lucifer
/
lucifer
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
The main server, and probably only repository in this org.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29 Commits
3 Branches
1 Tag
3.3 MiB
Tree: 4285ec4d7a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4285ec4d7a'
${ noResults }
lucifer/controllers/user-controller.go

234 lines
6.3 KiB
Raw Normal View History

controllers: Added user controller with two endpoints mostly implemented.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Added session stuff to user controller.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
BridgeController: Added /api/bridge endpoints.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
controllers: Added session stuff to user controller.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Added session stuff to user controller.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
respond, user-controller: Changed responses to have either a data or error property at the root, a la graphql
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
respond, user-controller: Changed responses to have either a data or error property at the root, a la graphql
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
respond, user-controller: Changed responses to have either a data or error property at the root, a la graphql
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
respond, user-controller: Changed responses to have either a data or error property at the root, a la graphql
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
user-controller: Added /api/user/session endpoint
5 years ago
controllers: Fixed /api/user/session not using respond.Data
5 years ago
user-controller: Added /api/user/session endpoint
5 years ago
controllers: Fixed /api/user/session not using respond.Data
5 years ago
user-controller: Added /api/user/session endpoint
5 years ago
controllers: Fixed /api/user/session not using respond.Data
5 years ago
user-controller: Added /api/user/session endpoint
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
controllers: Added session stuff to user controller.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
lucifer-server, controllers, sqlite, models: Added read only API for groups and stuff.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Added session stuff to user controller.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
respond, user-controller: Changed responses to have either a data or error property at the root, a la graphql
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
respond, user-controller: Changed responses to have either a data or error property at the root, a la graphql
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
respond, user-controller: Changed responses to have either a data or error property at the root, a la graphql
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
controllers: Refactored UserController.MOunt to use HandleFunc.
5 years ago
user-controller: Added /api/user/session endpoint
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Refactored UserController.MOunt to use HandleFunc.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
user-controller, sqlute, middlewares, models: Register, login and logout works now.
5 years ago
controllers: Added user controller with two endpoints mostly implemented.
5 years ago
  1. package controllers
  3. import (
  4. "encoding/json"
  5. "log"
  6. "net/http"
  7. "strconv"
  8. "time"
  10. "git.aiterp.net/lucifer/lucifer/internal/respond"
  11. "git.aiterp.net/lucifer/lucifer/models"
  12. "github.com/gorilla/mux"
  13. )
  15. // The UserController is a controller for all users.
  16. type UserController struct {
  17. users models.UserRepository
  18. sessions models.SessionRepository
  19. }
  21. // getUsers (`GET /`): List users
  22. func (c *UserController) getUsers(w http.ResponseWriter, r *http.Request) {
  23. if session := models.SessionFromContext(r.Context()); session == nil {
  24. respond.Error(w, http.StatusForbidden, "permission_denied", "You must log in")
  25. return
  26. }
  28. // TODO: Only admin should be allowed to do this?
  30. users, err := c.users.List(r.Context())
  31. if err != nil {
  32. respond.Error(w, 500, "db_error", err.Error())
  33. return
  34. }
  36. respond.Data(w, users)
  37. }
  39. // getUser (`GET /:id`): Get user by id
  40. func (c *UserController) getUser(w http.ResponseWriter, r *http.Request) {
  41. session := models.SessionFromContext(r.Context())
  42. if session == nil {
  43. respond.Error(w, http.StatusForbidden, "permission_denied", "You must log in")
  44. return
  45. }
  47. // TODO: Only admin should be allowed to do this?
  49. var user models.User
  51. id, err := strconv.Atoi(mux.Vars(r)["id"])
  52. if err == nil {
  53. user, err = c.users.FindByID(r.Context(), id)
  54. if err != nil {
  55. respond.Error(w, 404, "not_found", err.Error())
  56. return
  57. }
  58. } else {
  59. user, err = c.users.FindByName(r.Context(), mux.Vars(r)["id"])
  60. if err != nil {
  61. respond.Error(w, 404, "not_found", err.Error())
  62. return
  63. }
  64. }
  66. respond.Data(w, user)
  67. }
  69. func (c *UserController) session(w http.ResponseWriter, r *http.Request) {
  70. type response struct {
  71. LoggedIn bool `json:"loggedIn"`
  72. User *models.User `json:"user"`
  73. }
  75. session := models.SessionFromContext(r.Context())
  76. if session == nil {
  77. respond.Data(w, response{})
  78. return
  79. }
  81. user, err := c.users.FindByID(r.Context(), session.UserID)
  82. if err != nil {
  83. respond.Data(w, response{})
  84. return
  85. }
  87. respond.Data(w, response{
  88. LoggedIn: true,
  89. User: &user,
  90. })
  91. }
  93. // login (`POST /login`): Log in as user
  94. func (c *UserController) login(w http.ResponseWriter, r *http.Request) {
  95. loginData := struct {
  96. Username string `json:"username"`
  97. Password string `json:"password"`
  98. }{}
  100. err := json.NewDecoder(r.Body).Decode(&loginData)
  101. if err != nil {
  102. respond.Error(w, 400, "invalid_json", "Input is not valid JSON.")
