Exemplo n.º 1
0
// InfosSession get infos about the session (including remaining time)
func InfosSession(handle tools.Handle, db *mgo.DbQueue) (interface{}, error) {
	var resp InfosSessionResponse
	var session models.Session

	sid := handle.P.ByName("token")
	if sid == "" {
		return nil, tools.NewError(nil, 400, "bad request: missing token")
	}
	if tools.CheckID(sid) == false {
		return nil, tools.NewError(nil, 400, "bad request: invalid token")
	}

	session.IDFromHex(sid)
	err := session.Get(db)
	if err != nil {
		return nil, err
	}

	remaining := int(session.Expire - time.Now().Unix())
	if remaining <= 0 {
		return nil, tools.NewError(nil, 404, "not found: session is expired")
	}
	resp.Status = "ok"
	resp.Session.UserID = session.UserID.Hex()
	resp.Session.Domain = session.Domain
	resp.Session.Expire = session.Expire
	resp.Session.Remaining = remaining
	return resp, nil
}
Exemplo n.º 2
0
// Logoff deletes a session (expired or not)
func Logoff(handle tools.Handle, db *mgo.DbQueue) (interface{}, error) {
	var session models.Session

	sid := handle.P.ByName("token")
	if sid == "" {
		return nil, tools.NewError(nil, 400, "bad request: missing token")
	}
	if tools.CheckID(sid) == false {
		return nil, tools.NewError(nil, 400, "bad request: invalid token")
	}
	session.IDFromHex(sid)

	err := session.Delete(db)
	if err != nil {
		return nil, err
	}

	return LogoffResponse{"ok"}, nil
}
Exemplo n.º 3
0
func CheckSession(q CheckRequest, db *mgo.DbQueue) (interface{}, error) {
	var resp CheckResponse
	var session models.Session

	if q.Token == "" {
		return nil, tools.NewError(nil, 400, "bad request: token is missing")
	}
	if tools.CheckID(q.Token) == false {
		return nil, tools.NewError(nil, 400, "bad request: invalid token")
	}
	if q.Domain == "" {
		return nil, tools.NewError(nil, 400, "bad request: domain is missing")
	}
	if q.Domain == "/" {
		return nil, tools.NewError(nil, 400, "bad request: illegal domain")
	}

	session.IDFromHex(q.Token)
	err := session.Get(db)
	if err != nil {
		return nil, err
	}

	if session.Expire < time.Now().Unix() {
		return nil, tools.NewError(nil, 404, "not found: session is expired")
	}

	if tools.CheckDomain(q.Domain, session.Domain) == false {
		return nil, tools.NewError(nil, 403, "forbidden: restricted domain")
	}

	resp.Status = "ok"
	resp.Session.UserID = session.UserID.Hex()
	resp.Session.Expire = session.Expire
	resp.Session.Remaining = int(session.Expire - time.Now().Unix())

	return resp, nil
}
Exemplo n.º 4
0
// InfosUser returns informations about the user. It does not lists its sessions, yet (TODO)
func InfosUser(handle tools.Handle, db *mgo.DbQueue) (interface{}, error) {
	var user models.User

	uid := handle.P.ByName("uid")
	if handle.C.Public == true {
		ret, err := CheckSession(CheckRequest{
			Domain: "/io/konek/app/user",
			Token:  handle.Sid,
		}, db)
		if err != nil {
			return nil, err
		}
		sess := ret.(CheckResponse)
		if uid == "" {
			uid = sess.Session.UserID
		}
		if sess.Session.UserID != uid {
			return nil, tools.NewError(nil, 403, "forbiden: this is not your account")
		}
	}
	if tools.CheckID(uid) == false {
		return nil, tools.NewError(nil, 400, "bad request: invalid userID")
	}

	user.IDFromHex(uid)
	err := user.Get(db)
	if err != nil {
		return nil, err
	}
	user.Password = ""
	user.Salt = ""
	return InfosUserResponse{
		Status: "ok",
		Infos:  user,
	}, nil
}