diff --git a/lib/api/main.go b/lib/api/main.go index 1095329..591b04b 100644 --- a/lib/api/main.go +++ b/lib/api/main.go @@ -49,11 +49,3 @@ func SessionHandler(h Handle, sessions *session.Manager) httprouter.Handle { JsonOutput(w, r, sess, data, err) } } - -func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle { - return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - sess := sessions.SessionStart(w, r) - data, err := h(w, r, ps, sess) - JsonOutput(w, r, sess, data, err) - } -} diff --git a/system/api.go b/system/api.go index 904fbbe..bed5a14 100644 --- a/system/api.go +++ b/system/api.go @@ -35,9 +35,9 @@ func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *x } router.GET(prefix+"/status", libapi.SessionHandler(api.Status, sessions)) router.POST(prefix+"/login", libapi.SessionHandler(api.Login, sessions)) - router.GET(prefix+"/logout", libapi.LoginHandler(api.Logout, sessions)) - router.POST(prefix+"/password", libapi.LoginHandler(api.Password, sessions)) - router.GET(prefix+"/delete", libapi.LoginHandler(api.Status, sessions)) + router.GET(prefix+"/logout", LoginHandler(api.Logout, sessions)) + router.POST(prefix+"/password", LoginHandler(api.Password, sessions)) + router.GET(prefix+"/delete", LoginHandler(api.Delete, sessions)) } // Status to get Login and Server status @@ -58,7 +58,7 @@ func (api *API) Status(w http.ResponseWriter, r *http.Request, _ httprouter.Para } // Logout current user -func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) { +func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, _ *Login) (returndata interface{}, returnerr *libapi.ErrorResult) { api.sessions.SessionDestroy(w, r) logger := api.log.GetLog(r, "logout") if login := sess.Get("login"); login != nil { @@ -79,6 +79,9 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param if err != nil { logger.Error("fetch request") http.Error(w, err.Error(), http.StatusInternalServerError) + returnerr = &libapi.ErrorResult{ + Message: "Internal Request Error", + } returndata = false return } @@ -87,11 +90,15 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param _, err = api.dbconnection.Get(&login) if err != nil { logger.Error("fetch database") + returnerr = &libapi.ErrorResult{ + Message: "Internal Request Error", + } returndata = false return } - if login.Id <= 0 { + if login.ID <= 0 { logger.Warn("user not found") + returnerr = &libapi.ErrorResult{Fields: []string{"username"}, Message: "User not Found"} returndata = false return } @@ -104,6 +111,7 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param logger.Info("logged in") } else { logger.Warn("wrong password") + returnerr = &libapi.ErrorResult{Fields: []string{"password"}, Message: "Wrong Password"} } } else { logger.Warn("not active") @@ -111,15 +119,46 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param return } -func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) { + +//Password to change the password +func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) { logger := api.log.GetLog(r, "password") - logger.Warn("not implemented") returndata = false + var changePasswordRequest ChangePasswordRequest + + err := json.NewDecoder(r.Body).Decode(&changePasswordRequest) + if err != nil { + logger.Error("fetch request") + http.Error(w, err.Error(), http.StatusInternalServerError) + returnerr = &libapi.ErrorResult{Message: "Internal Request Error"} + return + } + output, _ := libpassword.Validate(login.Password, changePasswordRequest.CurrentPassword) + if !output { + logger.Warn("wrong current password") + returnerr = &libapi.ErrorResult{Fields: []string{"currentpassword"}, Message: "Wrong CurrentPassword"} + return + } + + if len(changePasswordRequest.NewPassword) < MINPASSWORDLENTH { + logger.Warn("wrong new password") + returnerr = &libapi.ErrorResult{Fields: []string{"newpassword"}, Message: "Wrong NewPassword"} + return + } + login.Password = libpassword.NewHesh(changePasswordRequest.NewPassword) + api.dbconnection.Update(login) + sess.Set("login", *login) + returndata = true + logger.Info("works") return } -func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) { + +//Delete of login on warehost +func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) { logger := api.log.GetLog(r, "delete") - logger.Warn("not implemented") - returndata = false + logger.Warn("login delete") + sess.Delete("login") + api.dbconnection.Delete(login) + returndata = true return } diff --git a/system/lib.go b/system/lib.go new file mode 100644 index 0000000..08bd12a --- /dev/null +++ b/system/lib.go @@ -0,0 +1,29 @@ +package system + +import ( + "net/http" + + "github.com/astaxie/session" + "github.com/julienschmidt/httprouter" + + libapi "dev.sum7.de/sum7/warehost/lib/api" +) + +type Handle func(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (interface{}, *libapi.ErrorResult) + +//LoginHandler for api function to Verifie User ist loggedin +func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle { + return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + sess := sessions.SessionStart(w, r) + err := &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not logged in"} + var data interface{} + data = false + + if login := sess.Get("login"); login != nil { + if loginObj := login.(Login); loginObj.Active { + data, err = h(w, r, ps, sess, &loginObj) + } + } + libapi.JsonOutput(w, r, sess, data, err) + } +} diff --git a/system/models.go b/system/models.go index 5611c88..791cfc8 100644 --- a/system/models.go +++ b/system/models.go @@ -9,15 +9,32 @@ import ( "github.com/go-xorm/xorm" ) -// Login object for request +// MINPASSWORDLENTH to validate password +const MINPASSWORDLENTH = 3 + +/* + * API Model + */ + +// RequestLogin for api request to log in type RequestLogin struct { Username string `json:"username"` Password string `json:"password"` } +// ChangePasswordRequest for api request of a new password +type ChangePasswordRequest struct { + CurrentPassword string `json:"currentpassword"` + NewPassword string `json:"newpassword"` +} + +/* + * Database Model + */ + // Login found type Login struct { - Id int64 `json:"id"` + ID int64 `xorm:"'id'" json:"id"` Username string `xorm:"varchar(255) not null unique 'mail'" json:"username"` Password string `xorm:"varchar(255) not null 'password'" json:"-"` Active bool `xorm:"boolean default false 'active'" json:"active"` @@ -27,6 +44,7 @@ type Login struct { LastLoginAt time.Time `xorm:"timestampz 'lastloginat'" json:"lastloginat"` } +// SyncModels to verify the database schema func SyncModels(dbconnection *xorm.Engine) { err := dbconnection.Sync(new(Login)) if err != nil {