duanliushua5026 2016-02-07 10:22
浏览 174
已采纳

基于Golang会话的身份验证

I am trying to authenticate a user (using email and password) in golang but I am having some problems with sessions. It seems like I cant retrieve the session value from /login/ to / (home) page.

User Registration

hashedPassword, _ := bcrypt.GenerateFromPassword([]byte(r.Form["passwordSignup"][0]), bcrypt.DefaultCost)

err = c.Insert(&model.UserModel{
  Email:     r.Form["emailSignup"][0],
  Password:  string(hashedPassword),
  CreatedAt: time.Now(),
})

// TODO : should session management be made in here ???
// you can use gorilla sessions if you want as far it works

http.SetCookie(w, cookie)
http.Redirect(w, r, "/", 301) // goes to the homepage(only accessed by authenticated users)

Login

if r.Form["emailLogin"][0] == result.Email 
&& bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(r.Form["passwordLogin"][0])) == nil {

  // TODO : Handling the session in here

  http.Redirect(w, r, "/", 301) // goes to the home page
} else {
  http.Redirect(w, r, "/login/", 301)
}

I checked this links too : http://shadynasty.biz/blog/2012/09/05/auth-and-sessions/ https://www.youtube.com/watch?v=p0tGnjW_xxI

  • 写回答

2条回答 默认 最新

  • dongyan9838 2016-02-07 17:17
    关注

    Importantly, you should check all of your errors - e.g.:

    - hashedPassword, _ := bcrypt.GenerateFromPassword([]byte(r.Form["passwordSignup"][0]), bcrypt.DefaultCost)
# Check our error, especially for something as important as password hashing
+ hashedPassword, err := bcrypt.GenerateFromPassword([]byte(r.Form["passwordSignup"][0]), bcrypt.DefaultCost)
if err != nil {
    http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
    return
}

    A lot of your relevant cookie code is missing, but here's what it should look like:

    cookie := &http.Cookie{
        Name: "my_app",
        Value: val, // Some encoded value
        Path: "/", // Otherwise it defaults to the /login if you create this on /login (standard cookie behaviour)
        MaxAge: 86400, // One day
}

http.SetCookie(w, cookie)

    Alternatively, if you use gorilla/sessions (which I recommend because it correctly authenticates cookies), you would do the following:

    session, err := store.Get(r, "session-name")
if err != nil {
    http.Error(w, err.Error(), 500)
    return
}

session.Options.Path = "/"
session.Values["user"] = user

err := session.Save(r, w)
if err != nil {
    http.Error(w, err.Error(), 500)
    return
}

http.Redirect(w, r, "/", 301)
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

  • 基于Golang会话身份验证
    2016-02-07 10:22
    回答 2 已采纳 Importantly, you should check all of your errors - e.g.: - hashedPassword, _ := bcrypt.GenerateFr
  • 如何在Golang中保存会话
    2019-01-18 11:21
    回答 1 已采纳 // watch this line if auth, ok := storeAuth.Values["loggedID"].(bool); ok && auth { storeAuth.Va
  • jQuery Ajax不创建golang会话cookie ajax jquery reactjs
    2018-07-23 05:58
    回答 1 已采纳 You're missing ajax headers withCredentials For cross-domain scenario, 3 things need to happen:
  • auth:通过oauth2进行身份验证
    2021-02-03 13:05
    auth-通过oauth2,直接和电子邮件进行身份验证 该库提供与Github,Google,Facebook,Microsoft,Twitter,Yandex,Battle.net和Telegram的“社交登录”,以及自定义身份验证提供程序和电子邮件验证。 可以同时...
  • Golang中的单点登录身份验证
    2016-05-13 07:35
    回答 1 已采纳 While your solution will certainly work. It could make writing the browser/mobile/general frontend
  • Golang WebSocket应用程序中的身份验证 websocket
    2015-02-11 10:41
    回答 1 已采纳 Authenticate as you would for a plain HTTP request before upgrading the connection to the WebSocke
  • 使用golang相互TLS身份验证信任特定客户端 ssl
    2018-01-23 19:41
    回答 1 已采纳 There is no mechanism to do this for you, but starting with go 1.8 you can specify your own callba
  • 服务端身份校验的发展及golang实现
    2023-03-14 08:07
    所有不开心都是闲出来的的博客 通过本文的学习,你将收获: 服务端身份校验的发展历史 session+cookie的会话保持技术原理 JWT校验模式的原理及golang实现 PASETO校验模式的原理及goalng实现 接下来让我们开始学习吧~ 目录 背景 session+cookie的...
  • 使用Golang的HTTP基本身份验证 http
    2016-03-23 20:13
    回答 2 已采纳 In order to force a user to authenticate/make that basic auth prompt in the users browser appear y
  • 获取golang中的会话 http
    2016-09-15 11:25
    回答 1 已采纳 Go's standard library does not provide an HTTP session manager. So you have to write one yourself,
  • Golang Gorilla CEX.IO Websocket身份验证错误 websocket
    2017-07-02 15:47
    回答 1 已采纳 The error message is telling you that the timestamp is more than 20 seconds away from the current
  • 将您装进容器的SSH服务器。-Golang开发
    2021-05-26 18:54
    基于此示例的功能sshbox支持:用于身份验证会话的授权密钥用于身份验证会话的Github通过运行box或docker到沙盒会话来进行沙盒安装如果在Go开发环境中使用$ GOPATH / bin /在$ PATH中进行安装,则下面的命令将起作用:...
  • Golang证书验证 ssl
    2017-12-09 23:01
    回答 1 已采纳 You need to do two things: add the CA certificate on the server side as well, the CA needs to be
  • gorsk:惯用的Golang Restful入门套件
    2021-02-03 14:14
    JWT身份验证会话 通过配置文件(yaml)配置应用程序 RBAC(基于角色的访问控制) 结构化日志 很好的表现;很好的绩效 请求封送和数据验证 使用SwaggerUI的API文档 使用stdlib模拟 完整的测试范围 容器化数据库查询...
  • twisk:具有Twirp的Golang RPC入门套件
    2021-02-05 15:22
    Twisk-Golang RPC入门套件 Twisk是的入门工具包-一种强调简单性和简约性的服务到服务通信框架。 它包含启动项目所需的一切-结构化...基于JWT的身份验证 通过配置文件(yaml)配置应用程序 RBAC(基于角色的访问控制)
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥30 关于用python写支付宝扫码付异步通知收不到的问题
  • ¥50 vue组件中无法正确接收并处理axios请求
  • ¥15 隐藏系统界面pdf的打印、下载按钮
  • ¥15 MATLAB联合adams仿真卡死如何解决(代码模型无问题)
  • ¥15 基于pso参数优化的LightGBM分类模型
  • ¥15 安装Paddleocr时报错无法解决
  • ¥15 python中transformers可以正常下载,但是没有办法使用pipeline
  • ¥50 分布式追踪trace异常问题
  • ¥15 人在外地出差,速帮一点点
  • ¥15 如何使用canvas在图片上进行如下的标注,以下代码不起作用,如何修改