package controllers import ( "multitenantStack/models" companydb "multitenantStack/services/companydb" tokenTools "multitenantStack/services/tokenTools" "time" "github.com/astaxie/beego/orm" jwt "github.com/dgrijalva/jwt-go" ) // AuthController operations for Auth type AuthController struct { BaseController } // URLMapping ... func (c *AuthController) URLMapping() { // This block is used to drastically speed up the annotation -> lookup process c.Mapping("Login", c.Login) c.Mapping("GetOne", c.GetOne) c.Mapping("GetAll", c.GetAll) c.Mapping("Put", c.Put) c.Mapping("Delete", c.Delete) } // Login Get a JWT token for the user // @Title Create // @Description create Auth // @Param body body models.Auth true "body for Auth content" // @Success 201 {object} models.Auth // @Failure 403 body is empty // @router /login [post] func (c *AuthController) Login() { type AuthResponse struct { Status int `json:"status"` Jwt string `json:"jwt"` User models.CompanyUser `json:"user"` } if c.Ctx.Input.Method() != "POST" { c.ServeJSONError("Method not allowed") return } tokenHeader := c.Ctx.Request.Header.Get("X-JWTtoken") if tokenHeader != "" { valid, _ := tokenTools.Validate(tokenHeader) if valid { c.ServeJSONError("You are already logged in") return } } email := c.GetString("email") password := c.GetString("password") if email == "" || password == "" { c.ServeJSONError("Email/Password missing") return } systemdb := companydb.GetSystemDatabase() if systemdb == nil { c.ServeJSONError("Error retrieving User") return } o, err := orm.NewOrmWithDB("postgres", "default", systemdb) if err != nil { c.ServeJSONError("Error retrieving User") return } userCompanyMapping, err := models.GetUserCompanyMapByEmail(o, email) if err != nil { c.ServeJSONError("Error retrieving User") return } if password != userCompanyMapping.PasswordHash { // TODO: Hash me c.ServeJSONError("Email/Password incorrect") return } companyName := userCompanyMapping.Company companyUserID := userCompanyMapping.CompanyUserID db, err := companydb.GetDatabaseWithName(companyName) if err != nil { c.ServeJSONError("Error retrieving Company") return } o, err = orm.NewOrmWithDB("postgres", "default", db) if err != nil { c.ServeJSONError("Error retrieving CompanyData") return } companyUser, err := models.GetCompanyUserById(o, int(companyUserID)) if err != nil { c.ServeJSONError("Error retrieving Company User") return } tokenString := "" if email == "admin@admin.at" && password == "my password" { // The jwtClaims are our trusted clientside session tokenString = tokenTools.CreateToken(jwt.MapClaims{ "email": email, "companyName": companyName, "companyUserID": companyUserID, "exp": time.Now().Unix() + 3600, }) } else { c.ServeJSONError("Invalid user/password") return } json := AuthResponse{200, tokenString, *companyUser} c.Data["json"] = &json c.ServeJSON() } // GetOne ... // @Title GetOne // @Description get Auth by id // @Param id path string true "The key for staticblock" // @Success 200 {object} models.Auth // @Failure 403 :id is empty // @router /:id [get] func (c *AuthController) GetOne() { } // GetAll ... // @Title GetAll // @Description get Auth // @Param query query string false "Filter. e.g. col1:v1,col2:v2 ..." // @Param fields query string false "Fields returned. e.g. col1,col2 ..." // @Param sortby query string false "Sorted-by fields. e.g. col1,col2 ..." // @Param order query string false "Order corresponding to each sortby field, if single value, apply to all sortby fields. e.g. desc,asc ..." // @Param limit query string false "Limit the size of result set. Must be an integer" // @Param offset query string false "Start position of result set. Must be an integer" // @Success 200 {object} models.Auth // @Failure 403 // @router / [get] func (c *AuthController) GetAll() { } // Put ... // @Title Put // @Description update the Auth // @Param id path string true "The id you want to update" // @Param body body models.Auth true "body for Auth content" // @Success 200 {object} models.Auth // @Failure 403 :id is not int // @router /:id [put] func (c *AuthController) Put() { } // Delete ... // @Title Delete // @Description delete the Auth // @Param id path string true "The id you want to delete" // @Success 200 {string} delete success! // @Failure 403 id is empty // @router /:id [delete] func (c *AuthController) Delete() { }