Currently I have a method in my BaseController and in each controller method that I need the user to be authenticated I am left with always calling this piece of code:
user, err := c.getUser()
if err != nil {
return c.Redirect(UserController.Login)
}
Which just checks if
revel.InterceptMethod((*UserController).CheckUser, revel.BEFORE)
(in the init.go) has added a valid user to .RenderArgs["user"].
Is there anyway I can put this redirect to the login page incl. the auth check into an filter / intercept method, so I don't have to repeat the above code 10 times? (I developed this code around revel v0.9~0.10)
One solution I came up with would be writting a module/app similiar to the new csrf module.
EDIT 4.11.2015: This Question was posted sometime ago, please check back the official Revel documentation as revel has undergone quite some development
Just don't let the requests to your controllers unless if authentication has properly been done. You need to implement a Filter for that. It means something like
init.go:
revel.Filters = []revel.Filter{
SessionFilter, // Preferably a safe implementation that isn't plaintext cookies etc
mypackage.Authenticator
}
mypackage.go:
package mypackage
func Authenticator(c *revel.Controller, fc []revel.Filter) {
// If authentication found (from session), pass to next Filter in stack
// If not, redirect to your authentication UI, and pass
// Or handle other parts of authentication requests...
// If authentication succeeded, save it to session
// Otherwise just drop the request (probably log?)
}
The specifics depend entirely on what kind of authentication you are setting up. Here is one SSO implementation for your reference.