package routers import ( "encoding/json" "fmt" "io/ioutil" "main/configs" "main/models" "main/utils" "net/http" "github.com/google/uuid" "github.com/gorilla/mux" ) // 獲取會話列表 func SessionsGet(w http.ResponseWriter, r *http.Request) { var listview models.ListView listview.Page = utils.ParamInt(r.URL.Query().Get("page"), 1) listview.PageSize = utils.ParamInt(r.URL.Query().Get("pageSize"), 10) var session_list []models.Session db := configs.ORMDB() db.Offset((listview.Page - 1) * listview.PageSize).Limit(listview.PageSize).Find(&session_list) for _, session := range session_list { listview.List = append(listview.List, session) } db.Model(&models.Session{}).Count(&listview.Total) listview.Next = listview.Page*listview.PageSize < int(listview.Total) listview.WriteJSON(w) } func GetForm(r *http.Request) (form []interface{}) { body, err := ioutil.ReadAll(r.Body) if err != nil { fmt.Println(err) return } defer r.Body.Close() if err = json.Unmarshal(body, &form); err != nil { fmt.Println(err) return } return } // 創建會話 func SessionsPost(w http.ResponseWriter, r *http.Request) { var form struct { Email string `json:"email"` Password string `json:"password"` } body, err := ioutil.ReadAll(r.Body) if err != nil { fmt.Println(err) return } defer r.Body.Close() if err = json.Unmarshal(body, &form); err != nil { fmt.Println(err) return } // 使用Email獲取用戶 var user models.User if err := configs.ORMDB().Where("email = ?", form.Email).First(&user).Error; err != nil { w.WriteHeader(http.StatusNotFound) w.Write([]byte("404 - User Not Found")) return } // 使用密碼驗證登錄 if !user.CheckPassword(form.Password) { w.WriteHeader(http.StatusUnauthorized) w.Write([]byte("401 - Unauthorized")) return } // 創建會話(生成一個不重複的 uuid 作爲 sid) session := &models.Session{ID: uuid.New().String(), UserID: user.ID, UserAgent: r.UserAgent(), IP: r.RemoteAddr} if err := configs.ORMDB().Create(session).Error; err != nil { w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("500 - Internal Server Error")) return } // 寫入Cookie cookie := http.Cookie{Name: "session_id", Value: session.ID, Path: "/", HttpOnly: true} http.SetCookie(w, &cookie) // 返回信息 w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Write(utils.ToJSON(session)) } // 獲取會話 func SessionsItemGet(w http.ResponseWriter, r *http.Request) { session := models.Session{ID: mux.Vars(r)["id"]} if err := configs.ORMDB().Find(&session).Error; err != nil { w.WriteHeader(http.StatusNotFound) w.Write([]byte("404 - Not Found")) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Write(utils.ToJSON(session)) } // 更新會話 func SessionsItemPatch(w http.ResponseWriter, r *http.Request) { session := models.Session{ID: mux.Vars(r)["id"]} if err := configs.ORMDB().Model(&session).Updates(GetForm(r)).Error; err != nil { w.WriteHeader(http.StatusNotFound) w.Write([]byte("404 - Not Found")) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Write(utils.ToJSON(session)) } // 刪除會話 func SessionsItemDelete(w http.ResponseWriter, r *http.Request) { // 需要先驗證身份才能執行刪除操作 // 從Cookie中獲取session_id cookie, err := r.Cookie("session_id") if err != nil { w.WriteHeader(http.StatusUnauthorized) w.Write([]byte("401 - 未登錄")) return } // 獲取當前session session := models.Session{ID: cookie.Value} if err := configs.ORMDB().Find(&session).Error; err != nil { w.WriteHeader(http.StatusUnauthorized) w.Write([]byte("401 - 會話已過期")) return } // 獲取當前用戶 user := models.User{ID: session.UserID} configs.ORMDB().Find(&user) sessionx := models.Session{ID: mux.Vars(r)["session_id"]} if err := configs.ORMDB().Find(&sessionx).Error; err != nil { w.WriteHeader(http.StatusNotFound) w.Write([]byte("404 - Not Found")) return } if user.ID != sessionx.UserID { w.WriteHeader(http.StatusUnauthorized) w.Write([]byte("401 - 沒有權限")) return } if err := configs.ORMDB().Delete(&sessionx).Error; err != nil { w.WriteHeader(http.StatusNotFound) w.Write([]byte("404 - Not Found")) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Write(utils.ToJSON(sessionx)) }