-
Notifications
You must be signed in to change notification settings - Fork 61
/
user.go
150 lines (131 loc) · 3.37 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
package handler
import (
"fmt"
// "io/ioutil"
"net/http"
"time"
dblayer "filestore-server/db"
"filestore-server/util"
)
const (
// 用于加密的盐值(自定义)
pwdSalt = "*#890"
)
// SignupHandler : 处理用户注册请求
func SignupHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
// data, err := ioutil.ReadFile("./static/view/signup.html")
// if err != nil {
// w.WriteHeader(http.StatusInternalServerError)
// return
// }
// w.Write(data)
http.Redirect(w, r, "/static/view/signup.html", http.StatusFound)
return
}
r.ParseForm()
username := r.Form.Get("username")
passwd := r.Form.Get("password")
if len(username) < 3 || len(passwd) < 5 {
w.Write([]byte("Invalid parameter"))
return
}
// 对密码进行加盐及取Sha1值加密
encPasswd := util.Sha1([]byte(passwd + pwdSalt))
// 将用户信息注册到用户表中
suc := dblayer.UserSignup(username, encPasswd)
if suc {
w.Write([]byte("SUCCESS"))
} else {
w.Write([]byte("FAILED"))
}
}
// SignInHandler : 登录接口
func SignInHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
// data, err := ioutil.ReadFile("./static/view/signin.html")
// if err != nil {
// w.WriteHeader(http.StatusInternalServerError)
// return
// }
// w.Write(data)
http.Redirect(w, r, "/static/view/signin.html", http.StatusFound)
return
}
r.ParseForm()
username := r.Form.Get("username")
password := r.Form.Get("password")
encPasswd := util.Sha1([]byte(password + pwdSalt))
// 1. 校验用户名及密码
pwdChecked := dblayer.UserSignin(username, encPasswd)
if !pwdChecked {
w.Write([]byte("FAILED"))
return
}
// 2. 生成访问凭证(token)
token := GenToken(username)
upRes := dblayer.UpdateToken(username, token)
if !upRes {
w.Write([]byte("FAILED"))
return
}
// 3. 登录成功后重定向到首页
//w.Write([]byte("http://" + r.Host + "/static/view/home.html"))
resp := util.RespMsg{
Code: 0,
Msg: "OK",
Data: struct {
Location string
Username string
Token string
}{
Location: "http://" + r.Host + "/static/view/home.html",
Username: username,
Token: token,
},
}
w.Write(resp.JSONBytes())
}
// UserInfoHandler : 查询用户信息
func UserInfoHandler(w http.ResponseWriter, r *http.Request) {
// 1. 解析请求参数
r.ParseForm()
username := r.Form.Get("username")
// token := r.Form.Get("token")
// // 2. 验证token是否有效
// isValidToken := IsTokenValid(token)
// if !isValidToken {
// w.WriteHeader(http.StatusForbidden)
// return
// }
// 3. 查询用户信息
user, err := dblayer.GetUserInfo(username)
if err != nil {
w.WriteHeader(http.StatusForbidden)
return
}
// 4. 组装并且响应用户数据
resp := util.RespMsg{
Code: 0,
Msg: "OK",
Data: user,
}
w.Write(resp.JSONBytes())
}
// GenToken : 生成token
func GenToken(username string) string {
// 40位字符:md5(username+timestamp+token_salt)+timestamp[:8]
ts := fmt.Sprintf("%x", time.Now().Unix())
tokenPrefix := util.MD5([]byte(username + ts + "_tokensalt"))
return tokenPrefix + ts[:8]
}
// IsTokenValid : token是否有效
func IsTokenValid(token string) bool {
if len(token) != 40 {
return false
}
// TODO: 判断token的时效性,是否过期
// TODO: 从数据库表tbl_user_token查询username对应的token信息
// TODO: 对比两个token是否一致
return true
}