// Session attaches session to gin context
func Session(store *sessions.CookieStore) gin.HandlerFunc {
return func(c *gin.Context) {
session, err := store.Get(c.Request, utils.ConfigEntry("SessionName"))
if err != nil {
tracelog.CompletedError(err, "Session", "Getting the session")
c.Error(err, "Failed to create session")
c.AbortWithStatus(500)
}
c.Set("session", session)
defer context.Clear(c.Request)
}
}
// Update udpates the user
func (uc *User) Update(c *gin.Context) {
var u Update
// Bind params
c.Bind(&u)
// Set user data
uc.UM.UserData.Email = u.Email
uc.UM.UserData.FirstName = u.FirstName
uc.UM.UserData.LastName = u.LastName
uc.UM.UserData.Hash = utils.ComputeHmac256(u.Password, utils.ConfigEntry("Salt"))
// Update user
err := uc.UM.Update()
if err != nil {
tracelog.CompletedError(err, "NewUser", "uc.UM.Update")
c.JSON(500, gin.H{"message": "Something went wrong.", "status": 500})
return
}
c.JSON(200, gin.H{"message": "User updated successfully.", "status": 200})
}
// Register registers the user
func (uc *User) Register(c *gin.Context) {
var r Register
// Bind params
c.Bind(&r)
// Set user data
uc.UM.UserData.Email = r.Email
uc.UM.UserData.Username = r.Username
uc.UM.UserData.FirstName = r.FirstName
uc.UM.UserData.LastName = r.LastName
uc.UM.UserData.Hash = utils.ComputeHmac256(r.Password, utils.ConfigEntry("Salt"))
uc.UM.UserData.AccessLevel = 10 // Figure out how to set this properly
uc.UM.UserData.Joined = time.Now().Local()
// Create user
id, err := uc.UM.Create()
if err != nil {
tracelog.CompletedError(err, "NewUser", "uc.UM.Save")
c.JSON(500, gin.H{"message": "Something went wrong.", "status": 500})
return
}
if id == 0 {
c.JSON(409, gin.H{"message": "Duplicate entry.", "status": 409})
return
}
// Set user ID to last inserted ID
uc.UM.UserData.Id = strconv.FormatInt(id, 10)
// Set session
err = uc.setSession(c)
if err != nil {
tracelog.CompletedError(err, "NewUser", "uc.setSession")
c.JSON(500, gin.H{"message": "Something went wrong.", "status": 500})
return
}
c.JSON(200, gin.H{"message": "Registered successfully.", "status": 200})
}
// Login logs the user in
func (uc *User) Login(c *gin.Context) {
var g Login
// Bind params
c.Bind(&g)
// Check if user exists and get User instance if it does
user, err := uc.UM.User("email", g.Username)
if err != nil {
// Mybe the user provided the username instead of email
user, err = uc.UM.User("username", g.Username)
if user != nil {
tracelog.CompletedError(err, "NewUser", "uc.UM.NewUser")
c.JSON(401, gin.H{"message": "Invalid Username.", "status": 401})
return
}
}
// Compare hashes
hash := utils.ComputeHmac256(g.Password, utils.ConfigEntry("Salt"))
if hash != user.UserData.Hash {
tracelog.CompletedError(err, "NewUser", "Hashes comparison")
c.JSON(401, gin.H{"message": "Invalid password.", "status": 401})
return
}
// Set session
uc.UM.UserData = user.UserData
err = uc.setSession(c)
if err != nil {
tracelog.CompletedError(err, "NewUser", "uc.setSession")
c.JSON(500, gin.H{"message": "Something went wrong.", "status": 500})
return
}
c.JSON(200, gin.H{"message": "Logged in successfully.", "status": 200})
}
// Main go routine
func main() {
// Start logger
tracelog.StartFile(1, utils.ConfigEntry("LogDir"), 1)
// Get new cookie store
store := sessions.NewCookieStore([]byte(utils.ConfigEntry("SecretKey")))
store.Options = &sessions.Options{
Path: "/",
MaxAge: 3600,
HttpOnly: true,
}
// Create DB connection
dbHandle := utils.DbHandle()
// Close DB
defer dbHandle.Close()
// Init Models
sm := &models.Song{DbHandle: dbHandle}
nm := &models.Nonce{DbHandle: dbHandle}
um := models.NewUser(dbHandle)
// Init Controllers
sc := &controllers.Song{SM: sm}
nc := &controllers.Nonce{NM: nm}
vc := &controllers.View{Store: store}
uc := &controllers.User{UM: um, Store: store}
// Init Gin
mux := gin.Default()
// Load templates
mux.LoadHTMLGlob("app/views/*")
// Serve static files
mux.Static("/public", utils.ConfigEntry("StaticDir"))
// Routes for static pages
static := mux.Group("/")
{
static.GET("/", vc.Index)
static.GET("/about", vc.About)
static.GET("/tos", vc.Tos)
static.GET("/privacy-policy", vc.PrivacyPolicy)
static.GET("/credits", vc.Credits)
}
// Routes that don't need authorization
basic := mux.Group("/api/v1")
basic.Use(middlewares.Session(store))
{
basic.GET("/nonce", nc.Create)
basic.GET("/users/check-username/:username", uc.CheckUsername)
basic.GET("/users/check-email/:email", uc.CheckEmail)
basic.POST("/users/login", uc.Login)
basic.POST("/users/register", uc.Register)
}
// Routes that need authorization
auth := mux.Group("/api/v1")
auth.Use(middlewares.Session(store), middlewares.UserAuth(store), middlewares.Nonce(nm))
{
auth.GET("/songs", sc.Index)
auth.GET("/users/delete/:nonce", uc.ConfirmDelete)
auth.POST("/users/delete", uc.Delete)
auth.POST("/users/update", uc.Update)
auth.POST("/users/logout", uc.Logout)
}
// Listen and serve on 0.0.0.0:8080
mux.Run(":9000")
tracelog.Stop()
}