I'm trying to implement Session handling and combine it with the go-endpoints package !
我正在尝试实现会话处理并将其与go-endpoints包结合起来!
The package that i use to handle the session is Gorilla Sessions (github.com/gorilla/sessions), i would like some help..
我用来处理会话的包是Gorilla Sessions(github.com/gorilla/sessions),我想要一些帮助..
I'm able to store a cookie to the client .. and when i call the endpoints is can see that the cookie is sent to the server.
我能够将cookie存储到客户端..当我调用端点时,可以看到cookie被发送到服务器。
The problem while i try to get the Session values from the Session storage while the api is called, i cant get threw to the cookie .. it seams that the endpoints package strip the http.Request from extra content or something .. ?
当我在调用api时尝试从Session存储中获取Session值时的问题,我不能扔到cookie ...它接缝端点包剥离http.Request从额外的内容或东西..?
The place that i try to get the cookie is in the Server.go at the
我尝试获取cookie的地方位于Server.go中
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request){
var store = sessions.NewCookieStore([]byte("secret123"));
session, _ := store.Get(r, "session-name");
// Get the previously flashes, if any.
c.Infof("foo value is : %v",r.Cookies());
if flashes := session.Flashes(); len(flashes) > 0 {
// Just print the flash values.
c.Infof("this is the testing post message with cookie from the ServeHTTP :
%v",flashes);
}
else {
// Set a new flash.
session.AddFlash("Hello, flash messages world!")
c.Infof("No flashes found.");
}
session.Save(r, w)
}
what i get is a empty array .... :(
我得到的是一个空数组...... :(
someone has a lead ?
有人有领导?
THANKS !!!!!
谢谢 !!!!!
1 个解决方案
#1
1
Ok sooo i got the hole idea of the go-endpoints wrong i guess .. Im pretty new to golang (~year)..
好吧sooo我得到了关于go-endpoints错误的洞穴想法我猜...我很新golang(〜年)..
i wanted to write something about what i have found and how did a secure my api's.
我想写一些关于我找到的东西以及如何保护我的api的东西。
First step will be to follow the go-endpoints package instructions about how to register and discover the api's at : https://github.com/GoogleCloudPlatform/go-endpoints ,This package is the closest package there is to google app engine endpoints using Java or Python ..
第一步是按照关于如何注册和发现api的go-endpoints包说明:https://github.com/GoogleCloudPlatform/go-endpoints,这个软件包是最接近google app engine endpoints的软件包Java或Python ..
Now, lets say the api are online and discoverable. if we wont use oauth2 to secure the api's they will be discoverable and grant access for all users .. and that something i would like to approve only in my public api's and not in my private .. so i tried gorilla session thinking it will solve my problem ..
现在,让我们说api在线并可被发现。如果我们不会使用oauth2来保护api,那么它们将是可发现的并且为所有用户授予访问权限...而且我想在我的公共api中批准而不是在我的私人中..所以我尝试了大猩猩会话以为它会解决我的问题 ..
What i did was trying to listen to incoming api calls by wrapping withe middleware all the rout calles passing "/_ah/api/....", can you imagine .. took my forever to understand that this path is reserved to google api and that i can do what i was trying .. eventually .. i got it .. batter later then ever ...
我做的是试图通过包装中间件所有通过“/ _ah / api / ....”的路径来听取传入的api呼叫,你能想象......让我永远明白这条路径是为谷歌api保留的并且我可以做我正在尝试的东西..最终......我明白了......后来的击球手......
soo to the point, after exposing the api's giving it names and all you should use the info.ClientIds, info.Scopes.
所以,在暴露api给它的名字之后,你应该使用info.ClientIds,info.Scopes。
code example ---->
代码示例---->
const ( dummyClientID = "google appengine client id" dummyScope1 = "https://www.googleapis.com/auth/plus.login" dummyScope2 = "https://www.googleapis.com/auth/plus.me" dummyScope3 = "https://www.googleapis.com/auth/userinfo.email" dummyScope4 = "https://www.googleapis.com/auth/userinfo.profile" dummyAudience = "people" ) var ( emptySlice = []string{} clientIDs = []string{dummyClientID} // this is the clientId of the project scopes = []string{dummyScope1,dummyScope2,dummyScope3,dummyScope4} // >this are the req oauth2 scopes that the user hase to approve. audiences = []string{dummyAudience} // this is only for android ! ) info := manageApi.MethodByName("GetBusinessById").Info() info.Name, info.HTTPMethod, info.Path, info.Desc = "GetBusinessById", >"POST","GetBusinessById", "Get the business if bid is sent." info.ClientIds, info.Scopes = clientIDs, scopes
now all that is left to do is in the api function creating a endpoint.NewContext and ask the appropriate scope to get user.User ..
