// POST /api/user/login func LoginUser(ctx *macaron.Context, as rest.AuthService, cpt *captcha.Captcha) { var ulr rest.UserLoginReq ok := getBody(ctx, &ulr) if !ok { return } if !cpt.Verify(ulr.CaptchaId, ulr.CaptchaValue) { ctx.JSON(http.StatusBadRequest, rest.INVALID_CAPTCHA) return } // check user whether existed u := &models.User{} if err := u.Find(ulr.Email, ulr.Username, ulr.Mobile); err != nil { ctx.JSON(http.StatusNotFound, rest.INVALID_USER) return } // check user password if !tkits.CmpPasswd(ulr.Passwd, u.Salt, u.Password) { ctx.JSON(http.StatusNotFound, rest.INVALID_USER) return } // update ip, time and count for login cip := ctx.RemoteAddr() u.LastLoginTime = time.Now() u.LastLoginIp = cip u.LoginCount += 1 if _, err := u.Update("LastLoginTime", "LastLoginIp", "LoginCount"); err != nil { ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR) return } // generate a token if token, err := as.GenUserToken(cip, u.Id, 15, rest.TokenUser); err != nil { ctx.JSON(http.StatusInternalServerError, tkits.SYS_ERROR) return } else { rsp := &rest.UserLoginRsp{} rsp.Uid = u.Id rsp.Username = u.Username rsp.Token = token if ulr.CookieMaxAge == 0 { ulr.CookieMaxAge = 60 * 60 * 12 //half of one day } suid := fmt.Sprintf("%v", u.Id) ctx.SetCookie("token", token, ulr.CookieMaxAge) ctx.SetCookie("uid", suid, ulr.CookieMaxAge) ctx.JSON(http.StatusOK, rsp) } }
// POST /api/user/signup func AddUser(ctx *macaron.Context, as rest.AuthService, cpt *captcha.Captcha) { var uar rest.UserAddReq ok := getBody(ctx, &uar) if !ok { return } log.Debugf("retrive CaptchaId = %s, CaptchaValue= %s", uar.CaptchaId, uar.CaptchaValue) if !cpt.Verify(uar.CaptchaId, uar.CaptchaValue) { ctx.JSON(http.StatusBadRequest, rest.INVALID_CAPTCHA) return } valid := validation.Validation{} valid.Email(uar.Email, "Email") valid.Match(uar.Username, rest.ValidPasswd, "Username").Message(rest.UsernamePrompt) valid.Match(uar.Passwd, rest.ValidPasswd, "Passwd").Message(rest.PasswdPrompt) if !validMember(ctx, &valid) { return } // check user whether existed u := &models.User{} if err := u.Find(uar.Email, uar.Username, ""); err != orm.ErrNoRows { ctx.JSON(http.StatusBadRequest, rest.INVALID_SIGNUP) return } // check reserve users if _, ok := rest.ReserveUsers[uar.Username]; ok { ctx.JSON(http.StatusBadRequest, rest.INVALID_SIGNUP) return } // generate password mask pwd, salt := tkits.GenPasswd(uar.Passwd, 8) u.Salt = salt u.Password = pwd u.Updated = time.Now() u.Username = uar.Username u.Email = uar.Email if id, err := u.Insert(); err != nil { ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR) return } else { u.Id = id } // generate a token if token, err := as.GenUserToken(ctx.RemoteAddr(), u.Id, 15, rest.TokenUser); err != nil { ctx.JSON(http.StatusInternalServerError, tkits.SYS_ERROR) return } else { rsp := &rest.UserAddRsp{u.Id, u.Username, token} // set some cookies if uar.CookieMaxAge == 0 { uar.CookieMaxAge = 60 * 60 * 12 //half of one day } suid := fmt.Sprintf("%v", u.Id) ctx.SetCookie("token", token, uar.CookieMaxAge) ctx.SetCookie("uid", suid, uar.CookieMaxAge) ctx.JSON(http.StatusOK, rsp) } }