Работа над ошибками
Andrey Ivanov
ya@tiburon.su
parent
f067e68d3d
commit
5faee4e573
1
go.mod
1
go.mod
|
|
@ -10,4 +10,5 @@ require (
|
||||||
github.com/gorilla/context v1.1.1 // indirect
|
github.com/gorilla/context v1.1.1 // indirect
|
||||||
github.com/gorilla/sessions v1.2.1 // indirect
|
github.com/gorilla/sessions v1.2.1 // indirect
|
||||||
github.com/tiburon-777/modules v0.0.0-20201210103219-a0362a8da783
|
github.com/tiburon-777/modules v0.0.0-20201210103219-a0362a8da783
|
||||||
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
|
||||||
)
|
)
|
||||||
|
|
|
||||||
1
go.sum
1
go.sum
|
|
@ -39,6 +39,7 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/
|
||||||
go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
|
go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
|
||||||
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
|
||||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,13 @@
|
||||||
package handlers
|
package handlers
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/base64"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/codegangsta/martini-contrib/render"
|
"github.com/codegangsta/martini-contrib/render"
|
||||||
"github.com/codegangsta/martini-contrib/sessions"
|
"github.com/codegangsta/martini-contrib/sessions"
|
||||||
|
_ "github.com/go-sql-driver/mysql"
|
||||||
"github.com/tiburon-777/OTUS_HighLoad/internal/application"
|
"github.com/tiburon-777/OTUS_HighLoad/internal/application"
|
||||||
"github.com/tiburon-777/OTUS_HighLoad/internal/auth"
|
"github.com/tiburon-777/OTUS_HighLoad/internal/auth"
|
||||||
|
"golang.org/x/crypto/bcrypt"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
@ -21,7 +22,7 @@ func GetHome(app application.App, r render.Render, user auth.User) {
|
||||||
var users []auth.UserModel
|
var users []auth.UserModel
|
||||||
var tmp auth.UserModel
|
var tmp auth.UserModel
|
||||||
var tmpTime string
|
var tmpTime string
|
||||||
query := fmt.Sprintf(`SELECT
|
var results, err = app.DB.Query(`SELECT
|
||||||
users.id as id,
|
users.id as id,
|
||||||
users.name as name,
|
users.name as name,
|
||||||
users.surname as surname,
|
users.surname as surname,
|
||||||
|
|
@ -32,11 +33,9 @@ func GetHome(app application.App, r render.Render, user auth.User) {
|
||||||
users JOIN relations
|
users JOIN relations
|
||||||
WHERE
|
WHERE
|
||||||
relations.friendId=users.Id
|
relations.friendId=users.Id
|
||||||
AND relations.userId="%s"
|
AND relations.userId=?
|
||||||
GROUP BY users.Id`,
|
GROUP BY users.Id`,
|
||||||
strconv.Itoa(int(user.(*auth.UserModel).Id)),
|
user.(*auth.UserModel).Id)
|
||||||
)
|
|
||||||
var results, err = app.DB.Query(query)
|
|
||||||
if err != nil || results == nil {
|
if err != nil || results == nil {
|
||||||
err500("can't get user list from DB: ", err, r)
|
err500("can't get user list from DB: ", err, r)
|
||||||
}
|
}
|
||||||
|
|
