2022-07-11 09:12:50 +00:00
|
|
|
package handles
|
2022-06-25 13:34:44 +00:00
|
|
|
|
|
|
|
|
import (
|
2022-06-28 10:12:53 +00:00
|
|
|
"time"
|
|
|
|
|
|
2022-06-25 13:34:44 +00:00
|
|
|
"github.com/Xhofe/go-cache"
|
2022-06-25 13:36:35 +00:00
|
|
|
"github.com/alist-org/alist/v3/internal/db"
|
2022-06-26 08:39:02 +00:00
|
|
|
"github.com/alist-org/alist/v3/internal/model"
|
2022-06-26 11:20:19 +00:00
|
|
|
"github.com/alist-org/alist/v3/server/common"
|
2022-06-25 13:34:44 +00:00
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var loginCache = cache.NewMemCache[int]()
|
|
|
|
|
var (
|
|
|
|
|
defaultDuration = time.Minute * 5
|
|
|
|
|
defaultTimes = 5
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type LoginReq struct {
|
2022-07-23 12:42:12 +00:00
|
|
|
Username string `json:"username" binding:"required"`
|
|
|
|
|
Password string `json:"password" binding:"required"`
|
2022-06-25 13:34:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Login(c *gin.Context) {
|
|
|
|
|
// check count of login
|
|
|
|
|
ip := c.ClientIP()
|
|
|
|
|
count, ok := loginCache.Get(ip)
|
2022-06-26 08:39:02 +00:00
|
|
|
if ok && count >= defaultTimes {
|
2022-07-10 08:20:13 +00:00
|
|
|
common.ErrorStrResp(c, "Too many unsuccessful sign-in attempts have been made using an incorrect username or password, Try again later.", 403)
|
2022-06-25 13:34:44 +00:00
|
|
|
loginCache.Expire(ip, defaultDuration)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
// check username
|
|
|
|
|
var req LoginReq
|
|
|
|
|
if err := c.ShouldBind(&req); err != nil {
|
2022-06-28 10:12:53 +00:00
|
|
|
common.ErrorResp(c, err, 400)
|
2022-06-25 13:34:44 +00:00
|
|
|
return
|
|
|
|
|
}
|
2022-06-25 13:36:35 +00:00
|
|
|
user, err := db.GetUserByName(req.Username)
|
2022-06-25 13:34:44 +00:00
|
|
|
if err != nil {
|
2022-06-28 10:12:53 +00:00
|
|
|
common.ErrorResp(c, err, 400)
|
2022-07-07 13:31:43 +00:00
|
|
|
loginCache.Set(ip, count+1)
|
2022-06-25 13:34:44 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
// validate password
|
|
|
|
|
if err := user.ValidatePassword(req.Password); err != nil {
|
2022-06-28 10:12:53 +00:00
|
|
|
common.ErrorResp(c, err, 400)
|
2022-06-25 13:34:44 +00:00
|
|
|
loginCache.Set(ip, count+1)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
// generate token
|
2022-06-26 11:20:19 +00:00
|
|
|
token, err := common.GenerateToken(user.Username)
|
2022-06-25 13:34:44 +00:00
|
|
|
if err != nil {
|
2022-06-28 10:12:53 +00:00
|
|
|
common.ErrorResp(c, err, 400, true)
|
2022-06-25 13:34:44 +00:00
|
|
|
return
|
|
|
|
|
}
|
2022-06-26 11:20:19 +00:00
|
|
|
common.SuccessResp(c, gin.H{"token": token})
|
2022-06-25 13:34:44 +00:00
|
|
|
loginCache.Del(ip)
|
|
|
|
|
}
|
2022-06-26 08:39:02 +00:00
|
|
|
|
|
|
|
|
// CurrentUser get current user by token
|
|
|
|
|
// if token is empty, return guest user
|
|
|
|
|
func CurrentUser(c *gin.Context) {
|
|
|
|
|
user := c.MustGet("user").(*model.User)
|
2022-07-10 09:09:03 +00:00
|
|
|
userResp := *user
|
|
|
|
|
userResp.Password = ""
|
|
|
|
|
common.SuccessResp(c, userResp)
|
2022-06-26 08:39:02 +00:00
|
|
|
}
|
2022-07-23 12:42:12 +00:00
|
|
|
|
|
|
|
|
func UpdateCurrent(c *gin.Context) {
|
|
|
|
|
var req LoginReq
|
|
|
|
|
if err := c.ShouldBind(&req); err != nil {
|
|
|
|
|
common.ErrorResp(c, err, 400)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
user := c.MustGet("user").(*model.User)
|
|
|
|
|
user.Username = req.Username
|
|
|
|
|
user.Password = req.Password
|
|
|
|
|
if err := db.UpdateUser(user); err != nil {
|
|
|
|
|
common.ErrorResp(c, err, 500)
|
|
|
|
|
} else {
|
|
|
|
|
common.SuccessResp(c)
|
|
|
|
|
}
|
|
|
|
|
}
|
