英文:
Golang - Server Side Login Handling - how to resume request after login?
问题
目前,我正在使用Gin框架开发一个使用服务器端渲染的Web应用程序,并且在登录拦截方面遇到了问题。当一个HTTP GET请求到达一个端点时,中间件会用来检查浏览器的cookie,并将流量重定向到登录页面。这个功能正常工作,成功登录后,用户总是被重定向到仪表盘页面。我的问题是,我应该如何将用户重定向回最初请求的URI,而不是仪表盘页面?
另外,更复杂的情况是在HTTP POST请求中。似乎HTTP POST方法与重定向不太兼容。另外,当用户成功登录后,我应该如何使用相同的POST请求继续处理请求?
谢谢帮助!
英文:
Currently, I’m developing a web app with server-side rendering using the Gin framework and I’m having a problem with login intercepting. When an HTTP GET request hits an endpoint, middleware is used to check the browser cookie and redirect the traffic to the login page. This works fine and after successful login, the user is always redirected to the dashboard page. My question is how I should redirect the user back to the originally requested URI instead of the dashboard page?
Also, a bit more complex scenario is on HTTP POST. It looks like the HTTP POST method doesn’t work quite well with a redirect. Also, how would I resume the request with the same post request after the user successfully login?
Thanks for the help!
答案1
得分: 1
对于HTTP GET场景,这个比较简单,你需要在某个地方记住原始的URL。有几种方法可以实现:
- 如果有会话信息可用(非身份验证用户需要会话),可以将URL存储在会话信息中。
- 可以将URL存储在查询字符串中,例如,重定向到
example.com/login?original=https%3A%2F%2Fexample.com%2Fanother-page
。你的登录页面可以查找查询参数,并将其包含在登录表单中,或者确保登录表单的操作与给定的URI匹配。在成功的登录尝试中,你可以从查询参数中获取原始URL,并将其设置为Location
。 - 可以将原始URL存储在cookie中,在成功的登录后,只需检查cookie的值并使用它。
对于HTTP POST场景,如果你只想将相同的POST请求重定向到不同的URL,可以使用307 Temporary redirect。307将保留请求体和方法,并且不会像303 See Other或302 Found那样将其转换为GET请求。
在显示登录界面和成功登录后恢复原始的POST请求会更复杂一些。当你重定向到登录页面时,会中断用户的流程,也许让用户在登录后重新提交他们的请求比为他们做这个更好。
话虽如此,从技术上讲是可能的。我们需要两个步骤,首先是存储所有数据以重新创建请求。然后在登录完成后,我们可以渲染一个带有保存的数据的表单,并使用JavaScript提交表单。在你的表单之后添加:
<script>document.getElementById("myForm").submit();</script>
浏览器将在加载JavaScript后提交表单,从而重新创建原始的POST请求。
存储部分可以通过服务器端会话或cookie来完成。
英文:
For the HTTP GET scenario, this one is easy, you need to remember the original URL somewhere. The are a few ways you could go about this:
- Store the URL in session information(if any is available, you do need sessions for non-authenticated users)
- Store it in a query string, for example, redirect to
example.com/login?original=https%3A%2F%2Fexample.com%2Fanother-page
. Your login page can look for the query parameter and include it in the login form or make sure that the action of the login form matches the given URI. On a successful login attempt you can get the original URL form the query param and set it as theLocation
. - Store the original URL in a cookie, upon successful login you can just check the cookie value and use that.
As for the HTTP POST scenario. If you just want to redirect the same POST request to a different URL you can use a 307 Temporary redirect. A 307 will preserve the request body and method and not turn it into a GET request like a 303 See Other or 302 Found.
Resuming the original POST after showing the login screen and after a successful login is a little more complex. When you redirect to the login page you interrupt the flow of the user, maybe it is better to let the user re-post their request after logging in, instead of doing it for them.
Having said that, it is technically possible. We require two steps, first is storing all the data to recreate the request. Then after login completion we can render a form with this saved data and use javascript to submit the form. By adding:
<script>document.getElementById("myForm").submit();</script>
After your form, the browser will submit the form after loading the javascript, thus recreating the original POST.
The storage part can be done via the server side session or a cookie.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论