// POST /api/user/login
func LoginUser(ctx *macaron.Context, as rest.AuthService, cpt *captcha.Captcha) {
var ulr rest.UserLoginReq
ok := getBody(ctx, &ulr)
if !ok {
return
}
if !cpt.Verify(ulr.CaptchaId, ulr.CaptchaValue) {
ctx.JSON(http.StatusBadRequest, rest.INVALID_CAPTCHA)
return
}
// check user whether existed
u := &models.User{}
if err := u.Find(ulr.Email, ulr.Username, ulr.Mobile); err != nil {
ctx.JSON(http.StatusNotFound, rest.INVALID_USER)
return
}
// check user password
if !tkits.CmpPasswd(ulr.Passwd, u.Salt, u.Password) {
ctx.JSON(http.StatusNotFound, rest.INVALID_USER)
return
}
// update ip, time and count for login
cip := ctx.RemoteAddr()
u.LastLoginTime = time.Now()
u.LastLoginIp = cip
u.LoginCount += 1
if _, err := u.Update("LastLoginTime", "LastLoginIp", "LoginCount"); err != nil {
ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR)
return
}
// generate a token
if token, err := as.GenUserToken(cip, u.Id, 15, rest.TokenUser); err != nil {
ctx.JSON(http.StatusInternalServerError, tkits.SYS_ERROR)
return
} else {
rsp := &rest.UserLoginRsp{}
rsp.Uid = u.Id
rsp.Username = u.Username
rsp.Token = token
if ulr.CookieMaxAge == 0 {
ulr.CookieMaxAge = 60 * 60 * 12 //half of one day
}
suid := fmt.Sprintf("%v", u.Id)
ctx.SetCookie("token", token, ulr.CookieMaxAge)
ctx.SetCookie("uid", suid, ulr.CookieMaxAge)
ctx.JSON(http.StatusOK, rsp)
}
}
// POST /api/user/signup
func AddUser(ctx *macaron.Context, as rest.AuthService, cpt *captcha.Captcha) {
var uar rest.UserAddReq
ok := getBody(ctx, &uar)
if !ok {
return
}
log.Debugf("retrive CaptchaId = %s, CaptchaValue= %s", uar.CaptchaId, uar.CaptchaValue)
if !cpt.Verify(uar.CaptchaId, uar.CaptchaValue) {
ctx.JSON(http.StatusBadRequest, rest.INVALID_CAPTCHA)
return
}
valid := validation.Validation{}
valid.Email(uar.Email, "Email")
valid.Match(uar.Username, rest.ValidPasswd,
"Username").Message(rest.UsernamePrompt)
valid.Match(uar.Passwd, rest.ValidPasswd,
"Passwd").Message(rest.PasswdPrompt)
if !validMember(ctx, &valid) {
return
}
// check user whether existed
u := &models.User{}
if err := u.Find(uar.Email, uar.Username, ""); err != orm.ErrNoRows {
ctx.JSON(http.StatusBadRequest, rest.INVALID_SIGNUP)
return
}
// check reserve users
if _, ok := rest.ReserveUsers[uar.Username]; ok {
ctx.JSON(http.StatusBadRequest, rest.INVALID_SIGNUP)
return
}
// generate password mask
pwd, salt := tkits.GenPasswd(uar.Passwd, 8)
u.Salt = salt
u.Password = pwd
u.Updated = time.Now()
u.Username = uar.Username
u.Email = uar.Email
if id, err := u.Insert(); err != nil {
ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR)
return
} else {
u.Id = id
}
// generate a token
if token, err := as.GenUserToken(ctx.RemoteAddr(), u.Id, 15, rest.TokenUser); err != nil {
ctx.JSON(http.StatusInternalServerError, tkits.SYS_ERROR)
return
} else {
rsp := &rest.UserAddRsp{u.Id, u.Username, token}
// set some cookies
if uar.CookieMaxAge == 0 {
uar.CookieMaxAge = 60 * 60 * 12 //half of one day
}
suid := fmt.Sprintf("%v", u.Id)
ctx.SetCookie("token", token, uar.CookieMaxAge)
ctx.SetCookie("uid", suid, uar.CookieMaxAge)
ctx.JSON(http.StatusOK, rsp)
}
}
