doufan8805 2014-11-04 12:00 采纳率: 0%
浏览 10
已采纳

更好的(一般)身份验证实现

Currently I have a method in my BaseController and in each controller method that I need the user to be authenticated I am left with always calling this piece of code:

user, err := c.getUser()
if err != nil {
        return c.Redirect(UserController.Login)
}

Which just checks if

revel.InterceptMethod((*UserController).CheckUser, revel.BEFORE)

(in the init.go) has added a valid user to .RenderArgs["user"].

Is there anyway I can put this redirect to the login page incl. the auth check into an filter / intercept method, so I don't have to repeat the above code 10 times? (I developed this code around revel v0.9~0.10)

One solution I came up with would be writting a module/app similiar to the new csrf module.

EDIT 4.11.2015: This Question was posted sometime ago, please check back the official Revel documentation as revel has undergone quite some development

  • 写回答

1条回答 默认 最新

  • duanmen1887 2014-11-28 18:03
    关注

    Just don't let the requests to your controllers unless if authentication has properly been done. You need to implement a Filter for that. It means something like

    init.go:

    revel.Filters = []revel.Filter{
    SessionFilter, // Preferably a safe implementation that isn't plaintext cookies etc
    mypackage.Authenticator
}

    mypackage.go:

    package mypackage

func Authenticator(c *revel.Controller, fc []revel.Filter) {
 // If authentication found (from session), pass to next Filter in stack
 // If not, redirect to your authentication UI, and pass
 // Or handle other parts of authentication requests...
 // If authentication succeeded, save it to session

 // Otherwise just drop the request (probably log?)
}

    The specifics depend entirely on what kind of authentication you are setting up. Here is one SSO implementation for your reference.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度