API update completely functionnal for app usage (#987)
The api has been tested and works as intended. Now users do not have to go on the website to get back their token, they just have to register. Torrents show the right stats and username on api request when search is done User model when converted to JSON gives us the apitoken and md5 hash of email (for gravatar) Verification on upload is done by token and username instead of token only Errors are now given in json format in the api Global api response handler for less code redundancy and same response pattern Moved user auth check in cookie_helper to user.go Fixed bug with CSRF prevention in /api Added translation strings
Cette révision appartient à :
akuma06
ewhal
Parent
7ee5e913b1
révision
b0aa111511
|
|
@ -55,6 +55,8 @@ type UserJSON struct {
|
|||
ID uint `json:"user_id"`
|
||||
Username string `json:"username"`
|
||||
Status int `json:"status"`
|
||||
APIToken string `json:"token"`
|
||||
MD5 string `json:"md5"`
|
||||
CreatedAt string `json:"created_at"`
|
||||
LikingCount int `json:"liking_count"`
|
||||
LikedCount int `json:"liked_count"`
|
||||
|
|
@ -145,6 +147,8 @@ func (u *User) ToJSON() UserJSON {
|
|||
json := UserJSON{
|
||||
ID: u.ID,
|
||||
Username: u.Username,
|
||||
APIToken: u.APIToken,
|
||||
MD5: u.MD5,
|
||||
Status: u.Status,
|
||||
CreatedAt: u.CreatedAt.Format(time.RFC3339),
|
||||
LikingCount: len(u.Followers),
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ package router
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"html"
|
||||
"net/http"
|
||||
"strconv"
|
||||
|
|
@ -17,7 +16,11 @@ import (
|
|||
"github.com/NyaaPantsu/nyaa/service/torrent"
|
||||
"github.com/NyaaPantsu/nyaa/service/upload"
|
||||
"github.com/NyaaPantsu/nyaa/service/user"
|
||||
"github.com/NyaaPantsu/nyaa/service/user/form"
|
||||
"github.com/NyaaPantsu/nyaa/util/crypto"
|
||||
"github.com/NyaaPantsu/nyaa/util/log"
|
||||
msg "github.com/NyaaPantsu/nyaa/util/messages"
|
||||
"github.com/NyaaPantsu/nyaa/util/modelHelper"
|
||||
"github.com/NyaaPantsu/nyaa/util/search"
|
||||
"github.com/gorilla/mux"
|
||||
)
|
||||
|
|
@ -135,142 +138,140 @@ func APIViewHeadHandler(w http.ResponseWriter, r *http.Request) {
|
|||
// APIUploadHandler : Controller for uploading a torrent with api
|
||||
func APIUploadHandler(w http.ResponseWriter, r *http.Request) {
|
||||
token := r.Header.Get("Authorization")
|
||||
user, _, _, err := userService.RetrieveUserByAPIToken(token)
|
||||
username := r.FormValue("username")
|
||||
user, _, _, _, err := userService.RetrieveUserByAPITokenAndName(token, username)
|
||||
messages := msg.GetMessages(r)
|
||||
defer r.Body.Close()
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, "Error API token doesn't exist", http.StatusBadRequest)
|
||||
return
|
||||
messages.AddError("errors", "Error API token doesn't exist")
|
||||
}
|
||||
|
||||
if !uploadService.IsUploadEnabled(user) {
|
||||
http.Error(w, "Error uploads are disabled", http.StatusBadRequest)
|
||||
return
|
||||
messages.AddError("errors", "Error uploads are disabled")
|
||||
}
|
||||
|
||||
if user.ID == 0 {
|
||||
http.Error(w, apiService.ErrAPIKey.Error(), http.StatusUnauthorized)
|
||||
return
|
||||
messages.ImportFromError("errors", apiService.ErrAPIKey)
|
||||
}
|
||||
|
||||
upload := apiService.TorrentRequest{}
|
||||
contentType := r.Header.Get("Content-Type")
|
||||
if contentType != "application/json" && !strings.HasPrefix(contentType, "multipart/form-data") && r.Header.Get("Content-Type") != "application/x-www-form-urlencoded" {
|
||||
// TODO What should we do here ? upload is empty so we shouldn't
|
||||
// create a torrent from it
|
||||
http.Error(w, errors.New("Please provide either of Content-Type: application/json header or multipart/form-data").Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
// As long as the right content-type is sent, formValue is smart enough to parse it
|
||||
err = upload.ExtractInfo(r)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
status := model.TorrentStatusNormal
|
||||
if upload.Remake { // overrides trusted
|
||||
status = model.TorrentStatusRemake
|
||||
} else if user.IsTrusted() {
|
||||
status = model.TorrentStatusTrusted
|
||||
}
|
||||
|
||||
err = torrentService.ExistOrDelete(upload.Infohash, user)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
torrent := model.Torrent{
|
||||
Name: upload.Name,
|
||||
Category: upload.CategoryID,
|
||||
SubCategory: upload.SubCategoryID,
|
||||
Status: status,
|
||||
Hidden: upload.Hidden,
|
||||
Hash: upload.Infohash,
|
||||
Date: time.Now(),
|
||||
Filesize: upload.Filesize,
|
||||
Description: upload.Description,
|
||||
WebsiteLink: upload.WebsiteLink,
|
||||
UploaderID: user.ID}
|
||||
torrent.ParseTrackers(upload.Trackers)
|
||||
db.ORM.Create(&torrent)
|
||||
|
||||
if db.ElasticSearchClient != nil {
|
||||
err := torrent.AddToESIndex(db.ElasticSearchClient)
|
||||
if err == nil {
|
||||
log.Infof("Successfully added torrent to ES index.")
|
||||
} else {
|
||||
log.Errorf("Unable to add torrent to ES index: %s", err)
|
||||
if !messages.HasErrors() {
|
||||
upload := apiService.TorrentRequest{}
|
||||
contentType := r.Header.Get("Content-Type")
|
||||
if contentType != "application/json" && !strings.HasPrefix(contentType, "multipart/form-data") && r.Header.Get("Content-Type") != "application/x-www-form-urlencoded" {
|
||||
// TODO What should we do here ? upload is empty so we shouldn't
|
||||
// create a torrent from it
|
||||
messages.AddError("errors", "Please provide either of Content-Type: application/json header or multipart/form-data")
|
||||
}
|
||||
// As long as the right content-type is sent, formValue is smart enough to parse it
|
||||
err = upload.ExtractInfo(r)
|
||||
if err != nil {
|
||||
messages.ImportFromError("errors", err)
|
||||
}
|
||||
} else {
|
||||
log.Errorf("Unable to create elasticsearch client: %s", err)
|
||||
}
|
||||
|
||||
torrentService.NewTorrentEvent(Router, user, &torrent)
|
||||
// add filelist to files db, if we have one
|
||||
if len(upload.FileList) > 0 {
|
||||
for _, uploadedFile := range upload.FileList {
|
||||
file := model.File{TorrentID: torrent.ID, Filesize: upload.Filesize}
|
||||
err := file.SetPath(uploadedFile.Path)
|
||||
if !messages.HasErrors() {
|
||||
status := model.TorrentStatusNormal
|
||||
if upload.Remake { // overrides trusted
|
||||
status = model.TorrentStatusRemake
|
||||
} else if user.IsTrusted() {
|
||||
status = model.TorrentStatusTrusted
|
||||
}
|
||||
err = torrentService.ExistOrDelete(upload.Infohash, user)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
messages.ImportFromError("errors", err)
|
||||
}
|
||||
if !messages.HasErrors() {
|
||||
torrent := model.Torrent{
|
||||
Name: upload.Name,
|
||||
Category: upload.CategoryID,
|
||||
SubCategory: upload.SubCategoryID,
|
||||
Status: status,
|
||||
Hidden: upload.Hidden,
|
||||
Hash: upload.Infohash,
|
||||
Date: time.Now(),
|
||||
Filesize: upload.Filesize,
|
||||
Description: upload.Description,
|
||||
WebsiteLink: upload.WebsiteLink,
|
||||
UploaderID: user.ID}
|
||||
torrent.ParseTrackers(upload.Trackers)
|
||||
db.ORM.Create(&torrent)
|
||||
|
||||
if db.ElasticSearchClient != nil {
|
||||
err := torrent.AddToESIndex(db.ElasticSearchClient)
|
||||
if err == nil {
|
||||
log.Infof("Successfully added torrent to ES index.")
