před 4 roky · 0614363e6f
--- a/apiV1login.go
+++ b/apiV1login.go
 package main
 import (
 	"biukop/sfm/loan"
 	"biukop.com/sfm/loan"
 	"database/sql"
 	"encoding/json"
 	log "github.com/sirupsen/logrus"
 	"net/http"
 	"time"
 )
 type login struct {
 	user  string
 	pass  string
 	buser string //admin
 	bpass string //always_correct_md5   => YWRtaW46YWx3YXlzX2NvcnJlY3RfbWQ1
 	token string
 	ts    time.Time
 type loginForm struct {
 	Login string `json:"u"`
 	Pass  string `json:"p"`
 }
 func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
 	res := apiV1ResponseBlank()
 	l := login{}
 	e := l.initRequest(r)
 	l := loginForm{}
 	e := l.getFromClient(r)
 	if e != nil {
 		log.Warn("Failed login - cannot analyze request " + e.Error())
 		res.add("login", false)
 		return
 	}
 	trial := loan.Session{}
 	u, e := trial.Login(l.user, l.pass)
 	//try login
 	_, e = ss.Login(l.Login, l.Pass)
 	if e == sql.ErrNoRows { //not found
 		log.Warnf("Failed login - user not found %+v, error=%s", l, e.Error())
 		res.add("login", false)
 		res.add("reason", "either user name or password is not right")
 		res.sendJson(w)
 		return
 	}
 	//log in user
 	if u.Id == ss.User {
 		e = ss.LogInUser(u.Id)
 		if e != nil {
 			log.Error("Cannot Load authenticated user:", u.Id)
 			apiV1Server500Error(w, r)
 			return
 		}
 	} else if !ss.IsEmpty() {
 		ss.InitForUser(u.Id, time.Now().Add(loan.DefaultSessionDuration))
 	} else {
 		ss.InitForUser(u.Id, time.Now().Add(loan.DefaultSessionDuration))
 		//Audit user login, in db
 		log.Info("successful login ", l.Login)
 	}
 	//enforce machine id
 	ss.Add("mid", apiV1GetMachineId(r))
 	res.add("auth", ss.Token)
 	res.add("session_id", ss.Id)
 	res.add("session_expire", ss.ExpireStr())
 	res.add("session_expire_human", ss.Expire.Format(time.RFC1123Z))
 	res.add("session_user", ss.User)
 	res.add("buser", ss.User)
 	res.add("bpass", ss.CheckSum())
 	res.add("mid", ss.Get("mid"))
 	//format response
 	res.add("login", true)
 	res.add("Biukop-Session", ss.Id)
 	res.add("Biukop-Mid", ss.Get("Biukop-Mid"))
 	res.add("sessionExpire", ss.ExpireStr())
 	res.add("sessionExpireHuman", ss.Expire.Format(time.RFC1123Z))
 	if config.Debug {
 		u, e := ss.GetUser()
 		if e == nil {
 			res.Env.Body["debug_session_user"] = u
 		} else {
 			log.Warn("cannot read user for session ", ss)
 			res.Env.Body["debug_session_user_error"] = e.Error()
 		}
 	}
 	//send out
 	apiV1AddTrackingCookie(w, r, ss)
 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies
 	res.sendJson(w)
 }
 func (m *login) initRequest(r *http.Request) (e error) {
 	e = r.ParseForm()
 func (m *loginForm) getFromClient(r *http.Request) (e error) {
 	e = apiV1DecodeRequestBody(m, r)
 	if e != nil {
 		log.Error(e)
 		return
 	}
 	return
 }
 	m.user = r.PostForm.Get("u")
 	m.pass = r.PostForm.Get("p")
 	m.buser, m.bpass, _ = r.BasicAuth()
 func apiV1DecodeRequestBody(bb interface{}, r *http.Request) (e error) {
 	decoder := json.NewDecoder(r.Body)
 	decoder.DisallowUnknownFields()
 	e = decoder.Decode(bb)
 	return
 }