func (api *Api) CreateUser(w rest.ResponseWriter, r *rest.Request) { user := common.User{} r.DecodeJsonPayload(&user) for _, name := range api.Config.ProhibitedNames { if user.Name == name { rest.Error(w, "Invalid user name", 400) return } } if strings.TrimSpace(user.Name) == "" { rest.Error(w, "Username is empty", 400) return } if len(strings.TrimSpace(user.Password)) <= api.Config.PasswordMinLength { rest.Error(w, "Password is too short", 400) return } if api.DB.Where("name = ?", user.Name).First(&user).RecordNotFound() { user.Id = 0 hash := api.GetPasswordHash(user.Name, user.Password) user.Password = hex.EncodeToString(hash) api.DB.Save(&user) user.Password = "" w.WriteJson(user) return } rest.Error(w, "User with the same name already exists", 400) }