|
||||
} else {
|
||||
log.Errorf("Unable to add torrent to ES index: %s", err)
|
||||
}
|
||||
} else {
|
||||
log.Errorf("Unable to create elasticsearch client: %s", err)
|
||||
}
|
||||
messages.AddInfoT("infos", "torrent_uploaded")
|
||||
torrentService.NewTorrentEvent(Router, user, &torrent)
|
||||
// add filelist to files db, if we have one
|
||||
if len(upload.FileList) > 0 {
|
||||
for _, uploadedFile := range upload.FileList {
|
||||
file := model.File{TorrentID: torrent.ID, Filesize: upload.Filesize}
|
||||
err := file.SetPath(uploadedFile.Path)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
db.ORM.Create(&file)
|
||||
}
|
||||
}
|
||||
apiResponseHandler(w, r, torrent.ToJSON())
|
||||
return
|
||||
}
|
||||
db.ORM.Create(&file)
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
apiResponseHandler(w, r)
|
||||
}
|
||||
|
||||
// APIUpdateHandler : Controller for updating a torrent with api
|
||||
// FIXME Impossible to update a torrent uploaded by user 0
|
||||
func APIUpdateHandler(w http.ResponseWriter, r *http.Request) {
|
||||
token := r.Header.Get("Authorization")
|
||||
user, _, _, err := userService.RetrieveUserByAPIToken(token)
|
||||
username := r.FormValue("username")
|
||||
user, _, _, _, err := userService.RetrieveUserByAPITokenAndName(token, username)
|
||||
defer r.Body.Close()
|
||||
messages := msg.GetMessages(r)
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, "Error API token doesn't exist", http.StatusBadRequest)
|
||||
return
|
||||
messages.AddError("errors", "Error API token doesn't exist")
|
||||
}
|
||||
|
||||
if !uploadService.IsUploadEnabled(user) {
|
||||
http.Error(w, "Error uploads are disabled", http.StatusBadRequest)
|
||||
return
|
||||
messages.AddError("errors", "Error uploads are disabled")
|
||||
}
|
||||
|
||||
if user.ID == 0 {
|
||||
http.Error(w, apiService.ErrAPIKey.Error(), http.StatusForbidden)
|
||||
return
|
||||
messages.ImportFromError("errors", apiService.ErrAPIKey)
|
||||
}
|
||||
contentType := r.Header.Get("Content-Type")
|
||||
if contentType != "application/json" && !strings.HasPrefix(contentType, "multipart/form-data") && r.Header.Get("Content-Type") != "application/x-www-form-urlencoded" {
|
||||
// TODO What should we do here ? upload is empty so we shouldn't
|
||||
// create a torrent from it
|
||||
http.Error(w, errors.New("Please provide either of Content-Type: application/json header or multipart/form-data").Error(), http.StatusInternalServerError)
|
||||
return
|
||||
messages.AddError("errors", "Please provide either of Content-Type: application/json header or multipart/form-data")
|
||||
}
|
||||
update := apiService.UpdateRequest{}
|
||||
err = update.Update.ExtractEditInfo(r)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
messages.ImportFromError("errors", err)
|
||||
}
|
||||
torrent := model.Torrent{}
|
||||
db.ORM.Where("torrent_id = ?", r.FormValue("id")).First(&torrent)
|
||||
if torrent.ID == 0 {
|
||||
http.Error(w, apiService.ErrTorrentID.Error(), http.StatusBadRequest)
|
||||
return
|
||||
if !messages.HasErrors() {
|
||||
torrent := model.Torrent{}
|
||||
db.ORM.Where("torrent_id = ?", r.FormValue("id")).First(&torrent)
|
||||
if torrent.ID == 0 {
|
||||
