Exemple #1
0
func (a *AuthMongoDBCtx) LogginUser(id string, remember int) error {
	if !bson.IsObjectIdHex(id) {
		return ErrInvalidId
	}
	oid := bson.ObjectIdHex(id)
	if remember > 0 {
		//use cookie a rememberColl
		r := rememberInfo{}
		r.Id = oid
		r.Exp = time.Now().Add(time.Duration(remember) * time.Second)
		r.Token = base64.URLEncoding.EncodeToString(secure.RandomToken(128))
		http.SetCookie(a.respw, &http.Cookie{
			Name:    a.cookieName,
			Value:   id + "|" + r.Token,
			Expires: r.Exp,
		})
		return a.rememberColl.Insert(&r)
	} else {
		//use session
		s := sessionInfo{}
		s.At = time.Now()
		s.Id = oid
		return a.sess.Set(a.sessionName, s)
	}
	return nil
}
Exemple #2
0
func newSessionEntry(addr, agent string) *sessionEntry {
	s := &sessionEntry{}
	s.Id = base64.URLEncoding.EncodeToString(secure.RandomToken(32))
	s.RemoteAddr = addr
	s.UserAgent = agent
	s.LastActivity = time.Now()
	s.Data = make(map[string]interface{})
	s.FlashData = make(map[string]interface{})
	return s
}
Exemple #3
0
func (a *AuthMongoDBCtx) createUser(email, password string, app bool) (*User, error) {
	if !a.fmtChecker.EmailValidate(email) {
		return nil, ErrInvalidEmail
	}
	if !a.fmtChecker.PasswordValidate(password) {
		return nil, ErrInvalidPassword
	}

	u := &User{}
	u.Email = email
	u.Pwd.InitAt = time.Now()
	u.Pwd.Salt = secure.RandomToken(32)
	a.pwdHash.Write([]byte(password))
	a.pwdHash.Write(u.Pwd.Salt)
	u.Pwd.Hashed = a.pwdHash.Sum(nil)
	a.pwdHash.Reset()

	u.Approved = app
	return u, nil
}
Exemple #4
0
func (a *AuthMongoDBCtx) GetUser() (*User, error) {
	//check for remember cookie
	cookie, err := a.req.Cookie(a.cookieName)
	if err == nil {
		//read and parse cookie
		pos := strings.Index(cookie.Value, "|")
		id := cookie.Value[:pos]
		token := cookie.Value[pos+1:]
		if bson.IsObjectIdHex(id) {
			r := rememberInfo{}
			oid := bson.ObjectIdHex(id)
			//validate
			err = a.rememberColl.FindId(oid).One(&r)
			if err == nil {
				if token == r.Token {
					if r.Exp.Before(time.Now()) {
						//delete expried auth
						goto DelCookie
					}
					user := User{}
					err = a.userColl.FindId(oid).One(&user)
					if err == nil {
						//re-generate token
						token = base64.URLEncoding.EncodeToString(secure.RandomToken(128))
						http.SetCookie(a.respw, &http.Cookie{
							Name:    a.cookieName,
							Value:   id + "|" + token,
							Expires: r.Exp,
						})
						err = a.rememberColl.UpdateId(oid, bson.M{
							"$set": bson.M{"token": token},
						})
						if err == nil {
							return &user, nil
						}
					}
				}
			}
			a.rememberColl.RemoveId(oid)
		}
	DelCookie:
		http.SetCookie(a.respw, &http.Cookie{
			Name:   a.cookieName,
			MaxAge: -1,
		})
	}
	//check for session
	mapinf, ok := a.sess.Get(a.sessionName).(map[string]interface{})
	if ok {
		var inf sessionInfo
		inf.Id = mapinf["_id"].(bson.ObjectId)
		inf.At = mapinf["at"].(time.Time)
		if inf.At.Add(a.threshold).After(time.Now()) {
			user := User{}
			err = a.userColl.FindId(inf.Id).One(&user)
			if err == nil {
				return &user, nil
			}
		} else {
			a.sess.Delete(a.sessionName)
		}
	}
	//not logged-in
	return nil, errors.New("auth: not logged-in")
}