|
|
@@ -7,7 +7,7 @@ import (
|
|
|
"strconv"
|
|
|
"git.mmnx.de/Moe/databaseutils"
|
|
|
"git.mmnx.de/Moe/configutils"
|
|
|
- "git.mmnx.de/Moe/templatehelpers"
|
|
|
+ "git.mmnx.de/Moe/errorhelpers"
|
|
|
"github.com/dgrijalva/jwt-go"
|
|
|
"github.com/kataras/iris"
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
@@ -18,19 +18,6 @@ var (
|
|
|
Users *[]User // stores all currently logged in users
|
|
|
)
|
|
|
|
|
|
-const ( // Error constants
|
|
|
- ERR_USER_NOT_FOUND = "ERR_USER_NOT_FOUND"
|
|
|
- ERR_PASSWORD_MISMATCH = "ERR_PASSWORD_MISMATCH"
|
|
|
- ERR_SESSION_TIMED_OUT = "ERR_SESSION_TIMED_OUT"
|
|
|
- ERR_INVALID_TOKEN = "ERR_INVALID_TOKEN"
|
|
|
- ERR_USERNAME_TAKEN = "ERR_USERNAME_TAKEN"
|
|
|
- ERR_INVALID_PARAM = "ERR_INVALID_PARAM"
|
|
|
- ERR_NO_CHANGES = "ERR_NO_CHANGES"
|
|
|
- SUCCESS_LOGIN = "SUCCESS_LOGIN"
|
|
|
- SUCCESS_UPDATE = "SUCCESS_UPDATE"
|
|
|
- SUCCESS_TOKENS_GENERATED = "SUCCESS_TOKENS_GENERATED"
|
|
|
-)
|
|
|
-
|
|
|
type User struct { // User
|
|
|
ID string
|
|
|
Username string
|
|
|
@@ -39,39 +26,13 @@ type User struct { // User
|
|
|
TokenUsed string
|
|
|
}
|
|
|
|
|
|
-type PageParams struct{
|
|
|
- NotificationType string
|
|
|
- Notification string
|
|
|
- ReqDir string
|
|
|
- Admin string
|
|
|
- }
|
|
|
-
|
|
|
-type PageUserParams struct{
|
|
|
- NotificationType string
|
|
|
- Notification string
|
|
|
- ReqDir string
|
|
|
- Username string
|
|
|
- Admin string
|
|
|
- Custom []string
|
|
|
- }
|
|
|
-
|
|
|
-type PageUserParamsMessage struct{
|
|
|
- NotificationType string
|
|
|
- Notification string
|
|
|
- ReqDir string
|
|
|
- Username string
|
|
|
- Email string
|
|
|
- Admin string
|
|
|
- Message string
|
|
|
- }
|
|
|
-
|
|
|
func (user *User) Login(username string, password string) (string, error) {
|
|
|
hmacSampleSecret := []byte(configutils.Conf.CryptoKey) // crypto key for JWT encryption
|
|
|
row, err := databaseutils.DBUtil.GetRow("*", "users", "username", username) // get user from db
|
|
|
|
|
|
if err != nil {
|
|
|
if err.Error() == databaseutils.ERR_EMPTY_RESULT { // empty result -> user not found
|
|
|
- return "", errors.New(ERR_USER_NOT_FOUND)
|
|
|
+ return "", errors.New(errorhelpers.ERR_USER_NOT_FOUND)
|
|
|
} else {
|
|
|
return "", errors.New("Unknown error")
|
|
|
}
|
|
|
@@ -106,7 +67,7 @@ func (user *User) Login(username string, password string) (string, error) {
|
|
|
|
|
|
return tokenString, nil // return tokenString (Cookie)
|
|
|
} else {
|
|
|
- return "", errors.New(ERR_PASSWORD_MISMATCH) // wrong password
|
|
|
+ return "", errors.New(errorhelpers.ERR_PASSWORD_MISMATCH) // wrong password
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -127,14 +88,13 @@ func LogoutHandler(ctx *iris.Context) {
|
|
|
userID := ctx.GetString("userID")
|
|
|
|
|
|
user, err := GetUserFromDB(userID)
|
|
|
- if err != nil {
|
|
|
- templatehelpers.ShowError([]string{err.Error()}, ctx)
|
|
|
- return
