2018-11-07 10:10:51 +00:00
|
|
|
package controllers
|
|
|
|
|
|
|
|
import (
|
2018-11-08 07:36:08 +00:00
|
|
|
"multitenantStack/models"
|
2018-11-08 10:21:06 +00:00
|
|
|
companydb "multitenantStack/services/companydb"
|
2018-11-08 07:36:08 +00:00
|
|
|
|
2018-11-08 10:21:06 +00:00
|
|
|
tokenTools "multitenantStack/services/tokenTools"
|
2018-11-07 10:10:51 +00:00
|
|
|
"time"
|
|
|
|
|
2018-11-08 07:36:08 +00:00
|
|
|
"github.com/astaxie/beego/orm"
|
2018-11-07 10:10:51 +00:00
|
|
|
jwt "github.com/dgrijalva/jwt-go"
|
|
|
|
)
|
|
|
|
|
|
|
|
// AuthController operations for Auth
|
|
|
|
type AuthController struct {
|
|
|
|
BaseController
|
|
|
|
}
|
|
|
|
|
|
|
|
// URLMapping ...
|
|
|
|
func (c *AuthController) URLMapping() {
|
|
|
|
// This block is used to drastically speed up the annotation -> lookup process
|
|
|
|
c.Mapping("Login", c.Login)
|
|
|
|
c.Mapping("GetOne", c.GetOne)
|
|
|
|
c.Mapping("GetAll", c.GetAll)
|
|
|
|
c.Mapping("Put", c.Put)
|
|
|
|
c.Mapping("Delete", c.Delete)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Login Get a JWT token for the user
|
|
|
|
// @Title Create
|
|
|
|
// @Description create Auth
|
|
|
|
// @Param body body models.Auth true "body for Auth content"
|
|
|
|
// @Success 201 {object} models.Auth
|
|
|
|
// @Failure 403 body is empty
|
|
|
|
// @router /login [post]
|
|
|
|
func (c *AuthController) Login() {
|
|
|
|
|
|
|
|
type AuthResponse struct {
|
2018-11-08 10:21:06 +00:00
|
|
|
Status int `json:"status"`
|
|
|
|
Jwt string `json:"jwt"`
|
|
|
|
User models.CompanyUser `json:"user"`
|
2018-11-07 10:10:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if c.Ctx.Input.Method() != "POST" {
|
2018-11-07 19:13:26 +00:00
|
|
|
c.ServeJSONError("Method not allowed")
|
2018-11-07 10:10:51 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-11-08 07:36:08 +00:00
|
|
|
tokenHeader := c.Ctx.Request.Header.Get("X-JWTtoken")
|
|
|
|
if tokenHeader != "" {
|
2018-11-08 10:21:06 +00:00
|
|
|
valid, _ := tokenTools.Validate(tokenHeader)
|
2018-11-08 07:36:08 +00:00
|
|
|
if valid {
|
|
|
|
c.ServeJSONError("You are already logged in")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2018-11-07 10:10:51 +00:00
|
|
|
|
|
|
|
email := c.GetString("email")
|
|
|
|
password := c.GetString("password")
|
|
|
|
|
2018-11-08 07:36:08 +00:00
|
|
|
if email == "" || password == "" {
|
|
|
|
c.ServeJSONError("Email/Password missing")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-11-08 10:21:06 +00:00
|
|
|
systemdb := companydb.GetSystemDatabase()
|
|
|
|
|
|
|
|
if systemdb == nil {
|
|
|
|
c.ServeJSONError("Error retrieving User")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
o, err := orm.NewOrmWithDB("postgres", "default", systemdb)
|
|
|
|
if err != nil {
|
|
|
|
c.ServeJSONError("Error retrieving User")
|
|
|
|
return
|
|
|
|
}
|
2018-11-08 07:36:08 +00:00
|
|
|
|
|
|
|
userCompanyMapping, err := models.GetUserCompanyMapByEmail(o, email)
|
|
|
|
if err != nil {
|
|
|
|
c.ServeJSONError("Error retrieving User")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if password != userCompanyMapping.PasswordHash { // TODO: Hash me
|
|
|
|
c.ServeJSONError("Email/Password incorrect")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
companyName := userCompanyMapping.Company
|
|
|
|
companyUserID := userCompanyMapping.CompanyUserID
|
|
|
|
|
|
|
|
