Go language WEB framework: use interceptor to verify user's login status

wego interceptor

A wego interceptor is a function that is called before or after an action (handler function), usually to handle some common logic. Interceptors can be used for the following common problems:

• request logging
• error handling
• Authentication processing

The following interceptors are available in wego:

• before_exec : Interceptor before the action is executed
• after_exec : Interceptor after the action is executed

This article uses an example to illustrate how to use an interceptor to determine the user's login status. In this example, the user accesses login_get to display the login page and calls the login_post page to submit the login information. In the login_post page, determine whether the user's login information is legal, and save the login account in the session. Before the user accesses other pages that require login authentication (for example, the index page), the interceptor is executed first: handler.BeforeExec. Obtain the user account in the interceptor. If the user account is not obtained, jump to the login page: login_get. The advantage of using an interceptor to check the user's login status is that there is no need to include the user's login status check logic in each handler function. Just separate the login logic and implement it as a before_exec interceptor. The main content of the main function is as follows:

main function

 package main
import (
    "demo/handler"
    "github.com/haming123/wego"
    log "github.com/haming123/wego/dlog"
)
func main() {
    web, err := wego.InitWeb()
    if err != nil {
        log.Error(err)
        return
    }
    
    wego.SetDebugLogLevel(wego.LOG_DEBUG)
    web.Config.SessionParam.SessionOn = true
    web.Config.SessionParam.HashKey = "demohash"

    web.BeforExec(handler.BeforeExec)
    web.GET("/login_get", handler.HandlerLoginGet).SkipHook()
    web.POST("/login_post", handler.HandlerLoginPost).SkipHook()
    web.GET("/index", handler.HandlerIndex)

    err = web.Run("0.0.0.0:8080")
    if err != nil {
        log.Error(err)
    }
}

illustrate:

• In this example, a cookie-based session data storage engine is used to store user login accounts.
• Call web.BeforExec(handler.BeforeExec) to set the interceptor, and implement the login status check logic in the handler.BeforeExec interceptor.
• Since login_get page and login_post page do not need login verification, use SkipHook() to ignore the interceptor.

Login logic

When a user accesses a page that requires login verification, it will first check the login account of the session. If there is no login account, it will jump to the login page: login_get. The processor of the login page is implemented as follows:

 func HandlerLoginGet(c *wego.WebContext) {
    c.WriteHTML(http.StatusOK, "./view/login.html", nil)
}

The content of login.html is as follows:

 <!doctype html>
<html>
<head>
    <meta charset="UTF-8">
    <title>登录页面</title>
</head>
<body>
<h2>用户登陆</h2>
<form action="/login_post" method="post">
    <div>用户账号：</div>
    <div>
        <input type="text" name="account" placeholder="请输入用户账号" />
    </div>
    <br />
    <div>登录密码：</div>
    <div>
        <input type="password" name="password" placeholder="请输入登录密码"/>
    </div>
    <br />
    <div>
        <input type="submit" value="立即登录" />
    </div>
</form>
</body>
</html>

After the user clicks "Login Now", the server sends a post request to the login_post. The implementation of the login_post processor is as follows:

 func HandlerLoginPost(c *wego.WebContext) {
    account := c.Param.MustString("account")
    password := c.Param.MustString("password")
    if account == "admin" && password == "demo" {
        c.Session.Set("account", account)
        c.Session.Save()
        c.Redirect(302, "/index")
    } else {
        c.Session.Set("account", "")
        c.Session.Save()
        c.Redirect(302, "/login_get")
    }
}

illustrate:

• Call c.Session.Set in HandlerLoginPost to write the account to the session.

Implementation of login interceptor

The logic of the login check is implemented by the before_exec interceptor. The following is the code of the before_exec interceptor:

 func GetAccount(c *wego.WebContext) string {
    account, _ := c.Session.GetString("account")
    return account
}
func BeforeExec(c *wego.WebContext) {
    login_path := "/login_get"
    if GetAccount(c) == "" && c.Path != login_path {
        c.Redirect(302, login_path)
        return
    }
}

illustrate:

• Implement the GetAccount function to obtain session data. If the user successfully logs in to the system, the user's login account is stored in the session. In the handler function, the GetAccount function can be called to obtain the logged-in login account.
• The BeforeExec function is an implementation of the before_exec interceptor. In the BeforeExec function, the GetAccount function is firstly called to obtain the logged-in login account. If there is no user account, it will jump to the login page: login_get, otherwise the processing function will be executed.

Implementation of index page

The index page needs to verify whether the user is logged in. Since the before_exec interceptor is executed before the processor of the index page is executed, the login check is not required in the processor function of the index page, and the programmer only needs to implement the business logic. The implementation code of the handler function of the index page is as follows:

 func HandlerIndex(c *wego.WebContext) {
    c.WriteHTML(http.StatusOK, "./view/index.html", GetAccount(c))
}

Read the index.html template in HandlerIndex, and use GetAccount(c) to get the user account, and then render. The contents of the index.html template are as follows:

 <!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
hello : {{.}}
</body>
</html>

download of wego code

go get github.com/haming123/wego