-
Notifications
You must be signed in to change notification settings - Fork 1
/
auth.go
120 lines (109 loc) · 3.14 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main
import (
"encoding/json"
"github.com/Thelvaen/auth"
"github.com/Thelvaen/auth/models"
"github.com/kataras/iris/v12"
"github.com/kataras/iris/v12/sessions"
"golang.org/x/crypto/bcrypt"
)
func loginHandlerForm(ctx iris.Context) {
if err := ctx.View("loginForm.html"); err != nil {
ctx.StatusCode(iris.StatusInternalServerError)
ctx.Writef(err.Error())
}
}
func logoutHandler(ctx iris.Context) {
session := sessions.Get(ctx)
session.Delete("userID")
ctx.SetUser(nil)
ctx.Redirect("/", iris.StatusTemporaryRedirect)
}
func loginHandler(ctx iris.Context) {
var user models.User
err := ctx.ReadForm(&user)
if err != nil && !iris.IsErrPath(err) {
ctx.Redirect("/login", iris.StatusTemporaryRedirect)
return
}
auth.Check(user, ctx)
}
func resetPwdForm(ctx iris.Context) {
if !ctx.URLParamExists("Token") || !ctx.URLParamExists("UserID") {
ctx.Redirect("/login", iris.StatusTemporaryRedirect)
return
}
ctx.ViewData("Token", ctx.URLParam("Token"))
ctx.ViewData("UserID", ctx.URLParam("UserID"))
if err := ctx.View("resetPwd.html"); err != nil {
ctx.StatusCode(iris.StatusInternalServerError)
ctx.Writef(err.Error())
}
}
type sToken struct {
Token string `json:"password"`
}
func resetPwd(ctx iris.Context) {
var user models.User
DBToken := sToken{}
token := ctx.PostValueDefault("reset.token", "")
uuid := ctx.PostValueDefault("reset.uuid", "")
password := ctx.PostValueDefault("password", "")
if password == "" {
ctx.ViewData("Token", token)
ctx.ViewData("UserID", uuid)
if err := ctx.View("resetPwd.html"); err != nil {
ctx.StatusCode(iris.StatusInternalServerError)
ctx.Writef(err.Error())
}
return
}
if token == "" || uuid == "" {
ctx.Redirect("/login", iris.StatusTemporaryRedirect)
return
}
if err := dataStore.Where("ID = ?", uuid).First(&user).Error; err != nil {
ctx.Redirect("/login", iris.StatusTemporaryRedirect)
return
}
if err := json.Unmarshal(user.Token, &DBToken); err != nil {
ctx.Redirect("/login", iris.StatusTemporaryRedirect)
return
}
if DBToken.Token != token {
ctx.Redirect("/login", iris.StatusTemporaryRedirect)
return
}
buff, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
user.Password = string(buff)
dataStore.Save(&user)
ctx.Redirect("/login", iris.StatusTemporaryRedirect)
return
}
func changePwdForm(ctx iris.Context) {
if err := ctx.View("changePwd.html"); err != nil {
ctx.StatusCode(iris.StatusInternalServerError)
ctx.Writef(err.Error())
}
}
func changePwd(ctx iris.Context) {
var user models.User
oldPassword := ctx.PostValueDefault("oldpassword", "")
password := ctx.PostValueDefault("newpassword", "")
if oldPassword == "" || password == "" {
uid, _ := ctx.User().GetID()
if err := dataStore.Where("ID = ?", uid).First(&user).Error; err != nil {
ctx.Redirect("/logout", iris.StatusTemporaryRedirect)
return
}
user.Password = oldPassword
if !auth.Check(user, ctx) {
ctx.Redirect("/logout", iris.StatusTemporaryRedirect)
return
}
buff, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
user.Password = string(buff)
dataStore.Save(&user)
ctx.Redirect("/", iris.StatusTemporaryRedirect)
}
}