/*
Create account
*/
func (n *SessionController) Create(c *gin.Context) {
username, password := c.PostForm("username"), c.PostForm("password")
name, email := c.PostForm("email"), c.PostForm("name")
if len(username) == 0 || len(password) == 0 || len(name) == 0 || len(email) == 0 {
c.JSON(http.StatusBadRequest, gin.H{"error": "missing fields"})
} else if duplicated, err := models.FindUserByUsername(n.DB, username); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err})
} else if duplicated != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": "username already exists"})
} else if hashpassword, err := util.HashPass(password); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err})
} else {
user := models.User{
Name: name,
Username: username,
Email: email,
Password: hashpassword,
}
if _, err := user.Save(n.DB); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err})
} else {
n.Log("Session", "Create")
n.Token(c, &user)
}
}
}
/*
Authorize user to access to private resources
*/
func (n *SessionController) Authorize(c *gin.Context) {
username, password := c.PostForm("username"), c.PostForm("password")
if len(username) == 0 || len(password) == 0 {
c.JSON(http.StatusBadRequest, gin.H{"error": "missing fields"})
} else if user, err := models.FindUserByUsername(n.DB, username); err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": "username not found"})
} else if err := util.ValidatePass(password, user.Password); err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid password"})
} else {
n.Log("Session", "Auth Token")
n.Token(c, user)
}
}
