c9b72206a5
* Checkpoint: it builds The config, db, model, network, os, and public packages have had some fixes to glaringly obvious flaws, dead code removed, and stylistic changes. * Style changes and old code removal in router Router needs a lot of work done to its (lack of) error handling. * Dead code removal and style changes Now up to util/email/email.go. After I'm finished with the initial sweep I'll go back and fix error handling and security issues. Then I'll fix the broken API. Then I'll go through to add documentation and fix code visibility. * Finish dead code removal and style changes Vendored libraries not touched. Everything still needs security fixes and documentation. There's also one case of broken functionality. * Fix accidental find-and-replace * Style, error checking, saftey, bug fix changes * Redo error checking erased during merge * Re-add merge-erased fix. Make Safe safe.
85 lignes
2,8 Kio
Go
85 lignes
2,8 Kio
Go
package userService
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/ewhal/nyaa/config"
|
|
"github.com/ewhal/nyaa/db"
|
|
"github.com/ewhal/nyaa/model"
|
|
// "github.com/ewhal/nyaa/util/crypto"
|
|
"github.com/ewhal/nyaa/util/email"
|
|
"github.com/ewhal/nyaa/util/timeHelper"
|
|
"github.com/gorilla/securecookie"
|
|
"github.com/nicksnyder/go-i18n/i18n"
|
|
)
|
|
|
|
var verificationHandler = securecookie.New(config.EmailTokenHashKey, nil)
|
|
|
|
// SendEmailVerfication sends an email verification token via email.
|
|
func SendEmailVerification(to string, token string, locale string) error {
|
|
T, err := i18n.Tfunc(locale)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
content := T("link") + " : https://" + config.WebAddress + "/verify/email/" + token
|
|
content_html := T("verify_email_content") + "<br/>" + "<a href=\"https://" + config.WebAddress + "/verify/email/" + token + "\" target=\"_blank\">" + config.WebAddress + "/verify/email/" + token + "</a>"
|
|
return email.SendEmailFromAdmin(to, T("verify_email_title"), content, content_html)
|
|
return nil
|
|
}
|
|
|
|
// SendVerificationToUser sends an email verification token to user.
|
|
func SendVerificationToUser(user model.User) (int, error) {
|
|
validUntil := timeHelper.TwentyFourHoursLater() // TODO: longer duration?
|
|
value := map[string]string{
|
|
"t": strconv.FormatInt(validUntil.Unix(), 10),
|
|
"u": strconv.FormatUint(uint64(user.ID), 10),
|
|
"e": user.Email,
|
|
}
|
|
encoded, err := verificationHandler.Encode("", value)
|
|
if err != nil {
|
|
return http.StatusInternalServerError, err
|
|
}
|
|
err = SendEmailVerification(user.Email, encoded, "en-us")
|
|
if err != nil {
|
|
return http.StatusInternalServerError, err
|
|
}
|
|
return http.StatusOK, nil
|
|
}
|
|
|
|
// SendVerification sends an email verification token.
|
|
func SendVerification(r *http.Request) (int, error) {
|
|
var user model.User
|
|
currentUser, err := CurrentUser(r)
|
|
if err != nil {
|
|
return http.StatusUnauthorized, errors.New("unauthorized")
|
|
}
|
|
if db.ORM.First(&user, currentUser.ID).RecordNotFound() {
|
|
return http.StatusNotFound, errors.New("user not found")
|
|
}
|
|
status, err := SendVerificationToUser(user)
|
|
return status, err
|
|
}
|
|
|
|
// EmailVerification verifies the token used for email verification
|
|
func EmailVerification(token string, w http.ResponseWriter) (int, error) {
|
|
value := make(map[string]string)
|
|
err := verificationHandler.Decode("", token, &value)
|
|
if err != nil {
|
|
fmt.Printf("%+v\n", err)
|
|
return http.StatusForbidden, errors.New("Token is not valid.")
|
|
}
|
|
time_int, _ := strconv.ParseInt(value["t"], 10, 0)
|
|
if timeHelper.IsExpired(time.Unix(time_int, 0)) {
|
|
return http.StatusForbidden, errors.New("Token has expired.")
|
|
}
|
|
var user model.User
|
|
if db.ORM.Where("user_id = ?", value["u"]).First(&user).RecordNotFound() {
|
|
return http.StatusNotFound, errors.New("User is not found.")
|
|
}
|
|
user.Email = value["e"]
|
|
return UpdateUserCore(&user)
|
|
}
|