func unmarshallToken(s session.Store) (t *Token) {
if s.Get(KEY_TOKEN) == nil {
return
}
data := s.Get(KEY_TOKEN).([]byte)
var tk Token
json.Unmarshal(data, &tk)
return &tk
}
// SignedInID returns the id of signed in user.
func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
if !models.HasEngine {
return 0
}
// Check access token.
if IsAPIPath(ctx.Req.URL.Path) {
tokenSHA := ctx.Query("token")
if len(tokenSHA) == 0 {
// Well, check with header again.
auHead := ctx.Req.Header.Get("Authorization")
if len(auHead) > 0 {
auths := strings.Fields(auHead)
if len(auths) == 2 && auths[0] == "token" {
tokenSHA = auths[1]
}
}
}
// Let's see if token is valid.
if len(tokenSHA) > 0 {
t, err := models.GetAccessTokenBySHA(tokenSHA)
if err != nil {
if models.IsErrAccessTokenNotExist(err) {
log.Error(4, "GetAccessTokenBySHA: %v", err)
}
return 0
}
t.Updated = time.Now()
if err = models.UpdateAccessToekn(t); err != nil {
log.Error(4, "UpdateAccessToekn: %v", err)
}
return t.UID
}
}
uid := sess.Get("uid")
if uid == nil {
return 0
}
if id, ok := uid.(int64); ok {
if _, err := models.GetUserByID(id); err != nil {
if !models.IsErrUserNotExist(err) {
log.Error(4, "GetUserById: %v", err)
}
return 0
}
return id
}
return 0
}
func login(ctx *macaron.Context, s session.Store, opt *Options) {
next := extractPath(ctx.Query(KEY_NEXT_PAGE))
if s.Get(KEY_TOKEN) == nil {
// User is not logged in.
if next == "" {
next = AppSubUrl + "/"
}
// println(111, opt.AuthCodeURL(next, "", ""))
ctx.Redirect(opt.AuthCodeURL(next, "", ""))
return
}
// No need to login, redirect to the next page.
ctx.Redirect(next)
}
func handleOAuth2Callback(ctx *macaron.Context, s session.Store, opt *Options) {
next := extractPath(ctx.Query("state"))
code := ctx.Query("code")
t, err := opt.NewTransportFromCode(code)
if err != nil {
// Pass the error message, or allow dev to provide its own
// error handler.
println(err.Error())
ctx.Redirect(PathError)
return
}
// Store the credentials in the session.
val, _ := json.Marshal(t.Token())
s.Set(KEY_TOKEN, val)
ctx.Redirect(next)
}
//----------------------------------------------------------
// POST /api/account/signin/
func ApiSignin(c *macaron.Context, f SigninForm, a token.TokenService, ss session.Store) {
u := &models.Users{}
if !u.CheckSignin(f.Input, f.Password) {
c.JSON(200, comps.NewRestErrResp(-1, "输入正确的帐号或密码"))
return
}
s := NewService()
if err, ok := s.CheckSignin(u); !ok {
c.JSON(200, comps.NewRestErrResp(-1, err))
return
}
// 需要审批
if u.GroupId == models.GroupNotValidated &&
boot.SysSetting.Ra.RegisterValidType == models.RegValidApproval {
c.JSON(200, comps.NewRestRedirectResp("/a/validapproval/"))
return
}
//
u.LastLogin = time.Now()
u.LastIp = c.RemoteAddr()
u.LoginCount = u.LoginCount + 1
if _, ok := models.NewTr().Update(u, "LastLogin", "LastIp", "LoginCount"); !ok {
// todo log
}
CleanCookies(c, ss)
SetSigninCookies(c, u, a, ss)
url := ""
if !u.ValidEmail && boot.SysSetting.Ra.RegisterValidType == models.RegValidEmail {
ss.Set("validemail", u.Email)
url = "/a/validemail/"
} else if u.FirstLogin {
url = "/h/firstlogin/"
} else if f.ReturnUrl != "" {
url = f.ReturnUrl
}
c.JSON(200, comps.NewRestRedirectResp(url))
}
//----------------------------------------------------------
// POST /api/account/signup/
func ApiUserSignup(f SignupForm, c *macaron.Context, cpt *captcha.Captcha,
a token.TokenService, ss session.Store) {
if !a.ValidToken(c.RemoteAddr(), f.CsrfToken) {
c.JSON(200, comps.NewRestErrResp(-1, "非法的跨站请求"))
return
}
if !cpt.VerifyReq(c.Req) {
c.JSON(200, comps.NewRestResp(comps.NewCaptcha(cpt), -1, "请填写正确的验证码"))
return
}
s := NewService()
u, msg, ok := s.Signup(f, c.RemoteAddr())
if !ok {
c.JSON(200, comps.NewRestResp(comps.NewCaptcha(cpt), -1, msg))
return
}
// 如果不需要email验证
if boot.SysSetting.Ra.RegisterValidType == models.RegValidNone ||
u.GroupId != models.GroupNotValidated ||
u.ValidEmail {
SetSigninCookies(c, u, a, ss)
c.JSON(200, comps.NewRestRedirectResp("/h/firstlogin"))
return
}
ss.Set("validemail", u.Email)
if !models.NewValidByEmail(models.NewTr(), u.Id, u.Email) {
c.JSON(200, comps.NewRestErrResp(-1, "内部系统错误"))
return
}
SetSigninCookies(c, u, a, ss)
c.JSON(200, comps.NewRestRedirectResp("/a/validemail/"))
return
}
//----------------------------------------------------------
// 清理Cookie信息
func CleanCookies(c *macaron.Context, ss session.Store) {
c.SetCookie("utoken", "", -60*60)
ss.Release()
}
//----------------------------------------------------------
// 设置Cookie信息
func SetSigninCookies(c *macaron.Context, u *models.Users, a token.TokenService, ss session.Store) {
t, _ := a.GenUserToken(c.RemoteAddr(), u.Id, 24*60, token.TokenUser)
c.SetCookie("utoken", t, 24*60*60) // Name, Value, MaxAge, Path, Domain, Secure, HttpOnly
ss.Set("utoken", t)
}
func Index(ctx *macaron.Context, sess session.Store, r renders.Render) {
ctx.Data["hi"] = "Hello world!"
ctx.Data["username"] = sess.Get("username")
r.HTML(200, "index/index.html", ctx.Data)
}
func logout(ctx *macaron.Context, s session.Store) {
next := extractPath(ctx.Query(KEY_NEXT_PAGE))
s.Delete(KEY_TOKEN)
ctx.Redirect(next)
}
