func (api *Api) LoginUser(w rest.ResponseWriter, r *rest.Request) { user := common.User{} r.DecodeJsonPayload(&user) if strings.TrimSpace(user.Name) == "" { rest.Error(w, "Username is empty", 400) return } if strings.TrimSpace(user.Password) == "" { rest.Error(w, "Password is empty", 400) return } dbUser := common.User{} if api.DB.Where("name = ?", user.Name).First(&dbUser).RecordNotFound() { rest.Error(w, "User not found", 400) return } if dbUser.Password != hex.EncodeToString(api.GetPasswordHash(user.Name, user.Password)) { rest.Error(w, "Password is wrong", 400) return } buf := make([]byte, api.Config.SessionKeyLength) if _, err := rand.Read(buf); err != nil { rest.Error(w, "Failed to generate session key", 500) return } token := hex.EncodeToString(buf) session := common.Session{ Token: token, Expires: time.Now().AddDate(0, 0, api.Config.SessionExpiration), } dbUser.Sessions = append(dbUser.Sessions, session) api.DB.Save(&dbUser) api.DB.Save(&session) w.WriteJson(&session) }