/
token.go
67 lines (59 loc) · 1.9 KB
/
token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package model
import (
"fmt"
"time"
"github.com/dinever/golf"
"github.com/dingoblog/dingo/app/utils"
"github.com/russross/meddler"
)
const stmtSave = `INSERT OR REPLACE INTO tokens (id,value, user_id, created_at, expired_at) VALUES (?,?, ?, ?, ?)`
const stmtGetTokenByValue = `SELECT * FROM tokens WHERE value = ?`
// A Token is used to associate a user with a session.
type Token struct {
Id int64 `meddler:"id,pk"`
Value string `meddler:"value"`
UserId int64 `meddler:"user_id"`
CreatedAt *time.Time `meddler:"created_at"`
ExpiredAt *time.Time `meddler:"expired_at"`
}
// NewToken creates a new token from the given user. Expire is the amount of
// time in seconds until expiry.
func NewToken(u *User, ctx *golf.Context, expire int64) *Token {
t := new(Token)
t.UserId = u.Id
t.CreatedAt = utils.Now()
expiredAt := t.CreatedAt.Add(time.Duration(expire) * time.Second)
t.ExpiredAt = &expiredAt
t.Value = utils.Sha1(fmt.Sprintf("%s-%s-%d-%d", ctx.ClientIP(), ctx.Request.UserAgent(), t.CreatedAt.Unix(), t.UserId))
return t
}
// Save saves a token in the DB.
func (t *Token) Save() error {
// NOTE: since medder.Save doesn't support UNIQUE field, it is different from INSERT OR REPLACE...
// err := meddler.Save(db, "tokens", t) doens't work...
writeDB, err := db.Begin()
if err != nil {
writeDB.Rollback()
return err
}
_, err = writeDB.Exec(stmtSave, t.Id, t.Value, t.UserId, t.CreatedAt, t.ExpiredAt)
if err != nil {
writeDB.Rollback()
return err
}
return writeDB.Commit()
}
// GetTokenByValue gets a token from the DB based on it's value.
func (t *Token) GetTokenByValue() error {
err := meddler.QueryRow(db, t, stmtGetTokenByValue, t.Value)
return err
}
// IsValid checks whether or not the token is valid.
func (t *Token) IsValid() bool {
u := &User{Id: t.UserId}
err := u.GetUserById()
if err != nil {
return false
}
return t.ExpiredAt.After(*utils.Now())
}