douxian7534 2015-03-19 08:49
浏览 57
已采纳

使用gorilla-toolkit的golang go-endpoints会话

I'm trying to implement Session handling and combine it with the go-endpoints package !

The package that i use to handle the session is Gorilla Sessions (github.com/gorilla/sessions), i would like some help..

I'm able to store a cookie to the client .. and when i call the endpoints is can see that the cookie is sent to the server.

The problem while i try to get the Session values from the Session storage while the api is called, i cant get threw to the cookie .. it seams that the endpoints package strip the http.Request from extra content or something .. ?

The place that i try to get the cookie is in the Server.go at the

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request){

     var store = sessions.NewCookieStore([]byte("secret123"));

     session, _ := store.Get(r, "session-name");

     // Get the previously flashes, if any.

     c.Infof("foo value is : %v",r.Cookies());

     if flashes := session.Flashes(); len(flashes) > 0 {

     // Just print the flash values.

     c.Infof("this is the testing post message with cookie from the ServeHTTP    : 
      %v",flashes);
      } 

      else {

      // Set a new flash.

      session.AddFlash("Hello, flash messages world!")

      c.Infof("No flashes found.");

      }

      session.Save(r, w)

      }

what i get is a empty array .... :(

someone has a lead ?

THANKS !!!!!

  • 写回答

1条回答 默认 最新

  • douxun2018 2015-03-24 14:18
    关注

    Ok sooo i got the hole idea of the go-endpoints wrong i guess .. Im pretty new to golang (~year)..

    i wanted to write something about what i have found and how did a secure my api's.

    First step will be to follow the go-endpoints package instructions about how to register and discover the api's at : https://github.com/GoogleCloudPlatform/go-endpoints ,This package is the closest package there is to google app engine endpoints using Java or Python ..

    Now, lets say the api are online and discoverable. if we wont use oauth2 to secure the api's they will be discoverable and grant access for all users .. and that something i would like to approve only in my public api's and not in my private .. so i tried gorilla session thinking it will solve my problem ..

    What i did was trying to listen to incoming api calls by wrapping withe middleware all the rout calles passing "/_ah/api/....", can you imagine .. took my forever to understand that this path is reserved to google api and that i can do what i was trying .. eventually .. i got it .. batter later then ever ...

    soo to the point, after exposing the api's giving it names and all you should use the info.ClientIds, info.Scopes.

    code example ---->

    const (
dummyClientID = "google appengine client id" 
dummyScope1   = "https://www.googleapis.com/auth/plus.login"
dummyScope2   = "https://www.googleapis.com/auth/plus.me"
dummyScope3   = "https://www.googleapis.com/auth/userinfo.email"
dummyScope4   = "https://www.googleapis.com/auth/userinfo.profile"
dummyAudience = "people"
)

var (
emptySlice = []string{}
clientIDs  = []string{dummyClientID}  // this is the clientId of the project
scopes     = []string{dummyScope1,dummyScope2,dummyScope3,dummyScope4} // >this are the req oauth2 scopes that the user hase to approve.
audiences  = []string{dummyAudience} // this is only for android !
)


info := manageApi.MethodByName("GetBusinessById").Info()
info.Name, info.HTTPMethod, info.Path, info.Desc = "GetBusinessById",   >"POST","GetBusinessById", "Get the business if bid is sent."
info.ClientIds, info.Scopes = clientIDs, scopes

    now all that is left to do is in the api function creating a endpoint.NewContext and ask the appropriate scope to get user.User .. 

     func (ms *ManageService) GetBusinessById(r *http.Request, req >*JsonInGetBusinessById, resp *JsonOutEditBusiness) error {
 // go get the business by bid.
 DalInst := ManageDataAccessLayer.DALManagerFactory()

 context := endpoints.NewContext(r)

 u,err := >context.CurrentOAuthUser("https://www.googleapis.com/auth/userinfo.email")
 if err != nil {
     return err
 }else {

   var businessObj = DalInst.GetBusinessByBid(context, req.BidStr)


  resp.BidStr = u.Email //just for testing to see if the client is auth and >we can get client Email..

   resp.NameStr = businessObj.NameStr
   resp.AddressStr = businessObj.AddressStr
   resp.DescriptionStr = businessObj.DescriptionStr
   resp.DescriptionTwo = businessObj.DescriptionTwo
   resp.PhoneNumberStr = businessObj.PhoneNumberStr

   return nil

    }

    ok .. hope i made some things clear !

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog