started with post editor

backend/auth/login.go

@@ -14,8 +14,8 @@ import (
 
 func Login(username, password string, secret []byte) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		var login model.Login
-		if err := json.NewDecoder(r.Response.Request.Body).Decode(&login); err != nil {
+		login := model.Login{}
+		if err := json.NewDecoder(r.Body).Decode(&login); err != nil {
 			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}

backend/cors/cors.go

@@ -5,7 +5,7 @@ import "net/http"
 func HandlerForOrigin(origin string) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			if origin := r.Header.Get("Origin"); origin != "" {
+			if o := r.Header.Get("Origin"); o != "" {
 				w.Header().Set("Access-Control-Allow-Origin", origin)
 				w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
 				w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
@@ -13,6 +13,8 @@ func HandlerForOrigin(origin string) func(http.Handler) http.Handler {
 				w.Header().Set("Access-Control-Allow-Credentials", "true")
 			}
 			if r.Method == "OPTIONS" {
+				w.WriteHeader(http.StatusNoContent)
+
 				return
 			}
 			next.ServeHTTP(w, r)

backend/main.go

@@ -28,11 +28,13 @@ func main() {
 	db := model.Init()
 	blg := blog.New(db)
 	r := mux.NewRouter()
+	r.Use(cors.HandlerForOrigin("*"))
 	r.Handle("/login", auth.Login(user, password, []byte(secret))).Methods("POST")
 	r.Handle("/posts", auth.Authenticated([]byte(secret))(blg.CreatePost)).Methods("POST")
 	r.Handle("/posts", http.HandlerFunc(blg.GetAllPosts)).Methods("GET")
-
-	r.Use(cors.HandlerForOrigin("*"))
-
+	r.Methods("OPTIONS").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// The CORS middleware should set up the headers for you
+		w.WriteHeader(http.StatusNoContent)
+	})
 	http.ListenAndServe(":8080", r)
 }