Added flash messages

Author: pdt256

cmd/goauth2/main.go

@@ -27,7 +27,9 @@ func main() {
 
 	requestedOauth2Port := flag.Uint("port", 0, "port")
 	templatesPath := flag.String("templates", "", "optional templates path")
-	csrfAuthKey := flag.String("csrfAuthKey", shortuuid.New().String(), "optional templates path")
+	csrfAuthKey := flag.String("csrfAuthKey", shortuuid.New().String(), "csrf authentication key")
+	sessionAuthKey := flag.String("sessionAuthKey", shortuuid.New().String()+shortuuid.New().String(), "cookie session auth key (64 bytes)")
+	sessionEncryptionKey := flag.String("sessionEncryptionKey", shortuuid.New().String(), "cookie session encryption key (32 bytes)")
 	flag.Parse()
 
 	oAuth2Listener, err := getListener(*requestedOauth2Port)
@@ -47,6 +49,7 @@ func main() {
 		web.WithGoAuth2App(goAuth2App),
 		web.WithHost(oAuth2Listener.Addr().String()),
 		web.WithCSRFAuthKey([]byte(*csrfAuthKey)),
+		web.WithSessionKey([]byte(*sessionAuthKey), []byte(*sessionEncryptionKey)),
 	}
 
 	if *templatesPath != "" {

go.mod

@@ -9,13 +9,14 @@ require (
 	github.com/gorilla/csrf v1.7.1
 	github.com/gorilla/handlers v1.4.2 // indirect
 	github.com/gorilla/mux v1.8.0
+	github.com/gorilla/sessions v1.2.1
 	github.com/inklabs/rangedb v0.12.1-0.20211102191110-c880f5f0baa1
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/stretchr/testify v1.7.0
 	github.com/vmihailenco/msgpack/v4 v4.3.11 // indirect
 	github.com/vmihailenco/tagparser v0.1.1 // indirect
 	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
-	golang.org/x/net v0.0.0-20201110031124-69a78807bb2b // indirect
+	golang.org/x/net v0.0.0-20201110031124-69a78807bb2b
 	google.golang.org/appengine v1.6.6 // indirect
 	google.golang.org/protobuf v1.25.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect

go.sum

@@ -48,6 +48,8 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
+github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=

web/templates/layout/base.gohtml

@@ -30,6 +30,23 @@
     </div>
 </div>
 
+{{block "flash" .}}
+    {{ if index .Errors }}
+        <div class="callout alert">
+            {{ range index .Errors }}
+                <p>{{ . }}</p>
+            {{ end }}
+        </div>
+    {{ end }}
+    {{ if index .Messages }}
+        <div class="callout success">
+            {{ range index .Messages }}
+                <p>{{ . }}</p>
+            {{ end }}
+        </div>
+    {{ end }}
+{{end}}
+
 <div id="content">
     {{block "content" .}}{{end}}
 </div>

web/web_app.go

@@ -14,6 +14,7 @@ import (
 
 	"github.com/gorilla/csrf"
 	"github.com/gorilla/mux"
+	"github.com/gorilla/sessions"
 	"github.com/inklabs/rangedb"
 	"github.com/inklabs/rangedb/pkg/shortuuid"
 
@@ -22,9 +23,10 @@ import (
 )
 
 const (
-	accessTokenTODO = "f5bb89d486ee458085e476871b177ff4"
-	expiresAtTODO   = 1574371565
-	AdminUserIDTODO = "873aeb9386724213b4c1410bce9f838c"
+	accessTokenTODO  = "f5bb89d486ee458085e476871b177ff4"
+	expiresAtTODO    = 1574371565
+	AdminUserIDTODO  = "873aeb9386724213b4c1410bce9f838c"
+	flashSessionName = "fmsg"
 )
 
