cloudkeys-go/login.go

package main

import (
	"crypto/sha1"
	"fmt"
	"net/http"
	"strconv"
	"strings"

	"github.com/flosch/pongo2"
	"github.com/gorilla/mux"
	"github.com/gorilla/sessions"
)

func loginHandler(res http.ResponseWriter, r *http.Request, session *sessions.Session, ctx *pongo2.Context) (*string, error) {
	var (
		username = strings.ToLower(r.FormValue("username"))
		password = fmt.Sprintf("%x", sha1.Sum([]byte(cfg.PasswordSalt+r.FormValue("password"))))
	)

	if !storage.IsPresent(createUserFilename(username)) {
		(*ctx)["error"] = true
		return stringPointer("login.html"), nil
	}

	userFileRaw, err := storage.Read(createUserFilename(username))
	if err != nil {
		fmt.Printf("ERR: Unable to read user file: %s\n", err)
		(*ctx)["error"] = true
		return stringPointer("login.html"), nil
	}

	userFile, _ := readDataObject(userFileRaw)

	if userFile.MetaData.Password != password {
		(*ctx)["error"] = true
		return stringPointer("login.html"), nil
	}

	auth, ok := session.Values["authorizedAccounts"].(authorizedAccounts)
	if !ok {
		auth = authorizedAccounts{}
	}

	for i, v := range auth {
		if v.Name == username {
			http.Redirect(res, r, fmt.Sprintf("u/%d/overview", i), http.StatusFound)
			return nil, nil
		}
	}

	auth = append(auth, authorizedAccount{
		Name:     username,
		UserFile: createUserFilename(username),
	})

	session.Values["authorizedAccounts"] = auth
	if err := session.Save(r, res); err != nil {
		return nil, err
	}

	http.Redirect(res, r, fmt.Sprintf("u/%d/overview", len(auth)-1), http.StatusFound)
	return nil, nil
}

func logoutHandler(res http.ResponseWriter, r *http.Request, session *sessions.Session, ctx *pongo2.Context) (*string, error) {
	session.Values["authorizedAccounts"] = authorizedAccounts{}
	session.Save(r, res)
	http.Redirect(res, r, "overview", http.StatusFound)
	return nil, nil
}

func checkLogin(r *http.Request, session *sessions.Session) (*authorizedAccount, error) {
	vars := mux.Vars(r)
	idx, err := strconv.ParseInt(vars["userIndex"], 10, 64)
	if err != nil {
		return nil, err
	}

	auth, ok := session.Values["authorizedAccounts"].(authorizedAccounts)
	if !ok {
		auth = authorizedAccounts{}
	}

	if len(auth)-1 < int(idx) {
		return nil, nil
	}

	return &auth[idx], nil
}
Initial port from PHP to Go 2015-07-29 07:01:23 +00:00			`package main`

			`import (`
			`"crypto/sha1"`
			`"fmt"`
			`"net/http"`
			`"strconv"`
Fix: Restored old behavior of making all usernames lowercase 2015-07-31 19:02:03 +00:00			`"strings"`
Initial port from PHP to Go 2015-07-29 07:01:23 +00:00
			`"github.com/flosch/pongo2"`
			`"github.com/gorilla/mux"`
			`"github.com/gorilla/sessions"`
			`)`

			`func loginHandler(res http.ResponseWriter, r http.Request, session sessions.Session, ctx pongo2.Context) (string, error) {`
			`var (`
Fix: Restored old behavior of making all usernames lowercase 2015-07-31 19:02:03 +00:00			`username = strings.ToLower(r.FormValue("username"))`
Initial port from PHP to Go 2015-07-29 07:01:23 +00:00			`password = fmt.Sprintf("%x", sha1.Sum([]byte(cfg.PasswordSalt+r.FormValue("password"))))`
			`)`

			`if !storage.IsPresent(createUserFilename(username)) {`
			`(*ctx)["error"] = true`
Fixed linter errors 2015-07-29 07:49:23 +00:00			`return stringPointer("login.html"), nil`
Initial port from PHP to Go 2015-07-29 07:01:23 +00:00			`}`

			`userFileRaw, err := storage.Read(createUserFilename(username))`
			`if err != nil {`
Do not throw error messages at users, let the frontend handle errors fixes #1 2015-07-29 08:10:46 +00:00			`fmt.Printf("ERR: Unable to read user file: %s\n", err)`
			`(*ctx)["error"] = true`
			`return stringPointer("login.html"), nil`
Initial port from PHP to Go 2015-07-29 07:01:23 +00:00			`}`

Do not throw error messages at users, let the frontend handle errors fixes #1 2015-07-29 08:10:46 +00:00			`userFile, _ := readDataObject(userFileRaw)`
Initial port from PHP to Go 2015-07-29 07:01:23 +00:00
			`if userFile.MetaData.Password != password {`
			`(*ctx)["error"] = true`
Fixed linter errors 2015-07-29 07:49:23 +00:00			`return stringPointer("login.html"), nil`
Initial port from PHP to Go 2015-07-29 07:01:23 +00:00			`}`

			`auth, ok := session.Values["authorizedAccounts"].(authorizedAccounts)`
			`if !ok {`
			`auth = authorizedAccounts{}`
			`}`

			`for i, v := range auth {`
			`if v.Name == username {`
			`http.Redirect(res, r, fmt.Sprintf("u/%d/overview", i), http.StatusFound)`
			`return nil, nil`
			`}`
			`}`

			`auth = append(auth, authorizedAccount{`
			`Name: username,`
			`UserFile: createUserFilename(username),`
			`})`

			`session.Values["authorizedAccounts"] = auth`
			`if err := session.Save(r, res); err != nil {`
			`return nil, err`
			`}`

			`http.Redirect(res, r, fmt.Sprintf("u/%d/overview", len(auth)-1), http.StatusFound)`
			`return nil, nil`
			`}`

			`func logoutHandler(res http.ResponseWriter, r http.Request, session sessions.Session, ctx pongo2.Context) (string, error) {`
			`session.Values["authorizedAccounts"] = authorizedAccounts{}`
			`session.Save(r, res)`
			`http.Redirect(res, r, "overview", http.StatusFound)`
			`return nil, nil`
			`}`

			`func checkLogin(r http.Request, session sessions.Session) (*authorizedAccount, error) {`
			`vars := mux.Vars(r)`
			`idx, err := strconv.ParseInt(vars["userIndex"], 10, 64)`
			`if err != nil {`
Do not throw error messages at users, let the frontend handle errors fixes #1 2015-07-29 08:10:46 +00:00			`return nil, err`
Initial port from PHP to Go 2015-07-29 07:01:23 +00:00			`}`

			`auth, ok := session.Values["authorizedAccounts"].(authorizedAccounts)`
			`if !ok {`
			`auth = authorizedAccounts{}`
			`}`

			`if len(auth)-1 < int(idx) {`
			`return nil, nil`
			`}`

			`return &auth[idx], nil`
			`}`