goweb restful authentication
125 views
Skip to first unread message
Anna
Oct 12, 2012, 6:53:40 AM10/12/12
to golang...@googlegroups.com
can any one guide me to implement authentication in goweb restful api (for POST method).
Regards,
Annadurai
Tyler Bunnell
Oct 12, 2012, 10:32:06 AM10/12/12
to golang...@googlegroups.com
Hey Anna!
Here's a pretty basic breakdown of what you would need to do to implement authentication:
• Create a custom User
• Use email address as key
• Have PasswordHash attribute
• Create a CreateUser handler
• Confirm email address is valid
• Confirm password is valid
• Hash password using bcrypt
• Create new User
• Save hash as PasswordHash attribute
• Save User
• Create cookie with UserID using gorilla/sessions
• Create a CheckPassword handler
• Look up User by email address
• Compare password to user.PasswordHash
• If PasswordHash matches create cookie with UserID
• When action is taken that requires Authentication check for cookie with UserID
Here's a pretty basic breakdown of what you would need to do to implement authentication:
• Create a custom User
• Use email address as key
• Have PasswordHash attribute
• Create a CreateUser handler
• Confirm email address is valid
• Confirm password is valid
• Hash password using bcrypt
• Create new User
• Save hash as PasswordHash attribute
• Save User
• Create cookie with UserID using gorilla/sessions
• Create a CheckPassword handler
• Look up User by email address
• Compare password to user.PasswordHash
• If PasswordHash matches create cookie with UserID
• When action is taken that requires Authentication check for cookie with UserID
Anna
Oct 15, 2012, 1:21:44 AM10/15/12
to golang...@googlegroups.com
Thanks Tyler,
Matthew Wyatt
May 24, 2013, 12:33:02 PM5/24/13
to golang...@googlegroups.com
Tyler, sorry for the thread necromancy and what might be a stupid question, but how does this work with the concept of "sessions"? That is, once CreateUser creates the cookie, how would one log out? And once logged out, how would one log back in with the same user? Doesn't there have to be at least one more handler in order to accommodate this behavior? I might be thinking about this entirely incorrectly - sorry if my question makes no sense.
-Matt
-Matt
Tyler Bunnell
May 24, 2013, 12:45:52 PM5/24/13
to golang...@googlegroups.com
The session is handled by the cookie. Once a user logs in, the cookie is set and the session is established. You can set the expiration policy for the cookie so the session expires when you want it to, forcing the user to log back in.
Also, to log in as the same user, the user sends their username and password to you, which you then put through the hashing process detailed below and compare the result to the stored hash. If they match, the password is correct.
You can use another handler for this if you'd like, or you could do logic inside a "main" handler.
> --
> You received this message because you are subscribed to the Google Groups "goweb" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golang-goweb...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Also, to log in as the same user, the user sends their username and password to you, which you then put through the hashing process detailed below and compare the result to the stored hash. If they match, the password is correct.
You can use another handler for this if you'd like, or you could do logic inside a "main" handler.
> You received this message because you are subscribed to the Google Groups "goweb" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golang-goweb...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Reply all
Reply to author
Forward
0 new messages