How to Control Router Access Permissions in Go Web Apps
23 Dec 2020

How to Control Router Access Permissions in Go Web Apps

In this post I’m going to describe how can we limit user access to the specific url in golang web application. I will use chi router - a lightweight, idiomatic and composable router for building Go HTTP services.

Let’s create our main package.

package main

import (
	"net/http"
	"github.com/go-chi/chi"
)

func main() {
  r := chi.NewRouter()

  r.Get("/", homePageHandler)
  r.Get("/admin", adminPageHandler)
  http.ListenAndServe(":3000", r)
}

func homePageHandler(w http.ResponseWriter, r *http.Request) {
  w.Write([]byte("This is home page")) 
}

func adminPageHandler(w http.ResponseWriter, r *http.Request) {
  w.Write([]byte("This is admin page")) 
}

After this, if we go to the /admin page, we will see “This is admin page”.

Now, let’s make this path accessible only for admin.

We have to replace

r.Get("/admin", adminPageHandler) With r.Mount("/admin", adminRouter())

Mount attaches another http.Handler or chi Router as a subrouter along a routing path.

Then, we have to attach middleware inside adminRouter() function.

func adminRouter() http.Handler {
    r := chi.NewRouter()
    // Middleware with access rules for router.
    r.Use(AdminOnly)
    r.Get("/", adminPageHandler)

    return r
}

In this middleware we have a simple check is user authorized to access this page or not.

func AdminOnly(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        // If user is admin, allows access.
        if IsLoggedInAdmin(r) {
            next.ServeHTTP(w, r)
        } else {
            // Otherwise, 403.
            http.Error(w, http.StatusText(403), 403)
            return
        }

        return
    })
}

In sake of demonstration, I’m going just to use a random bool function to decide is used admin or not. You can modify this function according to your user authentication model.

func IsLoggedInAdmin(r *http.Request) bool {
    return rand.Float32() < 0.5
}

And that’s it. Looks really simple, Isn’t it?

Let’s go to to the /admin page again.

As you see, now, sometimes (depends on our random decider), user has no access to this page anymore.

You can find source code here

Related posts

Ristretto - the Most Performant Concurrent Cache Library for Go
2 Mar 2021

Ristretto - the Most Performant Concurrent Cache Library for Go

Recently, I discovered a surprisingly reliable memory caching solution, which I’m planning to use in all my further applications to increase performance. In this blog post, I will share some code examples of how you can integrate Ristretto caching library into your application.

go caching ristretto performance
How to Show Flash Messages in Go web applications (with Echo framework)
4 Feb 2021

How to Show Flash Messages in Go web applications (with Echo framework)

When we create a web application, usually, there a need to communicate with the users to inform them about the results of their actions. The easiest way to communicate - is to send messages. These messages might be warnings, errors, or just informational text. In this article, we will improve the UX of our user authentication application from the previous article by adding an error flash message when the user entered a wrong password and a success message after user authorisation.

go echo flash messages
User Authentication in Go Echo with JWT
28 Jan 2021

User Authentication in Go Echo with JWT

In this article, we will build a simple user authentication functionality using JWT (JSON Web Token). In the examples, I’m going to use a Go Echo framework. This will allow us to avoid writing some boilerplate code.

go authentication JWT Echo
A Simple Queue Implementation in Golang with channels
12 Jan 2021

A Simple Queue Implementation in Golang with channels

In this post, I’m going to show the way how we can implement a simple queue in Golang, using channels.

go queue channel goroutine
How to Sort Strings With Go Alphabetically in Any Language
4 Jan 2021

How to Sort Strings With Go Alphabetically in Any Language

In this article I’m going to show how easy we can sort strings alphabetically in different languages, using Go. It seems like an easy task if we want to sort English words, however, it’s not so trivial if we want to sort correctly strings with special characters or in other languages, i.e Cyrillic based.

go sorting alphabetical sort