4
votes

I have a web server using httprouter and negroni. Users log into this system through external OAuth. We save the token to the encrypted session which indicates whether or not they are logged in. I would like to use a middleware to verify whether or not this token exists, and then kick the user back to the login page if it does not. I want to exclude some routes from using the authentication middleware. There is an example in the negroni README of doing this with gorilla mux, but I can't quite get my head around doing this scalably with httprouter. Something similar to my server setup is below:

router := httprouter.New()
router.GET("/login", Login) // auth not required
router.GET("/", Index)  // auth required

s := negroni.Classic()

s.Use(sessions.Sessions("example-web-dev", cookiestore.New([]byte("some garbage"))))
s.Use(authenticator.Get())
s.UseHandler(router)

Where /login is a route I do not want to require authorization through the middleware and / is. authenticator.Get() is my authentication handler func with contents I don't think are relevant to the question.

How can I apply authenticator.Get() to / but not /login? Keeping in mind that there will be several other "public" routes alongside /login and many other gated routes as well.

Some links:

2

2 Answers

4
votes

I was eventually able to wrap my brain around this process. The solution is to create new negroni.Negroni instances for each individual route. In the case above:

router := httprouter.New()
router.Handler("GET", "/login",
               negroni.New(negroni.HandlerFunc(loginHandler)))
router.Handler("GET", "/",
               negroni.New(authenticator.Get(),
               negroni.HandlerFunc(indexHandler)))

server := negroni.Classic()
server.UseHandler(router)
server.Use(sessions.Sessions("example-web-dev",
           cookiestore.New([]byte("some secret"))))
server.Run(":3000")

loginHandler and indexHandler will both need to have this method signature:

func(http.ResponseWriter, *http.Request, http.HandlerFunc)

With the given example, all routes will utilize the middleware provided by negroni.Classic() and the sessions middleware added to server, but only / will use the middleware I created in authenticator.Get().

-1
votes

if using httprouter, params can be retrieved by calling the router.Lookup function. Here is what I did:

_, params, _ := router.Lookup("GET", req.URL.Path) where router is an instance of httprouter.Router