@ -60,6 +59,13 @@ func GetSignup(r render.Render) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func PostSignup(app application.App, postedUser auth.UserModel, r render.Render) {
|
func PostSignup(app application.App, postedUser auth.UserModel, r render.Render) {
|
||||||
|
if len(postedUser.Username) < 3 || len(postedUser.Password) < 3 {
|
||||||
|
doc := map[string]interface{}{
|
||||||
|
"msg": "Login and password must be longer then 3 chars",
|
||||||
|
}
|
||||||
|
r.HTML(200, "signup", doc)
|
||||||
|
return
|
||||||
|
}
|
||||||
t, err := time.Parse("2006-1-2", postedUser.FormBirthDate)
|
t, err := time.Parse("2006-1-2", postedUser.FormBirthDate)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e := fmt.Errorf("can't parce date: %w", err)
|
e := fmt.Errorf("can't parce date: %w", err)
|
||||||
|
|
@ -69,10 +75,14 @@ func PostSignup(app application.App, postedUser auth.UserModel, r render.Render)
|
||||||
}
|
}
|
||||||
r.HTML(500, "500", doc)
|
r.HTML(500, "500", doc)
|
||||||
}
|
}
|
||||||
query := fmt.Sprintf(`INSERT INTO users (username, password, name, surname, birthdate, gender, city, interests)
|
pHash, err := bcrypt.GenerateFromPassword([]byte(postedUser.Password), bcrypt.DefaultCost)
|
||||||
values ("%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s")`,
|
if err != nil {
|
||||||
|
err500("can't generate password hash: ", err, r)
|
||||||
|
}
|
||||||
|
_, err = app.DB.Exec(`INSERT INTO users (username, password, name, surname, birthdate, gender, city, interests)
|
||||||
|
values (?, ?, ?, ?, ?, ?, ?, ?)`,
|
||||||
postedUser.Username,
|
postedUser.Username,
|
||||||
base64.StdEncoding.EncodeToString([]byte(postedUser.Username+":"+postedUser.Password)),
|
pHash,
|
||||||
postedUser.Name,
|
postedUser.Name,
|
||||||
postedUser.Surname,
|
postedUser.Surname,
|
||||||
t.Format("2006-01-02 15:04:05"),
|
t.Format("2006-01-02 15:04:05"),
|
||||||
|
|
@ -80,7 +90,6 @@ func PostSignup(app application.App, postedUser auth.UserModel, r render.Render)
|
||||||
postedUser.City,
|
postedUser.City,
|
||||||
postedUser.Interests,
|
postedUser.Interests,
|
||||||
)
|
)
|
||||||
_, err = app.DB.Exec(query)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err500("can't create account in DB: ", err, r)
|
err500("can't create account in DB: ", err, r)
|
||||||
}
|
}
|
||||||
|
|
@ -93,7 +102,7 @@ func GetUserList(app application.App, user auth.User, r render.Render) {
|
||||||
var users []auth.UserModel
|
var users []auth.UserModel
|
||||||
var tmp auth.UserModel
|
var tmp auth.UserModel
|
||||||
var tmpTime string
|
var tmpTime string
|
||||||
query := fmt.Sprintf(`SELECT
|
var results, err = app.DB.Query(`SELECT
|
||||||
users.id as id,
|
users.id as id,
|
||||||
users.name as name,
|
users.name as name,
|
||||||
users.surname as surname,
|
users.surname as surname,
|
||||||
|
|
@ -103,16 +112,17 @@ func GetUserList(app application.App, user auth.User, r render.Render) {
|
||||||
FROM
|
FROM
|
||||||
users
|
users
|
||||||
WHERE
|
WHERE
|
||||||
NOT users.id=%d
|
NOT users.id=?
