alist/server/handles/auth.go

package handles

import (
	"time"

	"github.com/Xhofe/go-cache"
	"github.com/alist-org/alist/v3/internal/db"
	"github.com/alist-org/alist/v3/internal/model"
	"github.com/alist-org/alist/v3/server/common"
	"github.com/gin-gonic/gin"
)

var loginCache = cache.NewMemCache[int]()
var (
	defaultDuration = time.Minute * 5
	defaultTimes    = 5
)

type LoginReq struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

func Login(c *gin.Context) {
	// check count of login
	ip := c.ClientIP()
	count, ok := loginCache.Get(ip)
	if ok && count >= defaultTimes {
		common.ErrorStrResp(c, "Too many unsuccessful sign-in attempts have been made using an incorrect username or password, Try again later.", 403)
		loginCache.Expire(ip, defaultDuration)
		return
	}
	// check username
	var req LoginReq
	if err := c.ShouldBind(&req); err != nil {
		common.ErrorResp(c, err, 400)
		return
	}
	user, err := db.GetUserByName(req.Username)
	if err != nil {
		common.ErrorResp(c, err, 400)
		loginCache.Set(ip, count+1)
		return
	}
	// validate password
	if err := user.ValidatePassword(req.Password); err != nil {
		common.ErrorResp(c, err, 400)
		loginCache.Set(ip, count+1)
		return
	}
	// generate token
	token, err := common.GenerateToken(user.Username)
	if err != nil {
		common.ErrorResp(c, err, 400, true)
		return
	}
	common.SuccessResp(c, gin.H{"token": token})
	loginCache.Del(ip)
}

// CurrentUser get current user by token
// if token is empty, return guest user
func CurrentUser(c *gin.Context) {
	user := c.MustGet("user").(*model.User)
	userResp := *user
	userResp.Password = ""
	common.SuccessResp(c, userResp)
}
chore: rename controllers to handles 2022-07-11 09:12:50 +00:00			`package handles`
feat: user jwt login 2022-06-25 13:34:44 +00:00
			`import (`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`"time"`

feat: user jwt login 2022-06-25 13:34:44 +00:00			`"github.com/Xhofe/go-cache"`
chore: rename store to db 2022-06-25 13:36:35 +00:00			`"github.com/alist-org/alist/v3/internal/db"`
chore: set guest while token is empty 2022-06-26 08:39:02 +00:00			`"github.com/alist-org/alist/v3/internal/model"`
chore: change whether print log 2022-06-26 11:20:19 +00:00			`"github.com/alist-org/alist/v3/server/common"`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`"github.com/gin-gonic/gin"`
			`)`

			`var loginCache = cache.NewMemCache[int]()`
			`var (`
			`defaultDuration = time.Minute * 5`
			`defaultTimes = 5`
			`)`

			`type LoginReq struct {`
			Username string `json:"username"`
			Password string `json:"password"`
			`}`

			`func Login(c *gin.Context) {`
			`// check count of login`
			`ip := c.ClientIP()`
			`count, ok := loginCache.Get(ip)`
chore: set guest while token is empty 2022-06-26 08:39:02 +00:00			`if ok && count >= defaultTimes {`
chore: fix typo 2022-07-10 08:20:13 +00:00			`common.ErrorStrResp(c, "Too many unsuccessful sign-in attempts have been made using an incorrect username or password, Try again later.", 403)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`loginCache.Expire(ip, defaultDuration)`
			`return`
			`}`
			`// check username`
			`var req LoginReq`
			`if err := c.ShouldBind(&req); err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 400)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`return`
			`}`
chore: rename store to db 2022-06-25 13:36:35 +00:00			`user, err := db.GetUserByName(req.Username)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`if err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 400)`
chore: incorrect username retry count 2022-07-07 13:31:43 +00:00			`loginCache.Set(ip, count+1)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`return`
			`}`
			`// validate password`
			`if err := user.ValidatePassword(req.Password); err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 400)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`loginCache.Set(ip, count+1)`
			`return`
			`}`
			`// generate token`
chore: change whether print log 2022-06-26 11:20:19 +00:00			`token, err := common.GenerateToken(user.Username)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`if err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 400, true)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`return`
			`}`
chore: change whether print log 2022-06-26 11:20:19 +00:00			`common.SuccessResp(c, gin.H{"token": token})`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`loginCache.Del(ip)`
			`}`
chore: set guest while token is empty 2022-06-26 08:39:02 +00:00
			`// CurrentUser get current user by token`
			`// if token is empty, return guest user`
			`func CurrentUser(c *gin.Context) {`
			`user := c.MustGet("user").(*model.User)`
fix: clear password while get current user 2022-07-10 09:09:03 +00:00			`userResp := *user`
			`userResp.Password = ""`
			`common.SuccessResp(c, userResp)`
chore: set guest while token is empty 2022-06-26 08:39:02 +00:00			`}`