messages.ImportFromError("errors", apiService.ErrTorrentID)
|
||||
}
|
||||
if torrent.UploaderID != 0 && torrent.UploaderID != user.ID { //&& user.Status != mod
|
||||
messages.ImportFromError("errors", apiService.ErrRights)
|
||||
}
|
||||
update.UpdateTorrent(&torrent, user)
|
||||
torrentService.UpdateTorrent(torrent)
|
||||
}
|
||||
if torrent.UploaderID != 0 && torrent.UploaderID != user.ID { //&& user.Status != mod
|
||||
http.Error(w, apiService.ErrRights.Error(), http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
update.UpdateTorrent(&torrent, user)
|
||||
torrentService.UpdateTorrent(torrent)
|
||||
apiResponseHandler(w, r)
|
||||
}
|
||||
|
||||
// APISearchHandler : Controller for searching with api
|
||||
|
|
@ -309,3 +310,112 @@ func APISearchHandler(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
}
|
||||
|
||||
// APILoginHandler : Login with API
|
||||
// This is not an OAuth api like and shouldn't be used for anything except getting the API Token in order to not store a password
|
||||
func APILoginHandler(w http.ResponseWriter, r *http.Request) {
|
||||
b := form.LoginForm{}
|
||||
messages := msg.GetMessages(r)
|
||||
contentType := r.Header.Get("Content-type")
|
||||
if !strings.HasPrefix(contentType, "application/json") && !strings.HasPrefix(contentType, "multipart/form-data") && !strings.HasPrefix(contentType, "application/x-www-form-urlencoded") {
|
||||
// TODO What should we do here ? upload is empty so we shouldn't
|
||||
// create a torrent from it
|
||||
messages.AddError("errors", "Please provide either of Content-Type: application/json header or multipart/form-data")
|
||||
}
|
||||
if strings.HasPrefix(contentType, "multipart/form-data") || strings.HasPrefix(contentType, "application/x-www-form-urlencoded") {
|
||||
modelHelper.BindValueForm(&b, r)
|
||||
} else {
|
||||
decoder := json.NewDecoder(r.Body)
|
||||
err := decoder.Decode(&b)
|
||||
if err != nil {
|
||||
messages.ImportFromError("errors", err)
|
||||
}
|
||||
}
|
||||
defer r.Body.Close()
|
||||
|
||||
modelHelper.ValidateForm(&b, messages)
|
||||
if !messages.HasErrors() {
|
||||
user, _, errorUser := userService.CreateUserAuthenticationAPI(r, &b)
|
||||
if errorUser == nil {
|
||||
messages.AddInfo("infos", "Logged")
|
||||
apiResponseHandler(w, r, user.ToJSON())
|
||||
return
|
||||
}
|
||||
messages.ImportFromError("errors", errorUser)
|
||||
}
|
||||
apiResponseHandler(w, r)
|
||||
}
|
||||
|
||||
// APIRefreshTokenHandler : Refresh Token with API
|
||||
func APIRefreshTokenHandler(w http.ResponseWriter, r *http.Request) {
|
||||
token := r.Header.Get("Authorization")
|
||||
username := r.FormValue("username")
|
||||
user, _, _, _, err := userService.RetrieveUserByAPITokenAndName(token, username)
|
||||
defer r.Body.Close()
|
||||
messages := msg.GetMessages(r)
|
||||
if err != nil {
|
||||
messages.AddError("errors", "Error API token doesn't exist")
|
||||
}
|
||||
if !messages.HasErrors() {
|
||||
user.APIToken, _ = crypto.GenerateRandomToken32()
|
||||
user.APITokenExpiry = time.Unix(0, 0)
|
||||
_, errorUser := userService.UpdateRawUser(user)
|
||||
if errorUser == nil {
|
||||
messages.AddInfoT("infos", "profile_updated")
|
||||
apiResponseHandler(w, r, user.ToJSON())