|
|
|
- }
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
|
|
|
user.Logout(userID);
|
|
|
ctx.SetCookieKV("token", "")
|
|
|
- templatehelpers.ShowNotification([]string{"Successfully logged out", "login"}, ctx)
|
|
|
+
|
|
|
+ err = errors.New(errorhelpers.SUCCESS_LOGOUT)
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
}
|
|
|
|
|
|
func (user *User) Update() error {
|
|
|
@@ -171,7 +131,7 @@ func SearchUserByUsername(username string) int {
|
|
|
|
|
|
func VerifyUserLoggedIn(tokenString string) (bool, string, error) { // TODO renew JWT from time to time preventing expiry
|
|
|
if tokenString == "" { // if no tokenString("Cookie") exists fail
|
|
|
- return false, "-1", errors.New(ERR_INVALID_TOKEN)
|
|
|
+ return false, "-1", errors.New(errorhelpers.ERR_INVALID_TOKEN)
|
|
|
}
|
|
|
|
|
|
hmacSampleSecret := []byte(configutils.Conf.CryptoKey) // crypto key for JWT encryption
|
|
|
@@ -189,13 +149,13 @@ func VerifyUserLoggedIn(tokenString string) (bool, string, error) { // TODO rene
|
|
|
if sliceID != -1 { // searchUser returns -1 if there's no such user
|
|
|
return true, userID, nil // logged in, TODO: "0" template comparision dynamic
|
|
|
} else {
|
|
|
- return false, "-1", errors.New(ERR_SESSION_TIMED_OUT) // Session probably expired - may also be faked? TODO more checks?
|
|
|
+ return false, "-1", errors.New(errorhelpers.ERR_SESSION_TIMED_OUT) // Session probably expired - may also be faked? TODO more checks?
|
|
|
}
|
|
|
} else {
|
|
|
return false, "-1", errors.New("Unknown error") // This should never happen, prolly can't convert something in claims then..
|
|
|
}
|
|
|
} else {
|
|
|
- return false, "-1", errors.New(ERR_INVALID_TOKEN) // Token is invalid, expired or whatever, TODO switch with ERR_SESSION_TIMED_OUT when database based session system
|
|
|
+ return false, "-1", errors.New(errorhelpers.ERR_INVALID_TOKEN) // Token is invalid, expired or whatever, TODO switch with ERR_SESSION_TIMED_OUT when database based session system
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -203,19 +163,17 @@ func AuthHandler(ctx *iris.Context) {
|
|
|
tokenString := ctx.GetCookie("token")
|
|
|
isAuthed, userID, err := VerifyUserLoggedIn(tokenString)
|
|
|
|
|
|
- if err != nil {
|
|
|
- // fmt.Println("Auth error: ", err.Error())
|
|
|
- }
|
|
|
-
|
|
|
if isAuthed {
|
|
|
ctx.Set("userID", userID) // save userID for in-context use
|
|
|
- ctx.Next() // successfully authed, next handler
|
|
|
- } else {
|
|
|
- if err := ctx.Render("login_box.html", PageUserParams{"1", err.Error(), "login", "", "0", []string{}}); err != nil {
|
|
|
- //println(err.Error()) // TODO log this somewhere
|
|
|
- } // failed to auth
|
|
|
+ userArrayID := SearchUser(userID)
|
|
|
|
|
|
+ params := ctx.Get("params").(map[string]string)
|
|
|
+ params["username"] = (*Users)[userArrayID].Username
|
|
|
+ params["admin"] = (*Users)[userArrayID].Admin // TODO rename to isAdmin ?
