Example #1
0
func (api *Api) CreateUser(w rest.ResponseWriter, r *rest.Request) {
	user := common.User{}
	r.DecodeJsonPayload(&user)

	for _, name := range api.Config.ProhibitedNames {
		if user.Name == name {
			rest.Error(w, "Invalid user name", 400)
			return
		}
	}
	if strings.TrimSpace(user.Name) == "" {
		rest.Error(w, "Username is empty", 400)
		return
	}
	if len(strings.TrimSpace(user.Password)) <= api.Config.PasswordMinLength {
		rest.Error(w, "Password is too short", 400)
		return
	}

	if api.DB.Where("name = ?", user.Name).First(&user).RecordNotFound() {
		user.Id = 0
		hash := api.GetPasswordHash(user.Name, user.Password)
		user.Password = hex.EncodeToString(hash)

		api.DB.Save(&user)

		user.Password = ""
		w.WriteJson(user)
		return
	}

	rest.Error(w, "User with the same name already exists", 400)
}
Example #2
0
func CreateUser(name, password string) (*common.User, error) {
	// create user struct
	user := new(common.User)
	user.Name = name
	user.Password = password
	user.PublicKey = ""

	// convert to json
	data, err := json.Marshal(user)
	if err != nil {
		return user, err
	}

	// request to server
	response, err := http.Post("http://localhost:8080/users", "application/json", bytes.NewReader(data))
	if err != nil {
		return user, err
	}
	buf := new(bytes.Buffer)
	buf.ReadFrom(response.Body)
	if response.StatusCode != 200 {
		body := buf.String()
		return user, errors.New(body)
	}

	err = json.Unmarshal(buf.Bytes(), user)
	if err != nil {
		return user, err
	}

	return user, nil
}
Example #3
0
func (api *Api) GetUser(w rest.ResponseWriter, r *rest.Request) {
	name := r.PathParam("name")
	token := r.Header.Get("X-Friend-Session-Token")
	user := common.User{}
	if api.DB.Where("name = ?", name).First(&user).RecordNotFound() {
		rest.Error(w, "User not found", 400)
		return
	}

	user.Password = ""
	if api.AuthenticateUser(name, token) {
		api.DB.Model(&user).Related(&user.Sessions)
	}

	w.WriteJson(&user)
}
Example #4
0
func (api *Api) LoginUser(w rest.ResponseWriter, r *rest.Request) {
	user := common.User{}
	r.DecodeJsonPayload(&user)

	if strings.TrimSpace(user.Name) == "" {
		rest.Error(w, "Username is empty", 400)
		return
	}
	if strings.TrimSpace(user.Password) == "" {
		rest.Error(w, "Password is empty", 400)
		return
	}

	dbUser := common.User{}
	if api.DB.Where("name = ?", user.Name).First(&dbUser).RecordNotFound() {
		rest.Error(w, "User not found", 400)
		return
	}

	if dbUser.Password != hex.EncodeToString(api.GetPasswordHash(user.Name, user.Password)) {
		rest.Error(w, "Password is wrong", 400)
		return
	}

	buf := make([]byte, api.Config.SessionKeyLength)
	if _, err := rand.Read(buf); err != nil {
		rest.Error(w, "Failed to generate session key", 500)
		return
	}
	token := hex.EncodeToString(buf)
	session := common.Session{
		Token:   token,
		Expires: time.Now().AddDate(0, 0, api.Config.SessionExpiration),
	}

	dbUser.Sessions = append(dbUser.Sessions, session)
	api.DB.Save(&dbUser)
	api.DB.Save(&session)
	w.WriteJson(&session)
}