package handler import ( "fmt" "net/http" "sirlab.de/go/knyt/user" "strings" ) func (authMux *AuthMux) PrivateHandleFunc(pattern string, handlerFunc PrivateHandlerFunc) { authMux.mux.HandleFunc(pattern, func(w http.ResponseWriter, r *http.Request) { usr, err := authMux.getUserFromSession(r) if err != nil { authMux.accessDenied(w, r) return } handlerFunc(usr, w, r) }) } func (authMux *AuthMux) accessDenied(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusForbidden) fmt.Fprintf(w, "Forbidden") } func (authMux *AuthMux) getUserFromSession(r *http.Request) (*user.User, error) { authCookie, err := r.Cookie("knyt-auth") if err != nil { fmt.Printf("%v\n", err) return nil, fmt.Errorf("invalid cookie") } vals := strings.SplitN(authCookie.Value, ":", 2) usr, usrErr := authMux.app.GetUserById(vals[0]) if usrErr != nil { return nil, fmt.Errorf("invalid cookie") } if usr.GetAuthCode() != vals[1] { return nil, fmt.Errorf("invalid cookie") } return usr, nil }