/* Create account */ func (n *SessionController) Create(c *gin.Context) { username, password := c.PostForm("username"), c.PostForm("password") name, email := c.PostForm("email"), c.PostForm("name") if len(username) == 0 || len(password) == 0 || len(name) == 0 || len(email) == 0 { c.JSON(http.StatusBadRequest, gin.H{"error": "missing fields"}) } else if duplicated, err := models.FindUserByUsername(n.DB, username); err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": err}) } else if duplicated != nil { c.JSON(http.StatusUnauthorized, gin.H{"error": "username already exists"}) } else if hashpassword, err := util.HashPass(password); err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": err}) } else { user := models.User{ Name: name, Username: username, Email: email, Password: hashpassword, } if _, err := user.Save(n.DB); err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": err}) } else { n.Log("Session", "Create") n.Token(c, &user) } } }
/* Authorize user to access to private resources */ func (n *SessionController) Authorize(c *gin.Context) { username, password := c.PostForm("username"), c.PostForm("password") if len(username) == 0 || len(password) == 0 { c.JSON(http.StatusBadRequest, gin.H{"error": "missing fields"}) } else if user, err := models.FindUserByUsername(n.DB, username); err != nil { c.JSON(http.StatusUnauthorized, gin.H{"error": "username not found"}) } else if err := util.ValidatePass(password, user.Password); err != nil { c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid password"}) } else { n.Log("Session", "Auth Token") n.Token(c, user) } }