无法在 Golang 中读取 cookie(路由器:chi)
Unable to read cookies in Golang (router: chi)
我正在为一个 todolist 应用程序开发 REST API(不是来自教程)并且我已经成功地实现了身份验证,但是我的一个辅助函数似乎无法读取显然是那里,这里是函数:
// jwt is imported from the https://github.com/dgrijalva/jwt-go package
func validateAccessToken(w http.ResponseWriter, r *http.Request) uuid.UUID {
jwtSecret, exists := os.LookupEnv("JWT_SECRET")
if !exists {
w.WriteHeader(500)
w.Write([]byte(`{"message":{"error":"Fatal internal error occurred"}}`))
panic(errors.New("JWT_SECRET environment variable not set"))
}
// Get access token and then validate it
at, err := r.Cookie("access_token")
if err == http.ErrNoCookie {
w.WriteHeader(401)
w.Write([]byte(`{"message":{"error":"access_token cookie not found"}}`)) // this error is always returned when i attempt to use the handler that uses this function
return uuid.Nil
}
t := at.Value
token, err := jwt.ParseWithClaims(t, &models.UserClaims{}, func(token *jwt.Token) (interface{}, error) {
return []byte(jwtSecret), nil
})
if claims, ok := token.Claims.(*models.UserClaims); ok && token.Valid {
return claims.ID
}
w.WriteHeader(401)
w.Write([]byte(`{"message":{"error":"access_token invalid"}}`))
return uuid.Nil
}
这里是设置 cookie 的代码的相关部分:
// Login handles the login route
func Login(w http.ResponseWriter, r *http.Request) {
//...
// Construct cookies and then set them
rtCookie := http.Cookie{
Name: "refresh_token",
Value: *rt,
Expires: time.Now().Add(time.Nanosecond * time.Duration(sessionLifeNanos)),
}
atCookie := http.Cookie{
Name: "access_token",
Value: *at,
Expires: time.Now().Add(time.Minute * 15),
}
http.SetCookie(w, &rtCookie)
http.SetCookie(w, &atCookie)
w.Write([]byte(`{"message":"Logged in successfully :)"}`))
}
这里是使用 validateAccessToken() 的地方和它失败的地方(uuid 是“github.com/google/uuid”包):
func CreateList(w http.ResponseWriter, r *http.Request) {
// li will be used to store the decoded request body
var li models.ListInput
// listID will be used to store the returned id after inserting
var listID uuid.UUID
userID := validateAccessToken(w, r)
fmt.Println(userID.String())
if userID == uuid.Nil {
return
}
//...
}
此外,每当我在邮递员中使用登录路由后进行检查时,所有的 cookie 都已发送并在 cookie jar 中(没有“access_token”cookie 未过期)并且外观正确值。我很困惑为什么 validateAccessToken() 函数找不到那里的 cookie,这里还有在 main():
中调用的 serve() 函数
func serve() {
// Initialise new router
r := chi.NewRouter()
// Some recommended middlewares
r.Use(middleware.RequestID)
r.Use(middleware.RealIP)
r.Use(middleware.Logger)
r.Use(middleware.Recoverer)
// Cors options
r.Use(cors.Handler(cors.Options{
AllowedOrigins: []string{"*"},
AllowedHeaders: []string{"*"},
AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
ExposedHeaders: []string{"Content-Type", "Set-Cookie", "Cookie"},
AllowCredentials: true,
MaxAge: 300,
}))
// API routes
r.Route("/api", func(r chi.Router) {
r.Route("/users", func(r chi.Router) {
r.Post("/", handlers.CreateUser)
r.Post("/login", handlers.Login)
})
r.Route("/lists", func(r chi.Router) {
r.Post("/", handlers.CreateList)
})
})
// Listen on port 5000 and log any errors
log.Fatal(http.ListenAndServe("0.0.0.0:5000", r))
}
我非常感谢任何试图提供帮助的尝试,我也为这个问题放在一起很糟糕的问题道歉,我有点急于完成这个。
应用程序将 cookie 路径隐式设置为登录处理程序路径。通过将 cookie 路径显式设置为“/”进行修复。
rtCookie := http.Cookie{
Name: "refresh_token",
Path: "/", // <--- add this line
Value: *rt,
Expires: time.Now().Add(time.Nanosecond * time.Duration(sessionLifeNanos)),
}
atCookie := http.Cookie{
Name: "access_token",
Path: "/", // <--- add this line.
Value: *at,
Expires: time.Now().Add(time.Minute * 15),
}
我不确定,但我认为问题的出现可能是由于 SameSite cookie 政策。
如果您使用现代浏览器版本在不同端口上从前端 运行 测试程序,可能是浏览器不发送 cookie,因为它们没有 SameSite attribute.
