This repository has been archived by the owner on Jun 4, 2022. It is now read-only.
/
sessions.go
70 lines (66 loc) · 2.86 KB
/
sessions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package routes
import (
"encoding/json"
"fmt"
"net/http"
"github.com/MikMuellerDev/smarthome/core/event"
"github.com/MikMuellerDev/smarthome/core/user"
"github.com/MikMuellerDev/smarthome/server/api"
"github.com/MikMuellerDev/smarthome/server/middleware"
)
// Accepts a json request like `"username": "user", "password":"password"`
// If the credentials are valid, a new session is created and the user is saved, otherwise a 401 is returned
func loginPostHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var loginRequest LoginRequest
decoder := json.NewDecoder(r.Body)
decoder.DisallowUnknownFields()
err := decoder.Decode(&loginRequest)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
api.Res(w, api.Response{Success: false, Message: "login failed", Error: "malformed request"})
return
}
loginValid, err := user.ValidateCredentials(loginRequest.Username, loginRequest.Password)
if err != nil {
log.Error("User failed to login: database failure.")
w.WriteHeader(http.StatusServiceUnavailable)
api.Res(w, api.Response{Success: false, Message: "login failed", Error: "could not validate login: internal error: database failure"})
return
}
if loginValid {
session, _ := middleware.Store.Get(r, "session")
session.Values["valid"] = true
session.Values["username"] = loginRequest.Username
if err := session.Save(r, w); err != nil {
log.Error("Failed to save session: ", err.Error())
w.WriteHeader(http.StatusInternalServerError)
api.Res(w, api.Response{Success: false, Message: "failed to authenticate", Error: "could not save session after successful authentication"})
}
w.WriteHeader(http.StatusNoContent)
log.Debug(fmt.Sprintf("User %s logged in successfully", loginRequest.Username))
go event.Info("Successful login", fmt.Sprintf("%s logged in", loginRequest.Username))
return
}
log.Debug("Login failed: invalid credentials")
w.WriteHeader(http.StatusUnauthorized)
api.Res(w, api.Response{Success: false, Message: "login failed", Error: "invalid credentials"})
go event.Warn("Failed Login", fmt.Sprintf("Someone is tying to login to the account of %s", loginRequest.Username))
}
// invalidates the user session and then redirects back to the login page
func logoutGetHandler(w http.ResponseWriter, r *http.Request) {
session, err := middleware.Store.Get(r, "session")
if err != nil {
// No user is logged in
http.Redirect(w, r, "/login", http.StatusFound)
}
session.Values["valid"] = false
session.Values["username"] = ""
if err := session.Save(r, w); err != nil {
log.Error("Failed to save session: ", err.Error())
w.WriteHeader(http.StatusInternalServerError)
api.Res(w, api.Response{Success: false, Message: "failed to authenticate", Error: "could not save session after successful authentication"})
}
log.Trace("A user logged out")
http.Redirect(w, r, "/login", http.StatusFound)
}