Пример #1
0
func signinWithUserName(reqBody userReqPostBody) (*model.UserToken, *ae.Error) {
	user := model.User{}
	user.Email = reqBody.Email
	err := user.GetUserByEmail()
	if err == sql.ErrNoRows {
		return nil, ae.InvalidUserNamePassword("")
	}
	if err != nil {
		return nil, ae.DB("", err)
	}
	salt, err := user.GetPasswordSalt()
	if err != nil {
		return nil, ae.DB("", err)
	}
	user.Password = reqBody.Password
	user.HashPassword(salt)
	exists, err := user.IsValidUser()
	if err != nil || !exists {
		return nil, ae.InvalidUserNamePassword("")
	}
	userToken := model.UserToken{}
	userToken.UserID = user.UserID
	err = userToken.Add()
	if err != nil {
		return nil, ae.DB("", err)
	}
	return &userToken, nil
}
Пример #2
0
func signinWithGoogle(reqBody userReqPostBody) (*model.UserToken, *ae.Error) {
	person, token, err := model.GetGooglUserDetails(reqBody.GoogleKey)
	if err != nil {
		return nil, ae.DB("", err)
	}
	user := model.User{Email: person.Emails[0].Value}
	if err = user.GetUserByEmail(); err != nil {
		if err == sql.ErrNoRows {
			user.Verified = true
			user.ProfilePicURL = person.Image.Url
			if err1 := user.Save(); err1 != nil {
				return nil, ae.DB("", err1)
			}
		} else {
			return nil, ae.DB("", err)
		}
	}
	gToken := model.GoogleToken{UserID: user.UserID}
	gToken.Token = *token
	if err := gToken.Replace(); err != nil {
		return nil, ae.DB("", err)
	}
	userToken := model.UserToken{}
	userToken.UserID = user.UserID
	err = userToken.Add()
	if err != nil {
		return nil, ae.DB("", err)
	}
	return &userToken, nil
}
Пример #3
0
func RefreshToken(w http.ResponseWriter, r *http.Request) {
	userID := context.Get(r, "user_id").(uint64)
	token := context.Get(r, "user_token").(string)
	var reqBody authorizePutBody
	if appErr := decode(r, &reqBody); appErr != nil {
		reply.Err(w, appErr)
		return
	}
	userToken := model.UserToken{UserID: userID, Token: token, RefreshToken: reqBody.RefreshToken}
	if valid, err := userToken.RefreshTokenValid(); !valid || err != nil {
		if !valid {
			reply.Err(w, ae.TokenInvalid("", err, "refresh_token"))
		} else {
			reply.Err(w, ae.DB("", err))
		}
		return
	}
	if err := userToken.Delete(); err != nil {
		reply.Err(w, ae.DB("", err))
		return
	}
	newToken := model.UserToken{UserID: userID}
	if err := newToken.Add(); err != nil {
		reply.Err(w, ae.DB("", err))
		return
	}
	reply.OK(w, newToken)
}
Пример #4
0
func CheckOnlyToken() Adapter {
	return func(h http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			token := r.Header.Get("X-TOKEN")
			if token == "" {
				reply.Err(w, ae.Forbidden(""))
				return
			}
			userToken := model.UserToken{Token: token}
			if err := userToken.GetUserIdFromToken(); err != nil || userToken.UserID == 0 {
				reply.Err(w, ae.Forbidden(""))
				return
			}
			context.Set(r, "user_id", userToken.UserID)
			context.Set(r, "user_token", userToken.Token)
			h.ServeHTTP(w, r)
		})
	}
}
Пример #5
0
func SignOut(w http.ResponseWriter, r *http.Request) {
	userToken := model.UserToken{}
	userToken.Token = context.Get(r, "user_token").(string)
	if err := userToken.GetUserIdFromToken(); err != nil {
		reply.Err(w, ae.DB("", err))
		return
	}
	if err := userToken.Delete(); err != nil {
		reply.Err(w, ae.DB("", err))
		return
	}
	reply.OK(w, userToken)
}