password

Documentation

Index

• Variables
• type Config
• type Provider
  • func New(config *Config) *Provider
  • func (p Provider) Callback(context *auth.Context)
  • func (p Provider) ConfigAuth(auth *auth.Auth)
  • func (p Provider) GetName() string
  • func (p Provider) RefreshToken(context *auth.Context)
  • func (p Provider) ServeHTTP(context *auth.Context)
  • func (p Provider) SignIn(context *auth.Context)
  • func (p Provider) SignOut(context *auth.Context)
  • func (p Provider) SignUp(context *auth.Context)

Variables

var PasswordAuthenticateHandler = func(context *auth.Context) (*tokens.Token, error) {
	var (
		req         = context.Request
		db          = context.Auth.Config.DB
		provider, _ = context.Provider.(*Provider)
		authInfo    models.Auth
	)

	machineIDStr := context.Auth.MachineID
	machineID, err := strconv.ParseInt(machineIDStr, 10, 64)
	idGenerator := utils.NewCommonIDInstance(machineID)

	if err := req.ParseForm(); err != nil {
		return nil, err
	}
	uid := strings.TrimSpace(req.Form.Get("username"))
	rawPassword := strings.TrimSpace(req.Form.Get("password"))
	signOrg := strings.TrimSpace(req.Form.Get("org"))
	agent := req.Header.Get("User-Agent")

	if err := account.CheckExistence(db, context.Auth.AuthModel, provider.GetName(), uid, &authInfo); err == nil {
		return nil, auth.ErrNilAccount
	}

	if err := provider.Encryptor.Compare(rawPassword, authInfo.Password); err != nil {
		context.Auth.Logger.Error("invalid password", zap.String("uid", uid), zap.String("password", rawPassword))
		return nil, auth.ErrInvalidPassword
	}

	ch := make(chan string)
	go func() {
		tx := db.Begin()
		if signOrg == "" {
			if signOrg, err = account.UpdateSignLogs(db, uid, agent, provider.GetName(), idGenerator, req); err != nil {
				context.Auth.Logger.Error("update sign-logs error", zap.Any("errors", err))
				tx.Rollback()
			}
		} else {
			if err := account.UpdateSignLogsWithSignOrg(db, signOrg, uid, agent, provider.GetName(), idGenerator, req); err != nil {
				context.Auth.Logger.Error("update sign-logs error", zap.Any("errors", err))
				tx.Rollback()
			}
		}
		tx.Commit()
		ch <- signOrg
	}()

	<-ch

	authInfo.SignOrg = signOrg

	token, err := tokens.GenerateTokenPair(&authInfo)
	if err != nil {
		return nil, errors.New(models.ErrInternal)
	}

	return token, nil
}

PasswordAuthenticateHandler default sign-in handler of password pattern

var PasswordRefreshTokenHandler = func(context *auth.Context) (*tokens.Token, error) {
	type reqBody struct {
		RefreshToken string
	}

	var (
		r           = context.Request
		db          = context.Auth.Config.DB
		provider, _ = context.Provider.(*Provider)
		rBody       reqBody
		authInfo    models.Auth
	)

	machineIDStr := context.Auth.MachineID
	machineID, err := strconv.ParseInt(machineIDStr, 10, 64)
	idGenerator := utils.NewCommonIDInstance(machineID)

	body, err := ioutil.ReadAll(r.Body)
	if err != nil {
		fmt.Printf("read body err, %v\n", err)
		return nil, err
	}

	if err = json.Unmarshal(body, &rBody); err != nil {
		fmt.Printf("Unmarshal err, %v\n", err)
		return nil, err
	}

	agent := r.Header.Get("User-Agent")

	rt, err := jwt.Parse(rBody.RefreshToken, func(token *jwt.Token) (interface{}, error) {

		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		}

		return []byte(tokens.TokenSignSecret), nil
	})

	if claims, ok := rt.Claims.(jwt.MapClaims); ok && rt.Valid {
		uid := claims["jti"].(string)
		if err := account.CheckExistence(db, context.Auth.AuthModel, provider.GetName(), uid, &authInfo); err == nil {
			return nil, auth.ErrNilAccount
		}

		go func() {
			tx := db.Begin()
			if err := account.UpdateSignLogsWithSignOrg(db, claims["org"].(string), uid, agent, claims["provider"].(string), idGenerator, r); err != nil {
				context.Auth.Logger.Error("update sign-logs error", zap.Any("errors", err))
				tx.Rollback()
			}
			tx.Commit()
		}()

