nyaa-pantsu/service/user/cookieHelper.go

package userService

import (
	"errors"
	"github.com/ewhal/nyaa/db"
	"github.com/ewhal/nyaa/model"
	formStruct "github.com/ewhal/nyaa/service/user/form"
	"github.com/ewhal/nyaa/util/log"
	"github.com/ewhal/nyaa/util/modelHelper"
	"github.com/gorilla/securecookie"
	"golang.org/x/crypto/bcrypt"
	"net/http"
)

var cookieHandler = securecookie.New(
	securecookie.GenerateRandomKey(64),
	securecookie.GenerateRandomKey(32))

func Token(r *http.Request) (string, error) {
	var token string
	cookie, err := r.Cookie("session")
	if err != nil {
		return token, err
	}
	cookieValue := make(map[string]string)
	err = cookieHandler.Decode("session", cookie.Value, &cookieValue)
	if err != nil {
		return token, err
	}
	token = cookieValue["token"]
	if len(token) == 0 {
		return token, errors.New("token is empty")
	}
	return token, nil
}

// SetCookie sets a cookie.
func SetCookie(w http.ResponseWriter, token string) (int, error) {
	value := map[string]string{
		"token": token,
	}
	encoded, err := cookieHandler.Encode("session", value)
	if err != nil {
		return http.StatusInternalServerError, err
	}
	cookie := &http.Cookie{
		Name:  "session",
		Value: encoded,
		Path:  "/",
	}
	http.SetCookie(w, cookie)
	return http.StatusOK, nil
}

// ClearCookie clears a cookie.
func ClearCookie(w http.ResponseWriter) (int, error) {
	cookie := &http.Cookie{
		Name:   "session",
		Value:  "",
		Path:   "/",
		MaxAge: -1,
	}
	http.SetCookie(w, cookie)
	return http.StatusOK, nil
}

// SetCookieHandler sets a cookie with email and password.
func SetCookieHandler(w http.ResponseWriter, email string, pass string) (int, error) {
	if email != "" && pass != "" {
		var user model.User
		isValidEmail, _ := formStruct.EmailValidation(email, formStruct.NewErrors())
		if isValidEmail {
			log.Debug("User entered valid email.")
			if db.ORM.Where("email = ?", email).First(&user).RecordNotFound() {
				return http.StatusNotFound, errors.New("User not found")
			}
		} else {
			log.Debug("User entered username.")
			if db.ORM.Where("username = ?", email).First(&user).RecordNotFound() {
				return http.StatusNotFound, errors.New("User not found")
			}
		}
		err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pass))
		if err != nil {
			return http.StatusUnauthorized, errors.New("Password incorrect")
		}
		if user.Status == -1 {
			return http.StatusUnauthorized, errors.New("Account banned")
		}
		status, err := SetCookie(w, user.Token)
		if err != nil {
			return status, err
		}
		w.Header().Set("X-Auth-Token", user.Token)
		return http.StatusOK, nil
	}
	return http.StatusNotFound, errors.New("user not found")
}

// RegisterHanderFromForm sets cookie from a RegistrationForm.
func RegisterHanderFromForm(w http.ResponseWriter, registrationForm formStruct.RegistrationForm) (int, error) {
	username := registrationForm.Username // email isn't set at this point
	pass := registrationForm.Password
	return SetCookieHandler(w, username, pass)
}

// RegisterHandler sets a cookie when user registered.
func RegisterHandler(w http.ResponseWriter, r *http.Request) (int, error) {
	var registrationForm formStruct.RegistrationForm
	modelHelper.BindValueForm(&registrationForm, r)
	return RegisterHanderFromForm(w, registrationForm)
}

// CurrentUser get a current user.
func CurrentUser(r *http.Request) (model.User, error) {
	var user model.User
	var token string
	var err error
	token = r.Header.Get("X-Auth-Token")
	if len(token) > 0 {
		log.Debug("header token exists")
	} else {
		token, err = Token(r)
		log.Debug("header token does not exist")
		if err != nil {
			return user, err
		}
	}
	if db.ORM.Where("api_token = ?", token).First(&user).RecordNotFound() {
		return user, errors.New("user not found")
	}
	err = db.ORM.Model(&user).Error
	return user, err
}
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`package userService`

			`import (`
			`"errors"`
			`"github.com/ewhal/nyaa/db"`
			`"github.com/ewhal/nyaa/model"`
Better DB error handling 2017-05-09 19:23:21 +02:00			`formStruct "github.com/ewhal/nyaa/service/user/form"`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`"github.com/ewhal/nyaa/util/log"`
Fixed Typo 2017-05-06 21:37:10 +02:00			`"github.com/ewhal/nyaa/util/modelHelper"`
Better DB error handling 2017-05-09 19:23:21 +02:00			`"github.com/gorilla/securecookie"`
			`"golang.org/x/crypto/bcrypt"`
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245) * Checkpoint: it builds The config, db, model, network, os, and public packages have had some fixes to glaringly obvious flaws, dead code removed, and stylistic changes. * Style changes and old code removal in router Router needs a lot of work done to its (lack of) error handling. * Dead code removal and style changes Now up to util/email/email.go. After I'm finished with the initial sweep I'll go back and fix error handling and security issues. Then I'll fix the broken API. Then I'll go through to add documentation and fix code visibility. * Finish dead code removal and style changes Vendored libraries not touched. Everything still needs security fixes and documentation. There's also one case of broken functionality. * Fix accidental find-and-replace * Style, error checking, saftey, bug fix changes * Redo error checking erased during merge * Re-add merge-erased fix. Make Safe safe. 2017-05-10 04:34:40 +02:00			`"net/http"`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`)`

