golang go-endpoints使用gorilla-toolkit的会话 [英] golang go-endpoints Session using gorilla-toolkit

问题描述

我用来处理会话的包是Gorilla Sessions（github .com / gorilla / sessions），我想要一些帮助..

我可以将cookie存储到客户端，当我打电话给终端时可以看到cookie被发送到服务器。

问题，虽然我试图从会话存储中获取会话值，同时调用api，但我不能得到投掷到饼干..它接缝，端点包剥离http.Request从额外的内容或东西..？

我尝试获取cookie的地方是在

  func（s * Server）ServeHTTP（w http.ResponseWriter，r * http.Request）{ 
 
 var store = sessions.NewCookieStore（[] byte（secret123））; 
 
 session，_：= store.Get（r，session-name）; 
 
 //获取之前的闪烁，如果有的话。 
 
 c .fof（foo value is：％v，r.Cookies（））; 
 
 if flash：= session.Flashes（）; len（闪烁）> 0 {
 
 //只需打印闪光值。 
 $ b $ c .fof（这是来自ServeHTTP的cookie的测试帖子消息：
％v，闪烁）; 
} 
 
其他{
 
 //设置一个新的闪存。 
 
 session.AddFlash（Hello，flash messages world！）
 
 c .fof（找不到闪烁）; 
 
 
 
 session.Save（r，w）
 
} 
  

我得到的是一个空数组...... ....（

有人有领先吗？

谢谢!!!!!

解决方案

好的，我有洞的想法go-endpoints错误我猜..
我很喜欢golang（〜year）..

我想写一些关于我找到的东西，如何安全的我的API。

第一步将遵循go-endpoints包说明如何注册和发现api的： https://github.com/GoogleCloudPlatform/go-endpoints ，这个软件包是最接近Google软件包引擎端点的软件包使用Java或Python。

现在，让我们说api是联机和可发现的。
如果我们不使用oauth2来保护api，它们将被发现并且授予一个为所有用户提供服务..而那些我只想在我的公共API中批准，而不是在我的私人..所以我试图大猩猩会议认为这将解决我的问题..

我所做的是试图通过用中间件包装传入的所有路径传递/ _ah / api / ....来试听传入的api调用，你能想象得到......我永远明白这条路是保留给谷歌API，并且我可以做我正在尝试..最终..我明白了..面糊后来然后永远......

soo到点，暴露api的名字后，你应该使用info.ClientIds，info.Scopes。

代码示例---->

  const（
 dummyClientID =google appengine客户端ID
 dummyScope1 =https：// www .googleapis.com / auth / plus.login
 dummyScope2 =https://www.googleapis.com/auth/plus.me
 dummyScope3 =https://www.googleapis.com /auth/userinfo.email
 dummyScope 4 =https://www.googleapis.com/auth/userinfo.profile
 dummyAudience =people
）
 
 var（
 emptySlice = [ ] string {} 
 clientIDs = [] string {dummyClientID} //这是项目的clientId 
 scopes = [] string {dummyScope1，dummyScope2，dummyScope3，dummyScope4} //>这是req oauth2范围，用户需要批准。 
 audiences = [] string {dummyAudience} //这只适用于android！ 
）
 
 
 info：= manageApi.MethodByName（GetBusinessById）。Info（）
 info.Name，info.HTTPMethod，info.Path，info。 Desc =GetBusinessById，>POST，GetBusinessById，如果发送出价则获得业务。 
 info.ClientIds，info.Scopes = clientIDs，范围
  

<现在所有剩下要做的就是在api函数中创建一个endpoint.NewContext并询问适当的作用域来获取user.User ..

  func（ms * ManageService）GetBusinessById（r * http.Request，req> * JsonInGetBusinessById，resp * JsonOutEditBusiness）error {
 //通过出价获取业务。 
 DalInst：= ManageDataAccessLayer.DALManagerFactory（）
 
 context：= endpoints.NewContext（r）
 $ b $，err：=> context.CurrentOAuthUser（https： //www.googleapis.com/auth/userinfo.email）
 if err！= nil {
 return err 
} else {
 
 var businessObj = DalInst .GetBusinessByBid（context，req.BidStr）
 
 
 resp.BidStr = u.Email //仅用于测试以查看客户端是否为auth，并且>我们可以获取客户端电子邮件。 
 
 resp.NameStr = businessObj.NameStr 
 resp.AddressStr = businessObj.AddressStr 
 resp.DescriptionStr = businessObj.DescriptionStr 
 resp.DescriptionTwo = businessObj.DescriptionTwo 
 resp.PhoneNumberStr = businessObj.PhoneNumberStr 
 
 return nil 
  

}

好的..希望我明确了一些事情！

I'm trying to implement Session handling and combine it with the go-endpoints package !

