I think you have 2 options:
1. You can limit only the user of your Google App domain, go to Administration >> Application Settings >> Authentication Type.
2. The "appengine/user" pakage just give you the basic function. You can use it to check if the current user email is in the allowed-list or not.
var allowed = []string{"tom@example.com", "jack@example.com"}
func handler(w http.ResponseWriter, r *http.Request) {
c := appengine.NewContext(r)
u := user.Current(c)
if u == nil {
url, err := user.LoginURL(c, r.URL.String())
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Header().Set("Location", url)
w.WriteHeader(http.StatusFound)
return
}
var granted bool
for _, email := range allowed {
if u.Email == email {
granted = true
break;
}
}
if !granted {
http.Error(w, "you're not in the allowed list", 400)
return
}
fmt.Fprintf(w, "Hello, %v!", u)
}