[go-nuts] Re: Logging in to web services
Oh I forgot: there's another, rather old-fashioned way to do this, called "HTTP Basic Authentication". With this, your application doesn't provide a login form at all: the browser itself prompts the user for their username and password. The browser then sends the username and password with *every single request* in a header, and your application has to validate it, for every single request. It's not something I'd recommend for new applications, but it's simple to implement. Googling "go http basic authentication" should turn up some useful results. On Tuesday, 12 October 2021 at 10:11:21 UTC+1 Brian Candler wrote: > The problem is that you have a global variable giving "the currently > logged in user": > userDefault = checkUser > > Hence everyone sees the same user. > > The way to deal with this is generally that when a user authenticates, you > set a cookie in their session. For every request, the cookie gives their > identity. Either the cookie is a long, unguessable string that's used as a > key into a sessions table; or the cookie itself contains the identity (but > in that case it needs to be cryptographically signed so that the user > cannot modify the cookie to pretend to be another user). > > Beware that multiple incoming HTTP requests can occur *concurrently*. You > will have race conditions if you try to access any global state during a > web request, unless it's protected against concurrent access: go is not > like python, there are genuine threads and no global interpreter lock, and > concurrent accesses can cause your program to crash. > > A simplistic way is to use sync.Map instead of a regular map, but you'll > probably need to do quite a bit of reading around this topic if it's new to > you. > > On Tuesday, 12 October 2021 at 09:28:00 UTC+1 muhorto...@gmail.com wrote: > >> Hi, I have a question that is difficult for me to describe, but at the >> level of fundamental questions about creating a web service. I have a >> problem that if a user logs into a profile, then another user will also get >> into his profile. Generally speaking, this is the property of any person >> who visits the site. I see a solution to the problem in two ways. I do not >> know if it is possible to somehow track connections and give each IP its >> own routine in which it worked. Or dynamic pages that can only be accessed >> if the request is successful. But again, some data in the structures may >> change due to another user logged into the profile. Maybe there is some >> other solution to this problem. I want to understand how it works on the >> web. >> My project just in case: https://github.com/MukhortovDenis/goproject >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/54442d22-7640-4756-b602-525fa8945170n%40googlegroups.com.
[go-nuts] Re: Logging in to web services
Hi Denis, I'm not sure if I understand your question correctly, but it seems to me that you need a context with user specific data. Therefore, I would create a handler that will add the current user to the context and then you can access it in every handler where you need it. User of your site must be identified by a token or cookie, normally this also known as session handling. There are several libraries that can be used for such kind of task see: - https://pkg.go.dev/github.com/gorilla/sessions - https://github.com/alexedwards/scs Keep in mind that you do not store sensitive data in cookies, user identities must be kept on server and stored in a save manner. One can use signed JWT tokens to store an users identity within the clients browser. Hope this helps Cheers muhorto...@gmail.com schrieb am Dienstag, 12. Oktober 2021 um 10:28:00 UTC+2: > Hi, I have a question that is difficult for me to describe, but at the > level of fundamental questions about creating a web service. I have a > problem that if a user logs into a profile, then another user will also get > into his profile. Generally speaking, this is the property of any person > who visits the site. I see a solution to the problem in two ways. I do not > know if it is possible to somehow track connections and give each IP its > own routine in which it worked. Or dynamic pages that can only be accessed > if the request is successful. But again, some data in the structures may > change due to another user logged into the profile. Maybe there is some > other solution to this problem. I want to understand how it works on the > web. > My project just in case: https://github.com/MukhortovDenis/goproject > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/9ac34974-ad5e-4705-ba67-380ddcca1ca4n%40googlegroups.com.
[go-nuts] Re: Logging in to web services
The problem is that you have a global variable giving "the currently logged in user": userDefault = checkUser Hence everyone sees the same user. The way to deal with this is generally that when a user authenticates, you set a cookie in their session. For every request, the cookie gives their identity. Either the cookie is a long, unguessable string that's used as a key into a sessions table; or the cookie itself contains the identity (but in that case it needs to be cryptographically signed so that the user cannot modify the cookie to pretend to be another user). Beware that multiple incoming HTTP requests can occur *concurrently*. You will have race conditions if you try to access any global state during a web request, unless it's protected against concurrent access: go is not like python, there are genuine threads and no global interpreter lock, and concurrent accesses can cause your program to crash. A simplistic way is to use sync.Map instead of a regular map, but you'll probably need to do quite a bit of reading around this topic if it's new to you. On Tuesday, 12 October 2021 at 09:28:00 UTC+1 muhorto...@gmail.com wrote: > Hi, I have a question that is difficult for me to describe, but at the > level of fundamental questions about creating a web service. I have a > problem that if a user logs into a profile, then another user will also get > into his profile. Generally speaking, this is the property of any person > who visits the site. I see a solution to the problem in two ways. I do not > know if it is possible to somehow track connections and give each IP its > own routine in which it worked. Or dynamic pages that can only be accessed > if the request is successful. But again, some data in the structures may > change due to another user logged into the profile. Maybe there is some > other solution to this problem. I want to understand how it works on the > web. > My project just in case: https://github.com/MukhortovDenis/goproject > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/64a0de03-7139-410e-a73e-5f7ea6957330n%40googlegroups.com.
