tokens tied to useragent
This commit is contained in:
@@ -15,26 +15,37 @@ const (
|
||||
)
|
||||
|
||||
func getAuthorization(c *gin.Context) (AuthorizationScope, string) {
|
||||
//get auth header
|
||||
header := c.GetHeader("Authorization")
|
||||
if header == "" {
|
||||
return AuthorizationScopeNone, ""
|
||||
}
|
||||
|
||||
//check if user is authorized
|
||||
headerSpl := strings.Split(header, " ")
|
||||
if len(headerSpl) != 2 {
|
||||
return AuthorizationScopeNone, ""
|
||||
}
|
||||
prefix := headerSpl[0]
|
||||
token := strings.ToLower(headerSpl[1])
|
||||
if prefix == "Bearer" {
|
||||
if storage.CheckLoginToken(token, c.ClientIP()) {
|
||||
return AuthorizationScopeUser, token
|
||||
}
|
||||
}
|
||||
if prefix == "Bot" {
|
||||
//attempt to authorize as bot
|
||||
if found, _ := storage.BotTokenFromToken(token); found {
|
||||
return AuthorizationScopeBot, token
|
||||
}
|
||||
}
|
||||
if prefix == "Bearer" {
|
||||
//attempt to authorize as user
|
||||
userAgentString := c.GetHeader("User-Agent")
|
||||
if userAgentString == "" {
|
||||
return AuthorizationScopeNone, ""
|
||||
}
|
||||
ua := storage.ParseUA(userAgentString)
|
||||
|
||||
if storage.CheckLoginToken(token, c.ClientIP(), ua) {
|
||||
return AuthorizationScopeUser, token
|
||||
}
|
||||
}
|
||||
return AuthorizationScopeNone, ""
|
||||
|
||||
}
|
||||
|
||||
@@ -24,7 +24,8 @@ func Run() {
|
||||
|
||||
public := r.Group("/")
|
||||
|
||||
public.POST("/login", login) //web login
|
||||
public.POST("/login/password", loginPassword) //web login
|
||||
public.POST("/login/token", loginToken) //web login
|
||||
public.GET("/access", access) //access token
|
||||
|
||||
private := r.Group("/")
|
||||
|
||||
@@ -7,19 +7,30 @@ import (
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
type LoginBody struct {
|
||||
|
||||
type LoginPasswordBody struct {
|
||||
Username string `json:"username" binding:"required"`
|
||||
Password string `json:"password" binding:"required"`
|
||||
}
|
||||
|
||||
func login(c *gin.Context) {
|
||||
var loginBody LoginBody
|
||||
type LoginTokenBody struct {
|
||||
Token string `json:"token" binding:"required"`
|
||||
}
|
||||
|
||||
func loginPassword(c *gin.Context) {
|
||||
var loginBody LoginPasswordBody
|
||||
if err := c.BindJSON(&loginBody); err != nil {
|
||||
fmt.Println(err)
|
||||
return
|
||||
}
|
||||
|
||||
loggedIn, token := storage.CheckLogin(loginBody.Username, loginBody.Password, c.ClientIP())
|
||||
|
||||
userAgentString := c.GetHeader("User-Agent")
|
||||
if userAgentString == "" {
|
||||
return
|
||||
}
|
||||
ua := storage.ParseUA(userAgentString)
|
||||
|
||||
loggedIn, token := storage.CheckLoginPassword(loginBody.Username, loginBody.Password, c.ClientIP(), ua)
|
||||
|
||||
if loggedIn {
|
||||
c.JSON(200, gin.H{
|
||||
@@ -32,8 +43,35 @@ func login(c *gin.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
func loginToken(c *gin.Context) {
|
||||
var loginBody LoginTokenBody
|
||||
if err := c.BindJSON(&loginBody); err != nil {
|
||||
fmt.Println(err)
|
||||
return
|
||||
}
|
||||
|
||||
userAgentString := c.GetHeader("User-Agent")
|
||||
if userAgentString == "" {
|
||||
return
|
||||
}
|
||||
ua := storage.ParseUA(userAgentString)
|
||||
|
||||
loggedIn := storage.CheckLoginToken(loginBody.Token, c.ClientIP(), ua)
|
||||
|
||||
if loggedIn {
|
||||
c.JSON(200, gin.H{
|
||||
"token": loginBody.Token,
|
||||
})
|
||||
} else {
|
||||
c.JSON(401, gin.H{
|
||||
"error": "invalid username or password",
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func updateLogin(c *gin.Context) {
|
||||
var updateLogin LoginBody
|
||||
var updateLogin LoginPasswordBody
|
||||
if err := c.BindJSON(&updateLogin); err != nil {
|
||||
fmt.Println(err)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user