-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuser.go
139 lines (122 loc) · 3 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package handler
import (
dblayer "filestore-server/db"
"filestore-server/util"
"fmt"
"net/http"
"time"
)
const (
pwdSalt = "*#890"
)
//处理用户注册请求
func SignupInHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
http.Redirect(w, r, "/static/view/signup.html", http.StatusFound)
return
}
r.ParseForm()
username := r.Form.Get("username")
passwd := r.Form.Get("password")
//1.校验用户名和密码
if len(username) < 3 || len(passwd) < 5 {
w.Write([]byte("Invalid parameter"))
return
}
//2.对密码进行加密
encPassword := util.Sha1([]byte(passwd + pwdSalt))
suc := dblayer.UserSingUp(username, encPassword)
if suc {
w.Write([]byte("SUCCESS"))
} else {
w.Write([]byte("FAILED"))
}
}
//登录接口
func SignInHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
http.Redirect(w, r, "/static/view/signup.html", http.StatusFound)
return
}
r.ParseForm()
username := r.Form.Get("username")
password := r.Form.Get("password")
encPassword := util.Sha1([]byte(password + pwdSalt))
//1.校验用户名和密码
pwdChecked := dblayer.UserSignin(username, encPassword)
if !pwdChecked {
w.Write([]byte("USERNAME OR PASSWORD FAILED"))
return
}
//2.生成访问凭证
token := GenToken(username)
upRes := dblayer.UpdateToken(username, token)
if !upRes {
w.Write([]byte("FAILED"))
return
}
//3.登录成功后重定向到首页
//w.Write([]byte("http://"+r.Host+"/static/view/home.html"))
resp := util.RespMsg{
Code: 0,
Msg: "OK",
Data: struct {
Location string
Username string
Token string
}{
Location: "http://" + r.Host + "/static/view/home.html",
Username: username,
Token: token,
},
}
w.Write(resp.JSONBytes())
}
//UserInfoHandler:查询用户信息
func UserInfoHandler(w http.ResponseWriter, r *http.Request) {
//1.解析参数
r.ParseForm()
username := r.Form.Get("username")
//2.查询用户信息
user, err := dblayer.GetUserInfo(username)
if err != nil {
w.WriteHeader(http.StatusForbidden)
return
}
//3.组装并且相应用户数据
resp := util.RespMsg{
Code: 0,
Msg: "OK",
Data: user,
}
w.Write(resp.JSONBytes())
}
//GenToken:生成token
func GenToken(username string) string {
//40位字符:md5(username+timestamp+token_salt)+timestamp[:8]
ts := fmt.Sprintf("%x", time.Now().Unix())
tokenPrefix := util.MD5([]byte(username + ts + "_tokensalt"))
return tokenPrefix + ts[:8]
}
//IsTokenValid:验证token有效性
func IsTokenValid(token string, username string) bool {
if len(token) < 40 {
return false
}
//判断token的时效性 token 有效期为半个小时
tokenApplyTime := token[32:]
//
ts := fmt.Sprintf("%x", time.Now().Unix()-30*60)
if tokenApplyTime < ts {
fmt.Println("token is expire")
return false
}
//查询username对应的token信息
userToken := dblayer.GetUserToken(username)
//对比两个token是否一致
if token != userToken {
fmt.Println("token is invalid 请重新登录")
return false
}
return true
}