|
||||||
AND users.id NOT IN (
|
AND users.id NOT IN (
|
||||||
SELECT
|
SELECT
|
||||||
relations.friendId
|
relations.friendId
|
||||||
FROM
|
FROM
|
||||||
relations
|
relations
|
||||||
WHERE
|
WHERE
|
||||||
relations.userId=%d)`, int(user.(*auth.UserModel).Id), int(user.(*auth.UserModel).Id))
|
relations.userId=?)`,
|
||||||
|
user.(*auth.UserModel).Id,
|
||||||
var results, err = app.DB.Query(query)
|
user.(*auth.UserModel).Id,
|
||||||
|
)
|
||||||
if err != nil || results == nil {
|
if err != nil || results == nil {
|
||||||
err500("can't get user list from DB: ", err, r)
|
err500("can't get user list from DB: ", err, r)
|
||||||
}
|
}
|
||||||
|
|
@ -131,12 +141,14 @@ func GetUserList(app application.App, user auth.User, r render.Render) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func PostLogin(app application.App, session sessions.Session, postedUser auth.UserModel, r render.Render, req *http.Request) {
|
func PostLogin(app application.App, session sessions.Session, postedUser auth.UserModel, r render.Render, req *http.Request) {
|
||||||
hash := base64.StdEncoding.EncodeToString([]byte(postedUser.Username + ":" + postedUser.Password))
|
|
||||||
user := auth.UserModel{}
|
user := auth.UserModel{}
|
||||||
query := fmt.Sprintf("SELECT id FROM users WHERE username=\"%s\" and password =\"%s\"", postedUser.Username, hash)
|
err1 := app.DB.QueryRow("SELECT id, password FROM users WHERE username=?", postedUser.Username).Scan(&user.Id, &user.Password)
|
||||||
err := app.DB.QueryRow(query).Scan(&user.Id)
|
err2 := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(postedUser.Password))
|
||||||
|
if err1 != nil || err2 != nil {
|
||||||
if err != nil || user.Id == 0 {
|
doc := map[string]interface{}{
|
||||||
|
"msg": "Wrong user or password. You may sign in.",
|
||||||
|
}
|
||||||
|
r.HTML(200, "login", doc)
|
||||||
r.Redirect(auth.RedirectUrl)
|
r.Redirect(auth.RedirectUrl)
|
||||||
return
|
return
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -160,11 +172,11 @@ func GetSubscribe(app application.App, r render.Render, user auth.User, req *htt
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err500("can't convert URL query value: ", err, r)
|
err500("can't convert URL query value: ", err, r)
|
||||||
}
|
}
|
||||||
query := fmt.Sprintf(`REPLACE INTO relations (userId, friendId) values ("%d", "%d")`,
|
_, err = app.DB.Exec(`REPLACE INTO relations (userId, friendId) values (?, ?)`, user.(*auth.UserModel).Id, did)
|
||||||
user.(*auth.UserModel).Id,
|
if err != nil {
|
||||||
did,
|
err500("can't create relation in DB: ", err, r)
|
||||||
)
|
}
|
||||||
_, err = app.DB.Exec(query)
|
_, err = app.DB.Exec(`REPLACE INTO relations (userId, friendId) values (?, ?)`, did, user.(*auth.UserModel).Id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err500("can't create relation in DB: ", err, r)
|
err500("can't create relation in DB: ", err, r)
|
||||||
}
|
}
|
||||||
|
|
@ -180,11 +192,7 @@ func GetUnSubscribe(app application.App, r render.Render, user auth.User, req *h
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err500("can't convert URL query value: ", err, r)
|
err500("can't convert URL query value: ", err, r)
|
||||||
}
|
}
|
||||||
query := fmt.Sprintf(`DELETE FROM relations WHERE userId="%d" AND friendId="%d"`,
|
_, err = app.DB.Exec(`DELETE FROM relations WHERE (userId,friendId) IN ((?, ?),(?, ?))`, user.(*auth.UserModel).Id, did, did, user.(*auth.UserModel).Id)
|
||||||
user.(*auth.UserModel).Id,
|
|
||||||
did,
|
|
||||||
)
|
|
||||||
_, err = app.DB.Exec(query)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err500("can't remove relation from DB: ", err, r)
|
err500("can't remove relation from DB: ", err, r)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
<html>
|
<html>
|
||||||
<body>
|
<body>
|
||||||
<h2>You must login!</h2>
|
<h2>You must login!</h2>
|
||||||
|
<p style="color: red;"><b>{{ .msg }}</b></p>
|
||||||
<form method="POST">
|
<form method="POST">
|
||||||
<input type="text" placeholder="Username" name="username" /><br />
|
<input type="text" placeholder="Username" name="username" /><br />
|
||||||
<input type="password" placeholder="Password" name="password" /><br />
|
<input type="password" placeholder="Password" name="password" /><br />
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<h2>Create account</h2>
|
<h2>Create account</h2>
|
||||||
|
<p style="color: red;"><b>{{ .msg }}</b></p>
|
||||||
<form method="POST">
|
<form method="POST">
|
||||||
<table>
|
<table>
|
||||||
<tr>
|
<tr>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue