Search code examples
gobeego

Filter patterns in router

For each user, the Beego app creates a directory under /static/users/ in the form of: /static/users/USER_ID/private and /static/users/USER_ID/public, where USER_ID the ID of each user.

I want to protect the private files so that only the user owning them to be able to access with the use of Filters.

The pattern in router is the following:

beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeRouter, controllers.ProtectPrivateUploads)

and the filter function is the following:

var ProtectPrivateUploads = func(ctx *context.Context) { fmt.Println("Protecting content") }

the relevant URL has the following form:

domain.com/static/users/USERID/private/123135645.png

The problem is that the filter function does not get called at all so I am assuming that I must have done something wrong with the pattern in the router.

Any ideas would be welcomed.

Solution

  • It seems that there is another point of insert for filters beego.BeforeStatic but it is not documented at http://beego.me/docs/mvc/controller/filter.md

    by looking the code at https://github.com/astaxie/beego/blob/master/router.go, these are the accepted positions when one can trigger the filter:

    const (
    // default filter execution points
    BeforeStatic = iota
    BeforeRouter
    BeforeExec
    AfterExec
    FinishRouter
)

    so a valid call in order to trigger a filter for static files could be:

    beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)

    Update

    The session object for the beego.BeforeRouter router position can be obtained using the following function:

    sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)

    as a result a valid router and filter to protect content under /static/ url would be:

    router:

    beego.InsertFilter("/static/users/:id([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)

    filter:

    var ProtectPrivateUploads = func(ctx *context.Context) {
    sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)
    defer sess.SessionRelease(ctx.ResponseWriter)
    ses := sess.Get("sessionid")
    if ses != nil {
       // get user's id from the session and check if the user can access the requested URL
}