// Check if a session is expired, and if it grants access to the specified domain
func Check(handle tools.Handle, db *mgo.DbQueue) (interface{}, error) {
var q CheckRequest
err := rest.Parse(handle.R, &q)
if err != nil {
return nil, tools.NewError(err, 400, "bad request: couldn't parse body")
}
return CheckSession(q, db)
}
// CreateUser create a new user. Checks for duplicate users and password-length requirement
func CreateUser(handle tools.Handle, db *mgo.DbQueue) (interface{}, error) {
var user models.User
user.Enable = true
user.Domains = nil
user.Variables = nil
err := rest.Parse(handle.R, &user)
if err != nil {
return nil, tools.NewError(err, 400, "bad request: couldn't parse body")
}
if user.Username == "" {
return nil, tools.NewError(nil, 400, "bad request: username is missing")
}
if user.Password == "" {
return nil, tools.NewError(nil, 400, "bad request: password is missing")
}
if len(user.Password) < handle.C.PasswordMinLength {
return nil, tools.NewError(nil, 400, "bad request: password is too short")
}
if user.Domains == nil || len(user.Domains) == 0 {
return nil, tools.NewError(nil, 400, "bad request: domains is missing")
}
if user.Variables == nil {
user.Variables = make(map[string]interface{})
}
if govalidator.IsEmail(user.Username) == false {
return nil, tools.NewError(nil, 400, "bad request: username must be a valid email")
}
user.Username, err = govalidator.NormalizeEmail(user.Username)
if err != nil {
return nil, tools.NewError(nil, 400, "bad request: username must be a valid email")
}
uid, err := user.Create(db)
return CreateResponse{
Status: "ok",
UserID: uid.Hex(),
}, err
}
// Login a user, creating a new session.
func Login(handle tools.Handle, db *mgo.DbQueue) (interface{}, error) {
var q LoginRequest
var user models.User
var session models.Session
var resp LoginResponse
err := rest.Parse(handle.R, &q)
if err != nil {
return nil, tools.NewError(err, 400, "bad request: couldn't parse body")
}
if q.Domain == "" {
return nil, tools.NewError(nil, 400, "bad request: domain is missing")
}
if q.Domain == "/" {
return nil, tools.NewError(nil, 400, "bad request: illegal domain")
}
if q.Username == "" {
return nil, tools.NewError(nil, 400, "bad request: username is missing")
}
if q.Password == "" {
return nil, tools.NewError(nil, 400, "bad request: password is missing")
}
user.Username = q.Username
user.Password = q.Password
if govalidator.IsEmail(user.Username) == false {
return nil, tools.NewError(nil, 400, "bad request: username must be a valid email")
}
user.Username, err = govalidator.NormalizeEmail(user.Username)
if err != nil {
return nil, tools.NewError(nil, 400, "bad request: username must be a valid email")
}
ok, err := user.Check(db)
if err != nil {
return nil, err
}
if ok == false {
return nil, tools.NewError(nil, 403, "forbidden: invalid user or password")
}
if user.Enable == false {
return nil, tools.NewError(nil, 403, "forbidden: user is diabled")
}
ok = user.CheckDomain(q.Domain)
if ok == false {
return nil, tools.NewError(nil, 403, "forbidden: restricted domain")
}
session.UserID = user.ID
session.Domain = q.Domain
remaining, err := session.Create(db, handle.C.SessionLifespan)
if err != nil {
return nil, err
}
resp.Status = "ok"
resp.Session.Token = session.ID.Hex()
resp.Session.UserID = session.UserID.Hex()
resp.Session.Expire = session.Expire
resp.Session.Remaining = remaining
return resp, nil
}