Negroni的路线特定中间件 [英] Route-specific Middlewares with Negroni

查看:164
本文介绍了Negroni的路线特定中间件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个使用httprouter和negroni的web服务器。用户通过外部OAuth登录到该系统。我们将令牌保存到加密的会话中,以指示他们是否已登录。我想使用中间件来验证此令牌是否存在,然后将用户踢回登录页面(如果不存在)。我想排除使用认证中间件的一些路由。 Negroni自述文件中有一个用大猩猩多路复用器来做这个事情的例子,但是我不能用HTTProuter来扩展它的可扩展性。类似于我的服务器设置的东西如下:

  router:= httprouter.New()
router.GET( / login,Login)// auth不需要
router.GET(/,Index)//需要授权

s:= negroni.Classic()

s.Use(sessions.Sessions(example-web-dev,cookiestore.New([] byte(some garbage))))
s.Use(authenticator.Get())
s.UseHandler(router)

其中 / login 是一条我不想通过中间件进行授权的路由, / 是。 authenticator.Get()是我的身份验证处理函数func,其内容我认为与该问题无关。



如何将 authenticator.Get()应用于 / 但不是 / login ?请记住,除了 / login 以及许多其他门控路线外,还有其他几条公共路线。



一些链接:


解决方案

我最终能够围绕这个过程围绕我的大脑。解决方案是为每个单独的路由创建新的negroni.Negroni实例。在上面的例子中:

  router:= httprouter.New()
router.Handler(GET, / login,
negroni.New(negroni.HandlerFunc(loginHandler)))
router.Handler(GET,/,
negroni.New(authenticator.Get(),
negroni.HandlerFunc(indexHandler)))

server:= negroni.Classic()
server.UseHandler(router)
server.Use(sessions.Sessions (:3000)
cookiestore.New([] byte(some secret))))
server.Run c>

loginHandler indexHandler will两者都需要有这个方法签名:

$ p $ func(http.ResponseWriter,* http.Request,http.HandlerFunc)

在给出的示例中,所有路由将使用由 negroni.Classic()提供的中间件。 和会话中间件添加到服务器,但只有 / 将使用中间我在 authenticator.Get()中创建的商品。


I have a web server using httprouter and negroni. Users log into this system through external OAuth. We save the token to the encrypted session which indicates whether or not they are logged in. I would like to use a middleware to verify whether or not this token exists, and then kick the user back to the login page if it does not. I want to exclude some routes from using the authentication middleware. There is an example in the negroni README of doing this with gorilla mux, but I can't quite get my head around doing this scalably with httprouter. Something similar to my server setup is below:

router := httprouter.New()
router.GET("/login", Login) // auth not required
router.GET("/", Index)  // auth required

s := negroni.Classic()

s.Use(sessions.Sessions("example-web-dev", cookiestore.New([]byte("some garbage"))))
s.Use(authenticator.Get())
s.UseHandler(router)

Where /login is a route I do not want to require authorization through the middleware and / is. authenticator.Get() is my authentication handler func with contents I don't think are relevant to the question.

How can I apply authenticator.Get() to / but not /login? Keeping in mind that there will be several other "public" routes alongside /login and many other gated routes as well.

Some links:

解决方案

I was eventually able to wrap my brain around this process. The solution is to create new negroni.Negroni instances for each individual route. In the case above:

router := httprouter.New()
router.Handler("GET", "/login",
               negroni.New(negroni.HandlerFunc(loginHandler)))
router.Handler("GET", "/",
               negroni.New(authenticator.Get(),
               negroni.HandlerFunc(indexHandler)))

server := negroni.Classic()
server.UseHandler(router)
server.Use(sessions.Sessions("example-web-dev",
           cookiestore.New([]byte("some secret"))))
server.Run(":3000")

loginHandler and indexHandler will both need to have this method signature:

func(http.ResponseWriter, *http.Request, http.HandlerFunc)

With the given example, all routes will utilize the middleware provided by negroni.Classic() and the sessions middleware added to server, but only / will use the middleware I created in authenticator.Get().

这篇关于Negroni的路线特定中间件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