2016-08-13 11:03:03 +02:00
|
|
|
package system
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"github.com/astaxie/session"
|
2016-08-20 01:17:08 +02:00
|
|
|
"github.com/jinzhu/gorm"
|
2016-08-13 11:03:03 +02:00
|
|
|
"github.com/julienschmidt/httprouter"
|
|
|
|
|
|
|
|
libconfig "dev.sum7.de/sum7/warehost/config"
|
|
|
|
libapi "dev.sum7.de/sum7/warehost/lib/api"
|
2016-08-14 15:29:54 +02:00
|
|
|
log "dev.sum7.de/sum7/warehost/lib/log"
|
2016-08-13 11:03:03 +02:00
|
|
|
libpassword "dev.sum7.de/sum7/warehost/lib/password"
|
|
|
|
)
|
|
|
|
|
2016-08-14 18:29:25 +02:00
|
|
|
//MODULNAME to get global name for the modul
|
|
|
|
const MODULNAME = "system"
|
|
|
|
|
2016-08-13 11:03:03 +02:00
|
|
|
//API keep data in module global
|
|
|
|
type API struct {
|
|
|
|
config *libconfig.Config
|
|
|
|
sessions *session.Manager
|
2016-08-20 01:17:08 +02:00
|
|
|
dbconnection *gorm.DB
|
2016-08-14 18:29:25 +02:00
|
|
|
log *log.ModulLog
|
2016-08-13 11:03:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewAPI sets the routes to the api functions
|
2016-08-20 01:17:08 +02:00
|
|
|
func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *gorm.DB, router *httprouter.Router, prefix string) {
|
2016-08-14 18:29:25 +02:00
|
|
|
api := &API{
|
|
|
|
config: config,
|
|
|
|
sessions: sessions,
|
|
|
|
dbconnection: dbconnection,
|
|
|
|
log: log.NewModulLog(MODULNAME),
|
|
|
|
}
|
2016-08-16 08:30:02 +02:00
|
|
|
router.GET(prefix+"/status", libapi.SessionHandler(api.Status, sessions))
|
|
|
|
router.POST(prefix+"/login", libapi.SessionHandler(api.Login, sessions))
|
2016-08-17 22:31:58 +02:00
|
|
|
router.GET(prefix+"/logout", LoginHandler(api.Logout, sessions))
|
|
|
|
router.POST(prefix+"/password", LoginHandler(api.Password, sessions))
|
|
|
|
router.GET(prefix+"/delete", LoginHandler(api.Delete, sessions))
|
2016-08-20 01:17:08 +02:00
|
|
|
router.GET(prefix+"/invite", LoginHandler(api.InviteList, sessions))
|
|
|
|
router.POST(prefix+"/invite", LoginHandler(api.InviteAdd, sessions))
|
|
|
|
router.PUT(prefix+"/invite", LoginHandler(api.InviteEdit, sessions))
|
|
|
|
router.DELETE(prefix+"/invite", LoginHandler(api.InviteDelete, sessions))
|
2016-08-13 11:03:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Status to get Login and Server status
|
2016-08-16 08:30:02 +02:00
|
|
|
func (api *API) Status(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
|
|
|
|
returndata = false
|
2016-08-14 18:29:25 +02:00
|
|
|
logger := api.log.GetLog(r, "status")
|
2016-08-20 01:17:08 +02:00
|
|
|
var result int64
|
|
|
|
api.dbconnection.Model(&Login{}).Count(&result)
|
|
|
|
if result > 0 {
|
|
|
|
returndata = true
|
2016-08-13 11:03:03 +02:00
|
|
|
}
|
2016-08-14 15:29:54 +02:00
|
|
|
logger.Info("status")
|
2016-08-16 08:30:02 +02:00
|
|
|
return
|
2016-08-13 11:03:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Logout current user
|
2016-08-17 22:31:58 +02:00
|
|
|
func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, _ *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
|
2016-08-13 11:03:03 +02:00
|
|
|
api.sessions.SessionDestroy(w, r)
|
2016-08-14 18:29:25 +02:00
|
|
|
logger := api.log.GetLog(r, "logout")
|
2016-08-14 15:29:54 +02:00
|
|
|
if login := sess.Get("login"); login != nil {
|
|
|
|
logger = logger.WithField("user", login.(Login).Username)
|
|
|
|
}
|
|
|
|
sess.Delete("login")
|
|
|
|
sess.Delete("profil")
|
|
|
|
logger.Info("logout")
|
2016-08-16 08:30:02 +02:00
|
|
|
returndata = true
|
|
|
|
return
|
2016-08-13 11:03:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Login of system
|
2016-08-16 08:30:02 +02:00
|
|
|
func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
|
2016-08-14 18:29:25 +02:00
|
|
|
logger := api.log.GetLog(r, "login")
|
2016-08-13 11:03:03 +02:00
|
|
|
var requestlogin RequestLogin
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&requestlogin)
|
|
|
|
if err != nil {
|
2016-08-14 15:29:54 +02:00
|
|
|
logger.Error("fetch request")
|
2016-08-14 13:33:53 +02:00
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
2016-08-17 22:31:58 +02:00
|
|
|
returnerr = &libapi.ErrorResult{
|
|
|
|
Message: "Internal Request Error",
|
|
|
|
}
|
2016-08-16 08:30:02 +02:00
|
|
|
returndata = false
|
2016-08-13 11:03:03 +02:00
|
|
|
return
|
|
|
|
}
|
2016-08-14 15:29:54 +02:00
|
|
|
logger = logger.WithField("user", requestlogin.Username)
|
2016-08-13 11:03:03 +02:00
|
|
|
