KeqingMoe/math
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加用户注销和修改密码功能,重构注册处理逻辑,增强错误处理和响应

Browse Source
This commit is contained in:
keqingmoe 2024-12-27 19:13:20 +08:00
parent 5c95293ec2
commit 438c2f14b6
5 changed files with 329 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
src/server/auth/delete.c
View File

@ -1,4 +1,5 @@
#include "server/auth.h" #include "server/auth.h"
#include "server/response.h"
#include "server/util.h" #include "server/util.h"
#include "db/auth.h" #include "db/auth.h"
@ -16,11 +17,13 @@
typedef struct typedef struct
{ {
char* token; char* token;
char* user_id;
} delete_form_t; } delete_form_t;
static void delete_form_dtor(delete_form_t* form) static void delete_form_dtor(delete_form_t* form)
{ {
if (form->token) free(form->token); if (form->token) free(form->token);
if (form->user_id) free(form->user_id);
} }
static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data) static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
@ -33,35 +36,30 @@ static int field_get(const char* key, const char* value, size_t valuelen, void*
delete_form_t* form = (delete_form_t*)user_data; delete_form_t* form = (delete_form_t*)user_data;
if (strcmp(key, "token") == 0) { if (strcmp(key, "token") == 0) {
form->token = kqm_strndup(value, valuelen); form->token = kqm_strndup(value, valuelen);
} else if (strcmp(key, "user_id") == 0) {
form->user_id = kqm_strndup(value, valuelen);
}
if (form->token && form->user_id) {
return MG_FORM_FIELD_HANDLE_ABORT; return MG_FORM_FIELD_HANDLE_ABORT;
} }
return MG_FORM_FIELD_HANDLE_GET; return MG_FORM_FIELD_HANDLE_GET;
} }
int user_delete_handler(mg_connection* conn, void* cbdata)
int delete_handler(mg_connection* conn, void* cbdata)
{ {
const mg_request_info* post_body = mg_get_request_info(conn); const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) { if (post_body == NULL) {
mg_printf(conn, res_null_req(conn);
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"null request\"}");
return 1; return 1;
} }
if (strcmp(post_body->request_method, "POST")) { if (strcmp(post_body->request_method, "POST")) {
mg_printf(conn, res_must_post(conn);
"HTTP/1.1 405 Method Not Allowed\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"must use post request\"}");
return 1; return 1;
} }
delete_form_t form = {NULL}; delete_form_t form = {NULL, NULL};
mg_form_data_handler delete_callback = { mg_form_data_handler delete_callback = {
.field_found = field_found, .field_found = field_found,
@ -73,60 +71,48 @@ int delete_handler(mg_connection* conn, void* cbdata)
mg_handle_form_request(conn, &delete_callback); mg_handle_form_request(conn, &delete_callback);
if (!form.token) { if (!form.token) {
mg_printf(conn, res_need_token(conn);
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need token\"}");
delete_form_dtor(&form); delete_form_dtor(&form);
return 1; return 1;
} }
if (!verify_token(form.token, secret)) {
int result = verify_token(form.token, secret); res_auth_fail(conn);
if (!result) {
mg_printf(conn,
"HTTP/1.1 401 Unauthorized\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"auth failed\"}");
delete_form_dtor(&form); delete_form_dtor(&form);
return 1; return 1;
} }
char* user_id = get_payload(form.token); char* user_id = get_payload(form.token);
int flag = check_user_exists(user_id, &result); if (form.user_id && strcmp(user_id, form.user_id)) {
if (!flag) { int perm1;
mg_printf(conn, int flag = get_user_permission(user_id, &perm1);
"HTTP/1.1 500 Internal Server Error\r\n" if (!flag) {
"Content-Type: application/json\r\n" res_check_permission_fail(conn);
"Access-Control-Allow-Origin: *\r\n\r\n" }
"{\"error\":\"failed to check user existence\"}");
delete_form_dtor(&form);
return 1;
} else if (!result) {
mg_printf(conn,
"HTTP/1.1 404 Not Found\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"user does not exist\"}");
delete_form_dtor(&form);
return 1;
}
flag = delete_user(user_id); int perm2;
if (!flag) { flag = get_user_permission(form.user_id, &perm2);
mg_printf(conn, if (!flag) {
"HTTP/1.1 500 Internal Server Error\r\n" res_check_permission_fail(conn);
"Content-Type: application/json\r\n" }
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to delete account\"}"); if (perm1 < perm2) {
int flag = delete_user(form.user_id);
if (!flag) {
res_delete_account_fail(conn);
} else {
res_delete_account(conn);
}
} else {
res_permission_denied(conn);
}
} else { } else {
mg_printf(conn, int flag = delete_user(user_id);
"HTTP/1.1 200 OK\r\n" if (!flag) {
"Content-Type: application/json\r\n" res_delete_account_fail(conn);
"Access-Control-Allow-Origin: *\r\n\r\n" } else {
"{\"success\":\"delete account success\"}"); res_delete_account(conn);
}
} }
free(user_id); free(user_id);
delete_form_dtor(&form); delete_form_dtor(&form);

