2017-05-06 21:21:39 +02:00
package userService
import (
"errors"
"github.com/ewhal/nyaa/db"
"github.com/ewhal/nyaa/model"
2017-05-09 19:23:21 +02:00
formStruct "github.com/ewhal/nyaa/service/user/form"
2017-05-06 21:21:39 +02:00
"github.com/ewhal/nyaa/util/log"
2017-05-06 21:37:10 +02:00
"github.com/ewhal/nyaa/util/modelHelper"
2017-05-09 19:23:21 +02:00
"github.com/gorilla/securecookie"
"golang.org/x/crypto/bcrypt"
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
"net/http"
2017-05-06 21:21:39 +02:00
)
var cookieHandler = securecookie . New (
securecookie . GenerateRandomKey ( 64 ) ,
securecookie . GenerateRandomKey ( 32 ) )
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
// TODO: Figure out what this is about before I delete it
2017-05-06 21:21:39 +02:00
// // UserName get username from a cookie.
// func UserName(c *gin.Context) (string, error) {
// var userName string
// request := c.Request
// cookie, err := request.Cookie("session")
// if err != nil {
// return userName, err
// }
// cookieValue := make(map[string]string)
// err = cookieHandler.Decode("session", cookie.Value, &cookieValue)
// if err != nil {
// return userName, err
// }
// userName = cookieValue["name"]
// return userName, nil
// }
2017-05-06 22:27:21 +02:00
func Token ( r * http . Request ) ( string , error ) {
2017-05-06 21:21:39 +02:00
var token string
2017-05-06 22:14:02 +02:00
cookie , err := r . Cookie ( "session" )
2017-05-06 21:21:39 +02:00
if err != nil {
return token , err
}
cookieValue := make ( map [ string ] string )
err = cookieHandler . Decode ( "session" , cookie . Value , & cookieValue )
if err != nil {
return token , err
}
token = cookieValue [ "token" ]
if len ( token ) == 0 {
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
return token , errors . New ( "token is empty" )
2017-05-06 21:21:39 +02:00
}
return token , nil
}
// SetCookie sets a cookie.
func SetCookie ( w http . ResponseWriter , token string ) ( int , error ) {
value := map [ string ] string {
"token" : token ,
}
encoded , err := cookieHandler . Encode ( "session" , value )
if err != nil {
return http . StatusInternalServerError , err
}
cookie := & http . Cookie {
Name : "session" ,
Value : encoded ,
Path : "/" ,
}
http . SetCookie ( w , cookie )
return http . StatusOK , nil
}
// ClearCookie clears a cookie.
func ClearCookie ( w http . ResponseWriter ) ( int , error ) {
cookie := & http . Cookie {
Name : "session" ,
Value : "" ,
Path : "/" ,
MaxAge : - 1 ,
}
http . SetCookie ( w , cookie )
return http . StatusOK , nil
}
// SetCookieHandler sets a cookie with email and password.
func SetCookieHandler ( w http . ResponseWriter , email string , pass string ) ( int , error ) {
if email != "" && pass != "" {
var user model . User
2017-05-07 19:59:38 +02:00
isValidEmail , _ := formStruct . EmailValidation ( email , formStruct . NewErrors ( ) )
2017-05-06 21:21:39 +02:00
if isValidEmail {
log . Debug ( "User entered valid email." )
if db . ORM . Where ( "email = ?" , email ) . First ( & user ) . RecordNotFound ( ) {
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
return http . StatusNotFound , errors . New ( "user not found" )
2017-05-06 21:21:39 +02:00
}
} else {
log . Debug ( "User entered username." )
if db . ORM . Where ( "username = ?" , email ) . First ( & user ) . RecordNotFound ( ) {
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
return http . StatusNotFound , errors . New ( "user not found" )
2017-05-06 21:21:39 +02:00
}
}
err := bcrypt . CompareHashAndPassword ( [ ] byte ( user . Password ) , [ ] byte ( pass ) )
if err != nil {
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
return http . StatusUnauthorized , errors . New ( "password incorrect" )
2017-05-06 21:21:39 +02:00
}
status , err := SetCookie ( w , user . Token )
if err != nil {
return status , err
}
w . Header ( ) . Set ( "X-Auth-Token" , user . Token )
return http . StatusOK , nil
}
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
return http . StatusNotFound , errors . New ( "user not found" )
2017-05-06 21:21:39 +02:00
}
// RegisterHanderFromForm sets cookie from a RegistrationForm.
2017-05-07 00:10:40 +02:00
func RegisterHanderFromForm ( w http . ResponseWriter , registrationForm formStruct . RegistrationForm ) ( int , error ) {
2017-05-10 21:16:30 +02:00
username := registrationForm . Username // email isn't set at this point
2017-05-06 21:21:39 +02:00
pass := registrationForm . Password
2017-05-10 21:16:30 +02:00
return SetCookieHandler ( w , username , pass )
2017-05-06 21:21:39 +02:00
}
// RegisterHandler sets a cookie when user registered.
func RegisterHandler ( w http . ResponseWriter , r * http . Request ) ( int , error ) {
2017-05-07 00:10:40 +02:00
var registrationForm formStruct . RegistrationForm
2017-05-06 21:21:39 +02:00
modelHelper . BindValueForm ( & registrationForm , r )
return RegisterHanderFromForm ( w , registrationForm )
}
// CurrentUser get a current user.
func CurrentUser ( r * http . Request ) ( model . User , error ) {
var user model . User
var token string
var err error
token = r . Header . Get ( "X-Auth-Token" )
if len ( token ) > 0 {
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
log . Debug ( "header token exists" )
2017-05-06 21:21:39 +02:00
} else {
2017-05-06 22:14:02 +02:00
token , err = Token ( r )
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
log . Debug ( "header token does not exist" )
2017-05-06 21:21:39 +02:00
if err != nil {
return user , err
}
}
2017-05-08 22:33:40 +02:00
if db . ORM . Where ( "api_token = ?" , token ) . First ( & user ) . RecordNotFound ( ) {
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
return user , errors . New ( "user not found" )
2017-05-06 21:21:39 +02:00
}
2017-05-09 19:23:21 +02:00
err = db . ORM . Model ( & user ) . Error
return user , err
2017-05-06 21:21:39 +02:00
}