|
|
|
+ ctx.Set("params", params)
|
|
|
}
|
|
|
+
|
|
|
+ errorhelpers.HandleError(err, ctx) // if error, show error, otherwise next middleware
|
|
|
}
|
|
|
|
|
|
func CanBeAuthedHandler(ctx *iris.Context) {
|
|
|
@@ -226,7 +184,7 @@ func CanBeAuthedHandler(ctx *iris.Context) {
|
|
|
ctx.Set("userID", userID) // save userID for in-context use
|
|
|
} else if err != nil {
|
|
|
if !((err.Error() != "ERR_SESSION_TIMED_OUT") || (err.Error() != "ERR_INVALID_TOKEN")) { // ignore ERR_SESSION_TIMED_OUT and ERR_INVALID_TOKEN
|
|
|
- templatehelpers.ShowError([]string{err.Error()}, ctx)
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
@@ -288,6 +246,17 @@ func GetTokens(used bool) []string {
|
|
|
return tokens
|
|
|
}
|
|
|
|
|
|
+func GetTokensAsString(used bool) string {
|
|
|
+ tokens := GetTokens(used)
|
|
|
+ ret := ""
|
|
|
+
|
|
|
+ for i := range tokens {
|
|
|
+ ret += fmt.Sprintf("%s\n", tokens[i])
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret
|
|
|
+}
|
|
|
+
|
|
|
func GetUser(userID string) (User, error) {
|
|
|
usersArrayID := SearchUser(userID)
|
|
|
|
|
|
@@ -366,15 +335,15 @@ func VerifyUserUpdate(username string, password string, userID string) error {
|
|
|
}
|
|
|
|
|
|
if SearchUserByUsernameInDB(username) != -1 && username != tmpUser.Username { // username can't be changed as there already exists a user with that name or it's the old name
|
|
|
- return errors.New(ERR_USERNAME_TAKEN)
|
|
|
+ return errors.New(errorhelpers.ERR_USERNAME_TAKEN)
|
|
|
}
|
|
|
|
|
|
if username == "" { // if not left empty change
|
|
|
- return errors.New(ERR_INVALID_PARAM)
|
|
|
+ return errors.New(errorhelpers.ERR_INVALID_PARAM)
|
|
|
}
|
|
|
|
|
|
if password == "" { // if not left empty we change it
|
|
|
- return errors.New(ERR_INVALID_PARAM)
|
|
|
+ return errors.New(errorhelpers.ERR_INVALID_PARAM)
|
|
|
}
|
|
|
|
|
|
return nil
|
|
|
@@ -442,14 +411,15 @@ func RegisterHandler(ctx *iris.Context) {
|
|
|
usedToken := IsTokenUsed(usedTokens, token) // check if token is used
|
|
|
|
|
|
if !unusedToken && !usedToken { // token doesnt exist
|
|
|
- templatehelpers.ShowError([]string{ERR_INVALID_TOKEN}, ctx)
|
|
|
+ err := errors.New(errorhelpers.ERR_INVALID_TOKEN) // TODO rename this to differ from cookie-token?
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
tokenUserID, err := SearchUserByTokenInDB(token)
|
|
|
if err != nil { // id of user, we're going to change if exists
|
|
|
if err.Error() != "ERR_EMPTY_RESULT" { // if no user found for that token let them register
|
|
|
- templatehelpers.ShowError([]string{err.Error()}, ctx)
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
@@ -462,26 +432,29 @@ func RegisterHandler(ctx *iris.Context) {
|
|
|
|
|
|
err := RegisterUserWithToken(username, string(passwordBin), token) // register user
|
|
|
if err != nil {
|
|
|
- templatehelpers.ShowError([]string{err.Error()}, ctx)
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
tokenString, err := user.Login(username, password) // try to login
|
|
|
|
|
|
if err != nil {
|
|
|
- templatehelpers.ShowError([]string{err.Error()}, ctx)
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
} else {
|
|
|
ctx.SetCookieKV("token", tokenString) // set tokenString as cookie
|
|
|
- templatehelpers.ShowNotification([]string{"registration successfull", "home"}, ctx)
|
|
|
+
|
|
|
+ err = errors.New(errorhelpers.SUCCESS_REGISTER)
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
}
|
|
|
|
|
|
} else { // used token -> update
|
|
|
if err := UserUpdateProcessor(username, password, tokenUserIDStr); err != nil { // simply try to update
|
|
|
- templatehelpers.ShowError([]string{err.Error()}, ctx)
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
return
|
|
|
} else {
|
|
|
user.Logout(tokenUserIDStr) // log user out from system
|
|
|
- templatehelpers.ShowNotification([]string{"reset successfull", "login"}, ctx)
|
|
|
+ err = errors.New(errorhelpers.SUCCESS_UPDATE)
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
}
|
|
|
}
|
|
|
}
|