58
src/server/auth/login.c
View File

@ -1,5 +1,6 @@
#include "server/auth.h" #include "server/auth.h"
#include "server/util.h" #include "server/util.h"
#include "server/response.h"
#include "db/auth.h" #include "db/auth.h"
@ -45,25 +46,17 @@ static int field_get(const char* key, const char* value, size_t valuelen, void*
} }
int login_handler(mg_connection* conn, void* cbdata) int user_login_handler(mg_connection* conn, void* cbdata)
{ {
const mg_request_info* post_body = mg_get_request_info(conn); const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) { if (post_body == NULL) {
mg_printf(conn, res_null_req(conn);
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"null request\"}");
return 1; return 1;
} }
if (strcmp(post_body->request_method, "POST")) { if (strcmp(post_body->request_method, "POST")) {
mg_printf(conn, res_must_post(conn);
"HTTP/1.1 405 Method Not Allowed\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"must use post request\"}");
return 1; return 1;
} }
@ -79,20 +72,12 @@ int login_handler(mg_connection* conn, void* cbdata)
mg_handle_form_request(conn, &login_callback); mg_handle_form_request(conn, &login_callback);
if (!form.user_id) { if (!form.user_id) {
mg_printf(conn, res_need_user_id(conn);
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need user_id\"}");
login_form_dtor(&form); login_form_dtor(&form);
return 1; return 1;
} }
if (!form.password) { if (!form.password) {
mg_printf(conn, res_need_password(conn);
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need password\"}");
login_form_dtor(&form); login_form_dtor(&form);
return 1; return 1;
} }
@ -100,44 +85,23 @@ int login_handler(mg_connection* conn, void* cbdata)
int result; int result;
int flag = check_user_exists(form.user_id, &result); int flag = check_user_exists(form.user_id, &result);
if (!flag) { if (!flag) {
mg_printf(conn, res_check_exist_fail(conn);
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to check user existence\"}");
login_form_dtor(&form); login_form_dtor(&form);
return 1; return 1;
} else if (!result) { } else if (!result) {
mg_printf(conn, res_not_exist(conn);
"HTTP/1.1 404 Not Found\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"user does not exist\"}");
login_form_dtor(&form); login_form_dtor(&form);
return 1; return 1;
} }
flag = login(form.user_id, form.password, &result); flag = login(form.user_id, form.password, &result);
if (!flag) { if (!flag) {
mg_printf(conn, res_login_fail(conn);
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to login\"}");
} else if (!result) { } else if (!result) {
mg_printf(conn, res_incorrect(conn);
"HTTP/1.1 401 Unauthorized\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"incorrect password or user id\"}");
} else { } else {
char* token = create_token(form.user_id, secret); char* token = create_token(form.user_id, secret);
mg_printf(conn, res_login(conn, token);
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"success\":\"login success\", \"token\":\"%s\"}",
token);
free(token); free(token);
} }
login_form_dtor(&form); login_form_dtor(&form);

