func defaultCacheKeyAlgorithm(ctx echo.Context) string {
filter := map[string]bool{
"from": true,
"sign": true,
"nonce": true,
"timestamp": true,
}
form := ctx.FormParams()
var keys = make([]string, 0, len(form))
for key := range form {
if _, ok := filter[key]; !ok {
keys = append(keys, key)
}
}
sort.Sort(sort.StringSlice(keys))
buffer := goutils.NewBuffer()
for _, k := range keys {
buffer.Append(k).Append("=").Append(ctx.FormValue(k))
}
req := ctx.Request()
return goutils.Md5(req.Method() + req.URL().Path() + buffer.String())
}
// 生成加密密码
func (this *UserLogin) GenMd5Passwd() error {
if this.Passwd == "" {
return errors.New("password is empty!")
}
this.Passcode = fmt.Sprintf("%x", rand.Int31())
// 密码经过md5(passwd+passcode)加密保存
this.Passwd = goutils.Md5(this.Passwd + this.Passcode)
return nil
}
// 获取头像
func Gravatar(avatar string, emailI interface{}, size uint16) string {
if avatar != "" {
return fmt.Sprintf("%s/avatar/%s?imageView2/2/w/%d", qiniuDomain, avatar, size)
}
email, ok := emailI.(string)
if !ok {
return fmt.Sprintf("%s/avatar/gopher28.png?imageView2/2/w/%d", qiniuDomain, size)
}
return fmt.Sprintf("http://gravatar.duoshuo.com/avatar/%s?s=%d", goutils.Md5(email), size)
}
// Login 登录;成功返回用户登录信息(user_login)
func (self UserLogic) Login(ctx context.Context, username, passwd string) (*model.UserLogin, error) {
objLog := GetLogger(ctx)
userLogin := &model.UserLogin{}
_, err := MasterDB.Where("username=? OR email=?", username, username).Get(userLogin)
if err != nil {
objLog.Errorf("user %q login failure: %s", username, err)
return nil, errors.New("内部错误,请稍后再试!")
}
// 校验用户
if userLogin.Uid == 0 {
objLog.Infof("user %q is not exists!", username)
return nil, ErrUsername
}
// 检验用户状态是否正常(未激活的可以登录,但不能发布信息)
user := &model.User{}
MasterDB.Id(userLogin.Uid).Get(user)
if user.Status > model.UserStatusAudit {
objLog.Infof("用户 %q 的状态非审核通过, 用户的状态值:%d", username, user.Status)
var errMap = map[int]error{
model.UserStatusRefuse: errors.New("您的账号审核拒绝"),
model.UserStatusFreeze: errors.New("您的账号因为非法发布信息已被冻结,请联系管理员!"),
model.UserStatusOutage: errors.New("您的账号因为非法发布信息已被停号,请联系管理员!"),
}
return nil, errMap[user.Status]
}
md5Passwd := goutils.Md5(passwd + userLogin.Passcode)
objLog.Debugf("passwd: %s, passcode: %s, md5passwd: %s, dbpasswd: %s", passwd, userLogin.Passcode, md5Passwd, userLogin.Passwd)
if md5Passwd != userLogin.Passwd {
objLog.Infof("用户名 %q 填写的密码错误", username)
return nil, ErrPasswd
}
go func() {
self.IncrUserWeight("uid", userLogin.Uid, 1)
self.RecordLoginTime(username)
}()
return userLogin, nil
}
func (s *Service) GenSign(args map[string]interface{}) string {
keys := make([]string, 0, len(args))
for k := range args {
keys = append(keys, k)
}
sort.Sort(sort.StringSlice(keys))
buffer := goutils.NewBuffer()
for _, k := range keys {
buffer.Append(k).Append("=").Append(goutils.ConvertString(args[k]))
}
if s.CommonSalt != "" {
buffer.Append(s.CommonSalt)
} else {
if from, ok := args["from"]; ok {
if salt, ok := s.FromSalt[goutils.ConvertString(from)]; ok {
buffer.Append(salt)
}
}
}
return goutils.Md5(buffer.String())
}
func (EmailLogic) genActivateSign(email, uuid string, ts int64) string {
emailSignSalt := config.ConfigFile.MustValue("security", "activate_sign_salt")
origStr := fmt.Sprintf("uuid=%semail=%stimestamp=%d%s", uuid, email, ts, emailSignSalt)
return goutils.Md5(origStr)
}
// 生成 退订 邮件的 token
func (EmailLogic) GenUnsubscribeToken(user *model.User) string {
return goutils.Md5(user.String() + config.ConfigFile.MustValue("security", "unsubscribe_token_key"))
}