|
||||
return
|
||||
}
|
||||
messages.ImportFromError("errors", errorUser)
|
||||
}
|
||||
apiResponseHandler(w, r)
|
||||
}
|
||||
|
||||
// APICheckTokenHandler : Check Token with API
|
||||
func APICheckTokenHandler(w http.ResponseWriter, r *http.Request) {
|
||||
token := r.Header.Get("Authorization")
|
||||
username := r.FormValue("username")
|
||||
user, _, _, _, err := userService.RetrieveUserByAPITokenAndName(token, username)
|
||||
defer r.Body.Close()
|
||||
messages := msg.GetMessages(r)
|
||||
if err != nil {
|
||||
messages.AddError("errors", "Error API token doesn't exist")
|
||||
} else {
|
||||
messages.AddInfo("infos", "Logged")
|
||||
}
|
||||
apiResponseHandler(w, r, user.ToJSON())
|
||||
}
|
||||
|
||||
// This function is the global response for every simple Post Request API
|
||||
// Please use it. Responses are of the type:
|
||||
// {ok: bool, [errors | infos]: ArrayOfString [, data: ArrayOfObjects, all_errors: ArrayOfObjects]}
|
||||
// To send errors or infos, you just need to use the Messages Util
|
||||
func apiResponseHandler(w http.ResponseWriter, r *http.Request, obj ...interface{}) {
|
||||
messages := msg.GetMessages(r)
|
||||
var apiJSON []byte
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
if !messages.HasErrors() {
|
||||
mapOk := map[string]interface{}{"ok": true, "infos": messages.GetInfos("infos")}
|
||||
if len(obj) > 0 {
|
||||
mapOk["data"] = obj
|
||||
if len(obj) == 1 {
|
||||
mapOk["data"] = obj[0]
|
||||
}
|
||||
}
|
||||
apiJSON, _ = json.Marshal(mapOk)
|
||||
} else { // We need to show error messages
|
||||
mapNotOk := map[string]interface{}{"ok": false, "errors": messages.GetErrors("errors"), "all_errors": messages.GetAllErrors()}
|
||||
if len(obj) > 0 {
|
||||
mapNotOk["data"] = obj
|
||||
if len(obj) == 1 {
|
||||
mapNotOk["data"] = obj[0]
|
||||
}
|
||||
}
|
||||
if len(messages.GetAllErrors()) > 0 && len(messages.GetErrors("errors")) == 0 {
|
||||
mapNotOk["errors"] = "errors"
|
||||
}
|
||||
apiJSON, _ = json.Marshal(mapNotOk)
|
||||
}
|
||||
|
||||
w.Write(apiJSON)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -96,6 +96,9 @@ func init() {
|
|||
api.Handle("/view/{id}", wrapHandler(gzipAPIViewHandler)).Methods("GET")
|
||||
api.HandleFunc("/view/{id}", APIViewHeadHandler).Methods("HEAD")
|
||||
api.HandleFunc("/upload", APIUploadHandler).Methods("POST")
|
||||
api.HandleFunc("/login", APILoginHandler).Methods("POST")
|
||||
api.HandleFunc("/token/check", APICheckTokenHandler).Methods("GET")
|
||||
api.HandleFunc("/token/refresh", APIRefreshTokenHandler).Methods("GET")
|
||||
api.HandleFunc("/search", APISearchHandler)
|
||||
api.HandleFunc("/search/{page}", APISearchHandler)
|
||||
api.HandleFunc("/update", APIUpdateHandler).Methods("PUT")
|
||||
|
|
@ -145,7 +148,7 @@ func init() {
|
|||
Router.NotFoundHandler = http.HandlerFunc(NotFoundHandler)
|
||||
|
||||
CSRFRouter = nosurf.New(Router)
|
||||
CSRFRouter.ExemptPath("/api")
|
||||
CSRFRouter.ExemptRegexp("/api(?:/.+)*")
|
||||
CSRFRouter.ExemptPath("/mod")
|
||||
CSRFRouter.ExemptPath("/upload")
|
||||
CSRFRouter.ExemptPath("/user/login")
|
||||
|
|
|
|||
|
|
@ -11,12 +11,10 @@ import (
|
|||
"github.com/NyaaPantsu/nyaa/db"