 //go:embed static
@@ -36,13 +38,16 @@ var templates embed.FS
 const defaultHost = "0.0.0.0:8080"
 
 type webApp struct {
-	router        http.Handler
-	templateFS    fs.FS
-	goAuth2App    *goauth2.App
-	uuidGenerator shortuuid.Generator
-	csrfAuthKey   []byte
-	host          string
-	projections   struct {
+	router               http.Handler
+	templateFS           fs.FS
+	goAuth2App           *goauth2.App
+	uuidGenerator        shortuuid.Generator
+	sessionStore         sessions.Store
+	sessionAuthKey       []byte
+	sessionEncryptionKey []byte
+	csrfAuthKey          []byte
+	host                 string
+	projections          struct {
 		emailToUserID      *projection.EmailToUserID
 		clientApplications *projection.ClientApplications
 		users              *projection.Users
@@ -80,13 +85,21 @@ func WithUUIDGenerator(generator shortuuid.Generator) Option {
 	}
 }
 
-// WithCSRFAuthKey is a functional option to inject a CSRf authentication key
+// WithCSRFAuthKey is a functional option to inject a CSRF authentication key
 func WithCSRFAuthKey(csrfAuthKey []byte) Option {
 	return func(app *webApp) {
 		app.csrfAuthKey = csrfAuthKey
 	}
 }
 
+// WithSessionKey is a functional option to inject a session auth and encryption key
+func WithSessionKey(authenticationKey, encryptionKey []byte) Option {
+	return func(app *webApp) {
+		app.sessionAuthKey = authenticationKey
+		app.sessionEncryptionKey = encryptionKey
+	}
+}
+
 // New constructs an webApp.
 func New(options ...Option) (*webApp, error) {
 	goAuth2App, err := goauth2.New()
@@ -95,10 +108,12 @@ func New(options ...Option) (*webApp, error) {
 	}
 
 	app := &webApp{
-		templateFS:    templates,
-		goAuth2App:    goAuth2App,
-		uuidGenerator: shortuuid.NewUUIDGenerator(),
-		host:          defaultHost,
+		templateFS:           templates,
+		goAuth2App:           goAuth2App,
+		uuidGenerator:        shortuuid.NewUUIDGenerator(),
+		sessionAuthKey:       []byte(shortuuid.NewUUIDGenerator().New() + shortuuid.NewUUIDGenerator().New()),
+		sessionEncryptionKey: []byte(shortuuid.NewUUIDGenerator().New()),
+		host:                 defaultHost,
 	}
 
 	for _, option := range options {
@@ -110,6 +125,11 @@ func New(options ...Option) (*webApp, error) {
 		return nil, err
 	}
 
+	err = app.initSessionStore()
+	if err != nil {
+		return nil, err
+	}
+
 	app.initRoutes()
 	err = app.initProjections()
 	if err != nil {
@@ -131,6 +151,19 @@ func (a *webApp) validateCSRFAuthKey() error {
 	return nil
 }
 
+func (a *webApp) initSessionStore() error {
+	if len(a.sessionAuthKey) != 64 {
+		return fmt.Errorf("invalid session authentication key length")
+	}
+
+	if len(a.sessionEncryptionKey) != 32 {
+		return fmt.Errorf("invalid session encryption key length")
+	}
+
+	a.sessionStore = sessions.NewCookieStore(a.sessionAuthKey, a.sessionEncryptionKey)
+	return nil
+}
+
 func (a *webApp) initRoutes() {
 	r := mux.NewRouter().StrictSlash(true)
 	r.HandleFunc("/authorize", a.authorize)
@@ -179,17 +212,19 @@ func (a *webApp) login(w http.ResponseWriter, r *http.Request) {
 	scope := params.Get("scope")
 
 	a.renderTemplate(w, "login.gohtml", struct {
+		flashMessageVars
 		ClientId     string
 		RedirectURI  string
 		ResponseType string
 		Scope        string
 		State        string
 	}{
-		ClientId:     clientId,
-		RedirectURI:  redirectURI,
-		ResponseType: responseType,
-		Scope:        scope,
-		State:        state,
+		ClientId:         clientId,
+		RedirectURI:      redirectURI,
+		ResponseType:     responseType,
+		Scope:            scope,
+		State:            state,
+		flashMessageVars: a.getFlashMessageVars(w, r),
 	})
 }
 
