113 lines
3.0 KiB
Go
113 lines
3.0 KiB
Go
|
package main
|
||
|
|
|
||
|
|
import (
|
||
|
|
"net/http"
|
||
|
|
"net/url"
|
||
|
|
"time"
|
||
|
|
|
||
|
|
"github.com/gin-gonic/contrib/sessions"
|
||
|
|
"github.com/gin-gonic/gin"
|
||
|
|
"zxq.co/ripple/rippleapi/common"
|
||
|
|
"zxq.co/x/rs"
|
||
|
|
)
|
||
|
|
|
||
|
|
func sessionInitializer() func(c *gin.Context) {
|
||
|
|
return func(c *gin.Context) {
|
||
|
|
sess := sessions.Default(c)
|
||
|
|
|
||
|
|
var ctx context
|
||
|
|
|
||
|
|
var passwordChanged bool
|
||
|
|
userid := sess.Get("userid")
|
||
|
|
if userid, ok := userid.(int); ok {
|
||
|
|
ctx.User.ID = userid
|
||
|
|
var (
|
||
|
|
pRaw int64
|
||
|
|
password string
|
||
|
|
)
|
||
|
|
err := db.QueryRow("SELECT username, privileges, flags, password_md5 FROM users WHERE id = ?", userid).
|
||
|
|
Scan(&ctx.User.Username, &pRaw, &ctx.User.Flags, &password)
|
||
|
|
if err != nil {
|
||
|
|
c.Error(err)
|
||
|
|
}
|
||
|
|
if sess.Get("logout") == nil {
|
||
|
|
sess.Set("logout", rs.String(15))
|
||
|
|
}
|
||
|
|
ctx.User.Privileges = common.UserPrivileges(pRaw)
|
||
|
|
db.Exec("UPDATE users SET latest_activity = ? WHERE id = ?", time.Now().Unix(), userid)
|
||
|
|
if s, ok := sess.Get("pw").(string); !ok || cmd5(password) != s {
|
||
|
|
ctx = context{}
|
||
|
|
sess.Clear()
|
||
|
|
passwordChanged = true
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if v, _ := sess.Get("2fa_must_validate").(bool); !v && ctx.User.ID != 0 {
|
||
|
|
tok := sess.Get("token")
|
||
|
|
if tok, ok := tok.(string); ok {
|
||
|
|
ctx.Token = tok
|
||
|
|
}
|
||
|
|
oldToken := ctx.Token
|
||
|
|
ctx.Token, _ = checkToken(ctx.Token, ctx.User.ID, c)
|
||
|
|
// Set rt cookie in case:
|
||
|
|
// - User has not got a token in rt
|
||
|
|
// - Token has been updated with checkToken
|
||
|
|
// - user still has old token in rt
|
||
|
|
if x, _ := c.Cookie("rt"); oldToken != ctx.Token || x != ctx.Token {
|
||
|
|
http.SetCookie(c.Writer, &http.Cookie{
|
||
|
|
Name: "rt",
|
||
|
|
Value: ctx.Token,
|
||
|
|
Expires: time.Now().Add(time.Hour * 24 * 30 * 1),
|
||
|
|
})
|
||
|
|
sess.Set("token", ctx.Token)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
var addBannedMessage bool
|
||
|
|
if ctx.User.ID != 0 && (ctx.User.Privileges&common.UserPrivilegeNormal == 0) {
|
||
|
|
ctx = context{}
|
||
|
|
sess.Clear()
|
||
|
|
addBannedMessage = true
|
||
|
|
}
|
||
|
|
|
||
|
|
ctx.Language = getLanguageFromGin(c)
|
||
|
|
|
||
|
|
c.Set("context", ctx)
|
||
|
|
c.Set("session", sess)
|
||
|
|
|
||
|
|
if addBannedMessage {
|
||
|
|
addMessage(c, warningMessage{T(c, "You have been automatically logged out of your account because your account has either been banned or locked. Should you believe this is a mistake, you can contact our support team at support@ripple.moe.")})
|
||
|
|
}
|
||
|
|
if passwordChanged {
|
||
|
|
addMessage(c, warningMessage{T(c, "You have been automatically logged out for security reasons. Please <a href='/login?redir=%s'>log back in</a>.", url.QueryEscape(c.Request.URL.Path))})
|
||
|
|
}
|
||
|
|
|
||
|
|
c.Next()
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func addMessage(c *gin.Context, m message) {
|
||
|
|
sess := getSession(c)
|
||
|
|
var messages []message
|
||
|
|
messagesRaw := sess.Get("messages")
|
||
|
|
if messagesRaw != nil {
|
||
|
|
messages = messagesRaw.([]message)
|
||
|
|
}
|
||
|
|
messages = append(messages, m)
|
||
|
|
sess.Set("messages", messages)
|
||
|
|
}
|
||
|
|
|
||
|
|
func getMessages(c *gin.Context) []message {
|
||
|
|
sess := getSession(c)
|
||
|
|
messagesRaw := sess.Get("messages")
|
||
|
|
if messagesRaw == nil {
|
||
|
|
return nil
|
||
|
|
}
|
||
|
|
sess.Delete("messages")
|
||
|
|
return messagesRaw.([]message)
|
||
|
|
}
|
||
|
|
|
||
|
|
func getSession(c *gin.Context) sessions.Session {
|
||
|
|
return c.MustGet("session").(sessions.Session)
|
||
|
|
}
|