traffic_ops/traffic_ops_golang/login/logout.go - trafficcontrol - Git at Google

 package login

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"time"

 	"github.com/apache/trafficcontrol/lib/go-rfc"
 	"github.com/apache/trafficcontrol/lib/go-tc"
 	"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/api"
 	"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/tocookie"
 )

 func LogoutHandler(secret string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil)
 		tx := inf.Tx.Tx
 		if userErr != nil || sysErr != nil {
 			api.HandleErr(w, r, tx, errCode, userErr, sysErr)
 			return
 		}
 		defer inf.Close()

 		cookie := tocookie.GetCookie(inf.User.UserName, 0, secret)
 		http.SetCookie(w, cookie)
 		http.SetCookie(w, &http.Cookie{
 			Name:     "access_token",
 			Value:    "",
 			Path:     "/",
 			Expires:  time.Now().Add(0),
 			MaxAge:   0,
 			HttpOnly: true, // prevents the cookie being accessed by Javascript. DO NOT remove, security vulnerability
 		})
 		resp := struct {
 			tc.Alerts
 		}{tc.CreateAlerts(tc.SuccessLevel, "You are logged out.")}

 		respBts, err := json.Marshal(resp)
 		if err != nil {
 			errCode = http.StatusInternalServerError
 			sysErr = fmt.Errorf("Marshaling response: %v", err)
 			api.HandleErr(w, r, tx, errCode, userErr, sysErr)
 			return
 		}

 		w.Header().Set(rfc.ContentType, rfc.ApplicationJSON)
 		api.WriteAndLogErr(w, r, append(respBts, '\n'))
 	}
 }
	package login

	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	import (
	"encoding/json"
	"fmt"
	"net/http"
	"time"

	"github.com/apache/trafficcontrol/lib/go-rfc"
	"github.com/apache/trafficcontrol/lib/go-tc"
	"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/api"
	"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/tocookie"
	)

	func LogoutHandler(secret string) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
	inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil)
	tx := inf.Tx.Tx
	if userErr != nil \|\| sysErr != nil {
	api.HandleErr(w, r, tx, errCode, userErr, sysErr)
	return
	}
	defer inf.Close()

	cookie := tocookie.GetCookie(inf.User.UserName, 0, secret)
	http.SetCookie(w, cookie)
	http.SetCookie(w, &http.Cookie{
	Name: "access_token",
	Value: "",
	Path: "/",
	Expires: time.Now().Add(0),
	MaxAge: 0,
	HttpOnly: true, // prevents the cookie being accessed by Javascript. DO NOT remove, security vulnerability
	})
	resp := struct {
	tc.Alerts
	}{tc.CreateAlerts(tc.SuccessLevel, "You are logged out.")}

	respBts, err := json.Marshal(resp)
	if err != nil {
	errCode = http.StatusInternalServerError
	sysErr = fmt.Errorf("Marshaling response: %v", err)
	api.HandleErr(w, r, tx, errCode, userErr, sysErr)
	return
	}

	w.Header().Set(rfc.ContentType, rfc.ApplicationJSON)
	api.WriteAndLogErr(w, r, append(respBts, '\n'))
	}
	}