func signinWithUserName(reqBody userReqPostBody) (*model.UserToken, *ae.Error) { user := model.User{} user.Email = reqBody.Email err := user.GetUserByEmail() if err == sql.ErrNoRows { return nil, ae.InvalidUserNamePassword("") } if err != nil { return nil, ae.DB("", err) } salt, err := user.GetPasswordSalt() if err != nil { return nil, ae.DB("", err) } user.Password = reqBody.Password user.HashPassword(salt) exists, err := user.IsValidUser() if err != nil || !exists { return nil, ae.InvalidUserNamePassword("") } userToken := model.UserToken{} userToken.UserID = user.UserID err = userToken.Add() if err != nil { return nil, ae.DB("", err) } return &userToken, nil }
func signinWithGoogle(reqBody userReqPostBody) (*model.UserToken, *ae.Error) { person, token, err := model.GetGooglUserDetails(reqBody.GoogleKey) if err != nil { return nil, ae.DB("", err) } user := model.User{Email: person.Emails[0].Value} if err = user.GetUserByEmail(); err != nil { if err == sql.ErrNoRows { user.Verified = true user.ProfilePicURL = person.Image.Url if err1 := user.Save(); err1 != nil { return nil, ae.DB("", err1) } } else { return nil, ae.DB("", err) } } gToken := model.GoogleToken{UserID: user.UserID} gToken.Token = *token if err := gToken.Replace(); err != nil { return nil, ae.DB("", err) } userToken := model.UserToken{} userToken.UserID = user.UserID err = userToken.Add() if err != nil { return nil, ae.DB("", err) } return &userToken, nil }
func RefreshToken(w http.ResponseWriter, r *http.Request) { userID := context.Get(r, "user_id").(uint64) token := context.Get(r, "user_token").(string) var reqBody authorizePutBody if appErr := decode(r, &reqBody); appErr != nil { reply.Err(w, appErr) return } userToken := model.UserToken{UserID: userID, Token: token, RefreshToken: reqBody.RefreshToken} if valid, err := userToken.RefreshTokenValid(); !valid || err != nil { if !valid { reply.Err(w, ae.TokenInvalid("", err, "refresh_token")) } else { reply.Err(w, ae.DB("", err)) } return } if err := userToken.Delete(); err != nil { reply.Err(w, ae.DB("", err)) return } newToken := model.UserToken{UserID: userID} if err := newToken.Add(); err != nil { reply.Err(w, ae.DB("", err)) return } reply.OK(w, newToken) }
func CheckOnlyToken() Adapter { return func(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { token := r.Header.Get("X-TOKEN") if token == "" { reply.Err(w, ae.Forbidden("")) return } userToken := model.UserToken{Token: token} if err := userToken.GetUserIdFromToken(); err != nil || userToken.UserID == 0 { reply.Err(w, ae.Forbidden("")) return } context.Set(r, "user_id", userToken.UserID) context.Set(r, "user_token", userToken.Token) h.ServeHTTP(w, r) }) } }
func SignOut(w http.ResponseWriter, r *http.Request) { userToken := model.UserToken{} userToken.Token = context.Get(r, "user_token").(string) if err := userToken.GetUserIdFromToken(); err != nil { reply.Err(w, ae.DB("", err)) return } if err := userToken.Delete(); err != nil { reply.Err(w, ae.DB("", err)) return } reply.OK(w, userToken) }