示例#1
0
func UsersCreateHandler(c echo.Context) error {
	session := session.NewSession(c)

	request_params := session.GetParam("request").(map[string]interface{})
	user_params := request_params["user"].(map[string]interface{})

	user := model.User{}
	user.ApplicationId = bson.ObjectIdHex(session.GetParam("application_id").(string))

	email := strings.ToLower(user_params["email"].(string))

	if user_params["name"] != nil && user_params["email"] != nil && user_params["facebook_id"] == nil {
		user.Name = user_params["name"].(string)
		user.Email = email
		user.SetPassword(user_params["password"].(string))
	} else {
		user.Name = user_params["name"].(string)
		user.Email = email
		user.FacebookId = user_params["facebook_id"].(string)

		if user_params["password"] != nil {
			user.SetPassword(user_params["password"].(string))
		}

	}

	err := user.Save()

	if err {
		logger.Error("1105" + user.Id.Hex())
		session.SetError(1105)
	} else {
		user.NewSession()
		logger.Error("Registered User: "******"users", []interface{}{user})
	}
	session.Write()

	return nil
}
示例#2
0
func Boot() {
	// Create Router
	r := echo.New()

	// Route it!
	route(r)

	// Setup
	r.Use(middleware.CORSWithConfig(middleware.DefaultCORSConfig))
	r.Use(middleware.Recover())

	// Build port string from config
	port := fmt.Sprint(":" + strconv.Itoa(config.SharedConfig.ServerPort))

	logger.Info("Starting Server...")
	logger.Info("Go to http://127.0.0.1" + port + "/")

	if config.SharedConfig.ReusePort {
		// Start up the server
		listener, err := reuseport.Listen("tcp4", port)

		if err == nil {
			config := engine.Config{
				Address:  port,
				Listener: listener,
			}

			r.Run(fasthttp.WithConfig(config))
		} else {
			logger.Error("Could not listen on 127.0.0.1" + port)
		}
	} else {
		r.Run(fasthttp.New(port))
	}

}
func (session *Session) AuthenticateRequest(authorization map[string]interface{}) {

	// Set Constants
	app := session.GetApplication()

	// Check Authorization / Signature / etc
	failure := false

	// Verify Timestamp
	timestamp, _ := authorization["timestamp"].(json.Number).Int64()

	if config.SharedConfig.VerifyTimestamp {
		current_timestamp := int64(time.Now().Unix())
		timestamp_start := current_timestamp - config.SharedConfig.VerifyTimestampRange
		timestamp_end := current_timestamp + config.SharedConfig.VerifyTimestampRange

		if timestamp < timestamp_start || timestamp > timestamp_end {
			failure = true
			logger.Error("SAM: Timestamp Invalid")
		}
	}

	// Verify GUID
	guid_string := authorization["guid"].(string)

	if config.SharedConfig.VerifyGUID {
		guid_valid := app.CheckGUID(guid_string)

		if !guid_valid {
			failure = true
			logger.Error("SAM: GUID Invalid")
		}
	}

	// Verify Auth Token
	session_id := bson.ObjectIdHex(authorization["session_id"].(string))
	auth_session, auth_session_err := app.FindSessionById(session_id)

	auth_session_failed := false

	if auth_session_err || !auth_session.Valid() {
		failure = true
		logger.Error("SAM: Token Invalid")
		auth_session_failed = true
	}

	if auth_session_err {
		logger.Error("SAM: No Session Found")
	}

	session.TriggerSession = auth_session.TriggerSession

	// Verify Signature

	b, _ := json.Marshal(session.GetParam("request"))

	b = bytes.Replace(b, []byte("\\u003c"), []byte("<"), -1)
	b = bytes.Replace(b, []byte("\\u003e"), []byte(">"), -1)
	b = bytes.Replace(b, []byte("\\u0026"), []byte("&"), -1)

	requested_uri := string(session.context.Request().URL().Path())
	http_method := string(session.context.Request().Method())

	request := strconv.FormatInt(timestamp, 10) + guid_string

	session.request_string = string(b[:])

	request += requested_uri + http_method + session.request_string

	if !checkSignature(authorization["signature"].(string), request, auth_session.AuthToken) {
		failure = true
		logger.Error("SAM: Signature is Invalid")
	}

	// Return the Verdict
	if failure {
		logger.Error(request)
		logger.Error("SAM: AUTH FAILED")

		session.AuthFailed = true

		if auth_session_failed {
			session.SetError(1102)
		} else {
			session.SetError(1100)
		}
	} else {
		// Set the User
		session.SessionId = auth_session.Id
		session.User = auth_session.GetUser()

		if session.User.Id == bson.ObjectId("") {
			session.AuthFailed = true
			session.SetError(1102)
		}

	}

}
func (session *Session) AuthenticateFileRequest() {

	session_id_string := session.GetParam("session_id")

	if session_id_string == "" || session_id_string == nil {

		session.User = model.User{}
		session.User.ApplicationId = session.GetApplication().Id

	} else {

		// Set Constants
		app := session.GetApplication()

		// Check Authorization / Signature / etc
		failure := false

		// Verify Timestamp
		timestamp, _ := strconv.ParseInt(session.GetParam("timestamp").(string), 10, 64)
		/*
			current_timestamp := int64(time.Now().Unix())
			timestamp_start := current_timestamp - 60
			timestamp_end := current_timestamp + 60

			if timestamp < timestamp_start || timestamp > timestamp_end {
				failure = true
				logger.Error("SAM: Timestamp Invalid")
			}
		*/
		// Verify Auth Token
		session_id := bson.ObjectIdHex(session.GetParam("session_id").(string))

		auth_session, auth_session_err := app.FindSessionById(session_id)

		auth_session_failed := false

		if auth_session_err || !auth_session.Valid() {
			failure = true
			logger.Error("SAM: Token Invalid")
			auth_session_failed = true
		}

		file_id := session.GetParam("file_id").(string)
		request := strconv.FormatInt(timestamp, 10) + file_id

		if !checkSignature(session.GetParam("signature").(string), request, auth_session.AuthToken) {
			failure = true
			logger.Error("SAM: Signature is Invalid")
		}

		if failure {
			logger.Error(request)
			logger.Error("SAM: AUTH FAILED")

			session.AuthFailed = true

			if auth_session_failed {
				session.SetError(1102)
			} else {
				session.SetError(1100)
			}
		} else {
			// Set the User
			session.SessionId = auth_session.Id
			session.User = auth_session.GetUser()

			if session.User.Id == bson.ObjectId("") {
				session.AuthFailed = true
				session.SetError(1102)
			}

		}
	}
}