func (s *Session) Save(w http.ResponseWriter, keepalive bool) error {
q := `
UPDATE user_session SET
valid_until = ?
, modified_date = ?
WHERE id = ?;
`
valid := int64(0)
if keepalive {
valid = time.Now().Unix() + SESSION_OFFSET
}
params := []interface{}{
valid,
time.Now().Unix(),
s.Id,
}
_, err := dao.Exec(q, params)
if err != nil {
return err
}
expires := -1
if keepalive {
expires, _ = strconv.Atoi(config.Get("session_cookie_expires"))
}
secure, _ := strconv.ParseBool(config.Get("session_cookie_secure"))
c := new(http.Cookie)
c.Name = config.Get("session_cookie_name")
if keepalive {
c.Value = s.Key
}
c.Path = config.Get("session_cookie_path")
c.MaxAge = expires
c.Secure = secure
http.SetCookie(w, c)
logger.Log(w, "SET-COOKIE", c.String())
return nil
}
func (u *User) UpdatePassword(password string) error {
q := `
UPDATE user SET
password = ?
, modified_date = ?
WHERE id = ?;
`
params := []interface{}{
hashpassword(password),
time.Now().Unix(),
u.Id,
}
_, err := dao.Exec(q, params)
return err
}
func Add(username string, email string, password string) error {
// Add user
ukey, err := uuid4.New()
if err != nil {
return err
}
q := `
INSERT INTO user
VALUES(
NULL
, ?
, 0
, ?
, ?
, ?
, ''
, ?
, ?
);
`
params := []interface{}{
ukey,
username,
email,
hashpassword(password),
time.Now().Unix(),
time.Now().Unix(),
}
result, err := dao.Exec(q, params)
if err != nil {
return err
}
uid, err := result.LastInsertId()
if err != nil {
return err
}
return SendVerify(uid, email, true)
}
func New(u *user.User) (*Session, error) {
// Create new session
skey, err := uuid4.New()
if err != nil {
return nil, err
}
q := `
INSERT INTO user_session VALUES(
NULL
, ?
, ?
, ?
, ?
, ?
);
`
params := []interface{}{
skey,
u.Id,
time.Now().Unix() + SESSION_OFFSET,
time.Now().Unix(),
time.Now().Unix(),
}
result, err := dao.Exec(q, params)
if err != nil {
return nil, err
}
sid, err := result.LastInsertId()
if err != nil {
return nil, err
}
return &Session{
Id: sid,
Key: skey,
User: u,
}, nil
}
func (u *User) Update(email string, fullname string) error {
q := `
UPDATE user SET
email = ?
, fullname = ?
, modified_date = ?
WHERE id = ?;
`
params := []interface{}{
email,
fullname,
time.Now().Unix(),
u.Id,
}
_, err := dao.Exec(q, params)
return err
}
func Verify(vkey string) (*User, error) {
// Get user key from verify
q := `
SELECT
u.key
FROM user_verify v, user u
WHERE v.user_id = u.id
AND v.key = ?
AND v.valid_until > ?;
`
params := []interface{}{
vkey,
time.Now().Unix(),
}
var ukey string
bind := []interface{}{
&ukey,
}
err := dao.Row(q, params, bind)
if err != nil {
return nil, err
}
// Activate user
q = `
UPDATE user SET
active = ?
, modified_date = ?
WHERE key = ?;
`
params = []interface{}{
1,
time.Now().Unix(),
ukey,
}
_, err = dao.Exec(q, params)
if err != nil {
return nil, err
}
u, err := Load(ukey)
if err != nil {
return nil, err
}
q = `
UPDATE user_verify SET
valid_until = 0
, modified_date = ?
WHERE key = ?;
`
params = []interface{}{
time.Now().Unix(),
vkey,
}
_, err = dao.Exec(q, params)
if err != nil {
return nil, err
}
return u, nil
}
func SendVerify(uid int64, email string, activate bool) error {
// Add verify
vkey, err := uuid4.New()
if err != nil {
return err
}
q := `
INSERT INTO user_verify
VALUES(
NULL
, ?
, ?
, ?
, ?
, ?
);
`
params := []interface{}{
vkey,
uid,
time.Now().Unix() + VERIFY_OFFSET,
time.Now().Unix(),
time.Now().Unix(),
}
_, err = dao.Exec(q, params)
if err != nil {
return err
}
// Send verify email
url := fmt.Sprintf("%s/verify/%s", config.Get("baseurl"), vkey)
loadTemplates()
tpl := "reset"
subject := "Timesheet - Password reset"
if activate {
tpl = "activate"
subject = "Timesheet - Please active your account"
}
html := new(bytes.Buffer)
Templates.ExecuteTemplate(html, fmt.Sprintf("%s.html", tpl), url)
text := new(bytes.Buffer)
Templates.ExecuteTemplate(text, fmt.Sprintf("%s.txt", tpl), url)
m := awsses.New(
config.Get("awsses_sender"),
email,
subject,
html.String(),
text.String())
return m.Send(
config.Get("awsses_baseurl"),
config.Get("awsses_accesskey"),
config.Get("awsses_secretkey"))
}