func (s *Account) UpdatePassword(ctx context.Context, req *account.UpdatePasswordRequest, rsp *account.UpdatePasswordResponse) error {
usr, err := db.Read(req.UserId)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
salt, hashed, err := db.SaltAndPassword(usr.Username, usr.Email)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
hh, err := base64.StdEncoding.DecodeString(hashed)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
if err := bcrypt.CompareHashAndPassword(hh, []byte(x+salt+req.OldPassword)); err != nil {
return errors.Unauthorized("go.micro.srv.user.updatepassword", err.Error())
}
salt = random(16)
h, err := bcrypt.GenerateFromPassword([]byte(x+salt+req.NewPassword), 10)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
pp := base64.StdEncoding.EncodeToString(h)
if err := db.UpdatePassword(req.UserId, salt, pp); err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
return nil
}
func (s *Account) Login(ctx context.Context, req *account.LoginRequest, rsp *account.LoginResponse) error {
username := strings.ToLower(req.Username)
email := strings.ToLower(req.Email)
salt, hashed, err := db.SaltAndPassword(username, email)
if err != nil {
return err
}
hh, err := base64.StdEncoding.DecodeString(hashed)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.Login", err.Error())
}
if err := bcrypt.CompareHashAndPassword(hh, []byte(x+salt+req.Password)); err != nil {
return errors.Unauthorized("go.micro.srv.user.login", err.Error())
}
// save session
sess := &account.Session{
Id: random(128),
Username: username,
Created: time.Now().Unix(),
Expires: time.Now().Add(time.Hour * 24 * 7).Unix(),
}
if err := db.CreateSession(sess); err != nil {
return errors.InternalServerError("go.micro.srv.user.Login", err.Error())
}
rsp.Session = sess
return nil
}
func (s *Hotel) Rates(ctx context.Context, req *hotel.Request, rsp *hotel.Response) error {
// tracing
tr := trace.New("api.v1", "Hotel.Rates")
defer tr.Finish()
// context
ctx = trace.NewContext(ctx, tr)
md, ok := metadata.FromContext(ctx)
if !ok {
md = metadata.Metadata{}
}
// add a unique request id to context
if traceID, err := uuid.NewV4(); err == nil {
// make copy
tmd := metadata.Metadata{}
for k, v := range md {
tmd[k] = v
}
tmd["traceID"] = traceID.String()
tmd["fromName"] = "api.v1"
ctx = metadata.NewContext(ctx, tmd)
}
// token from request headers
token, err := getToken(md)
if err != nil {
return merr.Forbidden("api.hotel.rates", err.Error())
}
// verify token w/ auth service
authClient := auth.NewAuthClient("go.micro.srv.auth", s.Client)
if _, err = authClient.VerifyToken(ctx, &auth.Request{AuthToken: token}); err != nil {
return merr.Unauthorized("api.hotel.rates", "Unauthorized")
}
// checkin and checkout date query params
inDate, outDate := req.InDate, req.OutDate
if inDate == "" || outDate == "" {
return merr.BadRequest("api.hotel.rates", "Please specify inDate/outDate params")
}
// finds nearby hotels
// TODO(hw): use lat/lon from request params
geoClient := geo.NewGeoClient("go.micro.srv.geo", s.Client)
nearby, err := geoClient.Nearby(ctx, &geo.Request{
Lat: 51.502973,
Lon: -0.114723,
})
if err != nil {
return merr.InternalServerError("api.hotel.rates", err.Error())
}
// make reqeusts for profiles and rates
profileCh := getHotelProfiles(s.Client, ctx, nearby.HotelIds)
rateCh := getRatePlans(s.Client, ctx, nearby.HotelIds, inDate, outDate)
// wait on profiles reply
profileReply := <-profileCh
if err := profileReply.err; err != nil {
return merr.InternalServerError("api.hotel.rates", err.Error())
}
// wait on rates reply
rateReply := <-rateCh
if err := rateReply.err; err != nil {
return merr.InternalServerError("api.hotel.rates", err.Error())
}
rsp.Hotels = profileReply.hotels
rsp.RatePlans = rateReply.ratePlans
return nil
}