api/views_users.go at master · nsogame/api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
package api

import (
	"crypto/md5"
	"fmt"
	"io"
	"net/http"
	"strings"

	"github.com/dchest/captcha"
	"github.com/labstack/echo"
	"github.com/labstack/echo-contrib/session"
	"github.com/nsogame/common/models"
	"golang.org/x/crypto/bcrypt"
)

type UserInfo struct {
	ID           uint   `json:"id"`
	Username     string `json:"username"`
	UsernameCase string `json:"usernameCase"`
}

func GetUserInfo(user *models.User) UserInfo {
	return UserInfo{
		ID:           user.ID,
		Username:     user.Username,
		UsernameCase: user.UsernameCase,
	}
}

type LoginInfo struct {
	Identifier string `json:"identifier" validate:"required"`
	Password   string `json:"password" validate:"required"`
}

func (api *APIServer) PostLogin(c echo.Context) (err error) {
	// get the session
	sess, err := session.Get("session", c)
	if err != nil {
		return
	}

	// validate form info
	info := new(LoginInfo)
	if err = c.Bind(info); err != nil {
		return
	}
	if err = c.Validate(info); err != nil {
		return
	}

	identifier := strings.ToLower(info.Identifier)
	password := []byte(info.Password)

	// get the user if exists
	var user models.User
	api.db.Where("username = ?", identifier).Or("email = ?", identifier).First(&user)

	// check the password
	if err = bcrypt.CompareHashAndPassword([]byte(user.Password), password); err != nil {
		return echo.NewHTTPError(http.StatusForbidden, "Incorrect credentials.")
	}

	// now put it in the session!
	sess.Values["user_id"] = user.ID
	sess.Save(c.Request(), c.Response())

	return c.JSON(http.StatusOK, GetUserInfo(&user))
}

type RegisterInfo struct {
	Email    string `json:"email" validate:"required,email"`
	Username string `json:"username" validate:"required,min=4"`
	Password string `json:"password" validate:"required,min=6"`
	Captcha  string `json:"captcha" validate:"required"`
}

func (api *APIServer) PostRegister(c echo.Context) (err error) {
	// get the session
	sess, err := session.Get("session", c)
	if err != nil {
		return
	}

	// validate form info
	info := new(RegisterInfo)
	if err = c.Bind(info); err != nil {
		return
	}
	if err = c.Validate(info); err != nil {
		return
	}

	// validate the captcha
	captchaId, ok := sess.Values["captcha"]
	if !ok || !captcha.VerifyString(captchaId.(string), info.Captcha) {
		return echo.NewHTTPError(http.StatusUnauthorized, "Invalid captcha")
	}

	email := strings.ToLower(info.Email)
	usernameCase := info.Username
	username := strings.ToLower(info.Username)
	password := []byte(info.Password)

	// does the user already exist?
	var count uint
	api.db.Where("username = ?", username).Or("email = ?", email).Find(&models.User{}).Count(&count)
	if count > 0 {
		return echo.NewHTTPError(http.StatusConflict, "A user with this username or email exists already.")
	}

	hash, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
	if err != nil {
		return
	}

	// god damn it osu
	osuDumbHash := fmt.Sprintf("%x", md5.Sum(password))
	osuHash, err := bcrypt.GenerateFromPassword([]byte(osuDumbHash), bcrypt.DefaultCost)
	if err != nil {
		return
	}

	user := models.User{
		Email:        email,
		UsernameCase: usernameCase,
		Username:     username,
		Password:     string(hash),
		OsuPassword:  string(osuHash),
	}
	api.db.Create(&user)

	return c.JSON(http.StatusOK, GetUserInfo(&user))
}

func (api *APIServer) GetRegisterCaptcha(c echo.Context) (err error) {
	// get the session
	sess, err := session.Get("session", c)
	if err != nil {
		return
	}

	// generate captcha
	id := captcha.New()
	sess.Values["captcha"] = id
	sess.Save(c.Request(), c.Response())

	// return image
	r, w := io.Pipe()
	go func() {
		captcha.WriteImage(w, id, captcha.StdWidth, captcha.StdHeight)
		w.Close()
	}()
	return c.Stream(http.StatusOK, "image/png", r)
}