Google App Engine 特定页面的身份验证

huangapple go评论85阅读模式
英文:

google app engine authentication for specific pages

问题

我正在尝试在golang平台上使用Google App Engine进行开发,并希望仅对特定页面执行检查(对于已登录用户)。

例如:

访问"/"路径的用户,如果已登录,则将重定向到"/site",否则将显示有关产品的页面。

而访问"/members"、"/users"、"/items"页面的用户,如果未经身份验证,则将重定向到登录页面。

以下是一个简单的Go代码示例:

package hello

import (
    "fmt"
    "net/http"

    "appengine"
    "appengine/user"
)

func init() {
    http.HandleFunc("/", site)
    http.HandleFunc("/members", members) // 等等,还有"items"和"products"以及其他受限页面
}

func userLoggedIn() bool {
    // 进行检查...
    return true
}

func userNotLoggedIn() {
    // 致命错误消息
}

func site(w http.ResponseWriter, r *http.Request) {
    if !userLoggedIn() {
        // 显示"about"页面
    } else {
        // 显示"user"页面
    }
}

func members(w http.ResponseWriter, r *http.Request) {
    if !userLoggedIn() {
        // 显示"members"页面
    } else {
        userNotLoggedIn() // 致命错误消息
    }
}

然而,这种方法可能有些笨拙,我希望能够在init函数中测试页面URL,并在代码中的任何地方预处理用户帐户,而不是从各处调用检查函数...

有什么好的做法可以使http调度程序仅在用户已登录时调用我的"需要登录"页面吗?

英文:

I am experimenting to develop with google-app-engine on the golang platform and I wish to perform a check (for logged in users) on a specific pages only.

for example:

users visiting the "/" path will be redirected to "/site" if they are logged in or will be shown a page about the product.

while users visiting the "/members","/users","/items" pages will be redirected to a login page if they are not authenticated.

a simple go code suggests:

package hello

import (
    "fmt"
    "net/http"

    "appengine"
    "appengine/user"
)

func init() {
    http.HandleFunc("/", site)
    http.HandleFunc("/", members) // etc for "items" and "products" and whatever restricted pages
}

func user_logged_in() bool {
	// do the check ...
	return true
}

func user_not_logged_in() {
	// fatal error message
}

func site(w http.ResponseWriter, r *http.Request) {
	if !user_logged_in() {
		// show "about" page
	} else {
		// show a "user" page
	}
}

func members(w http.ResponseWriter, r *http.Request) {
	if !user_logged_in() {
		// show "members" page
	} else {
		user_not_logged_in() // fatal error message
	}
}

however this feels a bit hacky, I wish I could test for the page URL in the init function and pre-process the user account once instead of calling a checker function from everywhere in my code ...

what would be a good practice of making the http dispatcher call my "login-required" pages only if a user is logged in?

答案1

得分: 2

init函数只是初始化你的应用程序。你可以使用它来注册HTTP处理程序,但它不会在每个请求上运行。

如果你使用标准的身份验证方法之一,你可以在app.yaml配置文件中声明授权。对于你的用例,可以类似于以下内容:

handlers:
- url: /members/.*
  script: _go_app
  login: required

- url: /users/.*
  script: _go_app
  login: required

- url: /items/.*
  script: _go_app
  login: required

- url: /.*
  script: _go_app

详细信息请参考文档

英文:

The init function only initializes your application. You use it for example to register HTTP handlers but it won't run on every request.

In case you use one of the standard authentication methods you can declare authorization in your app.yaml configuration file. For your use case it would be similar to this:

handlers:

- url: /members/.*
  script: _go_app
  login: required

- url: /users/.*
  script: _go_app
  login: required

- url: /items/.*
  script: _go_app
  login: required

- url: /.*
  script: _go_app

Have a look at the docs for more details.

huangapple
  • 本文由 发表于 2014年5月3日 22:37:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/23445808.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定