func UsersCreateHandler(c echo.Context) error {
session := session.NewSession(c)
request_params := session.GetParam("request").(map[string]interface{})
user_params := request_params["user"].(map[string]interface{})
user := model.User{}
user.ApplicationId = bson.ObjectIdHex(session.GetParam("application_id").(string))
email := strings.ToLower(user_params["email"].(string))
if user_params["name"] != nil && user_params["email"] != nil && user_params["facebook_id"] == nil {
user.Name = user_params["name"].(string)
user.Email = email
user.SetPassword(user_params["password"].(string))
} else {
user.Name = user_params["name"].(string)
user.Email = email
user.FacebookId = user_params["facebook_id"].(string)
if user_params["password"] != nil {
user.SetPassword(user_params["password"].(string))
}
}
err := user.Save()
if err {
logger.Error("1105" + user.Id.Hex())
session.SetError(1105)
} else {
user.NewSession()
logger.Error("Registered User: "******"users", []interface{}{user})
}
session.Write()
return nil
}
func Boot() {
// Create Router
r := echo.New()
// Route it!
route(r)
// Setup
r.Use(middleware.CORSWithConfig(middleware.DefaultCORSConfig))
r.Use(middleware.Recover())
// Build port string from config
port := fmt.Sprint(":" + strconv.Itoa(config.SharedConfig.ServerPort))
logger.Info("Starting Server...")
logger.Info("Go to http://127.0.0.1" + port + "/")
if config.SharedConfig.ReusePort {
// Start up the server
listener, err := reuseport.Listen("tcp4", port)
if err == nil {
config := engine.Config{
Address: port,
Listener: listener,
}
r.Run(fasthttp.WithConfig(config))
} else {
logger.Error("Could not listen on 127.0.0.1" + port)
}
} else {
r.Run(fasthttp.New(port))
}
}
func (session *Session) AuthenticateRequest(authorization map[string]interface{}) {
// Set Constants
app := session.GetApplication()
// Check Authorization / Signature / etc
failure := false
// Verify Timestamp
timestamp, _ := authorization["timestamp"].(json.Number).Int64()
if config.SharedConfig.VerifyTimestamp {
current_timestamp := int64(time.Now().Unix())
timestamp_start := current_timestamp - config.SharedConfig.VerifyTimestampRange
timestamp_end := current_timestamp + config.SharedConfig.VerifyTimestampRange
if timestamp < timestamp_start || timestamp > timestamp_end {
failure = true
logger.Error("SAM: Timestamp Invalid")
}
}
// Verify GUID
guid_string := authorization["guid"].(string)
if config.SharedConfig.VerifyGUID {
guid_valid := app.CheckGUID(guid_string)
if !guid_valid {
failure = true
logger.Error("SAM: GUID Invalid")
}
}
// Verify Auth Token
session_id := bson.ObjectIdHex(authorization["session_id"].(string))
auth_session, auth_session_err := app.FindSessionById(session_id)
auth_session_failed := false
if auth_session_err || !auth_session.Valid() {
failure = true
logger.Error("SAM: Token Invalid")
auth_session_failed = true
}
if auth_session_err {
logger.Error("SAM: No Session Found")
}
session.TriggerSession = auth_session.TriggerSession
// Verify Signature
b, _ := json.Marshal(session.GetParam("request"))
b = bytes.Replace(b, []byte("\\u003c"), []byte("<"), -1)
b = bytes.Replace(b, []byte("\\u003e"), []byte(">"), -1)
b = bytes.Replace(b, []byte("\\u0026"), []byte("&"), -1)
requested_uri := string(session.context.Request().URL().Path())
http_method := string(session.context.Request().Method())
request := strconv.FormatInt(timestamp, 10) + guid_string
session.request_string = string(b[:])
request += requested_uri + http_method + session.request_string
if !checkSignature(authorization["signature"].(string), request, auth_session.AuthToken) {
failure = true
logger.Error("SAM: Signature is Invalid")
}
// Return the Verdict
if failure {
logger.Error(request)
logger.Error("SAM: AUTH FAILED")
session.AuthFailed = true
if auth_session_failed {
session.SetError(1102)
} else {
session.SetError(1100)
}
} else {
// Set the User
session.SessionId = auth_session.Id
session.User = auth_session.GetUser()
if session.User.Id == bson.ObjectId("") {
session.AuthFailed = true
session.SetError(1102)
}
}
}
func (session *Session) AuthenticateFileRequest() {
session_id_string := session.GetParam("session_id")
if session_id_string == "" || session_id_string == nil {
session.User = model.User{}
session.User.ApplicationId = session.GetApplication().Id
} else {
// Set Constants
app := session.GetApplication()
// Check Authorization / Signature / etc
failure := false
// Verify Timestamp
timestamp, _ := strconv.ParseInt(session.GetParam("timestamp").(string), 10, 64)
/*
current_timestamp := int64(time.Now().Unix())
timestamp_start := current_timestamp - 60
timestamp_end := current_timestamp + 60
if timestamp < timestamp_start || timestamp > timestamp_end {
failure = true
logger.Error("SAM: Timestamp Invalid")
}
*/
// Verify Auth Token
session_id := bson.ObjectIdHex(session.GetParam("session_id").(string))
auth_session, auth_session_err := app.FindSessionById(session_id)
auth_session_failed := false
if auth_session_err || !auth_session.Valid() {
failure = true
logger.Error("SAM: Token Invalid")
auth_session_failed = true
}
file_id := session.GetParam("file_id").(string)
request := strconv.FormatInt(timestamp, 10) + file_id
if !checkSignature(session.GetParam("signature").(string), request, auth_session.AuthToken) {
failure = true
logger.Error("SAM: Signature is Invalid")
}
if failure {
logger.Error(request)
logger.Error("SAM: AUTH FAILED")
session.AuthFailed = true
if auth_session_failed {
session.SetError(1102)
} else {
session.SetError(1100)
}
} else {
// Set the User
session.SessionId = auth_session.Id
session.User = auth_session.GetUser()
if session.User.Id == bson.ObjectId("") {
session.AuthFailed = true
session.SetError(1102)
}
}
}
}