func (api *Api) CreateUser(w rest.ResponseWriter, r *rest.Request) {
user := common.User{}
r.DecodeJsonPayload(&user)
for _, name := range api.Config.ProhibitedNames {
if user.Name == name {
rest.Error(w, "Invalid user name", 400)
return
}
}
if strings.TrimSpace(user.Name) == "" {
rest.Error(w, "Username is empty", 400)
return
}
if len(strings.TrimSpace(user.Password)) <= api.Config.PasswordMinLength {
rest.Error(w, "Password is too short", 400)
return
}
if api.DB.Where("name = ?", user.Name).First(&user).RecordNotFound() {
user.Id = 0
hash := api.GetPasswordHash(user.Name, user.Password)
user.Password = hex.EncodeToString(hash)
api.DB.Save(&user)
user.Password = ""
w.WriteJson(user)
return
}
rest.Error(w, "User with the same name already exists", 400)
}
func CreateUser(name, password string) (*common.User, error) {
// create user struct
user := new(common.User)
user.Name = name
user.Password = password
user.PublicKey = ""
// convert to json
data, err := json.Marshal(user)
if err != nil {
return user, err
}
// request to server
response, err := http.Post("http://localhost:8080/users", "application/json", bytes.NewReader(data))
if err != nil {
return user, err
}
buf := new(bytes.Buffer)
buf.ReadFrom(response.Body)
if response.StatusCode != 200 {
body := buf.String()
return user, errors.New(body)
}
err = json.Unmarshal(buf.Bytes(), user)
if err != nil {
return user, err
}
return user, nil
}
func (api *Api) GetUser(w rest.ResponseWriter, r *rest.Request) {
name := r.PathParam("name")
token := r.Header.Get("X-Friend-Session-Token")
user := common.User{}
if api.DB.Where("name = ?", name).First(&user).RecordNotFound() {
rest.Error(w, "User not found", 400)
return
}
user.Password = ""
if api.AuthenticateUser(name, token) {
api.DB.Model(&user).Related(&user.Sessions)
}
w.WriteJson(&user)
}
func (api *Api) LoginUser(w rest.ResponseWriter, r *rest.Request) {
user := common.User{}
r.DecodeJsonPayload(&user)
if strings.TrimSpace(user.Name) == "" {
rest.Error(w, "Username is empty", 400)
return
}
if strings.TrimSpace(user.Password) == "" {
rest.Error(w, "Password is empty", 400)
return
}
dbUser := common.User{}
if api.DB.Where("name = ?", user.Name).First(&dbUser).RecordNotFound() {
rest.Error(w, "User not found", 400)
return
}
if dbUser.Password != hex.EncodeToString(api.GetPasswordHash(user.Name, user.Password)) {
rest.Error(w, "Password is wrong", 400)
return
}
buf := make([]byte, api.Config.SessionKeyLength)
if _, err := rand.Read(buf); err != nil {
rest.Error(w, "Failed to generate session key", 500)
return
}
token := hex.EncodeToString(buf)
session := common.Session{
Token: token,
Expires: time.Now().AddDate(0, 0, api.Config.SessionExpiration),
}
dbUser.Sessions = append(dbUser.Sessions, session)
api.DB.Save(&dbUser)
api.DB.Save(&session)
w.WriteJson(&session)
}