neko/server/internal/api/session.go

86 lines
2.2 KiB
Go
Raw Permalink Normal View History

2021-01-30 10:22:14 +13:00
package api
import (
"errors"
2021-01-30 10:22:14 +13:00
"net/http"
"github.com/demodesk/neko/pkg/auth"
"github.com/demodesk/neko/pkg/types"
"github.com/demodesk/neko/pkg/utils"
2021-01-30 10:22:14 +13:00
)
type SessionLoginPayload struct {
2021-03-14 12:32:52 +13:00
Username string `json:"username"`
Password string `json:"password"`
2021-01-30 10:22:14 +13:00
}
2021-03-14 12:32:52 +13:00
type SessionDataPayload struct {
2021-01-30 10:22:14 +13:00
ID string `json:"id"`
2021-04-25 06:53:37 +12:00
Token string `json:"token,omitempty"`
2021-01-30 10:22:14 +13:00
Profile types.MemberProfile `json:"profile"`
2021-03-14 11:42:16 +13:00
State types.SessionState `json:"state"`
2021-01-30 10:22:14 +13:00
}
2021-09-17 10:58:50 +12:00
func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) error {
2021-01-30 10:22:14 +13:00
data := &SessionLoginPayload{}
2021-09-17 10:58:50 +12:00
if err := utils.HttpJsonRequest(w, r, data); err != nil {
return err
2021-01-30 10:22:14 +13:00
}
2021-03-15 07:59:34 +13:00
session, token, err := api.members.Login(data.Username, data.Password)
2021-03-14 09:11:48 +13:00
if err != nil {
if errors.Is(err, types.ErrSessionAlreadyConnected) {
return utils.HttpUnprocessableEntity("session already connected")
} else if errors.Is(err, types.ErrMemberDoesNotExist) || errors.Is(err, types.ErrMemberInvalidPassword) {
return utils.HttpUnauthorized().WithInternalErr(err)
2024-04-21 00:27:15 +12:00
} else if errors.Is(err, types.ErrSessionLoginsLocked) {
return utils.HttpForbidden("logins are locked").WithInternalErr(err)
} else {
return utils.HttpInternalServerError().WithInternalErr(err)
}
2021-03-14 09:11:48 +13:00
}
2021-01-30 10:22:14 +13:00
2021-04-25 06:53:37 +12:00
sessionData := SessionDataPayload{
ID: session.ID(),
2021-03-14 12:45:51 +13:00
Profile: session.Profile(),
State: session.State(),
2021-04-25 06:53:37 +12:00
}
if api.sessions.CookieEnabled() {
api.sessions.CookieSetToken(w, token)
} else {
sessionData.Token = token
}
2021-09-17 10:58:50 +12:00
return utils.HttpSuccess(w, sessionData)
2021-01-30 10:22:14 +13:00
}
2021-09-17 10:58:50 +12:00
func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) error {
session, _ := auth.GetSession(r)
2021-03-14 09:11:48 +13:00
2021-03-15 07:59:34 +13:00
err := api.members.Logout(session.ID())
2021-03-14 09:11:48 +13:00
if err != nil {
if errors.Is(err, types.ErrSessionNotFound) {
return utils.HttpBadRequest("session is not logged in")
} else {
return utils.HttpInternalServerError().WithInternalErr(err)
}
2021-03-14 09:11:48 +13:00
}
2021-04-25 06:53:37 +12:00
if api.sessions.CookieEnabled() {
api.sessions.CookieClearToken(w, r)
}
2021-01-30 10:22:14 +13:00
2021-09-17 10:58:50 +12:00
return utils.HttpSuccess(w, true)
2021-01-30 10:22:14 +13:00
}
2021-09-17 10:58:50 +12:00
func (api *ApiManagerCtx) Whoami(w http.ResponseWriter, r *http.Request) error {
session, _ := auth.GetSession(r)
2021-01-30 10:22:14 +13:00
2021-09-17 10:58:50 +12:00
return utils.HttpSuccess(w, SessionDataPayload{
2021-01-30 10:22:14 +13:00
ID: session.ID(),
2021-03-14 12:45:51 +13:00
Profile: session.Profile(),
State: session.State(),
2021-01-30 10:22:14 +13:00
})
}