/
signin.go
79 lines (65 loc) · 2.12 KB
/
signin.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package control
import (
"net/http"
"gopkg.in/mgo.v2/bson"
config "github.com/ClimbingMoon/camm/config"
m "github.com/ClimbingMoon/camm/model"
util "github.com/ClimbingMoon/camm/util"
session "github.com/carynova/echo-session"
"github.com/labstack/echo"
log "github.com/sirupsen/logrus"
)
// Signin 用户登录
func Signin(c echo.Context) error {
session := session.Default(c)
if config.ConfigSource.Debug {
log.SetLevel(log.DebugLevel)
}
sessionUserID := session.Get("id")
if sessionUserID != nil {
log.WithField("session_user_id", sessionUserID).Debug("id in session")
sessionUser := m.User{ID: bson.ObjectIdHex(sessionUserID.(string))}
if alreadyUser, err := (sessionUser.GetOneByID()); err == nil {
log.WithField("id", alreadyUser.ID).Debug("user already logged in")
return c.String(http.StatusOK, "user already logged in")
}
}
loginUser := new(m.User)
if err := c.Bind(loginUser); err != nil {
return err
}
log.WithFields(log.Fields{
"username": loginUser.Username,
"password": loginUser.Password,
}).Debug("User Login")
// 用户名检查
if !util.JudgeUsername(loginUser.Username) {
return c.String(http.StatusOK, "username check failed!")
}
// 密码检查
if !util.JudgePassword(loginUser.Password) {
return c.String(http.StatusOK, "email check failed!")
}
// 检查用户是否存在
var targetUser m.User
var err error
if targetUser, err = loginUser.GetOneByUsername(); err != nil {
log.WithField("username", loginUser.Username).Error("user " + err.Error())
return c.String(http.StatusOK, "user "+err.Error())
}
log.WithFields(log.Fields{
"id": targetUser.ID,
"username": targetUser.Username,
}).Debug("finding user")
// 密码计算摘要 MD5+salt
inputPassword := util.DigestMD5(loginUser.Password + config.ConfigSource.Salt)
// 检查密码是否正确
if targetUser.Password != inputPassword {
return c.String(http.StatusOK, "wrong password")
}
// 密码正确 存储登录用户id
// TODO 删除已有session 这需要 token持久机制 或 对redis的操作
session.Set("id", targetUser.ID.Hex())
session.Save()
return c.String(http.StatusOK, "Signin OK!")
}