The package that i use to handle the session is Gorilla Sessions (github.com/gorilla/sessions), i would like some help..

I'm able to store a cookie to the client .. and when i call the endpoints is can see that the cookie is sent to the server.

The problem while i try to get the Session values from the Session storage while the api is called, i cant get threw to the cookie .. it seams that the endpoints package strip the http.Request from extra content or something .. ?

The place that i try to get the cookie is in the Server.go at the

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request){

     var store = sessions.NewCookieStore([]byte("secret123"));

     session, _ := store.Get(r, "session-name");

     // Get the previously flashes, if any.

     c.Infof("foo value is : %v",r.Cookies());

     if flashes := session.Flashes(); len(flashes) > 0 {

     // Just print the flash values.

     c.Infof("this is the testing post message with cookie from the ServeHTTP    : 
      %v",flashes);
      } 

      else {

      // Set a new flash.

      session.AddFlash("Hello, flash messages world!")

      c.Infof("No flashes found.");

      }

      session.Save(r, w)

      }

what i get is a empty array .... :(

someone has a lead ?

THANKS !!!!!

解决方案

Ok sooo i got the hole idea of the go-endpoints wrong i guess .. Im pretty new to golang (~year)..

i wanted to write something about what i have found and how did a secure my api's.

First step will be to follow the go-endpoints package instructions about how to register and discover the api's at : https://github.com/GoogleCloudPlatform/go-endpoints ,This package is the closest package there is to google app engine endpoints using Java or Python ..

Now, lets say the api are online and discoverable. if we wont use oauth2 to secure the api's they will be discoverable and grant access for all users .. and that something i would like to approve only in my public api's and not in my private .. so i tried gorilla session thinking it will solve my problem ..

What i did was trying to listen to incoming api calls by wrapping withe middleware all the rout calles passing "/_ah/api/....", can you imagine .. took my forever to understand that this path is reserved to google api and that i can do what i was trying .. eventually .. i got it .. batter later then ever ...

soo to the point, after exposing the api's giving it names and all you should use the info.ClientIds, info.Scopes.

code example ---->

const (
dummyClientID = "google appengine client id" 
dummyScope1   = "https://www.googleapis.com/auth/plus.login"
dummyScope2   = "https://www.googleapis.com/auth/plus.me"
dummyScope3   = "https://www.googleapis.com/auth/userinfo.email"
dummyScope4   = "https://www.googleapis.com/auth/userinfo.profile"
dummyAudience = "people"
)

var (
emptySlice = []string{}
clientIDs  = []string{dummyClientID}  // this is the clientId of the project
scopes     = []string{dummyScope1,dummyScope2,dummyScope3,dummyScope4} // >this are the req oauth2 scopes that the user hase to approve.
audiences  = []string{dummyAudience} // this is only for android !
)


info := manageApi.MethodByName("GetBusinessById").Info()
info.Name, info.HTTPMethod, info.Path, info.Desc = "GetBusinessById",   >"POST","GetBusinessById", "Get the business if bid is sent."
info.ClientIds, info.Scopes = clientIDs, scopes  

now all that is left to do is in the api function creating a endpoint.NewContext and ask the appropriate scope to get user.User ..

 func (ms *ManageService) GetBusinessById(r *http.Request, req >*JsonInGetBusinessById, resp *JsonOutEditBusiness) error {
 // go get the business by bid.
 DalInst := ManageDataAccessLayer.DALManagerFactory()

 context := endpoints.NewContext(r)

 u,err := >context.CurrentOAuthUser("https://www.googleapis.com/auth/userinfo.email")
 if err != nil {
     return err
 }else {

   var businessObj = DalInst.GetBusinessByBid(context, req.BidStr)


  resp.BidStr = u.Email //just for testing to see if the client is auth and >we can get client Email..

   resp.NameStr = businessObj.NameStr
   resp.AddressStr = businessObj.AddressStr
   resp.DescriptionStr = businessObj.DescriptionStr
   resp.DescriptionTwo = businessObj.DescriptionTwo
   resp.PhoneNumberStr = businessObj.PhoneNumberStr

   return nil

}

ok .. hope i made some things clear !

这篇关于golang go-endpoints使用gorilla-toolkit的会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！