			`var cookieHandler = securecookie.New(`
			`securecookie.GenerateRandomKey(64),`
			`securecookie.GenerateRandomKey(32))`

Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`func Token(r *http.Request) (string, error) {`
			`var token string`
			`cookie, err := r.Cookie("session")`
			`if err != nil {`
			`return token, err`
			`}`
			`cookieValue := make(map[string]string)`
			`err = cookieHandler.Decode("session", cookie.Value, &cookieValue)`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`if err != nil {`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`return token, err`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`token = cookieValue["token"]`
			`if len(token) == 0 {`
			`return token, errors.New("token is empty")`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`return token, nil`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`

Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`// SetCookie sets a cookie.`
			`func SetCookie(w http.ResponseWriter, token string) (int, error) {`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`value := map[string]string{`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`"token": token,`
			`}`
			`encoded, err := cookieHandler.Encode("session", value)`
			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`
			`cookie := &http.Cookie{`
			`Name: "session",`
			`Value: encoded,`
			`Path: "/",`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`http.SetCookie(w, cookie)`
			`return http.StatusOK, nil`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`

Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`// ClearCookie clears a cookie.`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`func ClearCookie(w http.ResponseWriter) (int, error) {`
			`cookie := &http.Cookie{`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`Name: "session",`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`Value: "",`
			`Path: "/",`
			`MaxAge: -1,`
			`}`
			`http.SetCookie(w, cookie)`
			`return http.StatusOK, nil`
			`}`

Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`// SetCookieHandler sets a cookie with email and password.`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`func SetCookieHandler(w http.ResponseWriter, email string, pass string) (int, error) {`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`if email != "" && pass != "" {`
			`var user model.User`
			`isValidEmail, _ := formStruct.EmailValidation(email, formStruct.NewErrors())`
			`if isValidEmail {`
			`log.Debug("User entered valid email.")`
			`if db.ORM.Where("email = ?", email).First(&user).RecordNotFound() {`
			`return http.StatusNotFound, errors.New("User not found")`
			`}`
			`} else {`
			`log.Debug("User entered username.")`
			`if db.ORM.Where("username = ?", email).First(&user).RecordNotFound() {`
			`return http.StatusNotFound, errors.New("User not found")`
			`}`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pass))`
			`if err != nil {`
			`return http.StatusUnauthorized, errors.New("Password incorrect")`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`if user.Status == -1 {`
			`return http.StatusUnauthorized, errors.New("Account banned")`
			`}`
			`status, err := SetCookie(w, user.Token)`
			`if err != nil {`
			`return status, err`
			`}`
			`w.Header().Set("X-Auth-Token", user.Token)`
			`return http.StatusOK, nil`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`return http.StatusNotFound, errors.New("user not found")`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`

			`// RegisterHanderFromForm sets cookie from a RegistrationForm.`
Added User Registration View Moved public files in public folder 2017-05-07 00:10:40 +02:00			`func RegisterHanderFromForm(w http.ResponseWriter, registrationForm formStruct.RegistrationForm) (int, error) {`
Make email verification work correctly Previously the email was set before it had been verified, which was very wrong. 2017-05-10 21:16:30 +02:00			`username := registrationForm.Username // email isn't set at this point`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`pass := registrationForm.Password`
Make email verification work correctly Previously the email was set before it had been verified, which was very wrong. 2017-05-10 21:16:30 +02:00			`return SetCookieHandler(w, username, pass)`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`

			`// RegisterHandler sets a cookie when user registered.`
			`func RegisterHandler(w http.ResponseWriter, r *http.Request) (int, error) {`
Added User Registration View Moved public files in public folder 2017-05-07 00:10:40 +02:00			`var registrationForm formStruct.RegistrationForm`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`modelHelper.BindValueForm(&registrationForm, r)`
			`return RegisterHanderFromForm(w, registrationForm)`
			`}`

Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`// CurrentUser get a current user.`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`func CurrentUser(r *http.Request) (model.User, error) {`
			`var user model.User`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`var token string`
			`var err error`
			`token = r.Header.Get("X-Auth-Token")`
			`if len(token) > 0 {`
			`log.Debug("header token exists")`
			`} else {`
			`token, err = Token(r)`
			`log.Debug("header token does not exist")`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`if err != nil {`
			`return user, err`
			`}`
			`}`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`if db.ORM.Where("api_token = ?", token).First(&user).RecordNotFound() {`
			`return user, errors.New("user not found")`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`
Revert "Stateless cookies (#372)" This reverts commit 2f06fb8fa1403e127e7024d69138a589eaca0d53. 2017-05-12 08:42:15 +02:00			`err = db.ORM.Model(&user).Error`
			`return user, err`
User Package (WIP) Added services and utils needed 2017-05-06 21:21:39 +02:00			`}`