122
src/server/auth/logout.c Normal file
View File

@ -0,0 +1,122 @@
#include "server/auth.h"
#include "server/response.h"
#include "server/util.h"
#include "db/auth.h"
#include "jwt/jwt.h"
#include <civetweb.h>
#include <cjson/cJSON.h>
#include <assert.h>
#include <stdlib.h>
#include <string.h>
// typedef struct
// {
// char* token;
// char* user_id;
// } logout_form_t;
// static void logout_form_dtor(logout_form_t* form)
// {
// if (form->token) free(form->token);
// if (form->user_id) free(form->user_id);
// }
// static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
// {
// return MG_FORM_FIELD_HANDLE_GET;
// }
// static int field_get(const char* key, const char* value, size_t valuelen, void* user_data)
// {
// logout_form_t* form = (logout_form_t*)user_data;
// if (strcmp(key, "token") == 0) {
// form->token = kqm_strndup(value, valuelen);
// } else if (strcmp(key, "user_id") == 0) {
// form->user_id = kqm_strndup(value, valuelen);
// }
// if (form->token && form->user_id) {
// return MG_FORM_FIELD_HANDLE_ABORT;
// }
// return MG_FORM_FIELD_HANDLE_GET;
// }
int user_logout_handler(mg_connection* conn, void* cbdata)
{
const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) {
res_null_req(conn);
return 1;
}
if (strcmp(post_body->request_method, "POST")) {
res_must_post(conn);
return 1;
}
res_logout(conn);
// logout_form_t form = {NULL, NULL};
// mg_form_data_handler logout_callback = {
// .field_found = field_found,
// .field_get = field_get,
// .field_store = NULL,
// .user_data = &form,
// };
// mg_handle_form_request(conn, &logout_callback);
// if (!form.token) {
// res_need_token(conn);
// logout_form_dtor(&form);
// return 1;
// }
// if (!verify_token(form.token, secret)) {
// res_auth_fail(conn);
// logout_form_dtor(&form);
// return 1;
// }
// char* user_id = get_payload(form.token);
// if (form.user_id && strcmp(user_id, form.user_id)) {
// int perm1;
// int flag = get_user_permission(user_id, &perm1);
// if (!flag) {
// res_check_permission_fail(conn);
// }
// int perm2;
// flag = get_user_permission(form.user_id, &perm2);
// if (!flag) {
// res_check_permission_fail(conn);
// }
// if (perm1 < perm2) {
// int flag = logout_user(form.user_id);
// if (!flag) {
// res_logout_fail(conn);
// } else {
// res_logout(conn);
// }
// } else {
// res_permission_denied(conn);
// }
// } else {
// int flag = logout_user(user_id);
// if (!flag) {
// res_logout_account_fail(conn);
// } else {
// res_logout_account(conn);
// }
// }
// free(user_id);
// logout_form_dtor(&form);
return 1;
}

53
src/server/auth/register.c
View File

@ -1,4 +1,5 @@
#include "server/auth.h" #include "server/auth.h"
#include "server/response.h"
#include "server/util.h" #include "server/util.h"
#include "db/auth.h" #include "db/auth.h"
@ -43,25 +44,17 @@ static int field_get(const char* key, const char* value, size_t valuelen, void*
} }
int register_handler(mg_connection* conn, void* cbdata) int user_register_handler(mg_connection* conn, void* cbdata)
{ {
const mg_request_info* post_body = mg_get_request_info(conn); const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) { if (post_body == NULL) {
mg_printf(conn, res_null_req(conn);
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"null request\"}");
return 1; return 1;
} }
if (strcmp(post_body->request_method, "POST")) { if (strcmp(post_body->request_method, "POST")) {
mg_printf(conn, res_must_post(conn);
"HTTP/1.1 405 Method Not Allowed\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"must use post request\"}");
return 1; return 1;
} }
@ -77,20 +70,12 @@ int register_handler(mg_connection* conn, void* cbdata)
mg_handle_form_request(conn, &register_callback); mg_handle_form_request(conn, &register_callback);
if (!form.user_id) { if (!form.user_id) {
mg_printf(conn, res_need_user_id(conn);
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need user_id\"}");
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;
} }
if (!form.password) { if (!form.password) {
mg_printf(conn, res_need_password(conn);
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need password\"}");
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;
} }
@ -98,36 +83,20 @@ int register_handler(mg_connection* conn, void* cbdata)
int result; int result;
int flag = check_user_exists(form.user_id, &result); int flag = check_user_exists(form.user_id, &result);
if (!flag) { if (!flag) {
mg_printf(conn, res_check_exist_fail(conn);
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to check user existence\"}");
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;
} else if (result) { } else if (result) {
mg_printf(conn, res_user_exist(conn);
"HTTP/1.1 409 Conflict\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"user already exists\"}");
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;
} }
flag = set_user_password(form.user_id, form.password); flag = registe(form.user_id, form.password);
if (!flag) { if (!flag) {
mg_printf(conn, res_register_fail(conn);
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to register\"}");
} else { } else {
mg_printf(conn, res_register(conn);
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"success\":\"registration success\"}");
} }
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;

