douxian7534 2015-03-19 08:49
浏览 57
已采纳

使用gorilla-toolkit的golang go-endpoints会话

I'm trying to implement Session handling and combine it with the go-endpoints package !

The package that i use to handle the session is Gorilla Sessions (github.com/gorilla/sessions), i would like some help..

I'm able to store a cookie to the client .. and when i call the endpoints is can see that the cookie is sent to the server.

The problem while i try to get the Session values from the Session storage while the api is called, i cant get threw to the cookie .. it seams that the endpoints package strip the http.Request from extra content or something .. ?

The place that i try to get the cookie is in the Server.go at the

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request){

     var store = sessions.NewCookieStore([]byte("secret123"));

     session, _ := store.Get(r, "session-name");

     // Get the previously flashes, if any.

     c.Infof("foo value is : %v",r.Cookies());

     if flashes := session.Flashes(); len(flashes) > 0 {

     // Just print the flash values.

     c.Infof("this is the testing post message with cookie from the ServeHTTP    : 
      %v",flashes);
      } 

      else {

      // Set a new flash.

      session.AddFlash("Hello, flash messages world!")

      c.Infof("No flashes found.");

      }

      session.Save(r, w)

      }

what i get is a empty array .... :(

someone has a lead ?

THANKS !!!!!

  • 写回答

1条回答 默认 最新

  • douxun2018 2015-03-24 14:18
    关注

    Ok sooo i got the hole idea of the go-endpoints wrong i guess .. Im pretty new to golang (~year)..

    i wanted to write something about what i have found and how did a secure my api's.

    First step will be to follow the go-endpoints package instructions about how to register and discover the api's at : https://github.com/GoogleCloudPlatform/go-endpoints ,This package is the closest package there is to google app engine endpoints using Java or Python ..

    Now, lets say the api are online and discoverable. if we wont use oauth2 to secure the api's they will be discoverable and grant access for all users .. and that something i would like to approve only in my public api's and not in my private .. so i tried gorilla session thinking it will solve my problem ..

    What i did was trying to listen to incoming api calls by wrapping withe middleware all the rout calles passing "/_ah/api/....", can you imagine .. took my forever to understand that this path is reserved to google api and that i can do what i was trying .. eventually .. i got it .. batter later then ever ...

    soo to the point, after exposing the api's giving it names and all you should use the info.ClientIds, info.Scopes.

    code example ---->

    const (
dummyClientID = "google appengine client id" 
dummyScope1   = "https://www.googleapis.com/auth/plus.login"
dummyScope2   = "https://www.googleapis.com/auth/plus.me"
dummyScope3   = "https://www.googleapis.com/auth/userinfo.email"
dummyScope4   = "https://www.googleapis.com/auth/userinfo.profile"
dummyAudience = "people"
)

var (
emptySlice = []string{}
clientIDs  = []string{dummyClientID}  // this is the clientId of the project
scopes     = []string{dummyScope1,dummyScope2,dummyScope3,dummyScope4} // >this are the req oauth2 scopes that the user hase to approve.
audiences  = []string{dummyAudience} // this is only for android !
)


info := manageApi.MethodByName("GetBusinessById").Info()
info.Name, info.HTTPMethod, info.Path, info.Desc = "GetBusinessById",   >"POST","GetBusinessById", "Get the business if bid is sent."
info.ClientIds, info.Scopes = clientIDs, scopes

    now all that is left to do is in the api function creating a endpoint.NewContext and ask the appropriate scope to get user.User .. 

     func (ms *ManageService) GetBusinessById(r *http.Request, req >*JsonInGetBusinessById, resp *JsonOutEditBusiness) error {
 // go get the business by bid.
 DalInst := ManageDataAccessLayer.DALManagerFactory()

 context := endpoints.NewContext(r)

 u,err := >context.CurrentOAuthUser("https://www.googleapis.com/auth/userinfo.email")
 if err != nil {
     return err
 }else {

   var businessObj = DalInst.GetBusinessByBid(context, req.BidStr)


  resp.BidStr = u.Email //just for testing to see if the client is auth and >we can get client Email..

   resp.NameStr = businessObj.NameStr
   resp.AddressStr = businessObj.AddressStr
   resp.DescriptionStr = businessObj.DescriptionStr
   resp.DescriptionTwo = businessObj.DescriptionTwo
   resp.PhoneNumberStr = businessObj.PhoneNumberStr

   return nil

    }

    ok .. hope i made some things clear !

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥170 如图所示配置eNSP
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效
  • ¥15 悬赏!微信开发者工具报错,求帮改
  • ¥20 wireshark抓不到vlan
  • ¥20 关于#stm32#的问题:需要指导自动酸碱滴定仪的原理图程序代码及仿真
  • ¥20 设计一款异域新娘的视频相亲软件需要哪些技术支持
  • ¥15 stata安慰剂检验作图但是真实值不出现在图上
  • ¥15 c程序不知道为什么得不到结果
  • ¥15 键盘指令混乱情况下的启动盘系统重装