var login = Login{Username: requestlogin.Username}
|
2016-08-20 01:17:08 +02:00
|
|
|
api.dbconnection.Where("mail = ?", requestlogin.Username).First(&login)
|
2016-08-17 22:31:58 +02:00
|
|
|
if login.ID <= 0 {
|
2016-08-14 15:29:54 +02:00
|
|
|
logger.Warn("user not found")
|
2016-08-17 22:31:58 +02:00
|
|
|
returnerr = &libapi.ErrorResult{Fields: []string{"username"}, Message: "User not Found"}
|
2016-08-16 08:30:02 +02:00
|
|
|
returndata = false
|
2016-08-14 13:33:53 +02:00
|
|
|
return
|
2016-08-13 11:03:03 +02:00
|
|
|
}
|
2016-08-16 08:30:02 +02:00
|
|
|
returndata = false
|
2016-08-14 13:33:53 +02:00
|
|
|
if login.Active {
|
|
|
|
output, _ := libpassword.Validate(login.Password, requestlogin.Password)
|
|
|
|
if output {
|
2016-08-16 08:30:02 +02:00
|
|
|
returndata = true
|
2016-08-14 13:33:53 +02:00
|
|
|
sess.Set("login", login)
|
2016-08-14 15:29:54 +02:00
|
|
|
logger.Info("logged in")
|
|
|
|
} else {
|
|
|
|
logger.Warn("wrong password")
|
2016-08-17 22:31:58 +02:00
|
|
|
returnerr = &libapi.ErrorResult{Fields: []string{"password"}, Message: "Wrong Password"}
|
2016-08-14 13:33:53 +02:00
|
|
|
}
|
2016-08-14 15:29:54 +02:00
|
|
|
} else {
|
|
|
|
logger.Warn("not active")
|
2016-08-17 22:55:20 +02:00
|
|
|
returnerr = &libapi.ErrorResult{Fields: []string{"active"}, Message: "Not a active User"}
|
2016-08-13 11:03:03 +02:00
|
|
|
}
|
2016-08-14 15:29:54 +02:00
|
|
|
|
2016-08-16 08:30:02 +02:00
|
|
|
return
|
|
|
|
}
|
2016-08-17 22:31:58 +02:00
|
|
|
|
|
|
|
//Password to change the password
|
|
|
|
func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
|
2016-08-16 08:30:02 +02:00
|
|
|
logger := api.log.GetLog(r, "password")
|
|
|
|
returndata = false
|
2016-08-17 22:31:58 +02:00
|
|
|
var changePasswordRequest ChangePasswordRequest
|
|
|
|
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&changePasswordRequest)
|
|
|
|
if err != nil {
|
|
|
|
logger.Error("fetch request")
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
output, _ := libpassword.Validate(login.Password, changePasswordRequest.CurrentPassword)
|
|
|
|
if !output {
|
|
|
|
logger.Warn("wrong current password")
|
|
|
|
returnerr = &libapi.ErrorResult{Fields: []string{"currentpassword"}, Message: "Wrong CurrentPassword"}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(changePasswordRequest.NewPassword) < MINPASSWORDLENTH {
|
|
|
|
logger.Warn("wrong new password")
|
|
|
|
returnerr = &libapi.ErrorResult{Fields: []string{"newpassword"}, Message: "Wrong NewPassword"}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
login.Password = libpassword.NewHesh(changePasswordRequest.NewPassword)
|
2016-08-20 01:17:08 +02:00
|
|
|
api.dbconnection.Save(login)
|
2016-08-17 22:31:58 +02:00
|
|
|
sess.Set("login", *login)
|
|
|
|
returndata = true
|
|
|
|
logger.Info("works")
|
2016-08-16 08:30:02 +02:00
|
|
|
return
|
|
|
|
}
|
2016-08-17 22:31:58 +02:00
|
|
|
|
|
|
|
//Delete of login on warehost
|
|
|
|
func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
|
2016-08-16 08:30:02 +02:00
|
|
|
logger := api.log.GetLog(r, "delete")
|
2016-08-17 22:31:58 +02:00
|
|
|
logger.Warn("login delete")
|
|
|
|
sess.Delete("login")
|
|
|
|
api.dbconnection.Delete(login)
|
|
|
|
returndata = true
|
2016-08-16 08:30:02 +02:00
|
|
|
return
|
2016-08-13 11:03:03 +02:00
|
|
|
}
|
2016-08-20 01:17:08 +02:00
|
|
|
|
|
|
|
func (api *API) InviteList(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
|
|
|
|
logger := api.log.GetLog(r, "invitelist")
|
|
|
|
logger.Warn("not implemented")
|
|
|
|
api.dbconnection.Model(login).Preload("Invites.Invited").First(login)
|
|
|
|
returndata = login.Invites
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func (api *API) InviteAdd(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
|
|
|
|
logger := api.log.GetLog(r, "invitelist")
|
|
|
|
logger.Warn("not implemented")
|
|
|
|
returndata = false
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func (api *API) InviteEdit(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
|
|
|
|
logger := api.log.GetLog(r, "invitelist")
|
|
|
|
logger.Warn("not implemented")
|
|
|
|
returndata = false
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func (api *API) InviteDelete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
|
|
|
|
logger := api.log.GetLog(r, "invitelist")
|
|
|
|
logger.Warn("not implemented")
|
|
|
|
returndata = false
|
|
|
|
return
|
|
|
|
}
|