143
src/server/auth/repasswd.c Normal file
View File

@ -0,0 +1,143 @@
#include "server/auth.h"
#include "server/response.h"
#include "server/util.h"
#include "db/auth.h"
#include "jwt/jwt.h"
#include <civetweb.h>
#include <cjson/cJSON.h>
#include <assert.h>
#include <stdlib.h>
#include <string.h>
typedef struct
{
char* token;
char* user_id;
char* raw_passwd;
char* new_passwd;
} repasswd_form_t;
static void repasswd_form_dtor(repasswd_form_t* form)
{
if (form->token) free(form->token);
if (form->user_id) free(form->user_id);
}
static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
{
return MG_FORM_FIELD_HANDLE_GET;
}
static int field_get(const char* key, const char* value, size_t valuelen, void* user_data)
{
repasswd_form_t* form = (repasswd_form_t*)user_data;
if (strcmp(key, "token") == 0) {
form->token = kqm_strndup(value, valuelen);
} else if (strcmp(key, "user_id") == 0) {
form->user_id = kqm_strndup(value, valuelen);
} else if (strcmp(key, "raw_passwd") == 0) {
form->raw_passwd = kqm_strndup(value, valuelen);
} else if (strcmp(key, "new_passwd") == 0) {
form->new_passwd = kqm_strndup(value, valuelen);
}
if (form->token && form->user_id && form->raw_passwd && form->new_passwd) {
return MG_FORM_FIELD_HANDLE_ABORT;
}
return MG_FORM_FIELD_HANDLE_GET;
}
int user_repasswd_handler(mg_connection* conn, void* cbdata)
{
const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) {
res_null_req(conn);
return 1;
}
if (strcmp(post_body->request_method, "POST")) {
res_must_post(conn);
return 1;
}
repasswd_form_t form = {NULL, NULL, NULL, NULL};
mg_form_data_handler repasswd_callback = {
.field_found = field_found,
.field_get = field_get,
.field_store = NULL,
.user_data = &form,
};
mg_handle_form_request(conn, &repasswd_callback);
if (!form.token) {
res_need_token(conn);
repasswd_form_dtor(&form);
return 1;
}
if (!form.new_passwd) {
res_need_password(conn);
repasswd_form_dtor(&form);
return 1;
}
if (!verify_token(form.token, secret)) {
res_auth_fail(conn);
repasswd_form_dtor(&form);
return 1;
}
char* user_id = get_payload(form.token);
if (form.user_id && strcmp(user_id, form.user_id)) {
int perm1;
int flag = get_user_permission(user_id, &perm1);
if (!flag) {
res_check_permission_fail(conn);
}
int perm2;
flag = get_user_permission(form.user_id, &perm2);
if (!flag) {
res_check_permission_fail(conn);
}
if (perm1 < perm2) {
int flag = set_user_password(form.user_id, form.new_passwd);
if (!flag) {
res_repasswd_fail(conn);
} else {
res_repasswd(conn);
}
} else {
res_permission_denied(conn);
}
} else if(form.raw_passwd) {
int result;
int flag = login(user_id, form.raw_passwd, &result);
if (!flag) {
res_repasswd_fail(conn);
} else {
if (result) {
flag = set_user_password(user_id, form.new_passwd);
if (!flag) {
res_repasswd_fail(conn);
} else {
res_repasswd(conn);
}
} else {
res_incorrect(conn);
}
}
} else {
res_need_password(conn);
}
free(user_id);
repasswd_form_dtor(&form);
return 1;
}