i have simple-ish chat server, reason http.redirect function isn't working. problem instead of redirecting me '/login' provides html page link /login. quite annoying, because no css present , looks ugly.
func static(w http.responsewriter, r *http.request) { //check backend if user, err := aaa.currentuser(w, r); err == nil { //user logged in log.println(user) vars := mux.vars(r) page := vars["page"] data, _ := ioutil.readfile("downloads/" + page) w.write(data) return }else { //user not logged in http.redirect(w,r,"/login",http.statusunauthorized) w.write([]byte("<script>alert('please login')</script>")) return } } for example when user not logged in javascript alert comes , take me page <a href="/login">unauthorized</a>. html page contains. single href no headers, nothing.
just in case-main.go code(should sufficient)
package main import ( "flag" "fmt" "html/template" "io/ioutil" "log" "net/http" "os" "strings" "strconv" "time" "github.com/apexskier/httpauth" "github.com/gorilla/mux" "runtime" ) var ( backend httpauth.leveldbauthbackend aaa httpauth.authorizer roles map[string]httpauth.role port = 80 backendfile = "auth.leveldb" ) func static(w http.responsewriter, r *http.request) { if user, err := aaa.currentuser(w, r); err == nil { log.println(user) vars := mux.vars(r) page := vars["page"] data, _ := ioutil.readfile("downloads/" + page) w.write(data) return }else { w.write([]byte("<script>alert('please login')</script>")) http.redirect(w,r,"/login",http.statusunauthorized) return } } func main() { runtime.gomaxprocs(runtime.numcpu()) var err error os.mkdir(backendfile, 0755) defer os.remove(backendfile) // create backend backend, err = httpauth.newleveldbauthbackend(backendfile) if err != nil { panic(err) } // create default roles roles = make(map[string]httpauth.role) roles["user"] = 30 roles["admin"] = 80 aaa, err = httpauth.newauthorizer(backend, []byte("cookie-encryption-key"), "user", roles) // create default user username := "admin" defaultuser := httpauth.userdata{username: username, role: "admin"} err = backend.saveuser(defaultuser) if err != nil { panic(err) } // update user password , email address err = aaa.update(nil, nil, username, "adminadmin", "admin@localhost.com") if err != nil { panic(err) } // set routers , route handlers flag.parse() hub := newhub() go hub.run() r := mux.newrouter() r.handlefunc("/chat", servechat) r.handlefunc("/ws", func(w http.responsewriter, r *http.request) { servews(hub, w, r) }) r.handlefunc("/downloads/{page}", static) http.handle("/www/", http.stripprefix("/www/", http.fileserver(http.dir("./www")))) r.handlefunc("/login", getlogin).methods("get") r.handlefunc("/register", postregister).methods("post") r.handlefunc("/register", getregister).methods("get") r.handlefunc("/login", postlogin).methods("post") r.handlefunc("/admin", handleadmin).methods("get") r.handlefunc("/add_user", postadduser).methods("post") r.handlefunc("/change", postchange).methods("post") r.handlefunc("/", handlepage).methods("get") // authorized page r.handlefunc("/logout", handlelogout) r.handlefunc("/home", homehandle).methods("get") http.handle("/", r) fmt.printf("server running on port %d\n", port) srv:=&http.server { addr: ":"+strconv.itoa(port), readtimeout: 10* time.second, writetimeout: 10*time.second, maxheaderbytes: 1<<20, } srv.listenandserve() } func servechat(w http.responsewriter, r *http.request) { if user, err := aaa.currentuser(w, r); err == nil { log.println(r.url) log.println(user) w.header().set("content-type", "text/html; charset=utf-8") chatt, _ := template.new("member").parse(chat) chatt.execute(w, r.host) return } else { http.redirect(w, r, "/login", http.statusunauthorized) return } } type page struct { user httpauth.userdata } func homehandle(w http.responsewriter, r *http.request) { if user, err := aaa.currentuser(w, r); err == nil { type data struct { user httpauth.userdata roles map[string]httpauth.role users []httpauth.userdata msg []string } messages := aaa.messages(w, r) users, err := backend.users() if err != nil { panic(err) } d := data{user: user, roles: roles, users: users, msg: messages} homet, _ := template.new("member").parse(member) homet.execute(w, d) return } else { http.redirect(w, r, "/login", http.statusunauthorized) return } } func getregister(w http.responsewriter, r *http.request) { fmt.fprintf(w, register) return } func getlogin(rw http.responsewriter, req *http.request) { fmt.fprintf(rw, login) return } func postlogin(rw http.responsewriter, req *http.request) { username := req.postformvalue("username") password := req.postformvalue("password") if err := aaa.login(rw, req, username, password, "/home"); err == nil || (err != nil && strings.contains(err.error(), "already authenticated")) { http.redirect(rw, req, "/home", http.statusseeother) return } else if err != nil { fmt.println(err) http.redirect(rw, req, "/login", http.statusseeother) return } } func postregister(rw http.responsewriter, req *http.request) { var user httpauth.userdata user.username = req.postformvalue("username") user.email = req.postformvalue("email") password := req.postformvalue("password") if err := aaa.register(rw, req, user, password); err == nil { postlogin(rw, req) return } else { http.redirect(rw, req, "/login", http.statusseeother) return } } func postadduser(rw http.responsewriter, req *http.request) { var user httpauth.userdata user.username = req.postformvalue("username") user.email = req.postformvalue("email") password := req.postformvalue("password") user.role = req.postformvalue("role") if err := aaa.register(rw, req, user, password); err != nil { // maybe } http.redirect(rw, req, "/admin", http.statusseeother) return } func postchange(rw http.responsewriter, req *http.request) { email := req.postformvalue("new_email") aaa.update(rw, req, "", "", email) http.redirect(rw, req, "/", http.statusseeother) return } func handlepage(rw http.responsewriter, req *http.request) { rw.write([]byte(index)) return } func handleadmin(rw http.responsewriter, req *http.request) { if err := aaa.authorizerole(rw, req, "admin", true); err != nil { fmt.println(err) http.redirect(rw, req, "/login", http.statusseeother) return } if user, err := aaa.currentuser(rw, req); err == nil { type data struct { user httpauth.userdata roles map[string]httpauth.role users []httpauth.userdata msg []string } messages := aaa.messages(rw, req) users, err := backend.users() if err != nil { panic(err) } d := data{user: user, roles: roles, users: users, msg: messages} t, err := template.new("admin").parse(admin) if err != nil { panic(err) } t.execute(rw, d) return } } func handlelogout(rw http.responsewriter, req *http.request) { if err := aaa.logout(rw, req); err != nil { fmt.println(err) // shouldn't happen return } http.redirect(rw, req, "/", http.statusseeother) return }
http.redirect must called before response headers written, place before w.write:
}else { //user not logged in http.redirect(w,r,"/login",http.statusunauthorized) w.write([]byte("<script>alert('please login')</script>")) return } 
Comments
Post a Comment