在 Go 專案使用 Session 認證

做法

建立新專案,並啟用 Go module。

1
go mod init github.com/memochou1993/go-session

下載 gorilla/sessions 套件。

1
go get github.com/gorilla/sessions

下載 joho/godotenv 套件。

1
go get github.com/joho/godotenv

新增一個 main.go 檔:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
var (
key = []byte(os.Getenv("SESSION_KEY"))
store = sessions.NewCookieStore(key)
cookieName = "auth"
)

func main() {
http.HandleFunc("/secret", secret)
http.HandleFunc("/login", login)
http.HandleFunc("/logout", logout)

http.ListenAndServe(":8080", nil)
}

func secret(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, cookieName)

if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}

fmt.Fprintln(w, "Secret")
}

func login(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, cookieName)

session.Values["authenticated"] = true
session.Save(r, w)
}

func logout(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, cookieName)

session.Values["authenticated"] = false
session.Save(r, w)
}

新增 .env 檔:

1
SESSION_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

執行。

1
go run main.go

瀏覽網頁

登入:http://127.0.0.1:8080/login

進到需要認證的頁面:http://127.0.0.1:8080/secret

登出:http://127.0.0.1:8080/logout

程式碼

參考資料