现在剩下要做的就是在api函数中创建一个endpoint.NewContext并要求相应的范围来获取user.User ..
func (ms *ManageService) GetBusinessById(r *http.Request, req >*JsonInGetBusinessById, resp *JsonOutEditBusiness) error { // go get the business by bid. DalInst := ManageDataAccessLayer.DALManagerFactory() context := endpoints.NewContext(r) u,err := >context.CurrentOAuthUser("https://www.googleapis.com/auth/userinfo.email") if err != nil { return err }else { var businessObj = DalInst.GetBusinessByBid(context, req.BidStr) resp.BidStr = u.Email //just for testing to see if the client is auth and >we can get client Email.. resp.NameStr = businessObj.NameStr resp.AddressStr = businessObj.AddressStr resp.DescriptionStr = businessObj.DescriptionStr resp.DescriptionTwo = businessObj.DescriptionTwo resp.PhoneNumberStr = businessObj.PhoneNumberStr return nil}
}
ok .. hope i made some things clear !
好的..希望我明白了一些事情!
#1
1
Ok sooo i got the hole idea of the go-endpoints wrong i guess .. Im pretty new to golang (~year)..
好吧sooo我得到了关于go-endpoints错误的洞穴想法我猜...我很新golang(〜年)..
i wanted to write something about what i have found and how did a secure my api's.
我想写一些关于我找到的东西以及如何保护我的api的东西。
First step will be to follow the go-endpoints package instructions about how to register and discover the api's at : https://github.com/GoogleCloudPlatform/go-endpoints ,This package is the closest package there is to google app engine endpoints using Java or Python ..
第一步是按照关于如何注册和发现api的go-endpoints包说明:https://github.com/GoogleCloudPlatform/go-endpoints,这个软件包是最接近google app engine endpoints的软件包Java或Python ..
Now, lets say the api are online and discoverable. if we wont use oauth2 to secure the api's they will be discoverable and grant access for all users .. and that something i would like to approve only in my public api's and not in my private .. so i tried gorilla session thinking it will solve my problem ..
现在,让我们说api在线并可被发现。如果我们不会使用oauth2来保护api,那么它们将是可发现的并且为所有用户授予访问权限...而且我想在我的公共api中批准而不是在我的私人中..所以我尝试了大猩猩会话以为它会解决我的问题 ..
What i did was trying to listen to incoming api calls by wrapping withe middleware all the rout calles passing "/_ah/api/....", can you imagine .. took my forever to understand that this path is reserved to google api and that i can do what i was trying .. eventually .. i got it .. batter later then ever ...
我做的是试图通过包装中间件所有通过“/ _ah / api / ....”的路径来听取传入的api呼叫,你能想象......让我永远明白这条路径是为谷歌api保留的并且我可以做我正在尝试的东西..最终......我明白了......后来的击球手......
soo to the point, after exposing the api's giving it names and all you should use the info.ClientIds, info.Scopes.
所以,在暴露api给它的名字之后,你应该使用info.ClientIds,info.Scopes。
code example ---->
代码示例---->
const ( dummyClientID = "google appengine client id" dummyScope1 = "https://www.googleapis.com/auth/plus.login" dummyScope2 = "https://www.googleapis.com/auth/plus.me" dummyScope3 = "https://www.googleapis.com/auth/userinfo.email" dummyScope4 = "https://www.googleapis.com/auth/userinfo.profile" dummyAudience = "people" ) var ( emptySlice = []string{} clientIDs = []string{dummyClientID} // this is the clientId of the project scopes = []string{dummyScope1,dummyScope2,dummyScope3,dummyScope4} // >this are the req oauth2 scopes that the user hase to approve. audiences = []string{dummyAudience} // this is only for android ! ) info := manageApi.MethodByName("GetBusinessById").Info() info.Name, info.HTTPMethod, info.Path, info.Desc = "GetBusinessById", >"POST","GetBusinessById", "Get the business if bid is sent." info.ClientIds, info.Scopes = clientIDs, scopes
now all that is left to do is in the api function creating a endpoint.NewContext and ask the appropriate scope to get user.User ..
现在剩下要做的就是在api函数中创建一个endpoint.NewContext并要求相应的范围来获取user.User ..
func (ms *ManageService) GetBusinessById(r *http.Request, req >*JsonInGetBusinessById, resp *JsonOutEditBusiness) error { // go get the business by bid. DalInst := ManageDataAccessLayer.DALManagerFactory() context := endpoints.NewContext(r) u,err := >context.CurrentOAuthUser("https://www.googleapis.com/auth/userinfo.email") if err != nil { return err }else { var businessObj = DalInst.GetBusinessByBid(context, req.BidStr) resp.BidStr = u.Email //just for testing to see if the client is auth and >we can get client Email.. resp.NameStr = businessObj.NameStr resp.AddressStr = businessObj.AddressStr resp.DescriptionStr = businessObj.DescriptionStr resp.DescriptionTwo = businessObj.DescriptionTwo resp.PhoneNumberStr = businessObj.PhoneNumberStr return nil}
}
ok .. hope i made some things clear !
好的..希望我明白了一些事情!