-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.go
99 lines (85 loc) · 1.96 KB
/
login.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package main
import (
"github.com/gin-gonic/gin"
//"gopkg.in/mgo.v2"
//"gopkg.in/mgo.v2/bson"
"golang.org/x/crypto/bcrypt"
)
/*
Handler for /
*/
func login_get(c *gin.Context) {
session_t := get_session(c)
if session_t == nil {
return
}
session := get_session(c).Get("user")
uid := session.GetString("uid", "none")
c.HTML(200, "login.html", gin.H{
"title": uid,
})
}
/*
Post handler for /login
*/
func login_post(c *gin.Context) {
//Validate the user hasnt tried to login more than the set number of times
//TODO: this is a crude way to do it. Need to find a better way
session_t := get_session(c)
if session_t != nil {
session := session_t.Get("user")
attemts := session.GetInt("attemts", 0)
if attemts > MAX_LOGIN_ATTEMPTS {
c.String(500, "stop hacking")
return
}else {
//Increase attempt counter
session.Set("attemts", attemts + 1)
}
}
con := dial_db(c)
//Load needed db
db := con.DB("user").C("users")
pw_db := con.DB("pass").C("pass")
login := Login{}
c.Bind(&login)
//Get User
user := User{}.getByEmail(login.Email, db)
if user == nil {
abort_login(c)
return
}
//Get Password
hash := Pass{}.getById(user.Id, pw_db)
if hash == nil {
abort_login(c)
return
}
if hash.password_valid(c, login.Pass){
set_login_user(c, user)
c.JSON(200, gin.H{"Hi " : user.Name.Nickname,})
return
}
abort_login(c)
}
func abort_login(c *gin.Context) {
c.JSON(401, gin.H{"stat": "Incorect Username or password",})
c.Next()
}
func set_login_user(c *gin.Context, user *User){
session_t := get_session(c)
if session_t == nil {
abort_login(c)
return
}
session := session_t.Get("user")
session.Set("uid", user.Id.Hex())
session.Set("login", 1)
}
func (p Pass) password_valid(c *gin.Context, pass string) bool{
pass_valid := bcrypt.CompareHashAndPassword(p.Hash, []byte(pass))
if pass_valid == nil {
return true
}
return false
}