I'm trying to implement Session handling and combine it with the go-endpoints package !
The package that i use to handle the session is Gorilla Sessions (github.com/gorilla/sessions), i would like some help..
I'm able to store a cookie to the client .. and when i call the endpoints is can see that the cookie is sent to the server.
The problem while i try to get the Session values from the Session storage while the api is called, i cant get threw to the cookie .. it seams that the endpoints package strip the http.Request from extra content or something .. ?
The place that i try to get the cookie is in the Server.go at the
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request){
var store = sessions.NewCookieStore([]byte("secret123"));
session, _ := store.Get(r, "session-name");
// Get the previously flashes, if any.
c.Infof("foo value is : %v",r.Cookies());
if flashes := session.Flashes(); len(flashes) > 0 {
// Just print the flash values.
c.Infof("this is the testing post message with cookie from the ServeHTTP :
%v",flashes);
}
else {
// Set a new flash.
session.AddFlash("Hello, flash messages world!")
c.Infof("No flashes found.");
}
session.Save(r, w)
}
what i get is a empty array .... :(
someone has a lead ?
THANKS !!!!!
Ok sooo i got the hole idea of the go-endpoints wrong i guess .. Im pretty new to golang (~year)..
i wanted to write something about what i have found and how did a secure my api's.
First step will be to follow the go-endpoints package instructions about how to register and discover the api's at : https://github.com/GoogleCloudPlatform/go-endpoints ,This package is the closest package there is to google app engine endpoints using Java or Python ..
Now, lets say the api are online and discoverable. if we wont use oauth2 to secure the api's they will be discoverable and grant access for all users .. and that something i would like to approve only in my public api's and not in my private .. so i tried gorilla session thinking it will solve my problem ..
What i did was trying to listen to incoming api calls by wrapping withe middleware all the rout calles passing "/_ah/api/....", can you imagine .. took my forever to understand that this path is reserved to google api and that i can do what i was trying .. eventually .. i got it .. batter later then ever ...
soo to the point, after exposing the api's giving it names and all you should use the info.ClientIds, info.Scopes.
code example ---->
now all that is left to do is in the api function creating a endpoint.NewContext and ask the appropriate scope to get user.User ..