func (api *Api) LoginUser(w rest.ResponseWriter, r *rest.Request) {
user := common.User{}
r.DecodeJsonPayload(&user)
if strings.TrimSpace(user.Name) == "" {
rest.Error(w, "Username is empty", 400)
return
}
if strings.TrimSpace(user.Password) == "" {
rest.Error(w, "Password is empty", 400)
return
}
dbUser := common.User{}
if api.DB.Where("name = ?", user.Name).First(&dbUser).RecordNotFound() {
rest.Error(w, "User not found", 400)
return
}
if dbUser.Password != hex.EncodeToString(api.GetPasswordHash(user.Name, user.Password)) {
rest.Error(w, "Password is wrong", 400)
return
}
buf := make([]byte, api.Config.SessionKeyLength)
if _, err := rand.Read(buf); err != nil {
rest.Error(w, "Failed to generate session key", 500)
return
}
token := hex.EncodeToString(buf)
session := common.Session{
Token: token,
Expires: time.Now().AddDate(0, 0, api.Config.SessionExpiration),
}
dbUser.Sessions = append(dbUser.Sessions, session)
api.DB.Save(&dbUser)
api.DB.Save(&session)
w.WriteJson(&session)
}
