// LoginUser tries to login a user using given credentials
func LoginUser(sess *sessions.Session, uR *UserRepository, username string, password string) (bool, error) {
err := ValidateLogin(username, password)
// Check if we have the needed values for login
if err != nil {
return false, err
}
// Get the username object that has this username
user := uR.ByUsername(username)
// Check if the username exists
if user.ID == 0 {
return false, errBadCredentials
}
// If we have a username, check if passwords are matching
passMatch := hash.CompareWithHash([]byte(user.Password), password)
if passMatch == false {
return false, errBadCredentials
}
// Login successful, clear all session variables and add the user details in session
// Need to thing more of this if it's really necessary
session.Empty(sess)
sess.Values["user_id"] = user.ID
sess.Values["username"] = user.Username
return true, nil
}
//GETDashboardLogout GET admin/logout
func GETDashboardLogout(a *application.App) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
// Get session
sess := session.Instance(r)
// If user is authenticated
if sess.Values["user_id"] != nil {
session.Empty(sess)
sess.Save(r, w)
}
http.Redirect(w, r, "/admin/login", http.StatusFound)
}
}