAndServe(":80", server) + http.ListenAndServe(":80", server) //無法使用https則用http } } From edde72d2e41eb742f7d6c8294ac92cd04f35c9fd Mon Sep 17 00:00:00 2001 From: txya900619 Date: Sun, 26 Jan 2020 23:07:38 +0800 Subject: [PATCH 4/5] from transfer *pg.DB to database.User I'm not sure which is better --- middleware/auth.go | 4 ++-- router/handler/handler.go | 2 +- router/router.go | 5 ++--- server.go | 3 ++- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/middleware/auth.go b/middleware/auth.go index de8d322..b139abc 100644 --- a/middleware/auth.go +++ b/middleware/auth.go @@ -5,12 +5,12 @@ import ( "net/http" ) -func BeforeLoginAuth(user database.User) func(http.Handler) http.Handler { +func BeforeLoginAuth(userDatabaseCtrl database.User) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { session, err := r.Cookie("session") if err == nil { - if _, err := user.GetUserByToken(session.Value); err == nil { + if _, err := userDatabaseCtrl.GetUserByToken(session.Value); err == nil { if r.Method == http.MethodGet { http.Redirect(w, r, "https://"+r.URL.Host, 302) return diff --git a/router/handler/handler.go b/router/handler/handler.go index 09afca0..c74311a 100644 --- a/router/handler/handler.go +++ b/router/handler/handler.go @@ -8,7 +8,7 @@ import ( func HtmlHandler(w http.ResponseWriter, r *http.Request) { http.ServeFile(w, r, "./dist/index.html") } -func Login(user database.User) http.HandlerFunc { +func Login(userDatabaseCtrl database.User) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { } diff --git a/router/router.go b/router/router.go index 8c98ebd..7be6bba 100644 --- a/router/router.go +++ b/router/router.go @@ -6,17 +6,16 @@ import ( "github.com/NPC-GO/MaJaJalist-backend/router/handler" "github.com/go-chi/chi" chiMiddleware "github.com/go-chi/chi/middleware" - "github.com/go-pg/pg/v9" "net/http" ) -func InitRouter(db *pg.DB) chi.Router { +func InitRouter(userDatabaseCtrl database.User) chi.Router { router := chi.NewRouter() router.Use( chiMiddleware.Logger, chiMiddleware.Recoverer, ) - router.With(middleware.BeforeLoginAuth(database.User{DB: db})).Post("/login", handler.Login(database.User{DB: db})) + router.With(middleware.BeforeLoginAuth(userDatabaseCtrl)).Post("/login", handler.Login(userDatabaseCtrl)) //用middleware擋住已經登錄的 router.Get("/*", http.StripPrefix("/", http.FileServer(http.Dir("dist"))).ServeHTTP) router.Get("/", handler.HtmlHandler) diff --git a/server.go b/server.go index dba20e5..88bad6b 100644 --- a/server.go +++ b/server.go @@ -16,7 +16,8 @@ func main() { Addr: "database:5432", }) //連接到database defer DB.Close() //在最後斷開連接 - server := router.InitRouter(DB) + userDatabaseCtrl := database.User{DB: DB} + server := router.InitRouter(userDatabaseCtrl) err := http.ListenAndServeTLS(":443", "./certs/server.crt", "./certs/server.key", server) if err != nil { fmt.Println(err) From 06828a998fb9763bc99be4f40724d6dd87dee89d Mon Sep 17 00:00:00 2001 From: txya900619 Date: Mon, 27 Jan 2020 22:26:35 +0800 Subject: [PATCH 5/5] add some comment ouo --- database/database.go | 2 +- router/router.go | 2 +- server.go | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/database/database.go b/database/database.go index 044bb46..82277c8 100644 --- a/database/database.go +++ b/database/database.go @@ -3,6 +3,6 @@ package database import "github.com/go-pg/pg/v9" func New(options *pg.Options) *pg.DB { - migration() + migration() //第一次連接先migration確保所有table都存在 return pg.Connect(options) } diff --git a/router/router.go b/router/router.go index 7be6bba..e93b5d9 100644 --- a/router/router.go +++ b/router/router.go @@ -17,7 +17,7 @@ func InitRouter(userDatabaseCtrl database.User) chi.Router { ) router.With(middleware.BeforeLoginAuth(userDatabaseCtrl)).Post("/login", handler.Login(userDatabaseCtrl)) //用middleware擋住已經登錄的 - router.Get("/*", http.StripPrefix("/", http.FileServer(http.Dir("dist"))).ServeHTTP) + router.Get("/*", http.StripPrefix("/", http.FileServer(http.Dir("dist"))).ServeHTTP) //用來提供js與css檔案 router.Get("/", handler.HtmlHandler) return router } diff --git a/server.go b/server.go index 88bad6b..412ef5b 100644 --- a/server.go +++ b/server.go @@ -14,10 +14,10 @@ func main() { Password: "postgres", Database: "MaJaJalist", Addr: "database:5432", - }) //連接到database + }) //連接到database的設定 defer DB.Close() //在最後斷開連接 userDatabaseCtrl := database.User{DB: DB} - server := router.InitRouter(userDatabaseCtrl) + server := router.InitRouter(userDatabaseCtrl) //把db傳進router就不用每次要使用db都連接一次 err := http.ListenAndServeTLS(":443", "./certs/server.crt", "./certs/server.key", server) if err != nil { fmt.Println(err)