heimoshuiyu/gonic
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor WithValidSubsonicArgs

Browse Source
This commit is contained in:
sentriz
2019-04-25 16:19:37 +01:00
parent 8e480e104d
commit 669bc2f6bc
1 changed files with 24 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
handler/middleware_sub.go
View File

@@ -5,10 +5,7 @@ import (
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"net/http" "net/http"
"net/url"
"github.com/jinzhu/gorm"
"github.com/sentriz/gonic/db"
) )
var ( var (
@@ -17,6 +14,17 @@ var (
} }
) )
func checkHasAllParams(params url.Values) error {
for _, req := range requiredParameters {
param := params.Get(req)
if param != "" {
continue
}
return fmt.Errorf("please provide a `%s` parameter", req)
}
return nil
}
func checkCredentialsToken(password, token, salt string) bool { func checkCredentialsToken(password, token, salt string) bool {
toHash := fmt.Sprintf("%s%s", password, salt) toHash := fmt.Sprintf("%s%s", password, salt)
hash := md5.Sum([]byte(toHash)) hash := md5.Sum([]byte(toHash))
@@ -34,33 +42,26 @@ func checkCredentialsBasic(password, givenPassword string) bool {
func (c *Controller) WithValidSubsonicArgs(next http.HandlerFunc) http.HandlerFunc { func (c *Controller) WithValidSubsonicArgs(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
for _, req := range requiredParameters { err := checkHasAllParams(r.URL.Query())
param := r.URL.Query().Get(req) if err != nil {
if param != "" { respondError(w, r, 10, err.Error())
continue
}
respondError(w, r,
10, fmt.Sprintf("please provide a `%s` parameter", req),
)
return return
} }
username := r.URL.Query().Get("u") username, password := r.URL.Query().Get("u"),
password := r.URL.Query().Get("p") r.URL.Query().Get("p")
token := r.URL.Query().Get("t") token, salt := r.URL.Query().Get("t"),
salt := r.URL.Query().Get("s") r.URL.Query().Get("s")
passwordAuth := token == "" && salt == "" passwordAuth, tokenAuth := token == "" && salt == "",
tokenAuth := password == "" password == ""
if tokenAuth == passwordAuth { if tokenAuth == passwordAuth {
respondError(w, r, respondError(w, r,
10, "please provide parameters `t` and `s`, or just `p`", 10, "please provide parameters `t` and `s`, or just `p`",
) )
return return
} }
user := db.User{ user := c.GetUserFromName(username)
Name: username, if user.ID == 0 {
} // the user does not exist
err := c.DB.Where(user).First(&user).Error
if gorm.IsRecordNotFoundError(err) {
respondError(w, r, 40, "invalid username") respondError(w, r, 40, "invalid username")
return return
} }