sum7/warehost
sum7
/
warehost
Archived
1
0
Fork 0

improve login + add system-password and system-delete

This commit is contained in:
Martin Geno 2016-08-17 22:31:58 +02:00
parent b78aa4be3d
commit 7320874578
4 changed files with 98 additions and 20 deletions

View File

@ -49,11 +49,3 @@ func SessionHandler(h Handle, sessions *session.Manager) httprouter.Handle {
JsonOutput(w, r, sess, data, err)
}
}
func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
sess := sessions.SessionStart(w, r)
data, err := h(w, r, ps, sess)
JsonOutput(w, r, sess, data, err)
}
}

View File

@ -35,9 +35,9 @@ func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *x
}
router.GET(prefix+"/status", libapi.SessionHandler(api.Status, sessions))
router.POST(prefix+"/login", libapi.SessionHandler(api.Login, sessions))
router.GET(prefix+"/logout", libapi.LoginHandler(api.Logout, sessions))
router.POST(prefix+"/password", libapi.LoginHandler(api.Password, sessions))
router.GET(prefix+"/delete", libapi.LoginHandler(api.Status, sessions))
router.GET(prefix+"/logout", LoginHandler(api.Logout, sessions))
router.POST(prefix+"/password", LoginHandler(api.Password, sessions))
router.GET(prefix+"/delete", LoginHandler(api.Delete, sessions))
}
// Status to get Login and Server status
@ -58,7 +58,7 @@ func (api *API) Status(w http.ResponseWriter, r *http.Request, _ httprouter.Para
}
// Logout current user
func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, _ *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
api.sessions.SessionDestroy(w, r)
logger := api.log.GetLog(r, "logout")
if login := sess.Get("login"); login != nil {
@ -79,6 +79,9 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
if err != nil {
logger.Error("fetch request")
http.Error(w, err.Error(), http.StatusInternalServerError)
returnerr = &libapi.ErrorResult{
Message: "Internal Request Error",
}
returndata = false
return
}
@ -87,11 +90,15 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
_, err = api.dbconnection.Get(&login)
if err != nil {
logger.Error("fetch database")
returnerr = &libapi.ErrorResult{
Message: "Internal Request Error",
}
returndata = false
return
}
if login.Id <= 0 {
if login.ID <= 0 {
logger.Warn("user not found")
returnerr = &libapi.ErrorResult{Fields: []string{"username"}, Message: "User not Found"}
returndata = false
return
}
@ -104,6 +111,7 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
logger.Info("logged in")
} else {
logger.Warn("wrong password")
returnerr = &libapi.ErrorResult{Fields: []string{"password"}, Message: "Wrong Password"}
}
} else {
logger.Warn("not active")
@ -111,15 +119,46 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
return
}
func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
//Password to change the password
func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
logger := api.log.GetLog(r, "password")
logger.Warn("not implemented")
returndata = false
var changePasswordRequest ChangePasswordRequest
err := json.NewDecoder(r.Body).Decode(&changePasswordRequest)
if err != nil {
logger.Error("fetch request")
http.Error(w, err.Error(), http.StatusInternalServerError)
returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
return
}
func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
output, _ := libpassword.Validate(login.Password, changePasswordRequest.CurrentPassword)
if !output {
logger.Warn("wrong current password")
returnerr = &libapi.ErrorResult{Fields: []string{"currentpassword"}, Message: "Wrong CurrentPassword"}
return
}
if len(changePasswordRequest.NewPassword) < MINPASSWORDLENTH {
logger.Warn("wrong new password")
returnerr = &libapi.ErrorResult{Fields: []string{"newpassword"}, Message: "Wrong NewPassword"}
return
}
login.Password = libpassword.NewHesh(changePasswordRequest.NewPassword)
api.dbconnection.Update(login)
sess.Set("login", *login)
returndata = true
logger.Info("works")
return
}
//Delete of login on warehost
func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
logger := api.log.GetLog(r, "delete")
logger.Warn("not implemented")
returndata = false
logger.Warn("login delete")
sess.Delete("login")
api.dbconnection.Delete(login)
returndata = true
return
}

29
system/lib.go Normal file
View File

@ -0,0 +1,29 @@
package system
import (
"net/http"
"github.com/astaxie/session"
"github.com/julienschmidt/httprouter"
libapi "dev.sum7.de/sum7/warehost/lib/api"
)
type Handle func(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (interface{}, *libapi.ErrorResult)
//LoginHandler for api function to Verifie User ist loggedin
func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
sess := sessions.SessionStart(w, r)
err := &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not logged in"}
var data interface{}
data = false
if login := sess.Get("login"); login != nil {
if loginObj := login.(Login); loginObj.Active {
data, err = h(w, r, ps, sess, &loginObj)
}
}
libapi.JsonOutput(w, r, sess, data, err)
}
}

View File

@ -9,15 +9,32 @@ import (
"github.com/go-xorm/xorm"
)
// Login object for request
// MINPASSWORDLENTH to validate password
const MINPASSWORDLENTH = 3
/*
* API Model
*/
// RequestLogin for api request to log in
type RequestLogin struct {
Username string `json:"username"`
Password string `json:"password"`
}
// ChangePasswordRequest for api request of a new password
type ChangePasswordRequest struct {
CurrentPassword string `json:"currentpassword"`
NewPassword string `json:"newpassword"`
}
/*
* Database Model
*/
// Login found
type Login struct {
Id int64 `json:"id"`
ID int64 `xorm:"'id'" json:"id"`
Username string `xorm:"varchar(255) not null unique 'mail'" json:"username"`
Password string `xorm:"varchar(255) not null 'password'" json:"-"`
Active bool `xorm:"boolean default false 'active'" json:"active"`
@ -27,6 +44,7 @@ type Login struct {
LastLoginAt time.Time `xorm:"timestampz 'lastloginat'" json:"lastloginat"`
}
// SyncModels to verify the database schema
func SyncModels(dbconnection *xorm.Engine) {
err := dbconnection.Sync(new(Login))
if err != nil {