|
||||
"github.com/NyaaPantsu/nyaa/model"
|
||||
formStruct "github.com/NyaaPantsu/nyaa/service/user/form"
|
||||
msg "github.com/NyaaPantsu/nyaa/util/messages"
|
||||
"github.com/NyaaPantsu/nyaa/util/modelHelper"
|
||||
"github.com/NyaaPantsu/nyaa/util/timeHelper"
|
||||
"github.com/gorilla/context"
|
||||
"github.com/gorilla/securecookie"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -81,36 +79,7 @@ func ClearCookie(w http.ResponseWriter) (int, error) {
|
|||
}
|
||||
|
||||
// SetCookieHandler sets the authentication cookie
|
||||
func SetCookieHandler(w http.ResponseWriter, r *http.Request, email string, pass string) (int, error) {
|
||||
if email == "" || pass == "" {
|
||||
return http.StatusNotFound, errors.New("No username/password entered")
|
||||
}
|
||||
|
||||
var user model.User
|
||||
messages := msg.GetMessages(r)
|
||||
// search by email or username
|
||||
isValidEmail := formStruct.EmailValidation(email, messages)
|
||||
messages.ClearErrors("email") // We need to clear the error added on messages
|
||||
if isValidEmail {
|
||||
if db.ORM.Where("email = ?", email).First(&user).RecordNotFound() {
|
||||
return http.StatusNotFound, errors.New("User not found")
|
||||
}
|
||||
} else {
|
||||
if db.ORM.Where("username = ?", email).First(&user).RecordNotFound() {
|
||||
return http.StatusNotFound, errors.New("User not found")
|
||||
}
|
||||
}
|
||||
err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pass))
|
||||
if err != nil {
|
||||
return http.StatusUnauthorized, errors.New("Password incorrect")
|
||||
}
|
||||
if user.IsBanned() {
|
||||
return http.StatusUnauthorized, errors.New("Account banned")
|
||||
}
|
||||
if user.IsScraped() {
|
||||
return http.StatusUnauthorized, errors.New("Account need activation from Moderators, please contact us")
|
||||
}
|
||||
|
||||
func SetCookieHandler(w http.ResponseWriter, r *http.Request, user model.User) (int, error) {
|
||||
maxAge := getMaxAge()
|
||||
validUntil := timeHelper.FewDurationLater(time.Duration(maxAge) * time.Second)
|
||||
encoded, err := EncodeCookie(user.ID, validUntil)
|
||||
|
|
@ -136,7 +105,11 @@ func SetCookieHandler(w http.ResponseWriter, r *http.Request, email string, pass
|
|||
func RegisterHanderFromForm(w http.ResponseWriter, r *http.Request, registrationForm formStruct.RegistrationForm) (int, error) {
|
||||
username := registrationForm.Username // email isn't set at this point
|
||||
pass := registrationForm.Password
|
||||
return SetCookieHandler(w, r, username, pass)
|
||||
user, status, err := checkAuth(r, username, pass)
|
||||
if err != nil {
|
||||
return status, err
|
||||
}
|
||||
return SetCookieHandler(w, r, user)
|
||||
}
|
||||
|
||||
// RegisterHandler sets a cookie when user registered.
|
||||
|
|
|
|||
|
|
@ -56,8 +56,8 @@ type RegistrationForm struct {
|
|||
|
||||
// LoginForm is used when a user logs in.
|
||||
type LoginForm struct {
|
||||
Username string `form:"username" needed:"true"`
|
||||
Password string `form:"password" needed:"true"`
|
||||
Username string `form:"username" needed:"true" json:"username"`
|
||||
Password string `form:"password" needed:"true" json:"password"`
|
||||
}
|
||||
|
||||
// UserForm is used when updating a user.