@@ -200,6 +235,7 @@ type ClientApplication struct {
 }
 
 type listClientApplicationsTemplateVars struct {
+	flashMessageVars
 	ClientApplications []ClientApplication
 }
 
@@ -220,6 +256,11 @@ func (a *webApp) listClientApplications(w http.ResponseWriter, _ *http.Request)
 	})
 }
 
+type flashMessageVars struct {
+	Errors   []string
+	Messages []string
+}
+
 type User struct {
 	UserID                      string
 	Username                    string
@@ -230,10 +271,11 @@ type User struct {
 }
 
 type listUsersTemplateVars struct {
+	flashMessageVars
 	Users []User
 }
 
-func (a *webApp) listUsers(w http.ResponseWriter, _ *http.Request) {
+func (a *webApp) listUsers(w http.ResponseWriter, r *http.Request) {
 
 	var users []User
 
@@ -249,19 +291,22 @@ func (a *webApp) listUsers(w http.ResponseWriter, _ *http.Request) {
 	}
 
 	a.renderTemplate(w, "list-users.gohtml", listUsersTemplateVars{
-		Users: users,
+		Users:            users,
+		flashMessageVars: a.getFlashMessageVars(w, r),
 	})
 }
 
 type addUserTemplateVars struct {
+	flashMessageVars
 	Username  string
 	CSRFField template.HTML
 }
 
 func (a *webApp) showAddUser(w http.ResponseWriter, r *http.Request) {
 	a.renderTemplate(w, "add-user.gohtml", addUserTemplateVars{
-		Username:  "", // TODO: Add when form post fails on redirect
-		CSRFField: csrf.TemplateField(r),
+		Username:         "", // TODO: Add when form post fails on redirect
+		CSRFField:        csrf.TemplateField(r),
+		flashMessageVars: a.getFlashMessageVars(w, r),
 	})
 }
 
@@ -280,6 +325,7 @@ func (a *webApp) submitAddUser(w http.ResponseWriter, r *http.Request) {
 		redirectURI := url.URL{
 			Path: "/admin/add-user",
 		}
+		a.FlashError(w, r, "username or password are required")
 		http.Redirect(w, r, redirectURI.String(), http.StatusFound)
 		return
 	}
@@ -301,6 +347,8 @@ func (a *webApp) submitAddUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	a.FlashMessage(w, r, "User (%s) was added", username)
+
 	uri := url.URL{
 		Path: "/admin/list-users",
 	}
@@ -624,6 +672,43 @@ func (a *webApp) renderTemplate(w http.ResponseWriter, templateName string, data
 	}
 }
 
+func (a *webApp) FlashError(w http.ResponseWriter, r *http.Request, format string, vars ...interface{}) {
+	a.flashMessage(w, r, "error", fmt.Sprintf(format, vars...))
+}
+
+func (a *webApp) FlashMessage(w http.ResponseWriter, r *http.Request, format string, vars ...interface{}) {
+	a.flashMessage(w, r, "message", fmt.Sprintf(format, vars...))
+}
+
+func (a *webApp) flashMessage(w http.ResponseWriter, r *http.Request, key, message string) {
+	session, _ := a.sessionStore.Get(r, flashSessionName)
+	session.AddFlash(message, key)
+	_ = session.Save(r, w)
+}
+
+func (a *webApp) getFlashMessageVars(w http.ResponseWriter, r *http.Request) flashMessageVars {
+	session, _ := a.sessionStore.Get(r, flashSessionName)
+	fErrors := session.Flashes("error")
+	fMessages := session.Flashes("message")
+
+	var flashErrors, flashMessages []string
+	for _, flash := range fErrors {
+		flashErrors = append(flashErrors, flash.(string))
+	}
+	for _, flash := range fMessages {
+		flashMessages = append(flashMessages, flash.(string))
+	}
+
+	if len(fErrors) > 0 || len(fMessages) > 0 {
+		_ = session.Save(r, w)
+	}
+
+	return flashMessageVars{
+		Errors:   flashErrors,
+		Messages: flashMessages,
+	}
+}
+
 type errorResponse struct {
 	Error string `json:"error"`
 }