func unmarshallToken(s session.Store) (t *Token) { if s.Get(KEY_TOKEN) == nil { return } data := s.Get(KEY_TOKEN).([]byte) var tk Token json.Unmarshal(data, &tk) return &tk }
// SignedInID returns the id of signed in user. func SignedInID(ctx *macaron.Context, sess session.Store) int64 { if !models.HasEngine { return 0 } // Check access token. if IsAPIPath(ctx.Req.URL.Path) { tokenSHA := ctx.Query("token") if len(tokenSHA) == 0 { // Well, check with header again. auHead := ctx.Req.Header.Get("Authorization") if len(auHead) > 0 { auths := strings.Fields(auHead) if len(auths) == 2 && auths[0] == "token" { tokenSHA = auths[1] } } } // Let's see if token is valid. if len(tokenSHA) > 0 { t, err := models.GetAccessTokenBySHA(tokenSHA) if err != nil { if models.IsErrAccessTokenNotExist(err) { log.Error(4, "GetAccessTokenBySHA: %v", err) } return 0 } t.Updated = time.Now() if err = models.UpdateAccessToekn(t); err != nil { log.Error(4, "UpdateAccessToekn: %v", err) } return t.UID } } uid := sess.Get("uid") if uid == nil { return 0 } if id, ok := uid.(int64); ok { if _, err := models.GetUserByID(id); err != nil { if !models.IsErrUserNotExist(err) { log.Error(4, "GetUserById: %v", err) } return 0 } return id } return 0 }
func login(ctx *macaron.Context, s session.Store, opt *Options) { next := extractPath(ctx.Query(KEY_NEXT_PAGE)) if s.Get(KEY_TOKEN) == nil { // User is not logged in. if next == "" { next = AppSubUrl + "/" } // println(111, opt.AuthCodeURL(next, "", "")) ctx.Redirect(opt.AuthCodeURL(next, "", "")) return } // No need to login, redirect to the next page. ctx.Redirect(next) }
func handleOAuth2Callback(ctx *macaron.Context, s session.Store, opt *Options) { next := extractPath(ctx.Query("state")) code := ctx.Query("code") t, err := opt.NewTransportFromCode(code) if err != nil { // Pass the error message, or allow dev to provide its own // error handler. println(err.Error()) ctx.Redirect(PathError) return } // Store the credentials in the session. val, _ := json.Marshal(t.Token()) s.Set(KEY_TOKEN, val) ctx.Redirect(next) }
//---------------------------------------------------------- // POST /api/account/signin/ func ApiSignin(c *macaron.Context, f SigninForm, a token.TokenService, ss session.Store) { u := &models.Users{} if !u.CheckSignin(f.Input, f.Password) { c.JSON(200, comps.NewRestErrResp(-1, "输入正确的帐号或密码")) return } s := NewService() if err, ok := s.CheckSignin(u); !ok { c.JSON(200, comps.NewRestErrResp(-1, err)) return } // 需要审批 if u.GroupId == models.GroupNotValidated && boot.SysSetting.Ra.RegisterValidType == models.RegValidApproval { c.JSON(200, comps.NewRestRedirectResp("/a/validapproval/")) return } // u.LastLogin = time.Now() u.LastIp = c.RemoteAddr() u.LoginCount = u.LoginCount + 1 if _, ok := models.NewTr().Update(u, "LastLogin", "LastIp", "LoginCount"); !ok { // todo log } CleanCookies(c, ss) SetSigninCookies(c, u, a, ss) url := "" if !u.ValidEmail && boot.SysSetting.Ra.RegisterValidType == models.RegValidEmail { ss.Set("validemail", u.Email) url = "/a/validemail/" } else if u.FirstLogin { url = "/h/firstlogin/" } else if f.ReturnUrl != "" { url = f.ReturnUrl } c.JSON(200, comps.NewRestRedirectResp(url)) }
//---------------------------------------------------------- // POST /api/account/signup/ func ApiUserSignup(f SignupForm, c *macaron.Context, cpt *captcha.Captcha, a token.TokenService, ss session.Store) { if !a.ValidToken(c.RemoteAddr(), f.CsrfToken) { c.JSON(200, comps.NewRestErrResp(-1, "非法的跨站请求")) return } if !cpt.VerifyReq(c.Req) { c.JSON(200, comps.NewRestResp(comps.NewCaptcha(cpt), -1, "请填写正确的验证码")) return } s := NewService() u, msg, ok := s.Signup(f, c.RemoteAddr()) if !ok { c.JSON(200, comps.NewRestResp(comps.NewCaptcha(cpt), -1, msg)) return } // 如果不需要email验证 if boot.SysSetting.Ra.RegisterValidType == models.RegValidNone || u.GroupId != models.GroupNotValidated || u.ValidEmail { SetSigninCookies(c, u, a, ss) c.JSON(200, comps.NewRestRedirectResp("/h/firstlogin")) return } ss.Set("validemail", u.Email) if !models.NewValidByEmail(models.NewTr(), u.Id, u.Email) { c.JSON(200, comps.NewRestErrResp(-1, "内部系统错误")) return } SetSigninCookies(c, u, a, ss) c.JSON(200, comps.NewRestRedirectResp("/a/validemail/")) return }
//---------------------------------------------------------- // 清理Cookie信息 func CleanCookies(c *macaron.Context, ss session.Store) { c.SetCookie("utoken", "", -60*60) ss.Release() }
//---------------------------------------------------------- // 设置Cookie信息 func SetSigninCookies(c *macaron.Context, u *models.Users, a token.TokenService, ss session.Store) { t, _ := a.GenUserToken(c.RemoteAddr(), u.Id, 24*60, token.TokenUser) c.SetCookie("utoken", t, 24*60*60) // Name, Value, MaxAge, Path, Domain, Secure, HttpOnly ss.Set("utoken", t) }
func Index(ctx *macaron.Context, sess session.Store, r renders.Render) { ctx.Data["hi"] = "Hello world!" ctx.Data["username"] = sess.Get("username") r.HTML(200, "index/index.html", ctx.Data) }
func logout(ctx *macaron.Context, s session.Store) { next := extractPath(ctx.Query(KEY_NEXT_PAGE)) s.Delete(KEY_TOKEN) ctx.Redirect(next) }