尝试将您的代码更改为:
rtCookie := http.Cookie{
Name: "refresh_token",
Value: *rt,
SameSite: http.SameSiteNoneMode,
Expires: time.Now().Add(time.Nanosecond * time.Duration(sessionLifeNanos)),
}
我正在为一个 todolist 应用程序开发 REST API(不是来自教程)并且我已经成功地实现了身份验证,但是我的一个辅助函数似乎无法读取显然是那里,这里是函数:
// jwt is imported from the https://github.com/dgrijalva/jwt-go package
func validateAccessToken(w http.ResponseWriter, r *http.Request) uuid.UUID {
jwtSecret, exists := os.LookupEnv("JWT_SECRET")
if !exists {
w.WriteHeader(500)
w.Write([]byte(`{"message":{"error":"Fatal internal error occurred"}}`))
panic(errors.New("JWT_SECRET environment variable not set"))
}
// Get access token and then validate it
at, err := r.Cookie("access_token")
if err == http.ErrNoCookie {
w.WriteHeader(401)
w.Write([]byte(`{"message":{"error":"access_token cookie not found"}}`)) // this error is always returned when i attempt to use the handler that uses this function
return uuid.Nil
}
t := at.Value
token, err := jwt.ParseWithClaims(t, &models.UserClaims{}, func(token *jwt.Token) (interface{}, error) {
return []byte(jwtSecret), nil
})
if claims, ok := token.Claims.(*models.UserClaims); ok && token.Valid {
return claims.ID
}
w.WriteHeader(401)
w.Write([]byte(`{"message":{"error":"access_token invalid"}}`))
return uuid.Nil
}
这里是设置 cookie 的代码的相关部分:
// Login handles the login route
func Login(w http.ResponseWriter, r *http.Request) {
//...
// Construct cookies and then set them
rtCookie := http.Cookie{
Name: "refresh_token",
Value: *rt,
Expires: time.Now().Add(time.Nanosecond * time.Duration(sessionLifeNanos)),
}
atCookie := http.Cookie{
Name: "access_token",
Value: *at,
Expires: time.Now().Add(time.Minute * 15),
}
http.SetCookie(w, &rtCookie)
http.SetCookie(w, &atCookie)
w.Write([]byte(`{"message":"Logged in successfully :)"}`))
}
这里是使用 validateAccessToken() 的地方和它失败的地方(uuid 是“github.com/google/uuid”包):
func CreateList(w http.ResponseWriter, r *http.Request) {
// li will be used to store the decoded request body
var li models.ListInput
// listID will be used to store the returned id after inserting
var listID uuid.UUID
userID := validateAccessToken(w, r)
fmt.Println(userID.String())
if userID == uuid.Nil {
return
}
//...
}
此外,每当我在邮递员中使用登录路由后进行检查时,所有的 cookie 都已发送并在 cookie jar 中(没有“access_token”cookie 未过期)并且外观正确值。我很困惑为什么 validateAccessToken() 函数找不到那里的 cookie,这里还有在 main():
serve() 函数
func serve() {
// Initialise new router
r := chi.NewRouter()
// Some recommended middlewares
r.Use(middleware.RequestID)
r.Use(middleware.RealIP)
r.Use(middleware.Logger)
r.Use(middleware.Recoverer)
// Cors options
r.Use(cors.Handler(cors.Options{
AllowedOrigins: []string{"*"},
AllowedHeaders: []string{"*"},
AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
ExposedHeaders: []string{"Content-Type", "Set-Cookie", "Cookie"},
AllowCredentials: true,
MaxAge: 300,
}))
// API routes
r.Route("/api", func(r chi.Router) {
r.Route("/users", func(r chi.Router) {
r.Post("/", handlers.CreateUser)
r.Post("/login", handlers.Login)
})
r.Route("/lists", func(r chi.Router) {
r.Post("/", handlers.CreateList)
})
})
// Listen on port 5000 and log any errors
log.Fatal(http.ListenAndServe("0.0.0.0:5000", r))
}
我非常感谢任何试图提供帮助的尝试,我也为这个问题放在一起很糟糕的问题道歉,我有点急于完成这个。
应用程序将 cookie 路径隐式设置为登录处理程序路径。通过将 cookie 路径显式设置为“/”进行修复。
rtCookie := http.Cookie{
Name: "refresh_token",
Path: "/", // <--- add this line
Value: *rt,
Expires: time.Now().Add(time.Nanosecond * time.Duration(sessionLifeNanos)),
}
atCookie := http.Cookie{
Name: "access_token",
Path: "/", // <--- add this line.
Value: *at,
Expires: time.Now().Add(time.Minute * 15),
}
我不确定,但我认为问题的出现可能是由于 SameSite cookie 政策。 如果您使用现代浏览器版本在不同端口上从前端 运行 测试程序,可能是浏览器不发送 cookie,因为它们没有 SameSite attribute.
尝试将您的代码更改为:
rtCookie := http.Cookie{
Name: "refresh_token",
Value: *rt,
SameSite: http.SameSiteNoneMode,
Expires: time.Now().Add(time.Nanosecond * time.Duration(sessionLifeNanos)),
}