golang go-endpoints使用gorilla-toolkit的会话

时间:2015-03-19 08:49:32

标签: session cookies go google-cloud-endpoints gorilla

我正在尝试实现会话处理并将其与go-endpoints包结合使用!

我用来处理会话的包是Gorilla Sessions(github.com/gorilla/sessions),我想要一些帮助。

我能够将cookie存储到客户端..当我调用端点时,可以看到cookie被发送到服务器。

当我在调用api时尝试从Session存储中获取Session值时出现问题,我无法将其扔到cookie中...它接收端点包从额外内容中剥离http.Request等等。 ?

我尝试获取cookie的地方位于

的Server.go中 
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request){

     var store = sessions.NewCookieStore([]byte("secret123"));

     session, _ := store.Get(r, "session-name");

     // Get the previously flashes, if any.

     c.Infof("foo value is : %v",r.Cookies());

     if flashes := session.Flashes(); len(flashes) > 0 {

     // Just print the flash values.

     c.Infof("this is the testing post message with cookie from the ServeHTTP    : 
      %v",flashes);
      } 

      else {

      // Set a new flash.

      session.AddFlash("Hello, flash messages world!")

      c.Infof("No flashes found.");

      }

      session.Save(r, w)

      }

我得到的是一个空数组.... :(

某人有领导?

感谢!!!!!

1 个答案:

答案 0 :(得分:1)

好的,所以我猜错了关于go-endpoints的漏洞我觉得...... 我是golang的新手(〜年)..

我想写一些关于我找到的东西,以及如何保护我的api。

第一步是按照关于如何注册和发现api的go-endpoints包说明:https://github.com/GoogleCloudPlatform/go-endpoints,这个包是使用Java或Python的最近的谷歌应用引擎端点包。

现在,让我们说api在线并可被发现。 如果我们不会使用oauth2来保护api,那么它们将被发现并为所有用户授予访问权限..而且我只想在我的公共api中批准而不是在我的私人中..所以我尝试了大猩猩会话以为它会解决我的问题......

我所做的是试图通过将中间件包裹在所有通过“/ _ah / api / ....”的路由呼叫来收听传入的api呼叫,你能想象......让我永远明白这条路是保留的去谷歌api,我可以做我正在尝试的东西..最终......我明白了......后来的击球手......

soo到了这一点,在暴露api给它的名字之后,所有你应该使用info.ClientIds,info.Scopes。

代码示例----> 

const (
dummyClientID = "google appengine client id" 
dummyScope1   = "https://www.googleapis.com/auth/plus.login"
dummyScope2   = "https://www.googleapis.com/auth/plus.me"
dummyScope3   = "https://www.googleapis.com/auth/userinfo.email"
dummyScope4   = "https://www.googleapis.com/auth/userinfo.profile"
dummyAudience = "people"
)

var (
emptySlice = []string{}
clientIDs  = []string{dummyClientID}  // this is the clientId of the project
scopes     = []string{dummyScope1,dummyScope2,dummyScope3,dummyScope4} // >this are the req oauth2 scopes that the user hase to approve.
audiences  = []string{dummyAudience} // this is only for android !
)


info := manageApi.MethodByName("GetBusinessById").Info()
info.Name, info.HTTPMethod, info.Path, info.Desc = "GetBusinessById",   >"POST","GetBusinessById", "Get the business if bid is sent."
info.ClientIds, info.Scopes = clientIDs, scopes

现在剩下要做的就是在api函数中创建一个endpoint.NewContext并要求相应的范围来获取user.User .. 

 func (ms *ManageService) GetBusinessById(r *http.Request, req >*JsonInGetBusinessById, resp *JsonOutEditBusiness) error {
 // go get the business by bid.
 DalInst := ManageDataAccessLayer.DALManagerFactory()

 context := endpoints.NewContext(r)

 u,err := >context.CurrentOAuthUser("https://www.googleapis.com/auth/userinfo.email")
 if err != nil {
     return err
 }else {

   var businessObj = DalInst.GetBusinessByBid(context, req.BidStr)


  resp.BidStr = u.Email //just for testing to see if the client is auth and >we can get client Email..

   resp.NameStr = businessObj.NameStr
   resp.AddressStr = businessObj.AddressStr
   resp.DescriptionStr = businessObj.DescriptionStr
   resp.DescriptionTwo = businessObj.DescriptionTwo
   resp.PhoneNumberStr = businessObj.PhoneNumberStr

   return nil
     

}

     好的..希望我明白了一些事情!

相关问题
最新问题