diff --git a/models/models.go b/models/models.go index c987590..70a251d 100644 --- a/models/models.go +++ b/models/models.go @@ -26,8 +26,9 @@ func SetEngine() (err error) { x.SetMapper(core.GonicMapper{}) - // Sync + // Sync dat shit x.Sync(&Book{}) + x.Sync(&User{}) x.ShowSQL(true) return nil diff --git a/models/user.go b/models/user.go new file mode 100644 index 0000000..19dcff0 --- /dev/null +++ b/models/user.go @@ -0,0 +1,50 @@ +package models + +import ( + "golang.org/x/crypto/bcrypt" + "fmt" +) + +type User struct { + ID int64 `xorm:"int(11) autoincr not null unique pk"` + Name string `xorm:"varchar(250)"` + Username string `xorm:"varchar(250) not null"` + Password string `xorm:"varchar(250) not null"` + Email string `xorm:"varchar(250) not null"` + Created int64 `xorm:"created"` + Updated int64 `xorm:"updated"` +} + +func (User) TableName() string { + return "users" +} + +// Hash a password +func HashPassword(password string) (string, error) { + bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14) + return string(bytes), err +} + +// Check user credentials +func CheckUserCredentials (username, password string) (User, error) { + + // Check if the user exists + var user = User{Username:username} + exists, err := x.Get(&user) + if err != nil { + return User{}, err + } + + if !exists { + return User{}, fmt.Errorf("User does not exist!") + } + + // Check the users password + err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) + + if err != nil { + return User{}, err + } + + return user, nil +} \ No newline at end of file diff --git a/routes/login.go b/routes/login.go index 33a2e50..4dd30a7 100644 --- a/routes/login.go +++ b/routes/login.go @@ -12,25 +12,31 @@ func Login(c echo.Context) error { username := c.FormValue("username") password := c.FormValue("password") - if username == "jon" && password == "shhh!" { - // Create token - token := jwt.New(jwt.SigningMethodHS256) + // Check user + user, err := models.CheckUserCredentials(username, password) - // Set claims - claims := token.Claims.(jwt.MapClaims) - claims["name"] = "Jon Snow" - claims["exp"] = time.Now().Add(time.Hour * 72).Unix() - - // Generate encoded token and send it as response. - t, err := token.SignedString(models.Config.JWTLoginSecret) - if err != nil { - return err - } - - return c.JSON(http.StatusOK, map[string]string{ - "token": t, - }) + if err != nil { + return c.JSON(http.StatusUnauthorized, models.Message{"Wrong username or password."}) } - return echo.ErrUnauthorized -} \ No newline at end of file + // Create token + token := jwt.New(jwt.SigningMethodHS256) + + // Set claims + claims := token.Claims.(jwt.MapClaims) + claims["name"] = user.Name + claims["username"] = user.Username + claims["email"] = user.Email + claims["id"] = user.ID + claims["exp"] = time.Now().Add(time.Hour * 72).Unix() + + // Generate encoded token and send it as response. + t, err := token.SignedString(models.Config.JWTLoginSecret) + if err != nil { + return err + } + + return c.JSON(http.StatusOK, map[string]string{ + "token": t, + }) +} diff --git a/vendor/vendor.json b/vendor/vendor.json index 7a25d44..f9a793c 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -148,6 +148,18 @@ "revision": "9419663f5a44be8b34ca85f08abc5fe1be11f8a3", "revisionTime": "2017-09-30T17:45:11Z" }, + { + "checksumSHA1": "UWjVYmoHlIfHzVIskELHiJQtMOI=", + "path": "golang.org/x/crypto/bcrypt", + "revision": "9419663f5a44be8b34ca85f08abc5fe1be11f8a3", + "revisionTime": "2017-09-30T17:45:11Z" + }, + { + "checksumSHA1": "oVPHWesOmZ02vLq2fglGvf+AMgk=", + "path": "golang.org/x/crypto/blowfish", + "revision": "9419663f5a44be8b34ca85f08abc5fe1be11f8a3", + "revisionTime": "2017-09-30T17:45:11Z" + }, { "checksumSHA1": "tY+5thYxjKDUQyQXYcBqogmMS5U=", "path": "golang.org/x/sys/unix",