Commit 7c628312 authored by zauberstuhl's avatar zauberstuhl

Implement api oauth controller

parent 51ce612b
......@@ -34,7 +34,7 @@ func (a ApiAspect) ShowPerson() revel.Result {
)
a.Params.Bind(&personID, "id")
user, err := models.GetCurrentUser(a.Session["TOKEN"])
user, err := models.CurrentUser(a.Params, a.Session)
if err != nil {
revel.AppLog.Error("Failed to get current user :%s", err.Error())
return a.RenderError(err)
......@@ -90,7 +90,7 @@ func (a ApiAspect) DeletePerson() revel.Result {
}
func (a ApiAspect) Index() revel.Result {
user, err := models.GetCurrentUser(a.Session["TOKEN"])
user, err := models.CurrentUser(a.Params, a.Session)
if err != nil {
revel.AppLog.Error("Failed to get current user :%s", err.Error())
return a.RenderError(err)
......@@ -107,7 +107,7 @@ func (a ApiAspect) Create() revel.Result {
return a.RenderError(errors.New(errMsg))
}
user, err := models.GetCurrentUser(a.Session["TOKEN"])
user, err := models.CurrentUser(a.Params, a.Session)
if err != nil {
revel.AppLog.Error("Failed to get current user :%s", err.Error())
return a.RenderError(err)
......
......@@ -53,7 +53,7 @@ func (c ApiComment) Create() revel.Result {
c.Params.Bind(&comment, "comment")
c.Params.Bind(&postID, "id")
user, err := models.GetCurrentUser(c.Session["TOKEN"])
user, err := models.CurrentUser(c.Params, c.Session)
if err != nil {
revel.AppLog.Error(err.Error())
return c.RenderError(err)
......
......@@ -62,7 +62,7 @@ func (l ApiLike) Create() revel.Result {
return l.NotFound("Post not found")
}
user, err := models.GetCurrentUser(l.Session["TOKEN"])
user, err := models.CurrentUser(l.Params, l.Session)
if err != nil {
revel.AppLog.Error(err.Error())
return l.RenderError(err)
......
......@@ -27,7 +27,7 @@ type ApiNotification struct {
}
func (n ApiNotification) Index() revel.Result {
user, err := models.GetCurrentUser(n.Session["TOKEN"])
user, err := models.CurrentUser(n.Params, n.Session)
if err != nil {
revel.AppLog.Error(err.Error())
return n.RenderError(err)
......@@ -52,7 +52,7 @@ func (n ApiNotification) Show() revel.Result {
}
func (n ApiNotification) Update(id uint) revel.Result {
user, err := models.GetCurrentUser(n.Session["TOKEN"])
user, err := models.CurrentUser(n.Params, n.Session)
if err != nil {
revel.AppLog.Error(err.Error())
return n.RenderError(err)
......
package controllers
//
// GangGo API Library
// Copyright (C) 2017 Lukas Matt <lukas@zauberstuhl.de>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
import (
"github.com/revel/revel"
"gopkg.in/ganggo/ganggo.v0/app/models"
"gopkg.in/ganggo/ganggo.v0/app/helpers"
)
type TokenResult struct {
Token TokenString `json:"token,omitempty"`
Error TokenString `json:"error,omitempty"`
}
// otherwise omitempty will not work
// it checks on interface nil value
type TokenString string
type ApiOAuth struct {
*revel.Controller
}
// Basic password credentials flow
// /token?grant_type=password&username=USERNAME&password=PASSWORD&client_id=CLIENT_ID
//
// If the password and username are correct
// the application is authorized and it will return an access token
func (o ApiOAuth) Create() revel.Result {
var (
grantType string
username string
password string
clientID string
user models.User
token models.OAuthToken
)
o.Params.Bind(&grantType, "grant_type")
o.Params.Bind(&username, "username")
o.Params.Bind(&password, "password")
o.Params.Bind(&clientID, "client_id")
if clientID == "" {
o.Log.Error("client_id is empty", "client_id", clientID)
return o.RenderJSON(TokenResult{
Error: TokenString("client_id is empty!"),
})
}
if grantType != "password" {
o.Log.Error("grant_type not supported", "grant_type", grantType)
return o.RenderJSON(TokenResult{
Error: TokenString("grant_type not supported!"),
})
}
err := user.FindByUsername(username)
if err != nil {
o.Log.Error(err.Error())
return o.RenderJSON(TokenResult{
Error: TokenString(err.Error()),
})
}
if !helpers.CheckHash(password, user.EncryptedPassword) {
o.Log.Error("Password did not match", "username", username)
return o.RenderJSON(TokenResult{
Error: TokenString("password did not match!"),
})
}
token.ClientID = clientID
tokenVal, err := helpers.Token()
if err != nil {
o.Log.Error(err.Error())
return o.RenderJSON(TokenResult{
Error: TokenString(err.Error()),
})
}
token.Token = tokenVal
token.UserID = user.ID
err = token.Create()
if err != nil {
err = token.FindByUserIDAndClientID(user.ID, clientID)
if err != nil {
o.Log.Error(err.Error())
return o.RenderJSON(TokenResult{
Error: TokenString(err.Error()),
})
}
}
return o.RenderJSON(TokenResult{
Token: TokenString(token.Token),
})
}
func (o ApiOAuth) Delete(id uint) revel.Result {
token := models.OAuthToken{ID: id}
user, err := models.CurrentUser(o.Params, o.Session)
if err != nil {
o.Log.Error(err.Error())
return o.RenderJSON(TokenResult{
Error: TokenString(err.Error()),
})
}
err = token.Delete(user)
if err != nil {
o.Log.Error(err.Error())
return o.RenderJSON(TokenResult{
Error: TokenString(err.Error()),
})
}
return o.RenderJSON(TokenResult{})
}
......@@ -40,7 +40,7 @@ func (p ApiPost) Index() revel.Result {
p.Params.Bind(&offset, "offset")
user, err := models.GetCurrentUser(p.Session["TOKEN"])
user, err := models.CurrentUser(p.Params, p.Session)
if err != nil {
revel.AppLog.Error(err.Error())
return p.RenderError(err)
......@@ -72,7 +72,7 @@ func (p ApiPost) Create() revel.Result {
return p.RenderError(err)
}
user, err := models.GetCurrentUser(p.Session["TOKEN"])
user, err := models.CurrentUser(p.Params, p.Session)
if err != nil {
revel.AppLog.Error(err.Error())
return p.RenderError(err)
......
# Restful API routes
POST /api/v0/oauth/tokens ApiOAuth.Create
DELETE /api/v0/oauth/tokens/:id ApiOAuth.Delete
GET /api/v0/posts ApiPost.Index
POST /api/v0/posts ApiPost.Create
GET /api/v0/posts/:id ApiPost.Show
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment