zishuo/message-pusher
1
0
Fork 0
mirror of https://github.com/songquanpeng/message-pusher.git synced 2025-10-31 11:36:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: check input for user model

Browse Source
This commit is contained in:
JustSong
2022-11-25 16:48:20 +08:00
parent 8fe6a99f55
commit 7ee929aef7
5 changed files with 98 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
controller/github.go
View File

@@ -105,7 +105,14 @@ func GitHubOAuth(c *gin.Context) {
GitHubId: githubUser.Login, GitHubId: githubUser.Login,
} }
if model.IsGitHubIdAlreadyTaken(user.GitHubId) { if model.IsGitHubIdAlreadyTaken(user.GitHubId) {
user.FillUserByGitHubId() err := user.FillUserByGitHubId()
if err != nil {
c.JSON(http.StatusOK, gin.H{
"success": false,
"message": err.Error(),
})
return
}
} else { } else {
if common.RegisterEnabled { if common.RegisterEnabled {
user.Username = "github_" + strconv.Itoa(model.GetMaxUserId()+1) user.Username = "github_" + strconv.Itoa(model.GetMaxUserId()+1)
@@ -171,7 +178,14 @@ func GitHubBind(c *gin.Context) {
id := session.Get("id") id := session.Get("id")
// id := c.GetInt("id") // critical bug! // id := c.GetInt("id") // critical bug!
user.Id = id.(int) user.Id = id.(int)
user.FillUserById() err = user.FillUserById()
if err != nil {
c.JSON(http.StatusOK, gin.H{
"success": false,
"message": err.Error(),
})
return
}
user.GitHubId = githubUser.Login user.GitHubId = githubUser.Login
err = user.Update(false) err = user.Update(false)
if err != nil { if err != nil {

11
controller/message.go
View File

@@ -44,7 +44,14 @@ func PostPushMessage(c *gin.Context) {
func pushMessageHelper(c *gin.Context, message *channel.Message) { func pushMessageHelper(c *gin.Context, message *channel.Message) {
user := model.User{Username: c.Param("username")} user := model.User{Username: c.Param("username")}
user.FillUserByUsername() err := user.FillUserByUsername()
if err != nil {
c.JSON(http.StatusForbidden, gin.H{
"success": false,
"message": err.Error(),
})
return
}
if user.Status == common.UserStatusNonExisted { if user.Status == common.UserStatusNonExisted {
c.JSON(http.StatusForbidden, gin.H{ c.JSON(http.StatusForbidden, gin.H{
"success": false, "success": false,
@@ -87,7 +94,7 @@ func pushMessageHelper(c *gin.Context, message *channel.Message) {
message.Channel = channel.TypeEmail message.Channel = channel.TypeEmail
} }
} }
err := message.Send(&user) err = message.Send(&user)
if err != nil { if err != nil {
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"success": false, "success": false,

22
controller/user.go
View File

@@ -478,9 +478,16 @@ func DeleteUser(c *gin.Context) {
func DeleteSelf(c *gin.Context) { func DeleteSelf(c *gin.Context) {
id := c.GetInt("id") id := c.GetInt("id")
user := model.User{Id: id} user := model.User{Id: id}
user.FillUserById() err := user.FillUserById()
if err != nil {
c.JSON(http.StatusOK, gin.H{
"success": false,
"message": err.Error(),
})
return
}
channel.TokenStoreRemoveUser(&user) channel.TokenStoreRemoveUser(&user)
err := model.DeleteUserById(id) err = model.DeleteUserById(id)
if err != nil { if err != nil {
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"success": false, "success": false,
@@ -633,10 +640,17 @@ func EmailBind(c *gin.Context) {
user := model.User{ user := model.User{
Id: id, Id: id,
} }
user.FillUserById() err := user.FillUserById()
if err != nil {
c.JSON(http.StatusOK, gin.H{
"success": false,
"message": err.Error(),
})
return
}
user.Email = email user.Email = email
// no need to check if this email already taken, because we have used verification code to check it // no need to check if this email already taken, because we have used verification code to check it
err := user.Update(false) err = user.Update(false)
if err != nil { if err != nil {
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"success": false, "success": false,

18
controller/wechat.go
View File

@@ -70,7 +70,14 @@ func WeChatAuth(c *gin.Context) {
WeChatId: wechatId, WeChatId: wechatId,
} }
if model.IsWeChatIdAlreadyTaken(wechatId) { if model.IsWeChatIdAlreadyTaken(wechatId) {
user.FillUserByWeChatId() err := user.FillUserByWeChatId()
if err != nil {
c.JSON(http.StatusOK, gin.H{
"success": false,
"message": err.Error(),
})
return
}
} else { } else {
if common.RegisterEnabled { if common.RegisterEnabled {
user.Username = "wechat_" + strconv.Itoa(model.GetMaxUserId()+1) user.Username = "wechat_" + strconv.Itoa(model.GetMaxUserId()+1)
@@ -132,7 +139,14 @@ func WeChatBind(c *gin.Context) {
user := model.User{ user := model.User{
Id: id, Id: id,
} }
user.FillUserById() err = user.FillUserById()
if err != nil {
c.JSON(http.StatusOK, gin.H{
"success": false,
"message": err.Error(),
})
return
}
user.WeChatId = wechatId user.WeChatId = wechatId
err = user.Update(false) err = user.Update(false)
if err != nil { if err != nil {

46
model/user.go
View File

@@ -62,6 +62,9 @@ func SearchUsers(keyword string) (users []*User, err error) {
} }
func GetUserById(id int, selectAll bool) (*User, error) { func GetUserById(id int, selectAll bool) (*User, error) {
if id == 0 {
return nil, errors.New("id 为空!")
}
user := User{Id: id} user := User{Id: id}
var err error = nil var err error = nil
if selectAll { if selectAll {
@@ -78,6 +81,9 @@ func GetUserById(id int, selectAll bool) (*User, error) {
} }
func DeleteUserById(id int) (err error) { func DeleteUserById(id int) (err error) {
if id == 0 {
return errors.New("id 为空!")
}
user := User{Id: id} user := User{Id: id}
return user.Delete() return user.Delete()
} }
@@ -107,6 +113,9 @@ func (user *User) Update(updatePassword bool) error {
} }
func (user *User) Delete() error { func (user *User) Delete() error {
if user.Id == 0 {
return errors.New("id 为空!")
}
err := DB.Delete(user).Error err := DB.Delete(user).Error
return err return err
} }
@@ -117,8 +126,8 @@ func (user *User) ValidateAndFill() (err error) {
// that means if your fields value is 0, '', false or other zero values, // that means if your fields value is 0, '', false or other zero values,
// it wont be used to build query conditions // it wont be used to build query conditions
password := user.Password password := user.Password
if password == "" { if user.Username == "" || password == "" {
return errors.New("密码为空") return errors.New("用户名或密码为空")
} }
DB.Where(User{Username: user.Username}).First(user) DB.Where(User{Username: user.Username}).First(user)
okay := common.ValidatePasswordAndHash(password, user.Password) okay := common.ValidatePasswordAndHash(password, user.Password)
@@ -128,24 +137,44 @@ func (user *User) ValidateAndFill() (err error) {
return nil return nil
} }
func (user *User) FillUserById() { func (user *User) FillUserById() error {
if user.Id == 0 {
return errors.New("id 为空!")
}
DB.Where(User{Id: user.Id}).First(user) DB.Where(User{Id: user.Id}).First(user)
return nil
} }
func (user *User) FillUserByEmail() { func (user *User) FillUserByEmail() error {
if user.Email == "" {
return errors.New("email 为空!")
}
DB.Where(User{Email: user.Email}).First(user) DB.Where(User{Email: user.Email}).First(user)
return nil
} }
func (user *User) FillUserByGitHubId() { func (user *User) FillUserByGitHubId() error {
if user.GitHubId == "" {
return errors.New("GitHub id 为空!")
}
DB.Where(User{GitHubId: user.GitHubId}).First(user) DB.Where(User{GitHubId: user.GitHubId}).First(user)
return nil
} }
func (user *User) FillUserByWeChatId() { func (user *User) FillUserByWeChatId() error {
if user.WeChatId == "" {
return errors.New("WeChat id 为空!")
}
DB.Where(User{WeChatId: user.WeChatId}).First(user) DB.Where(User{WeChatId: user.WeChatId}).First(user)
return nil
} }
func (user *User) FillUserByUsername() { func (user *User) FillUserByUsername() error {
if user.Username == "" {
return errors.New("username 为空!")
}
DB.Where(User{Username: user.Username}).First(user) DB.Where(User{Username: user.Username}).First(user)
return nil
} }
func ValidateUserToken(token string) (user *User) { func ValidateUserToken(token string) (user *User) {
@@ -177,6 +206,9 @@ func IsUsernameAlreadyTaken(username string) bool {
} }
func ResetUserPasswordByEmail(email string, password string) error { func ResetUserPasswordByEmail(email string, password string) error {
if email == "" || password == "" {
return errors.New("邮箱地址或密码为空!")
}
hashedPassword, err := common.Password2Hash(password) hashedPassword, err := common.Password2Hash(password)
if err != nil { if err != nil {
return err return err