		authInfo.SignOrg = claims["org"].(string)
		token, err := tokens.GenerateTokenPair(&authInfo)
		if err != nil {
			return nil, errors.New(models.ErrInternal)
		}
		return token, nil
	}

	return nil, errors.New(models.ErrInvalidToken)
}

PasswordRefreshTokenHandler is the refresh-token behavior implementation of the password pattern

var PasswordSignUpHandler = func(context *auth.Context) (token *tokens.Token, err error) {
	type reqBody struct {
		Username string
		Password string
		JoinCode string `json:"join_code,omitempty"`
	}
	var (
		r           = context.Request
		db          = context.Auth.Config.DB
		logger      = context.Auth.Config.Logger
		provider, _ = context.Provider.(*Provider)
		rBody       reqBody
		authInfo    models.Auth
		orgInfo     *models.Org
	)

	machineIDStr := context.Auth.MachineID
	machineID, err := strconv.ParseInt(machineIDStr, 10, 64)
	idGenerator := utils.NewCommonIDInstance(machineID)
	agent := r.Header.Get("User-Agent")

	tx := db.Begin()
	defer func() {
		if p := recover(); p != nil {
			tx.Rollback()
			logger.Panic("internal errors", zap.Any("err", p))
		} else if err != nil {
			logger.Error("sign-up errors, rollback tx", zap.Any("errors", err))
			tx.Rollback()
		} else {
			err = tx.Commit().Error
		}
	}()

	body, err := ioutil.ReadAll(r.Body)
	if err != nil {
		return nil, err
	}

	if err = json.Unmarshal(body, &rBody); err != nil {
		return nil, err
	}

	if err := account.CheckExistence(db, context.Auth.AuthModel, provider.GetName(), rBody.Username, &authInfo); err != nil {
		return nil, err
	}

	u, err := user.CreateWithName(tx, idGenerator, rBody.Username)
	if err != nil {
		return nil, err
	}

	cryptedPassword, err := provider.Encryptor.Digest(rBody.Password)
	if err != nil {
		return nil, err
	}
	if _, err = account.CreateWithUsernamePassword(tx, idGenerator, provider.GetName(), cryptedPassword, u); err != nil {
		return nil, err
	}

	if rBody.JoinCode == "" {
		orgInfo, err = org.CreateP0(tx, idGenerator, u)
		if err != nil {
			return nil, err
		}

		if err = org.CreateP0Subscription(tx, idGenerator, orgInfo, u); err != nil {
			return nil, err
		}
	} else {
		if orgInfo, err = org.AddStaffWithJoinCode(tx, rBody.JoinCode, idGenerator, u); err != nil {
			return nil, err
		}
	}

	go func() {
		tx := db.Begin()
		if err := account.UpdateSignLogsWithSignOrg(tx, orgInfo.UID, u.Nickname, agent, provider.GetName(), idGenerator, r); err != nil {
			logger.Error("update sign-logs error", zap.Any("errors", err))
			tx.Rollback()
		}
		tx.Commit()
	}()

	authInfo.SignOrg = orgInfo.UID
	authInfo.UID = u.Nickname
	authInfo.Provider = provider.GetName()

	token, err = tokens.GenerateTokenPair(&authInfo)
	if err != nil {
		return nil, errors.New(models.ErrInternal)
	}

	return token, nil
}

PasswordSignUpHandler the sign-up handler of password pattern

Types

type Config

type Config struct {
	Encryptor encryptor.Encryptor
	// contains filtered or unexported fields
}

Config password authentication provider config

type Provider

type Provider struct {
	*Config
}

Provider is the password way to implements *auth.Provider interface

func New

func New(config *Config) *Provider

New initialize password authentication provider

func (Provider) Callback

func (p Provider) Callback(context *auth.Context)

Callback implement Callback with password provider

func (Provider) ConfigAuth

func (p Provider) ConfigAuth(auth *auth.Auth)

ConfigAuth config auth

func (Provider) GetName

func (p Provider) GetName() string

GetName return the password provider name

func (Provider) RefreshToken

func (p Provider) RefreshToken(context *auth.Context)

RefreshToken implemented refreshToken method

func (Provider) ServeHTTP

func (p Provider) ServeHTTP(context *auth.Context)

ServeHTTP implement ServeHTTP with password provider

func (Provider) SignIn

func (p Provider) SignIn(context *auth.Context)

SignIn implemented sign-in with password provider

func (Provider) SignOut

func (p Provider) SignOut(context *auth.Context)

SignOut implemented sign-out with password provider

func (Provider) SignUp

func (p Provider) SignUp(context *auth.Context)

SignUp implemented sign-up with password provider