  103. return
  104. }
  106. user, err := c.users.FindByName(r.Context(), loginData.Username)
  107. if err != nil {
  108. respond.Error(w, http.StatusUnauthorized, "login_failed", "Login failed.")
  109. return
  110. }
  112. if err := user.CheckPassword(loginData.Password); err != nil {
  113. respond.Error(w, http.StatusUnauthorized, "login_failed", "Login failed.")
  114. return
  115. }
  117. session := models.Session{
  118. Expires: time.Now().Add(7 * 24 * time.Hour),
  119. UserID: user.ID,
  120. }
  121. session.GenerateID()
  123. if err := c.sessions.Insert(r.Context(), session); err != nil {
  124. log.Printf("Session create for user %s (%d) failed: %s", user.Name, user.ID, err)
  125. respond.Error(w, http.StatusInternalServerError, "internal_error", "Failed to open session.")
  126. return
  127. }
  129. http.SetCookie(w, session.Cookie())
  131. log.Printf("User %s logged in", user.Name)
  133. respond.Data(w, user)
  134. }
  136. func (c *UserController) register(w http.ResponseWriter, r *http.Request) {
  137. registerData := struct {
  138. Username string `json:"username"`
  139. Password string `json:"password"`
  140. }{}
  142. if err := json.NewDecoder(r.Body).Decode(&registerData); err != nil {
  143. respond.Error(w, http.StatusBadRequest, "invalid_json", "Input is not valid JSON.")
  144. return
  145. }
  147. if len(registerData.Username) < 1 {
  148. respond.Error(w, http.StatusBadRequest, "invalid_username", "The username cannot be empty.")
  149. return
  150. }
  151. if _, err := strconv.Atoi(registerData.Username); err == nil {
  152. respond.Error(w, http.StatusBadRequest, "invalid_username", "The username cannot start with a number.")
  153. return
  154. }
  156. user := models.User{Name: registerData.Username}
  158. if err := user.SetPassword(registerData.Password); err != nil {
  159. respond.Error(w, http.StatusBadRequest, "invalid_password", "The password is not valid: "+err.Error())
  160. return
  161. }
  163. user, err := c.users.Insert(r.Context(), user)
  164. if err != nil {
  165. respond.Error(w, http.StatusBadRequest, "invalid_password", "The password is not valid: "+err.Error())
  166. return
  167. }
  169. log.Printf("User %s registered", user.Name)
  171. respond.Data(w, user)
  172. }
  174. // login (`POST /logout`): Log in as user
  175. func (c *UserController) logout(w http.ResponseWriter, r *http.Request) {
  176. logoutData := struct {
  177. ClearAll bool `json:"clearAll"`
  178. }{}
  180. session := models.SessionFromContext(r.Context())
  181. if session == nil {
  182. respond.Error(w, http.StatusUnauthorized, "permission_denied", "You are not logged in (that's what you wanted anyway, wasn't it?)")
  183. return
  184. }
  186. json.NewDecoder(r.Body).Decode(&logoutData)
  188. user, err := c.users.FindByID(r.Context(), session.UserID)
  189. if err != nil {
  190. respond.Error(w, http.StatusNotFound, "not_found", "You user was not found")
  191. return
  192. }
  194. if logoutData.ClearAll {
  195. err := c.sessions.Clear(r.Context(), user)
  196. if err != nil {
  197. log.Printf("Session clear for user %s (%d) failed: %s", user.Name, user.ID, err)
  198. respond.Error(w, http.StatusInternalServerError, "clear_failed", "Sesison clear failed")
  199. return
  200. }
  201. } else {
  202. err := c.sessions.Remove(r.Context(), *session)
  203. if err != nil {
  204. log.Printf("Session remove for user %s (%d) with id %s failed: %s", user.Name, user.ID, session.ID, err)
  205. respond.Error(w, http.StatusInternalServerError, "remove_failed", "Session remove failed")
  206. return
  207. }
  208. }
  210. cookie := session.Cookie()
  211. cookie.Expires = time.Unix(0, 0)
  212. http.SetCookie(w, cookie)
  214. log.Printf("User %s logged out (clearAll: %t)", user.Name, logoutData.ClearAll)
  216. respond.Data(w, logoutData)
  217. }
  219. // Mount mounts the controller
  220. func (c *UserController) Mount(router *mux.Router, prefix string) {
  221. sub := router.PathPrefix(prefix).Subrouter()
  223. sub.HandleFunc("/", c.getUsers).Methods("GET")
  224. sub.HandleFunc("/session", c.session).Methods("GET")
  225. sub.HandleFunc("/{id}", c.getUser).Methods("GET")
  226. sub.HandleFunc("/login", c.login).Methods("POST")
  227. sub.HandleFunc("/logout", c.logout).Methods("POST")
  228. sub.HandleFunc("/register", c.register).Methods("POST")
  229. }
  231. // NewUserController creates a new UserController.
  232. func NewUserController(users models.UserRepository, sessions models.SessionRepository) *UserController {
  233. return &UserController{users: users, sessions: sessions}
  234. }