db, err := companydb.GetDatabaseWithName(companyName)
|
|
|
|
if err != nil {
|
|
|
|
c.ServeJSONError("Error retrieving Company")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
o, err = orm.NewOrmWithDB("postgres", "default", db)
|
|
|
|
if err != nil {
|
|
|
|
c.ServeJSONError("Error retrieving CompanyData")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
companyUser, err := models.GetCompanyUserById(o, int(companyUserID))
|
|
|
|
if err != nil {
|
|
|
|
c.ServeJSONError("Error retrieving Company User")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-11-07 10:10:51 +00:00
|
|
|
tokenString := ""
|
|
|
|
if email == "admin@admin.at" && password == "my password" {
|
|
|
|
// The jwtClaims are our trusted clientside session
|
2018-11-08 10:21:06 +00:00
|
|
|
tokenString = tokenTools.CreateToken(jwt.MapClaims{
|
2018-11-07 10:10:51 +00:00
|
|
|
"email": email,
|
|
|
|
"companyName": companyName,
|
2018-11-07 19:13:26 +00:00
|
|
|
"companyUserID": companyUserID,
|
|
|
|
"exp": time.Now().Unix() + 3600,
|
2018-11-07 10:10:51 +00:00
|
|
|
})
|
|
|
|
} else {
|
2018-11-07 19:13:26 +00:00
|
|
|
c.ServeJSONError("Invalid user/password")
|
2018-11-07 10:10:51 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-11-08 10:21:06 +00:00
|
|
|
json := AuthResponse{200, tokenString, *companyUser}
|
2018-11-07 10:10:51 +00:00
|
|
|
c.Data["json"] = &json
|
|
|
|
|
|
|
|
c.ServeJSON()
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetOne ...
|
|
|
|
// @Title GetOne
|
|
|
|
// @Description get Auth by id
|
|
|
|
// @Param id path string true "The key for staticblock"
|
|
|
|
// @Success 200 {object} models.Auth
|
|
|
|
// @Failure 403 :id is empty
|
|
|
|
// @router /:id [get]
|
|
|
|
func (c *AuthController) GetOne() {
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetAll ...
|
|
|
|
// @Title GetAll
|
|
|
|
// @Description get Auth
|
|
|
|
// @Param query query string false "Filter. e.g. col1:v1,col2:v2 ..."
|
|
|
|
// @Param fields query string false "Fields returned. e.g. col1,col2 ..."
|
|
|
|
// @Param sortby query string false "Sorted-by fields. e.g. col1,col2 ..."
|
|
|
|
// @Param order query string false "Order corresponding to each sortby field, if single value, apply to all sortby fields. e.g. desc,asc ..."
|
|
|
|
// @Param limit query string false "Limit the size of result set. Must be an integer"
|
|
|
|
// @Param offset query string false "Start position of result set. Must be an integer"
|
|
|
|
// @Success 200 {object} models.Auth
|
|
|
|
// @Failure 403
|
|
|
|
// @router / [get]
|
|
|
|
func (c *AuthController) GetAll() {
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// Put ...
|
|
|
|
// @Title Put
|
|
|
|
// @Description update the Auth
|
|
|
|
// @Param id path string true "The id you want to update"
|
|
|
|
// @Param body body models.Auth true "body for Auth content"
|
|
|
|
// @Success 200 {object} models.Auth
|
|
|
|
// @Failure 403 :id is not int
|
|
|
|
// @router /:id [put]
|
|
|
|
func (c *AuthController) Put() {
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete ...
|
|
|
|
// @Title Delete
|
|
|
|
// @Description delete the Auth
|
|
|
|
// @Param id path string true "The id you want to delete"
|
|
|
|
// @Success 200 {string} delete success!
|
|
|
|
// @Failure 403 id is empty
|
|
|
|
// @router /:id [delete]
|
|
|
|
func (c *AuthController) Delete() {
|
|
|
|
|
|
|
|
}
|