sp
4 лет назад
1 измененных файлов: 36 добавлений и 40 удалений
+ 36
- 40
apiV1login.go
Просмотреть файл
| @@ -1,27 +1,24 @@ | |||
| package main | |||
| import ( | |||
| "biukop/sfm/loan" | |||
| "biukop.com/sfm/loan" | |||
| "database/sql" | |||
| "encoding/json" | |||
| log "github.com/sirupsen/logrus" | |||
| "net/http" | |||
| "time" | |||
| ) | |||
| type login struct { | |||
| user string | |||
| pass string | |||
| buser string //admin | |||
| bpass string //always_correct_md5 => YWRtaW46YWx3YXlzX2NvcnJlY3RfbWQ1 | |||
| token string | |||
| ts time.Time | |||
| type loginForm struct { | |||
| Login string `json:"u"` | |||
| Pass string `json:"p"` | |||
| } | |||
| func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) { | |||
| res := apiV1ResponseBlank() | |||
| l := login{} | |||
| e := l.initRequest(r) | |||
| l := loginForm{} | |||
| e := l.getFromClient(r) | |||
| if e != nil { | |||
| log.Warn("Failed login - cannot analyze request " + e.Error()) | |||
| res.add("login", false) | |||
| @@ -30,8 +27,8 @@ func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) { | |||
| return | |||
| } | |||
| trial := loan.Session{} | |||
| u, e := trial.Login(l.user, l.pass) | |||
| //try login | |||
| _, e = ss.Login(l.Login, l.Pass) | |||
| if e == sql.ErrNoRows { //not found | |||
| log.Warnf("Failed login - user not found %+v, error=%s", l, e.Error()) | |||
| res.add("login", false) | |||
| @@ -44,46 +41,45 @@ func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) { | |||
| res.add("reason", "either user name or password is not right") | |||
| res.sendJson(w) | |||
| return | |||
| } | |||
| //log in user | |||
| if u.Id == ss.User { | |||
| e = ss.LogInUser(u.Id) | |||
| if e != nil { | |||
| log.Error("Cannot Load authenticated user:", u.Id) | |||
| apiV1Server500Error(w, r) | |||
| return | |||
| } | |||
| } else if !ss.IsEmpty() { | |||
| ss.InitForUser(u.Id, time.Now().Add(loan.DefaultSessionDuration)) | |||
| } else { | |||
| ss.InitForUser(u.Id, time.Now().Add(loan.DefaultSessionDuration)) | |||
| //Audit user login, in db | |||
| log.Info("successful login ", l.Login) | |||
| } | |||
| //enforce machine id | |||
| ss.Add("mid", apiV1GetMachineId(r)) | |||
| res.add("auth", ss.Token) | |||
| res.add("session_id", ss.Id) | |||
| res.add("session_expire", ss.ExpireStr()) | |||
| res.add("session_expire_human", ss.Expire.Format(time.RFC1123Z)) | |||
| res.add("session_user", ss.User) | |||
| res.add("buser", ss.User) | |||
| res.add("bpass", ss.CheckSum()) | |||
| res.add("mid", ss.Get("mid")) | |||
| //format response | |||
| res.add("login", true) | |||
| res.add("Biukop-Session", ss.Id) | |||
| res.add("Biukop-Mid", ss.Get("Biukop-Mid")) | |||
| res.add("sessionExpire", ss.ExpireStr()) | |||
| res.add("sessionExpireHuman", ss.Expire.Format(time.RFC1123Z)) | |||
| if config.Debug { | |||
| u, e := ss.GetUser() | |||
| if e == nil { | |||
| res.Env.Body["debug_session_user"] = u | |||
| } else { | |||
| log.Warn("cannot read user for session ", ss) | |||
| res.Env.Body["debug_session_user_error"] = e.Error() | |||
| } | |||
| } | |||
| //send out | |||
| apiV1AddTrackingCookie(w, r, ss) | |||
| apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies | |||
| res.sendJson(w) | |||
| } | |||
| func (m *login) initRequest(r *http.Request) (e error) { | |||
| e = r.ParseForm() | |||
| func (m *loginForm) getFromClient(r *http.Request) (e error) { | |||
| e = apiV1DecodeRequestBody(m, r) | |||
| if e != nil { | |||
| log.Error(e) | |||
| return | |||
| } | |||
| return | |||
| } | |||
| m.user = r.PostForm.Get("u") | |||
| m.pass = r.PostForm.Get("p") | |||
| m.buser, m.bpass, _ = r.BasicAuth() | |||
| func apiV1DecodeRequestBody(bb interface{}, r *http.Request) (e error) { | |||
| decoder := json.NewDecoder(r.Body) | |||
| decoder.DisallowUnknownFields() | |||
| e = decoder.Decode(bb) | |||
| return | |||
| } | |||
Загрузка…