2022-07-11 17:12:50 +08:00
|
|
|
package handles
|
2022-06-25 21:34:44 +08:00
|
|
|
|
|
|
|
|
import (
|
2022-06-28 18:12:53 +08:00
|
|
|
"time"
|
|
|
|
|
|
2022-06-25 21:34:44 +08:00
|
|
|
"github.com/Xhofe/go-cache"
|
2022-06-25 21:36:35 +08:00
|
|
|
"github.com/alist-org/alist/v3/internal/db"
|
2022-06-26 16:39:02 +08:00
|
|
|
"github.com/alist-org/alist/v3/internal/model"
|
2022-06-26 19:20:19 +08:00
|
|
|
"github.com/alist-org/alist/v3/server/common"
|
2022-06-25 21:34:44 +08:00
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var loginCache = cache.NewMemCache[int]()
|
|
|
|
|
var (
|
|
|
|
|
defaultDuration = time.Minute * 5
|
|
|
|
|
defaultTimes = 5
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type LoginReq struct {
|
2022-07-23 20:42:12 +08:00
|
|
|
Username string `json:"username" binding:"required"`
|
2022-07-23 20:49:16 +08:00
|
|
|
Password string `json:"password"`
|
2022-06-25 21:34:44 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Login(c *gin.Context) {
|
|
|
|
|
// check count of login
|
|
|
|
|
ip := c.ClientIP()
|
|
|
|
|
count, ok := loginCache.Get(ip)
|
2022-06-26 16:39:02 +08:00
|
|
|
if ok && count >= defaultTimes {
|
2022-07-10 16:20:13 +08:00
|
|
|
common.ErrorStrResp(c, "Too many unsuccessful sign-in attempts have been made using an incorrect username or password, Try again later.", 403)
|
2022-06-25 21:34:44 +08:00
|
|
|
loginCache.Expire(ip, defaultDuration)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
// check username
|
|
|
|
|
var req LoginReq
|
|
|
|
|
if err := c.ShouldBind(&req); err != nil {
|
2022-06-28 18:12:53 +08:00
|
|
|
common.ErrorResp(c, err, 400)
|
2022-06-25 21:34:44 +08:00
|
|
|
return
|
|
|
|
|
}
|
2022-06-25 21:36:35 +08:00
|
|
|
user, err := db.GetUserByName(req.Username)
|
2022-06-25 21:34:44 +08:00
|
|
|
if err != nil {
|
2022-06-28 18:12:53 +08:00
|
|
|
common.ErrorResp(c, err, 400)
|
2022-07-07 21:31:43 +08:00
|
|
|
loginCache.Set(ip, count+1)
|
2022-06-25 21:34:44 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
// validate password
|
|
|
|
|
if err := user.ValidatePassword(req.Password); err != nil {
|
2022-06-28 18:12:53 +08:00
|
|
|
common.ErrorResp(c, err, 400)
|
2022-06-25 21:34:44 +08:00
|
|
|
loginCache.Set(ip, count+1)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
// generate token
|
2022-06-26 19:20:19 +08:00
|
|
|
token, err := common.GenerateToken(user.Username)
|
2022-06-25 21:34:44 +08:00
|
|
|
if err != nil {
|
2022-06-28 18:12:53 +08:00
|
|
|
common.ErrorResp(c, err, 400, true)
|
2022-06-25 21:34:44 +08:00
|
|
|
return
|
|
|
|
|
}
|
2022-06-26 19:20:19 +08:00
|
|
|
common.SuccessResp(c, gin.H{"token": token})
|
2022-06-25 21:34:44 +08:00
|
|
|
loginCache.Del(ip)
|
|
|
|
|
}
|
2022-06-26 16:39:02 +08:00
|
|
|
|
|
|
|
|
// CurrentUser get current user by token
|
|
|
|
|
// if token is empty, return guest user
|
|
|
|
|
func CurrentUser(c *gin.Context) {
|
|
|
|
|
user := c.MustGet("user").(*model.User)
|
2022-07-10 17:09:03 +08:00
|
|
|
userResp := *user
|
|
|
|
|
userResp.Password = ""
|
|
|
|
|
common.SuccessResp(c, userResp)
|
2022-06-26 16:39:02 +08:00
|
|
|
}
|
2022-07-23 20:42:12 +08:00
|
|
|
|
|
|
|
|
func UpdateCurrent(c *gin.Context) {
|
|
|
|
|
var req LoginReq
|
|
|
|
|
if err := c.ShouldBind(&req); err != nil {
|
|
|
|
|
common.ErrorResp(c, err, 400)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
user := c.MustGet("user").(*model.User)
|
|
|
|
|
user.Username = req.Username
|
2022-07-23 20:49:16 +08:00
|
|
|
if req.Password != "" {
|
|
|
|
|
user.Password = req.Password
|
|
|
|
|
}
|
2022-07-23 20:42:12 +08:00
|
|
|
if err := db.UpdateUser(user); err != nil {
|
|
|
|
|
common.ErrorResp(c, err, 500)
|
|
|
|
|
} else {
|
|
|
|
|
common.SuccessResp(c)
|
|
|
|
|
}
|
|
|
|
|
}
|
