Esempio n. 1
0
/// Authorize make sure the incoming user is allowed to be here.
func Authorize() gin.HandlerFunc {
	return func(c *gin.Context) {
		var t struct {
			Token string `form:"token" json:"token" binding:"required"`
		}
		t.Token = c.Request.Header.Get("Authorization")
		// fmt.Printf("request headers are %v", c.Request.Header)
		// if c.Copy().BindJSON(&t) != nil {
		// 	respondWithError(http.StatusForbidden, "Forbidden.", c)
		// 	return
		//
		// }

		if t.Token == "" {
			respondWithError(http.StatusForbidden, "Forbidden..", c)
			return
		}

		session, err := GlobalSessions.SessionStart(c.Writer, c.Request)

		if err != nil {
			fmt.Println("Failed to get session: ", err)
			respondWithError(http.StatusForbidden, "Forbidden...", c)
			return
		}
		defer session.SessionRelease(c.Writer)

		if t.Token != session.Get("token") {
			fmt.Printf("The incoming token %v does not match session token %v\n", t.Token, session.Get("token"))
			respondWithError(http.StatusForbidden, "Forbidden...", c)
			return
		}

		createTime := session.Get("createTime")
		if createTime == nil {
			createTime = time.Now().Unix()
			session.Set("createTime", createTime)
		} else if (createTime.(int64) + 300) < (time.Now().Unix()) {
			session = GlobalSessions.SessionRegenerateId(c.Writer, c.Request)
			session.Set("createTime", time.Now().Unix())

			defer session.SessionRelease(c.Writer)
			fmt.Println("Recycled session. Email: ", session.Get("email"))
		}
		c.Next()

	}
}
Esempio n. 2
0
// ProcessLogin allow peeps to login
func ProcessLogin(c *gin.Context) {

	var login Login

	if c.BindJSON(&login) == nil {
		pretty.Println(login)

		user, err := models.FindUserByEmail(login.Email)
		if user.ID.Valid() && err == nil {
			goodToGo := false

			goodToGo = ComputeHmac256(login.Password, getSecret(user.Salt)) == user.HashedPassword

			if !goodToGo {
				// if we cannot verify hmac 256 it maybe an old user account using the old style passwords, let us verify and update
				if ComputeSHA1(login.Password, user.Salt) == user.HashedPassword {
					go user.SetPassword(ComputeHmac256(login.Password, getSecret(user.Salt)))
					goodToGo = true
				}
			}

			if goodToGo {
				session, err := GlobalSessions.SessionStart(c.Writer, c.Request)
				defer session.SessionRelease(c.Writer)
				if err != nil {
					fmt.Println("error starting session: ", err)
					c.JSON(http.StatusForbidden, gin.H{"status": "Forbidden"})
					return
				}
				session.Set("createTime", time.Now().Unix())
				session.Set("email", login.Email)
				t := Token()
				session.Set("token", t)
				fmt.Println("set session to ", session.Get("email"), session.Get("token"), session.SessionID())
				fmt.Println(user)
				if user.Customers == nil {
					customer, err := models.FindCustomerByName("eStratEx")
					if err != nil {
						fmt.Println("Error getting customer", err)
					} else {
						user.Customers = append(user.Customers, customer.ID)
						go func() {
							user.Update()
						}()

					}
				}
				c.JSON(http.StatusOK, gin.H{"status": "OK", "token": t, "createTime": session.Get("createTime")})

				return

			}
			c.JSON(http.StatusForbidden, gin.H{"status": "Forbidden"})
		} else {
			c.JSON(http.StatusNotFound, gin.H{"status": "Not Found"})

		}

	} else {
		c.JSON(http.StatusNotFound, gin.H{"status": "Not Found"})
	}
}