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import (
|
|||
"github.com/NyaaPantsu/nyaa/service/user/permission"
|
||||
"github.com/NyaaPantsu/nyaa/util/crypto"
|
||||
"github.com/NyaaPantsu/nyaa/util/log"
|
||||
msg "github.com/NyaaPantsu/nyaa/util/messages"
|
||||
"github.com/NyaaPantsu/nyaa/util/modelHelper"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
|
@ -286,6 +287,15 @@ func RetrieveUserByAPIToken(apiToken string) (*model.User, string, int, error) {
|
|||
return &user, apiToken, http.StatusOK, nil
|
||||
}
|
||||
|
||||
// RetrieveUserByAPIToken retrieves a user by an API token
|
||||
func RetrieveUserByAPITokenAndName(apiToken string, username string) (*model.User, string, string, int, error) {
|
||||
var user model.User
|
||||
if db.ORM.Unscoped().Where("api_token = ? AND username = ?", apiToken, username).First(&user).RecordNotFound() {
|
||||
return &user, apiToken, username, http.StatusNotFound, errors.New("user not found")
|
||||
}
|
||||
return &user, apiToken, username, http.StatusOK, nil
|
||||
}
|
||||
|
||||
// RetrieveUsersByEmail retrieves users by an email
|
||||
func RetrieveUsersByEmail(email string) []*model.User {
|
||||
var users []*model.User
|
||||
|
|
@ -359,10 +369,52 @@ func GetFollowers(user *model.User) *model.User {
|
|||
func CreateUserAuthentication(w http.ResponseWriter, r *http.Request) (int, error) {
|
||||
var form formStruct.LoginForm
|
||||
modelHelper.BindValueForm(&form, r)
|
||||
user, status, err := CreateUserAuthenticationAPI(r, &form)
|
||||
if err != nil {
|
||||
return status, err
|
||||
}
|
||||
status, err = SetCookieHandler(w, r, user)
|
||||
return status, err
|
||||
}
|
||||
|
||||
// CreateUserAuthenticationAPI creates user authentication.
|
||||
func CreateUserAuthenticationAPI(r *http.Request, form *formStruct.LoginForm) (model.User, int, error) {
|
||||
username := form.Username
|
||||
pass := form.Password
|
||||
status, err := SetCookieHandler(w, r, username, pass)
|
||||
return status, err
|
||||
user, status, err := checkAuth(r, username, pass)
|
||||
return user, status, err
|
||||
}
|
||||
|
||||
func checkAuth(r *http.Request, email string, pass string) (model.User, int, error) {
|
||||
var user model.User
|
||||
if email == "" || pass == "" {
|
||||
return user, http.StatusNotFound, errors.New("No username/password entered")
|
||||
}
|
||||
|
||||
messages := msg.GetMessages(r)
|
||||
// search by email or username
|
||||
isValidEmail := formStruct.EmailValidation(email, messages)
|
||||
messages.ClearErrors("email") // We need to clear the error added on messages
|
||||
if isValidEmail {
|
||||
if db.ORM.Where("email = ?", email).First(&user).RecordNotFound() {
|
||||
return user, http.StatusNotFound, errors.New("User not found")
|
||||
}
|
||||
} else {
|
||||
if db.ORM.Where("username = ?", email).First(&user).RecordNotFound() {
|
||||
return user, http.StatusNotFound, errors.New("User not found")
|
||||
}
|
||||
}
|
||||
err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pass))
|
||||
if err != nil {
|
||||
return user, http.StatusUnauthorized, errors.New("Password incorrect")
|
||||
}
|
||||
if user.IsBanned() {
|
||||
return user, http.StatusUnauthorized, errors.New("Account banned")
|
||||
}
|
||||
if user.IsScraped() {
|
||||
return user, http.StatusUnauthorized, errors.New("Account need activation from Moderators, please contact us")
|
||||
}
|
||||
return user, http.StatusOK, nil
|
||||
}
|
||||
|
||||
// SetFollow : Makes a user follow another
|
||||
|
|
|
|||
|
|
@ -767,6 +767,10 @@
|
|||
"id": "new_torrent_uploaded",
|
||||
"translation": "New torrent: \"%s\" from %s"
|
||||
},
|
||||
{
|
||||
"id": "torrent_uploaded",
|
||||
"translation": "torrent uploaded successfully!"
|
||||
},
|
||||
{
|
||||
"id": "preferences",
|
||||
"translation": "Preferences"
|
||||
|
|
|
|||
Référencer dans un nouveau ticket